Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

List of Q&A's

Third party access to account attributes

In Norway there is a widely used scheme by which payees send out invoices containing structured payment information which is being used by the payee to match incoming payments with invoices. The information is in the form of a number defined by the payee. The number consists of up to 25 digits, including a control digit. The information flows all the way through the payment chain and back to the payee. The credit account number must be set up with attributes associated with it, according to scheme rules, which are defined jointly by the banks. The payee has to enter into an agreement with its bank in order to make use of the scheme. There is a nationwide registry covering all banks, containing information about agreements, accounts and attributes associated with each account. The banks have direct access to the registry. As and when the PSU (Payment Service User) keys in the invoice information, the bank checks in real time that what is being keyed in is correct according to information held in the registry. There is check that indeed the credit account is set up for the scheme. A control digit is checked, increasing the likelihood of a correct number being entered. If no number is keyed in, the PSU is told so, if the account is such that a number is required. While keypunching, the PSU is being informed there and then if the information is wrong such that the PSU may correct it. The bank will not accept the payment order unless it is pre-verified to pass the controls. Not so for TPPs (Third Party Provider). They are not granted access to the registry. The TPP does not know if the payment order will pass the controls. Not until payment initiation there is a check. This check is being performed by the bank, not by the third party. The TPP receives information from the bank about the outcome of the check. TPPs must revert back to the PSU and / or the payee, or the banks, and try to resolve any issues. There are costs associated with follow up and correction. PSD2 Article 66 number 4 letter (c) obliges ASPSPs to treat payment orders transmitted through the services of a payment initiation service provider without any discrimination other than for objective reasons, in particular in terms of timing, priority or charges vis-à-vis payment orders transmitted directly by the payer. Not having access to the registry puts the TPPs at a disadvantage, with a bearing on timing, as payments may be delayed and may become overdue. The banks' own payment services have direct access to the key payment information held in the registry, whereas third party payment services do not. The FSA of Norway seeks advice on whether this constitutes a discrimination according to PSD2 Article 66. Not having access to the registry puts the TPPs at a disadvantage. It leads to extra work for TPPs and others involved in the payment. Additional costs are being incurred. The FSA of Norway seeks advice on whether not giving TPPs access to the registry creates obstacles for TPPs as per Commission delegated regulation (EU) 2018/389 Article 32 number 3. Lastly, the FSA of Norway seeks advice on whether there are other relevant provisions in the regulation, and whether the principle of "level playing field" may apply in this case.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Direct and indirect applicability of DORA

Should a credit bureau apply DORA directly, similar to any other financial entity, as an Account Information Service Provider or AISP, or should the CRA apply DORA indirectly, as an ICT third-party provider?

  • Legal act: Directive 2022/2556/EU (DORA)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Services of credit bureaus under DORA

Do the services offered by credit bureaus fall within the definition of 'ICT services' as outlined in Article 3(21) of DORA? If so, can credit bureaus be considered as providers of ICT services under Article 3(19) of DORA?

  • Legal act: Directive 2022/2556/EU (DORA)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Definition of ICT services

Does the licensing of software by a third party to a financial entity for use on the financial entity's own premises meet the definition of "ICT services"

  • Legal act: Directive 2022/2556/EU (DORA)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Services of credit registers under DORA

Should public Credit Registers be regarded as providers of ICT services under Article 3(19) of DORA?

  • Legal act: Regulation (EU) No 2022/2554 (DORA)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Request for Clarification on Article 28(3) of Regulation (EU) 2022/2554

I am reaching out for clarification regarding a specific provision in the Digital Operational Resilience Act (DORA) – particularly the third paragraph of Article 28. The provision in question stipulates: "As part of their ICT risk management framework, financial entities shall maintain, and keep updated at entity level as well as at sub-consolidated and consolidated levels, a register of information related to all contractual arrangements on the use of ICT services provided by third-party ICT service providers." Similarly, DORA provides in its article 28(2): "The strategy on ICT third-party risk shall include a policy on the use of ICT services supporting critical or important functions provided by ICT third-party service providers and shall apply on an individual basis and, where relevant, on a sub-consolidated and consolidated basis". Overall, how should we understand the phrases “where relevant” and “where applicable” in DORA and its policy products when addressing different levels of entities? we seek your confirmation on whether our client is really obligated to maintain both for its specific entity and at the group level:  The register of information related to all contractual arrangements on the use of ICT services provided by third-party ICT service providers. The strategy on ICT third-party risk and (or?) the policy on the use of ICT services supporting critical or important functions.  Could you also confirm that whenever the phrases "where relevant" and "where applicable" appear in the presence of corporate group, the latter must each time implement the requirement at the level of the entity, at the sub-consolidated level and at the consolidated level? 

  • Legal act: Regulation (EU) No 2022/2554 (DORA)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Sign Convention and aggregated rows in Template 2 of the ITS on IRRBB

Could the EBA please clarify the expected sign convention for columns 0040 to 0090 and 0110 to 0120, and the aggregation logic for rows 0540 to 0560 in template J 02.00?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions

Unrated short term claim/exposure

As per CRR Article 120(para 3, subpara c), it states: "If there is a short-term assessment and such an assessment determines a less favourable risk weight than the use of the general preferential treatment for short-term exposures, as specified in paragraph 2, then the general preferential treatment for short-term exposures shall not be used and all unrated short-term claims shall be assigned the same risk weight as that applied by the specific short-term assessment." Question: What is meant by unrated short-term claims as per this paragraph? If there is a general issuer rating available, will the exposures with residual maturity of less than 3 months be classed as Unrated and not eligible for preferential risk weight treatment as per CRR Article 120 (2)?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Draft ITS on Supervisory Reporting of Institutions

Risk weight for Exposures in default

What risk weight should be applied to in default exposures, under the standardised approach for credit risk? 

