Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

List of Q&A's

Reporting of fraud by the acquirers

Regarding the fraud definition, could you please clarify how the following fraud examples should be classified by the acquirers

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

Reporting of card transactions that are out-of-scope from the requirement for SCA

In the Fraud Reporting, how should payment service providers (PSPs) report card transactions without Strong Customer Authentication (SCA) that are out of scope of the requirement for SCA, i.e. one-leg transactions and merchant-initiated transaction?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Report of fraud rates by issuers and acquirers

For card-based transactions: - When the issuer reports frauds under the EBA Guidelines on fraud reporting (EBA/GL/2018/05), shall the issuer provide information on the unauthorised transactions for which the acquirer has applied an exemption? If so, shall the issuer provide a break-down according to the different exemptions applied by the acquirer?- When the acquirer reports frauds under the EBA Guidelines on fraud reporting, shall the acquirer provide information on the unauthorised transactions for which the issuer has applied an exemption? If so, shall the acquirer provide a break-down according to the different exemptions applied by the issuer?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

Transaction risk analysis (TRA) exemption – Calculation of fraud rate – Impact of unauthorized transactions on issuers and acquirers

In the case of card-based transactions, shall issuers include in their fraud rate calculation only the unauthorized transactions for which they apply strong customer authentication (SCA) or an exemption?  Or, shall issuers also include unauthorised transactions for which the acquirer applies an exemption?Shall acquirers include in their fraud rate calculation only the unauthorised transactions for which they apply an exemption?  Or shall acquirers also include unauthorised transactions for which the issuer applies an exemption?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Strong Customer Authentication (SCA) possession element requirement for cryptographic validation

For a device to be considered possession:-a) should the device perform "cryptographically underpinned validity assertions using keys or cryptographic material stored in" the device?b) should the device be in the physical possession of the  Payment Service User (PSU)? I.e. it cannot be held and operated remotely.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Electronic chip transactions authenticated with a hand signature

As a Payment Service Provider (PSP) acquirer, how should we report the German chip + signature transactions in the “EBA fraud report under PSD2” given the fact this kind of transactions are non-Strong Customer Authentication (SCA) and do not fall under any allowed exemption?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

Exposures towards QCCPs under CRR Art. 306 (2) under standardised method (C 07.00) - validation rules v0010_h, v0306_m, v0307_m, v0308_m and v0312_m

"Under Article 306 (2)of the CRR, where assets posted as collateral to a CCP or a clearing member are bankruptcy remote, should have Exposure Value (C 07.00, column {200}, rows {100}, {120}) of zero. Our understanding of the ITS on Supervisory Reporting is that the Original exposure pre conversion factors (C07.00, column {010}, rows {100}, {120}) of the transactions in question should hence also be zeroed out. The institution is currently reporting the Original exposure pre conversion factors as non-zero to avoid the blocking errors mentionned in the background, which is contrary to Article 306 (2) of the CRR. Could you please confirm if our understanding of the ITS is correct?"

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

FINREP Validation rule v2822_m

V2822_m: sum({F 32.01, r110, (c010, c060)}) = sum({F 05.01, r090, (c020-060)}) - Economic agents inconsistency : F 32.01, r110, (c010, c060) = non-financial corporation and households; F 05.01, r090, (c020-060) = all agents

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Clarification on the reporting of "maturing" columns in COREP ALMM C 70.00 "Roll-over of funding"

In the "Maturing" columns of C 70 .00, do we have the option of reporting in two different ways? We can either report "Maturing" amounts according to all liabilities contractually withdrawable by the providers of funding for each day of the month. Or we can report only the amounts "Maturing" which are due on the relevant day.

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Traitement des REPOs assortis d'une option "d'early termination" glissante dans le C70.00 - Handling of REPOs with a rolling ‘early termination’ option in C70.00

Comment matérialiser les REPO EVERGREEN & OPEN REPO dans le C70.00 ?How can EVERGREEN REPOs & OPEN REPOs be reported in the C70.00 template?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Draft ITS on Supervisory Reporting of Institutions

COREP C 14.00 template - Consistency of the EBA taxonomy control v4801_m

Is the control v4801_m consistent with the COREP ITS?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Calculating the threshold of 1% of total liabilities in significative currencies.

Should the institution report the section 2 of C 67.00 the total liabilities considering the complete scope of currencies in the bank or should be restricted to the total of the relevant significative currency. Moreover, this would have impact in the 1% threshold calculation.

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Reporting of gains/losses other than dividends for investments in subsidiaries, associates and joint ventures (F 02.00).

Could you please provide further instructions about the reporting of gains/losses other than dividends for investments in unconsolidated (with respect to the regulatory scope of consolidation) subsidiaries, associates and joint ventures in the statement of profit or loss (F 02.00)?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Profit or loss on de-recognition of investment in subsidiaries, joint ventures and associates

Under IFRS, where in table F02 should “the gains or losses on de-recognition of investment in subsidiaries, joint ventures and associates” be recorded when they are neither classified (prior to the selling ) as “non-current assets and disposal groups classified as held for sale” nor their sale is considered a “discontinued operation” under IFRS5?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Pre IFRS 9 Finrep - Template F07.00 reporting values as net or gross

Should the values reported in (pre IFRS9) Finrep template F07.00 columns 010-070, be on a gross or on a net basis?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)

Separation of factors for strong customer authentication

If a mobile phone has two different e-banking apps on it, one for the banking agendas (a banking app where payments are initiated by entering password, possibly in combination with OTPs) and one for receiving the SMS OTPs (authorization app),would this scenario fulfill the PSD2 requirements of sufficient separation of both factors (since both factors reside on the same smartphone, but in different apps)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Exemptions from Strong Customer Authentication (SCA): credit transfers

Can the exemption under Article 15 of the RTS on SCA be applied to credit transfers between a personal account and a business account held by the same person.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Unattended terminals and Transaction Risk Analysis (TRA) exemption and related Payment Service Providers (PSP)’s liabilities rules

Provided that both the payer’s Payment Service Provider (PSP) and the payee’s PSP can apply the strong customer authentication (SCA) exemption, without prejudice to the last say of the payer’s PSP, can a payment made at highway toll booths be treated as the one performed at the unattended terminals for transport fares?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Scope of contingency mechanism

Should the interfaces – referred to in Article 33(4) of the RTS - be interpreted to include not only the internet banking interface of the account servicing payment service provider (ASPSP) but also its proprietary mobile banking interface?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Define what is “given period of time”

What constitutes a “given period of time” as expressed in Article 4.3 (b) of the RTS on strong customer authentication and secure communication?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication