Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

Final Q&As Q&As under review Rejected Q&As Archived Q&As All Q&As

List of Q&A's

Obstacle assessment of a mandatory client segment selection screen in a redirection journey

Does a mandatory step in a redirection journey, where a Payment Service User (PSU) must manually select their client segment (e.g., retail or corporate) on an intermediary screen (web interface) before being redirected to the ASPSP's authentication app, constitute an obstacle under Article 32(3) of the RTS, if such a step is not present when the PSU accesses their account directly via the ASPSP's native mobile application?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7602
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/06/2026

Clarification of the scope of the term "authentication procedures" in the context of the RTS and the EBA Opinion on obstacles

Does the term "authentication procedures" in the context of the EBA Opinion on obstacles (EBA/OP/2020/10) refer only to the final SCA method, or does it encompass the entire end-to-end user journey required to complete the authentication? Does this mean that any additional steps in the TPP flow, such as the need to click on a QR code image or manually enter a username to invoke the authentication app, which are not present in the direct channel, constitute a failure to support the same "authentication procedure"?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7606
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/06/2026

Definition of "equivalent authentication procedure" for journeys initiated from a mobile application

When a Payment Service User (PSU) initiates a service from a Third Party Provider's (TPP) mobile application, what is the correct "equivalent authentication procedure" of the ASPSP that should be used as the benchmark for assessing whether "unnecessary steps" have been added? Is it the ASPSP's mobile web browser authentication journey, or is it the ASPSP's native mobile banking application authentication journey?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7607
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/06/2026

Obligations of ASPSPs to inform PISPs about the execution status of individual payments executed under a standing order initiated via API.

Under PSD2, when a PISP initiates a standing order on behalf of a PSU, the ASPSP generally communicates only the result of the standing order setup (i.e. whether the standing order has been accepted or rejected). In practice, PISPs typically do not receive information on the execution status of each individual payment transaction carried out under that standing order, even though each execution constitutes a separate payment transaction under PSD2. This creates uncertainty as to whether ASPSPs are required to make this information available to PISPs in the same way it is made available to PSUs in online banking channels.   Should ASPSPs provide PISPs with information on the execution status (e.g. executed or rejected) of each individual payment transaction executed under a standing order initiated by a PISP?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2025_7644
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 12/06/2026

PSU support in dedicated and redirected interfaces.

In the context of Article 32 of the RTS (Commission Delegated Regulation (EU) 2018/389), are ASPSPs required to provide PSUs with access to support channels (e.g., helpdesk, chat, telephone) within redirected authentication and authorisation interfaces for payment initiation, at a level equivalent to that in their standard online banking interfaces? Additionally, could you please clarify whether the absence of such support channels in the redirected payment initiation interface constitutes a functional obstacle under paragraph 3 of Article 32?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7672
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 12/06/2026

Provision of rejection reasons for payment orders initiated via PISPs.

When an ASPSP provides a PSU, through its online banking channels, with specific information on the reason for the rejection of a payment order, in accordance with Article 36(1)(b) of Commission Delegated Regulation (EU) 2018/389, should that same information also be provided to the PSU via the interface made available for a payment initiation order, whether through a decoupled or redirection flow? Furthermore, should that information also be communicated to the PISP through the dedicated interface?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7675
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 12/06/2026

Disclosure – Template EU CQ4: Treatment of cash balances at central banks and other demand deposits

Should cash balances at central banks and other demand deposits be included in disclosure template EU CQ4 as provided in the EBA IT Solutions / Mapping Tool (versions 4.1 and 4.2) even though such positions are not mentioned in Article 442(c) and (e) CRR?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/637 - ITS with regard to disclosures of information referred to in Titles II and III of Part Eight CRR
  • ID: 2026_7812
  • Topic: Transparency and Pillar 3
  • Date of submission:
  • Published as final Q&A: 05/06/2026

Clarification on validation v3078m under FINREP reporting

In reference to the validation rule 'v3078_m' should the held for trading positions be excluded while reporting the maximum amount of the guarantee received in FINREP F_09.02

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
  • ID: 2026_7807
  • Topic: Supervisory reporting - FINREP (incl. FB&NPE)
  • Date of submission:
  • Published as final Q&A: 05/06/2026

Access to national credit databases for all EU creditors for both cross-border and domestic mortgage loan transactions

Should Article 21 MCD be interpreted as requiring a Member State to ensure that a credit database established in that Member State can be accessed also by creditors from a Member State other than the one where a credit database is located for the purpose of granting a mortgage loan to consumers and monitoring consumers’ compliance with the credit obligations over the life of the credit agreement?

  • Legal act: Directive 2014/17/EU (MCD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2025_7588
  • Topic: Creditworthiness assessments
  • Date of submission:
  • Published as final Q&A: 05/06/2026

SPV repack transactions

Do SPV repackaging transaction on standardised platforms incur counterparty credit risk (CCR) or is the termination scenario considered a contractual feature that only results in market risk? If these transactions are subject to counterparty credit risk, how should the value of the collateral be taken into account?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2025_7575
  • Topic: Market risk
  • Date of submission:
  • Published as final Q&A: 29/05/2026

Application of Article 207(2) of the CRR to financial collateral under the counterparty credit risk framework

For recognising received financial collateral when calculating the exposure value under the counterparty credit risk (CCR) framework, does Article 207(2) CRR – which requires that the credit quality of the obligor and the value of the collateral shall not have a material positive correlation – apply?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2025_7576
  • Topic: Market risk
  • Date of submission:
  • Published as final Q&A: 29/05/2026

Reporting guarantees that are received to secure a pool of underlying securitized exposures/securitisation positions in a synthetic securitisation transaction

Should guarantees that are received for securitisation positions in a synthetic securitisation transaction and treated as unfunded credit protection for prudential requirements purposes be reported in FINREP? If so, in which FINREP templates these guarantees should be reported? 