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Risk retention

  Where an SSPE that directly purchases securitised exposures from the seller is fully consolidated for accounting purposes by an entity, with a view to exposing such entity to (i) the risks (first loss in an amount at least equal to the expected loss) and (ii) the benefit of the excess spread deriving from such exposures, based on the performance of the portfolio which depends on the management of the assets by such entity, can such entity be considered as the limb(b) originator and as such, be eligible to hold the risk retention piece under Article 6(3)(b) of Regulation (EU) No 2017/2402, even though such entity is not directly a party to the purchase arrangement?

  • Legal act: Regulation (EU) No 2017/2402 (SecReg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

validation rules v16059_s and v16069_s for Template 3 are not aligned with above referenced article / paragraph in the ITS

We believe the validation rules are incorrect as they prescribe that the value should always be equal to or larger than zero, which is not always the case when applying the fixed formula for calculating the distance from the IEA Net Zero benchmark.

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2022/2453 - ITS on ESG disclosures

Fair-valued assets and liabilities excluded because of partial impact on CET1 – Prudential Filters

Template C32.01 Prudent valuation. Fair-Valued assets and liabilities requires the Prudential filters Fair-valued assets and liabilities excluded because of partial impact on CET1 (col 0050) to be reported in accordance with Article 4(2) of Delegated Regulation (EU) 2016/101 due to the transitional application of the prudential filters referred to in Articles 467 and 468 of Regulation (EU) No 575/2013. Since Articles 467 and 468 of Regulation (EU) No 575/2013 are related to COVID transitional fix items, should the institution report 0 in this column until the guidance is updated?   Additionally, validation v6566 related to this template, states that values reported for Fair-valued assets and liabilities excluded because of partial impact on CET1 – Prudential Filters (c0050) have to be equal to or higher than 0. Could you please confirm if this validation is applicable in all the contra liability balances?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Reconciliation between Additional Liquidity? monitoring tools (ALMM) and FINREP

We have two questions pertaining to cross reporting controls.Pursuant to regulation re (UE) 2022/1994, C67 template (total of section 1 and section 2) shall be equal to the total of financial liabilities declared in FINREP.However, both reportings must be produced at different deadlines:- C67, as a monthly reporting, shall be submitted at the 15th calendar day after the reporting reference date- FINREP, as a quarterly report, shall be submitted 12 May, 11 August, 11 November, and 11 FebruaryThe mismatch between these two dates makes it impossible in practice to comply with the new requirement and align the C67 with the FINREP on the same reference date. It also creates an unduly excessive administrative burden to systematically resubmit the C67 each quarter once the FINREP has been completed.Therefore, we would like to confirm with the EBA that the requirement means that institutions may use the figures of the FINREP of the previous quarter when performing the quarterly production of the ALMM (example: use of the Q3 FINREP data to report the Q4 ALMM)Does C68 statement also need to be reconciled with the FINREP? If yes, with which quarter end should be used as a reference, and which line should be used?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions

Validation rules v11886_m and v11887_m

v11886_m states that with regard to C 08.03 {c0050, s0001} = emptyv11887_m states that with regard to C 08.03 {c0070, s0001} = emptyIs it correct that the validation rules v11886_m and v11887_m are only applicable for s0001 (AIRB) at total level and that there are no such validation rules for s0002 (FIRB) at total level?When the validation rules v11886_m and v11887_m are only applicable for s0001 (AIRB), why is this validation rule not applicable to C34.07 as well as there the same information is requested? In other words, are the validation rules with regard to the exposure weighted average PD %) and exposure weighted average LGD (%) consistently applied throughout the DPM?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions

Categorisation of indirect exposures to collateral issuers

The guidance for c120 to c170 states "The institution shall report the original amount of the indirect exposures in the column that corresponds to the type of direct exposure guaranteed or secured by collateral such as, when the direct exposure guaranteed is a debt instrument, the amount of ‘Indirect exposure’ assigned to the guarantor shall be reported under the column ‘Debt instruments’" This example makes intuitive sense for guarantees as the nature of the indirect exposure is based upon the form of the exposure which has been guaranteed and through substitution effect transferred to the guarantor. However should the same logic also apply to exposures secured by collateral where the indirect exposure is based upon a reduction in exposure of the collateral received rather than through a substitution effect to the original type of exposure? For example, if i have a derivative exposure for which i have reduced the original exposure to the client through receipt of a debt instrument as collateral should the indirect exposure arising to the issuer of the collateral be reported in c120 for debt instrument or c140 for derivative?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions

Template 3: Banking book - Indicators of potential climate change transition risk: Alignment metrics

Is it allowed to use another scenario than those prescribed by the IEA, as long as it is compatible with 1.5C trajectory and clearly documented in the narratives?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2022/2453 - ITS on ESG disclosures

Misalignment between scope of reportable exposures against public authorities in template 7 ( CRR) and template 1 ( EU Taxonomy - acc to 2021/2178)

Should rows 280, 290 and 300 from Template 7 under ESG Disclosure only be limited to "Loans and advances" or should the scope of the rows be extended by including also debt security exposures (or other categories of exposures) in order to align with  Annex V from European Commission published on 27.6.2023 , updating Section 1.2.1.4 from 2021/2178 ?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2022/2453 - ITS on ESG disclosures

Template 2 – Total gross carrying amount reported in column A

Should column a be equal to sum (columns b to g + o)*(1- column p) as per XBRL validation rule?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2022/2453 - ITS on ESG disclosures

Template 5 – Total gross carrying amount reported in column B

Which gross carrying amount should be reported in column b? Should it be the total of the exposures by sector as reported in Template 1 or should it be the total of columns c to f?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2022/2453 - ITS on ESG disclosures