Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

Final Q&As Q&As under review Rejected Q&As Archived Q&As All Q&As

List of Q&A's

Eligibility of funded credit protection received from third parties

Can cash collateral received from third parties via funded credit protection arrangements (i.e. funded guarantees or credit derivatives) qualify as collateral for the purposes of K-TCD and K-CON? 

  • Legal act: Regulation (EU) No 2019/2033 (IFR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_6994
  • Topic: K-factor requirements
  • Date of submission:

Criteria for selecting the operations to be included in the calculation of fraud rates for the transaction risk analysis (TRA) exemption

Which of the following would be the correct temporal criterion for selecting the unauthorized transactions to be included in the numerator of the fraud rates calculated for the transactions risk analysis (TRA) exemption? a) the transaction date, i.e., the date on which the transaction was executed regardless of the date on which it is classified as unauthorized or fraudulent b) the registration date, i.e., the date on which the transaction is registered as unauthorized or fraudulent regardless of the date on which it was carried out 

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2024_6989
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:

Qualification of a branch as originator, designation of Competent Authority and compliance with STS requirements

May a branch of a credit institution be considered as an entity within the meaning of Article 2.3 of the Regulation (EU) 2017/2402 and hence as originator under Article 29(5) thereto?  Should the answer to the above question be affirmative, which Competent Authority (home or host) should be responsible to supervise the STS requirements set out in Articles 18 to 27 of the Regulation (EU) 2017/2402?

  • Legal act: Regulation (EU) No 2017/2402 (SecReg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_6984
  • Topic: Other topics
  • Date of submission:

Optionality of certain payer information required to accompany transfers of funds

Is Article 4(1)(c) of Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (‘TFR’) (and the successor provisions found in Articles 4(1)(c) and 14(1)(d) of Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849 (‘TFCR’) to be read such that the payer’s (as well as, from 30 December 2024, the originator’s) date and place of birth constitute an alternative data point to:                               all preceding data points listed in Article 4(1)(c) of TFR (Articles 4(1)(c) and 14(1)(d) of TFCR as from 30 December 2024), such that transfers may, along with the information required under the other points of Article 4(1) of TFR (Articles 4(1) and 14(1) of TFCR), be accompanied by the payer’s or originator’s date and place of birth alone; or, exclusively, the data point referenced immediately prior in Article 4(1)(c) of TFR (Articles 4(1)(c) and 14(1)(d) of TFCR as from 30 December 2024), i.e., the customer identification number, such that transfers must, along with the information required under the other points of Article 4(1) of TFR (Articles 4(1) and 14(1) of TFCR), always be accompanied by the payer’s or originator’s address and official personal document number, as well as either their customer identification number or their date and place of birth? 

  • Legal act: Regulation (EU) 2015/847 (WTR) (recast)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_6969
  • Topic: Electronic fund transfers
  • Date of submission:

Card data (PAN) to be returned in AISP calls

Does the ASPSP have to return the card number (PAN) attached to a fetched payment account in case the user can access this data during a standard session with its ASPSP in the direct internet banking interface? In case of "YES", does the TPP that is fetching this data have to be PCI DSS certified, since this data has to be encrypted based on the PCI DSS requirements? Moreover, could be the "card number (PAN)" considered sensible, since it could be potentially used for fraud?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2023_6946
  • Topic: Other topics
  • Date of submission:

Alignment of total funding between FINREP F01.02 and COREP C67.00

What is the correct approach regarding the alignment between the FINREP F01.02 and COREP C67.00 templates as required by the AMM ITS since (1) the scope of consolidation might be different between the two reports and (2) different netting rules can apply between the two reports?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions
  • ID: 2023_6956
  • Topic: Supervisory reporting - Liquidity (LCR, NSFR, AMM)
  • Date of submission:

Secure corporate payment processes and protocols and inactivity time period

May the period time of inactivity required by the (EU) 2018/389 - RTS on strong customer authentication and secure communication (hereinafter: RTS on SCA & CSC) Article 4 (3) (d) be changed from 5 minutes to 20 minutes if the exemption based on Article 17 of RTS on SCA & CSC has been granted by the competent authority to the Payment service provider?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2023_6949
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:

