List of Q&As

Perform SCA by reusing an element used in an authentication exempted from SCA

When an element is used to access the payment account online, in the case the Payment Service Provider (PSP) is allowed not to apply Strong Customer Authentication (SCA) (only applying a single-factor authentication : login + password), is it possible to reuse this element to perform SCA to authenticate a transaction ?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5516| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 25/09/2020

Clarification of meanings 'transferring of funds' and 'another payment service provider’ in the context of article 10(1)(a) of PSD2

1) How to understand the meaning 'another payment service provider', specified in Article 10(1)(a) of PSD2? What is the definition of this meaning in the context of Article 10(1)(a) of PSD2? 2) How to understand the meaning ‘transferred to another payment service provider’, specified in Article 10(1)(a) of PSD2? In particular, is it possible to consider as "transferred to another payment service provider" transferring of funds (which have been received by Payment service provider No. 1 from the payment service users or through another payment service provider for the execution of payment transactions) on payment account of the payment service provider No. 1, that is opened with Payment service provider No. 2? I would also like to clarify on what legal basis the transfer of funds must take place in order to be considered "transferred to another payment service provider"?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5502| Topic: Other topics| Date of submission: 16/09/2020

Benificial Owner in chain of controlle constilations involving nominee shareholders

Request for interpretation of EU law Identifying the beneficial owners in a control chain of enterprises that involves nominee shareholders as part of the control.

Legal act: Directive (EU) 2015/849 (AMLD)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5500| Topic: Customer Due Diligence| Date of submission: 15/09/2020

Payers right to make use of payment initiation service providers for all types of payment transactions

Shall payers be able to make use of payment initiation service providers for transmitting all types of credit-transfer based online payment orders from their payment accounts?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5498| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 11/09/2020

Mandatory substitution approach according to Article 403 CRR when applying either the Financial Collateral Comprehensive Method (FCCM) or, in the case of securities financing transactions (SFTs) the Internal Model Method (IMM) or master netting agreements to calculate the exposure value.

Question 1: Has the mandatory substitution approach according to Article 403 CRR to be applied when an institution uses the FCCM? If yes, what is the amount that the institution shall assign to the protection provider/collateral issuer? Question 2: In the case of exposures arising from SFTs referred to in Article 401(2) second paragraph CRR, has the mandatory substitution approach according to Article 403 CRR to be applied when an institution applies master netting agreements, together with either the FCCM or IMM as referred to in Articles 220 CRR and 221 CRR? If yes, what is the exposure amount that shall be assigned to the collateral issuer? Question 3: Also regarding exposures arising from SFTs, has the mandatory substitution approach according to Article 403 CRR to be applied when an institution applies IMM as referred to in Section 6 of Chapter 6 of Title II of Part Three CRR? If yes, what is the exposure amount that shall be assigned to the collateral issuer? Question 4: Does an institution have to use a credit risk mitigation technique for large exposure purposes when it has used it for calculating own funds requirements, or can an institution renounce, for large exposure purposes, applying a credit risk mitigation that it has used for calculating own funds requirements? Question 5: Does an institution also have to apply the substitution approach, for large exposure purposes, in those cases where the collateral is not taken into account for calculating own funds requirements?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5496| Topic: Large exposures| Date of submission: 11/09/2020

Fees on issuing eletronic money

Is charging fees on issuing of the e-money, in compliance with Article 11(1) of the Directive 2009/110/EC (E-money directive – EMD)?

Legal act: Directive 2009/110/EC (EMD)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5494| Topic: Not applicable| Date of submission: 11/09/2020

Definition of private equity exposures for simple risk weight approach

Do “private equity exposures in sufficiently diversified portfolios” which is eligible to a Risk Weight (RW) of 190% in simple risk weight approach according to Article 155(2) and a PD of 65% in the PD/LGD approach according to Article 155(3) refer to any non-listed equity instrument and/or shares in a CIU or units in a CIU for which the underlying exposures are non-listed equity instruments, provided that they are part of a sufficiently diversified portfolio?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5490| Topic: Credit risk| Date of submission: 10/09/2020

Reducing the relevant indicator by using expenditure on the outsourcing of services rendered by third parties which are not subject to rules under, or equivalent to the CRR

May the institution use expenditure on the outsourcing of services to reduce the relevant indicator when calculating own funds requirement under the Basic Indicator Approach (according to Article 316 of the CRR) if the outsourcing services were rendered by third parties which are not subject to rules under, or equivalent to the CRR?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5489| Topic: Operational risk| Date of submission: 10/09/2020

Ability of a creditor to change a mandate

Can a creditor introduce changes to a mandate, cf. Article 64 (2), by observing the same procedure as described in Article 54 (1), i.e. by informing debtor that the collection of the amount due, as agreed in the mandate, will continue unless debtor indicates the contrary?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5479| Topic: Other topics| Date of submission: 07/09/2020

Clarification on level of protection required for the processing of the IBAN outside the inter-PSP environment