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/3117 - ITS on supervisory reporting of institutions
  • ID: 2026_7744
  • Topic: Supervisory reporting - FINREP (incl. FB&NPE)
  • Date of submission:
  • Published as final Q&A: 29/05/2026

Issuers of EMTs and scope of application AML requirements

To what extent should electronic money institutions (EMIs) that issue e-money tokens (EMTs) under MiCAR comply with the obligations in relation to anti-money laundering and terrorist financing under Directive 2015/849/EU (as amended, AMLD5)? More specifically, should holders of EMTs be considered as clients of the EMI within the meaning of AMLD5, so that the relevant KYC requirements apply on an ongoing basis in respect of holders of EMTs (not only at the time of issuing but also following trading on the secondary market)?

  • Legal act: Regulation (EU) No 2023/1114 (MiCAR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_7078
  • Topic: Other MiCAR topics
  • Date of submission:
  • Published as final Q&A: 22/05/2026

Publication of white papers

Regarding entities exempted from authorisation pursuant to Article 16(2) of MiCAR, they shall notify the white paper to the competent authority of the home Member State, and the NCA is responsible for forwarding on the white paper of these entities to ESMA. However, it is unclear how the white paper is made available to the intended audiences of customers, and other relevant stakeholders and investors. Article 28 on publication of crypto-asset white papers only refers to ‘approved’ white papers (in accordance with Article 17(1) or Article 21(1) of MiCAR), without referring to notified white papers of exempted entities under Article 16(2) of MiCAR. Therefore, does Article 28 on publication of white paper of ART issuers also applies to issuers exempted under Article 16(2) of MiCAR?"

  • Legal act: Regulation (EU) No 2023/1114 (MiCAR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_7166
  • Topic: Authorisation of issuers of ARTs and EMTs (MiCAR)
  • Date of submission:
  • Published as final Q&A: 08/05/2026

Passporting procedure for CIs and EMIs issuing tokens under MICAR

Are articles 146 (for credit institutions) and 48(3) (for e-money institutions) to be interpreted as submitting credit institutions and e-money institutions issuing ART/EMT on a crossborder basis to comply with the existing passporting framework set for these categories of establishments respectively by directives 2013/36/EU and 2009/110/EC? 

  • Legal act: Regulation (EU) No 2023/1114 (MiCAR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_7168
  • Topic: Other MiCAR topics
  • Date of submission:
  • Published as final Q&A: 08/05/2026

Qualification of crypto-asset service in case of exchange of electronic money tokens for other crypto-assets

Should the service consisting in exchanging electronic money tokens for other crypto-assets be qualified as exchange of crypto-assets for crypto assets or as exchange of funds for crypto assets?

  • Legal act: Regulation (EU) No 2023/1114 (MiCAR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_7084
  • Topic: Scope and definitions (MiCAR)
  • Date of submission:
  • Published as final Q&A: 08/05/2026

Requirements for the purpose of treating exposures secured by mortgages on immovable property as duly secured from an RWA computation perspective under CRR Article 124(2) of the CRR.

Can a global insurance against damages on a portfolio of exposures secured by immovable properties subscribed directly by the lending institution be considered as compliant with the requirement of Article 208(5) of the CRR - that is to say considered, under the standardized approach, as meeting the operational requirements for the purpose of treating exposures secured by mortgages on immovable property (or in case an institution has opted for the application of article 108(5)(a) allowing to consider a guaranteed exposure as an exposure secured by a mortgage on immovable property) as duly secured from an RWA computation perspective under Article 124(2) of the CRR?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2025_7293
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 08/05/2026

DPM 4.2 on SERV Template (Z.08.04)

We are writing to request a clarification regarding the latest DPM update dated 13 January, with specific reference to Template Z8.04.In the current version, the “Critical Function - ID” field (column 0040) is not included among the key fields. However, in Template Z8.05, the “Business Line ID” is defined as a key field.This difference creates a reporting challenge for us. A single service, identified by a unique Service Identifier, may support more than one critical function. If the “Critical Function” field is not part of the key, it is not possible to link multiple critical functions to the same service within the template.As a result, we would need to create multiple Service Identifiers for the same service, leading to an increased number of records across other templates, including Template Z8.01.Could you please confirm whether the exclusion of the “Critical Function - ID” from the key fields in Template Z8.04 reflects the intended approach?

  • Legal act: Directive 2014/59/EU (BRRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2025/2303 - ITS on Resolution Planning Reporting
  • ID: 2026_7703
  • Topic: BRRD Reporting
  • Date of submission:
  • Published as final Q&A: 30/04/2026

Z 07.02 - Mapping of economic functions to legal entities (FUNC 2)

We request confirmation that in the Z 07.02 only the contribution of legal entities to the Group critical functions  should be reported in the template, and not their contribution to all economic functions considering that in the Annotated Table the key value is represented by the column 0020 ID - Critical function (CF to LE) .

  • Legal act: Directive 2014/59/EU (BRRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2025/2303 - ITS on Resolution Planning Reporting
  • ID: 2026_7707
  • Topic: BRRD Reporting
  • Date of submission:
  • Published as final Q&A: 30/04/2026