Definition of default for open-end investment funds

Should an open-end investment fund be considered an obligor under Art. 178 (1) CRR, irrespective of whether it has legal personality under a Member States’ regulations on investment funds?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6925
  • Topic: Credit risk
  • Date of submission:

Risk retention

In a situation where an entity: is not considering being itself at any time the legal owner of the securitised receivables, but has made its own decision to invest in the receivables by procuring the purchase thereof by an SSPE directly from the seller, based on its own audit of the portfolio, and has negotiated the terms and conditions of the sale and purchase independently and directly with the seller, is contractually and economically irrevocably committed to: procure the purchase of these receivables by an SSPE directly from the seller, not later than an agreed closing date, under a sale and purchase agreement entered into between such entity and the seller, failing which it would be liable for contractual damages to the seller, in an amount significant enough to evidence that it is in its economic interest to avoid such liability by performing its obligation, arrange and appoint any service providers, for the purposes of the structuring and syndication of a financing of the purchase price in the form of a securitisation of these receivables not later than the closing date, where: it would have a right of active control over the servicing, either by itself or by an appointed third-party servicer, of the securitised assets, that would be determinant for the performance of the portfolio, it would bear at least the first loss risk of the securitised portfolio, in an amount that exceeds the expected loss of the portfolio, by subscribing the first losses tranche, it would expect to receive a remuneration that would be directly dependent on the performance of the portfolio, it would be committed to fund 100% of defaulting or ineligible receivables, can this entity be considered as limb(b) originator under Regulation (EU) No 2017/2402 and as such, act as risk retention holder under Article 6(3)(d)? Would the same analysis apply with respect to future receivables that the same entity would contractually irrevocably commit, pursuant to the same sale and purchase agreement, to purchase after the closing date under the same terms and conditions, during a certain period of time, provided that they comply with the same eligibility criteria (both individually and on an aggregate basis) and up to an agreed aggregate amount, by having them assigned by the seller to the same SSPE?

  • Legal act: Regulation (EU) No 2017/2402 (SecReg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6911
  • Topic: Provisions applicable to all securitisations
  • Date of submission:

Interpretation of payment instrument

What devices or procedures can be considered as payment instrument as per Art. 4(14) of PSD2?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6910
  • Topic: Other topics
  • Date of submission:

Safeguarding with a credit institition in a third country

PSD2 article 10(1)(a) require of Payment Institutions (PIs) that "[funds to be safeguarded] shall be deposited in a separate account in a credit institution". Our question is whether an PI authorised and operating in an EU Member State may use a credit institution based in a third country (e.g. UK)? In researching this question, we have looked at the definition of "credit institution" to see whether this contains any relevantt restrictions, but we cannot find any. We first looked at PSD2, but the text does not explicitly define "credit institution". However, PSD2 article 112(2) amends the definition of "credit institution" in Regulation (EU) No 1093/2010 to be "credit institutions as defined in point (1) of Article 4(1) of Regulation (EU) No 575/2013". Regulation (EU) No 575/2013, Article (4)(1)(1) states: "(1) ‘credit institution’ means an undertaking the business of which consists of any of the following: (a) to take deposits or other repayable funds from the public and to grant credits for its own account; (b) to carry out any of the activities referred to in points (3) and (6) of Section A of Annex I to Directive 2014/65/EU of the European Parliament and of the Council ( 6 ), where one of the following applies, but the undertaking is not a commodity and emission allowance dealer, a collective investment undertaking or an insurance undertaking: (i) the total value of the consolidated assets of the undertaking is equal to or exceeds EUR 30 billion; (ii) the total value of the assets of the undertaking is less than EUR 30 billion, and the undertaking is part of a group in which the total value of the consolidated assets of all undertakings in that group that individually have total assets of less than EUR 30 billion and that carry out any of the activities referred to in points (3) and (6) of Section A of Annex I to Directive 2014/65/EU is equal to or exceeds EUR 30 billion; or (iii) the total value of the assets of the undertaking is less than EUR 30 billion, and the undertaking is part of a group in which the total value of the consolidated assets of all undertakings in the group that carry out any of the activities referred to in points (3) and (6) of Section A of Annex I to Directive 2014/65/EU is equal to or exceeds EUR 30 billion, where the consolidating supervisor, in consultation with the supervisory college, so decides in order to address potential risks of circumvention and potential risks for the financial stability of the Union; for the purposes of points (b)(ii) and (b)(iii), where the undertaking is part of a third‐country group, the total assets of each branch of the third‐country group authorised in the Union shall be included in the combined total value of the assets of all undertakings in the group;" Furthermore, the UK Electronic Money Regulations (2017) have been amended to explicitly allow UK EMIs to safeguard funds with third country credit institutions - c.f.  https://www.legislation.gov.uk/uksi/2018/1201/schedule/2/paragraph/7/made  "Regulation 21, paragraph 8: "“approved foreign credit institution” means— ... (b)a credit institution that is supervised by the central bank or other banking regulator of an OECD state" ==> In conclusion, our research leads us to believe that it is permissible for an EU PI to safeguard funds in a third country credit institution.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6882
  • Topic: Other topics
  • Date of submission:

