Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

Final Q&As Q&As under review Rejected Q&As Archived Q&As All Q&As

List of Q&A's

ESG P3 - Template 1 - Reporting of column k (GHG emissions (column i): gross carrying amount percentage of the portfolio derived from company-specific reporting)

In Template 1, “column k (GHG emissions (column i): gross carrying amount percentage of the portfolio derived from company-specific reporting)”,  could you please clarify how the percentage should be calculated in the total column (56)? In the interest of precision and clarity, it is essential to determine whether the total percentage should be calculated over the total gross carrying amount of the template or only take into account the exposures that contribute significantly to climate change and replicate the same percentage that appears in row 1. This determination is crucial as only emissions from sectors that contribute substantially to climate change should be reported. Example: Exposure Gross Carrying Amount Gross Carrying Amount of the portfolio with derived from company-specific reporting Highly contributing sectors exposure 100 25 Non-highly contributing sectors exposure 200 Not disclosed Total exposure 300 25 The denominator of the row 56 i.e. gross carrying amount used in the calculation of the percentage for column k will be based on 100 or 300? Final result should be: 25% of the portfolio has emissions derived from company-specific reporting 8% of the portfolio has emissions derived from company-specific reporting

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2022/2453 - ITS on ESG disclosures
  • ID: 2025_7426
  • Topic: Transparency and Pillar 3
  • Date of submission:
  • Published as final Q&A: 10/10/2025

Definition of Net defined benefit assets [Carrying amount] in F44.01

Please can we clarify what is required in row 0090 of FINREP template F44.01 in terms of the "Net defined benefit assets" ? i.e. should this row only include surplus amounts that shall be recognised in the balance sheet given that the previous sign validation rule v3985_s has now been deactivated?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/3117 - ITS on supervisory reporting of institutions
  • ID: 2025_7526
  • Topic: Supervisory reporting - FINREP (incl. FB&NPE)
  • Date of submission:
  • Published as final Q&A: 10/10/2025

Treatment of bridge financing in the calculation of the risk weight (RW*)

As the objective of Article 132c (1) CRR, as amended by Regulation (EU) 2019/876 – CRR2, is to “calculate the risk-weighted exposure amount for their off-balance-sheet items with the potential to be converted into exposures (…)”, should the calculation of RW* actually exclude short-term liabilities (e.g. bridge financing)? 

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_7189
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 10/10/2025

ASF factors for Additional Tier 1 items as wells as Tier 2 items and other capital instruments maturing between 6 month and 1 year

For the purpose of calculating the NSFR, which appropriate available stable funding factor shall institutions apply for Additional Tier 1 items as well as Tier 2 items and other capital instruments maturing between 6 month and 1 year?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions (repealed)
  • ID: 2021_6017
  • Topic: Supervisory reporting - Liquidity (LCR, NSFR, AMM)
  • Date of submission:
  • Published as final Q&A: 07/10/2025

Authentication process of the PSU with the ASPSP in a combined AIS and PIS journey in a redirection approach

Consider an ASPSP that offers a dedicated interface using a redirection approach. To fulfill the requirement that PSUs using a PIS should not have to enter their own account details, the ASPSP allows TPPs that have an AIS license to retrieve the list of all the PSU’s payment accounts via the interface so that the account can be selected in the TPP’s domain.  Does the ASPSP create an obstacle in the sense of Article 32(3) of Commission Delegated Regulation (EU) 2018/389 if  it forces a PSU who is initiating a payment through a PISP without entering the own IBAN to perform full SCA twice while a PSU who initiates a payment through the ASPSP’s customer interface needs to perform full SCA only once, while the second authentication requires entering only one element of SCA?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7358
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 03/10/2025

the use of strong and widely recognized encryption techniques

All strong and widely recognized encryption techniques (e.g. RSA and ECC) currently available on the market must be provided by the account servicing payment service providers or only that encryption technique which is indicated in the documentation of the technical specification of the API in accordance with Article 30(3) of the RTS on SCA & CSC shall be provided?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7376
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 03/10/2025

SCA exception for Contactless only terminals (SoftPOS) in case of emergency

We are in the process of developing a backup solution for our SoftPOS terminal application, intended for use during exceptional circumstances such as cyber-attacks or other disruptions to internet connectivity and acquirer systems. As SoftPOS terminals operate exclusively with contactless transactions, and contactless transactions does not support Offline PIN, it is technically not possible to perform Strong Customer Authentication (SCA) in offline mode. We would like to confirm whether, under these conditions, it is acceptable to process offline contactless transactions without applying SCA and follow Directive (EU) 2015/2366 article 0 (15)

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7482
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 03/10/2025

Minimum monetary amount of professional indemnity insurance in ongoing supervision

Are points 5.4, 5.7, 5.10 and 7.4 of EBA/GL/2017/08 guideline applicable only while applying for authorisation or in ongoing supervision as well? Is 50 000 per indicator minimal amount after authorisation procedure/first year as well?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2017/08 - Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance
  • ID: 2025_7317
  • Topic: Monetary amount of the professional indemnity insurance
  • Date of submission:
  • Published as final Q&A: 03/10/2025