Can the IBAN of the payer or payee be handled in cleartext outside the inter Payment Service Provider (PSP) environment? For instance could a payer’s IBAN be contained in cleartext in a payer-presented QR-code provided by the payer’s device to the merchant’s point of interaction for the initiation of an (instant) credit transfer? Or could a merchant’s IBAN be contained in cleartext in a merchant-presented QR-code at the merchant’s point of interaction to be read by the payer’s device for the initiation of an (instant) credit transfer?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5477| Topic: Security measures for operational and security risks| Date of submission: 04/09/2020

Clarification on the qualification and protection requirements of a CustomerID when included in a payer-presented QR-code for the initiation of (instant) credit transfers at the point of interaction (POI)

Is the CustomerID (i.e. ID issued by an Account Servicing Payment Service Providers (ASPSP) to its Payment Services User (PSU) for accessing the on-line banking system and usually required by PSD2 Application Programming Interfaces (APIs) to identify the PSU) to be qualified as “personalised security credentials of the PSU” within the meaning and for the purposes of Article 66 (3) b), PSD2, and Article 35 (5), RTS, and therefore be treated as “sensitive payment data” within the definition of Article 4 (32), PSD2? Accordingly, can said CustomerID be included in cleartext in the payer-presented QR-code for the initiation of (instant) credit transfers at the point of interaction (e.g. POS, vending machine) without any protection during the QR-code life-cycle, including the generation of the QR-code, storage of the QR-code on the payer’s device, transmission from the payer device to the payee’s point of interaction and in the payee’s (e.g. merchant) point of interaction?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5476| Topic: Security measures for operational and security risks| Date of submission: 04/09/2020

Classification of a gurantees for trade finance off-balance sheet items according to annex 1.

In which class according to annex 1 would guarantees for loans and guarantees for performance bonds fit? If a bank is a guarantor for another bank's transaction, where some trade finance transaction, like performance bond, was issued, how should the bank acting as guarantor classify the risk according to annex 1? Is it possible to apply Annex 1 point 1(a) or 3(a)(ii) or which else? in case of a transaction, where the bank in FI is offering a guarantee for the transaction, where another bank has issued a working capital loan, is it correct to refer to point 1(a)?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5471| Topic: Credit risk| Date of submission: 28/08/2020

Scope of Article 208 of CRR2

Does Article 208(3)(a) CRR2 require institutions to monitor property values of all commercial properties on a yearly basis, regardless of whether they can qualify as eligible collateral for credit risk mitigation?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5470| Topic: Credit risk| Date of submission: 27/08/2020

CCR2 + FRTB: Delta intra bucket correlation for the risk class “foreign exchange risk”

How should the vega intrabucket correlation for the FX risk class be computed giving that the delta intra bucket correlation ρ_kl^ is not defined?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5469| Topic: Market risk| Date of submission: 26/08/2020

Regarding payments between PSPs

1) Are the credit institutions obliged to request payment service providers to disclose payment details as described in the Regulation (EU) 2015/847 in case of batch file transfers? 2) If yes, to what extent should the obligation to disclose payment information be applied?

Legal act: Regulation (EU) 2015/847 (WTR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5463| Topic: Other topics| Date of submission: 24/08/2020

Outflows from deposits in insurance wrappers

Can cash deposits in insurance wrappers be treated like deposits by Personal Investment Companies (PIC) when computing outflows in the LCR?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Delegated Regulation (EU) 2015/61 - DR with regard to liquidity coverage requirement

ID: 2020_5461| Topic: Liquidity risk| Date of submission: 21/08/2020

Annex V reference to ESRB Recommendation on closing real estate data gaps

Annex V to Regulation 680/2014, specifically Part 1.5(m) refers to ‘ESRB recommendation on closing real estate data gaps’ specifically to the 31 October 2016 version (ESRB/2016/14). Should this be interpreted as such that the definitions from ESRB/2016/14 are applicable for Finrep reporting, and the amended definitions from ESRB/2019/3 are not? Is this interpretation valid for both the currently applicable EBA framework 2.9 as well as for the announced (with final Annexes already available) EBA framework 3.0?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2020_5458| Topic: Supervisory reporting - FINREP (incl. FB&NPE)| Date of submission: 20/08/2020

LtV calculations in FINREP

Should only ‘commercial immovable property collateral’ be included in the LTV calculations to be reported in Finrep templates F18.02 and F23.03? Additionally, should any collateral value allocation be applied in these same LTV calculations in case a ‘commercial immovable property collateral’ secures both an outstanding loan and at the same time an off-balance sheet item, or can the full commercial immovable property collateral value be allocated to the outstanding loan amount?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2020_5457| Topic: Supervisory reporting - FINREP (incl. FB&NPE)| Date of submission: 20/08/2020

FINREP Template 25.01 FX results and vintage buckets

In template F25.01 Collateral obtained by taking possession other than collateral classified as Property Plant and Equipment (PP&E): Inflows and outflows is requested. How do we report FX differences for the period and especially for the vintage buckets (columns 0050-0100)?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Draft ITS on Supervisory Reporting of Institutions

ID: 2020_5456| Topic: Supervisory reporting - FINREP (incl. FB&NPE)| Date of submission: 20/08/2020

Synthetic securitisatios

Can a contract type, known a s ‘Vendor financing’, constitute a synthetic securitisation?

Legal act: Regulation (EU) 2017/2402 (SecReg)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5454| Topic: Provisions applicable to all securitisations| Date of submission: 18/08/2020