PISP payment order cancellation due to fraud prevention reasons

Due to fraud prevention reasons, could an ASPSP block a payment order initiated through a PISP despite having informed the PISP immediately upon authentication, that the payment was going to be executed (i.e., after having provided the PISP with the code ACSC under the Berlin Group Standard)? In that scenario who should bear the liability if the payment is not executed but, nonetheless, the payee delivered the good or service promptly after being informed by the PISP of the successful initiation of the payment?  Would the answer be different if the ASPSP had simply confirmed the sufficiency of funds as stated in the EBA Opinion on the implementation of the RTS on SCA and CSC (EBA-Op-2018-04)   

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2023_6873
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:

CVA treatment of exposures arising from centrally cleared transactions - indirect clearing flows

Does an institution which is a client of a clearing member or a lower-level client in a multi-level client structure (institution > intermediary/higher-level client > clearing member > central counterparty) need to verify that Art. 305 (2) or (3) conditions are met at every level of the structure to exclude the transaction from the own funds requirements for CVA risk in accordance with Art. 382 (3) CRR? Guidance is sought on 4 possible clearing flows: Indirect clearing flows (clients’ transactions and institution’s own transactions) Client > institution > clearing member > CCP Institution > clearing member > CCP Multi-level indirect clearing flows (clients’ transactions and institution’s own transactions) Client > institution > intermediary/higher-level client > clearing member > CCP Institution > intermediary/higher-level client > clearing member > CCP Moreover, would the determination around the exemption from the CVA risk charge change under a scenario where the clearing member (indirect clearing flow) or the intermediary/higher-level client (multi-level client clearing flow) are intragroup entities established in a third country which has not been deemed equivalent under Article 13(2) of Regulation (EU) No 648/2012? This question has been submitted jointly with Q&A 2023_6839

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6840
  • Topic: Market risk
  • Date of submission:

Multi-licensed entity capital requirement

Whether a payment institution that also has a crowdfunding license must meet the capital requirements of both authorizations in aggregate?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6790
  • Topic: Authorisation and registration
  • Date of submission:

Exchange rate mark-ups part of 'all charges payable'/'currency conversion charges'