Reporting of COREP_OF C10.00 template

Are credit institutions that apply the Standardized Approach (SA) for credit risk and the Internal Model Method (IMM) for counterparty credit risk, in order to calculate exposure amounts of SA exposures, required to report template C10.00 row 0270 (Memo item)?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Draft ITS on Supervisory Reporting of Institutions
  • ID: 2025_7433
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 19/09/2025

Instructions for Row 0080 COREP template C 07.00

Should contractual arrangements that meet all of the conditions set out in Article 5, points (10)(a) to (e) of the CRR, be reported in the row 0800 of the template C 07.00?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Draft ITS on Supervisory Reporting of Institutions
  • ID: 2025_7402
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 19/09/2025

Passporting procedure for non-CI ART issuers

Shall NCAs consider that articles 18, 21, 25 and 109 of MICA regulation set a specific passporting framework for “pure” ART issuers where: ART issuers are authorized to market tokens in Member States they declared during the authorization process as soon as they are authorized by home NCAs; within two working days of granting authorization, home NCAs only have to inform host national competent authorities, ESMA, EBA, ECB and competent national central bank of the Member States of the member states where ART issuers intend to market their token ; this information regarding passporting of ART issuers is publicly available on ESMA register? 

  • Legal act: Regulation (EU) No 2023/1114 (MiCAR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_7167
  • Topic: Other MiCAR topics
  • Date of submission:
  • Published as final Q&A: 05/09/2025

Knowledge element of SCA.

Can an API key be considered as a Knowledge element of SCA?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2024_7286
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 29/08/2025

Proxy matrices

Are credit institutions (ASPSPs) allowed to facilitate proxy matrices implemented by their (corporate) clients that allocate proxy to only certain users to invoke the services of third party payment service providers (TPPs)?  

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2024_7265
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 29/08/2025

Obstacles Faced by PISPs in Accessing Payment Status Information Under PSD2

Are ASPSPs allowed to require PISPs to provide any additional identifier beyond what is specified in Article 35.4.b of the RTS in order to access information about the execution of a payment order?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2024_7261
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 29/08/2025

Annex XI, INSTRUCTIONS FOR REPORTING ON LEVERAGE, Derivative cash collateral exposure reporting in C43 template

Where should the cash collateral receivables on derivative transactions related to trading book be disclosed in template C43

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2016/11 - Guidelines on disclosure requirements under Part Eight of CRR
  • ID: 2024_7215
  • Topic: Supervisory reporting - Leverage ratio
  • Date of submission:
  • Published as final Q&A: 29/08/2025

ANNUAL REPORT ON NEW ARRANGEMENTS ON THE USE OF ICT SERVICES

Does Article 28(3) DORA require a separate and specific communication in addition to the Register of Information, or whether the communication of such data is already fulfilled through the annual submission of the same Register, constituting a single compliance obligation? In the event that a separate communication is required in addition to the annual submission of the Register of Information, what is the meaning of the term 'categories of third-party ICT service providers'?

  • Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information
  • ID: 2025_7309
  • Topic: Register of information (DORA)
  • Date of submission:
  • Published as final Q&A: 14/08/2025

Use of conditional sale agreements to season assets by an originator instead of the originator purchasing the assets and then selling the same to a securitisation SPE

Can an entity: (i) who manages and establishes a traditional securitisation; and (ii) where the securitisation special purpose entity (SSPE) enters into a conditional sale agreement with it be classified as the originator and act as an eligible retainer?

  • Legal act: Regulation (EU) No 2017/2402 (SecReg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2021_5851
  • Topic: Securitisation and Covered Bonds
  • Date of submission:
  • Published as final Q&A: 08/08/2025

Meaning of "established in the Union"

Article 18 of the Securitisation Regulation requires that “The originator, sponsor and SSPE involved in a securitisation considered STS shall be established in the Union”: Would this provision deemed to be fulfilled in the case of originators, sponsors and SSPEs established in an EEA country? Would it be deemed to be fulfilled in the case of an originator which is an EU branch of a subsidiary  established in an EEA State pertaining to a banking group established in the EU?

  • Legal act: Regulation (EU) No 2017/2402 (SecReg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2022_6539
  • Topic: Simple Transparent and Standardised securitisation
  • Date of submission:
  • Published as final Q&A: 08/08/2025

Qualification of a branch as originator, designation of Competent Authority and compliance with STS requirements

May a branch of a credit institution be considered as an entity within the meaning of Article 2.3 of the Regulation (EU) 2017/2402 and hence as originator under Article 29(5) thereto?  Should the answer to the above question be affirmative, which Competent Authority (home or host) should be responsible to supervise the STS requirements set out in Articles 18 to 27 of the Regulation (EU) 2017/2402?

  • Legal act: Regulation (EU) No 2017/2402 (SecReg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_6984
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 08/08/2025

Identification of ICT Service Providers

Can the ESAs confirm there is no expectation to capture within the Register of Information the ICT subcontractors of non-ICT service providers?

  • Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_7089
  • Topic: ICT third-party risk management
  • Date of submission:
  • Published as final Q&A: 08/08/2025