Is an exchange rate mark-up (the difference between the interbank rate and the exchange rate offered by the PSP to its PSUs) to be considered as part of ‘all charges payable’ as per PSD2 and the ‘currency conversion charges’ as per CBPR2 prior to the initiation of the payment? How should PSPs disclose this in the payment flow? Article 45 of the PSD2 sets out the information and conditions that payment service providers (PSPs) need to provide to the payment service users (PSUs). Notably, Article 45 (1)(c) and (d) states that ‘all charges payable by the payment service user to the payment service providers and, where applicable, a breakdown of those charges’ as well as ‘the actual or reference exchange rate to be applied to the payment transaction’ should be shown to the PSUs.  The CBPR2 builds upon the requirements set out by PSD2, adding an additional layer of disclosures for cross-border payments within the EU.  Concretely, Article 5(1) of the CBPR2 refers to the provisions within Article 45(1) of PSD2 -  "When a currency conversion service is offered by the payer’s payment service provider in relation to a credit transfer, as defined in point (24) of Article 4 of Directive (EU) 2015/2366, that is initiated online directly, using the website or the mobile banking application of the payment service provider, the payment service provider, with regard to Article 45(1) and Article 52, point (3), of that Directive, shall inform the payer prior to the initiation of the payment transaction, in a clear, neutral and comprehensible manner, of the estimated charges for currency conversion services applicable to the credit transfer. Furthermore, Article 5(2) of CBPR2 further explains the necessary charges that need to be shown to the payer -  “Prior to the initiation of a payment transaction, the PSP shall communicate to the payer, in a clear, neutral and comprehensible manner, the estimated total amount of the credit transfer in the currency of the payer’s account, including any transaction fee and any currency conversion charges. The payment service provider shall also communicate the estimated amount to be transferred to the payee in the currency used by the payee.”    

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6777
  • Topic: Other topics
  • Date of submission:

Scope of Article 22(1) CRR

Do undertakings subject to Article 22(1) CRR Sub-consolidation in case of entities in third countries have to comply with Part Two of the CRR in full or shall they only comply with Articles 89, 90 and 91 of Part Two?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6765
  • Topic: Own funds
  • Date of submission:

Interplay between Articles 49(3) and 72e(5) of the CRR

Does the exemption from the requirement to deduct holdings of own funds instruments under Article 49(3) of the CRR also apply with regard to the deductions set out in Article 72e(5)?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6763
  • Topic: Own funds
  • Date of submission:

Back-to-Back in regulatory threshold

How should back-to-back trades that net off perfectly when calculating the size of their on- and off-balance-sheet business that is subject to market risk be accounted for? Should both positions be considered in absolute value, both the short and the long position, or should they not be included as the positions perfectly offset each other and do not generate capital requirements for market risk?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6745
  • Topic: Market risk
  • Date of submission:

Retention obligations

An alternative investment fund (“AIF”) managed by an alternative investment fund manager (“AIFM”) pursuant to Directive (EU) 61/2011, is set up to disburse loans to be subsequently securitised. According to Regulation (EU) 2402/2017 (hereinafter, the “Securitisation Regulation”), we believe that the AIFM and the AIF could fall within the definitions of, respectively, “originator” and “original lender”. According to Article 6(1) of the Securitisation Regulation the retention obligation can be fulfilled by either the originator, the original lender or the sponsor (if there is one) of a securitisation: in the above mentioned securitisation, can the retention obligation be therefore assumed alternatively by (i) the AIF as original lender, using the funds made available to it by investors or (ii) the AIFM as originator, using its own funds (i.e. not those of the AIF it manages)?

  • Legal act: Regulation (EU) No 2017/2402 (SecReg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6741
  • Topic: Provisions applicable to all securitisations
  • Date of submission:

Identify when EMD2 needs to be applied to vouchers/gift cards issued by an electronic money institution.

Do vouchers/gift cards issued by an electronic money institution (EMI) to top-up an e-money account (managed by the EMI itself) in order to purchase on an e-commerce platform: i) goods and services sold directly by companies belonging to the same corporate group of the EMI (thus falling out of the scope of PSD2, encompassing the exemption provided for intra-group transactions in Article 3(1)(n) of the PSD2); ii) goods and services of third-party merchants,  have to be qualified as e-money at the time of issuing (i.e.sale) or - given the possible indefinite use of the funds - they acquire that status only at the moment they are used to purchase goods and services from third-party merchants on the e-commerce platform? 

  • Legal act: Directive 2009/110/EC (EMD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6736
  • Topic: Not applicable
  • Date of submission: