Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

Final Q&As Q&As under review Rejected Q&As Archived Q&As All Q&As

List of Q&A's

Liability category of margins received

Could you please clarify if margins received, part of a repo or derivative netting agreement can always, regardless of whether the netting results in a net liability or asset position, be considered r0120 - Secured liabilities, or should be allocated to other liability categories as defined in Resolution Plans report Z02? 

  • Legal act: Directive 2014/59/EU (BRRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Draft ITS on the provision of information for the purpose of resolution plans
  • ID: 2025_7615
  • Topic: Resolution plans
  • Date of submission:
  • Published as Rejected Q&A: 27/11/2025

Amount to be reported as MREL eligible amount and amount qualifying as Own Funds non-CET1 instruments, taking into account phase-out as applicable

Could you please clarify whether in granular Resolution Plans reports (formerly SRB LDR) Z11.00, Z12.00, Z13.00 and Z14.00 the amount to be reported for Own Funds instruments (columns labelled Amount meeting the conditions for MREL eligibility ) and columns reporting on the Amount qualifying as Own Funds is: the carrying value + accrued interest as recommended for the measurement of non-CET1 instruments or the outstanding amount (outstanding principal + accrued interest) as mentioned for the Amount meeting the conditions for MREL eligibility?  For the columns reporting Own Funds there is no specific guidance on the amount type to be reported other than the amount of the instrument qualifying as Own Funds. 

  • Legal act: Directive 2014/59/EU (BRRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Draft ITS on the provision of information for the purpose of resolution plans
  • ID: 2025_7614
  • Topic: Resolution plans
  • Date of submission:
  • Published as final Q&A: 03/04/2026

Classification of phishing-attacks as a reportable major ICT-related incident

Can individual phishing incidents that target the customers of a financial entity in their “private sphere” be subsumed under “compromises the security of the network and information systems” pursuant to Article 3 No. 8 of Regulation (EU) 2022/2554 and can they therefore constitute a major ICT-related incident that must be reported pursuant to Article 19 (1) of Regulation (EU) 2022/2554? 

  • Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/1772 - RTS on the classification of ICT-related incidents and cyber threats
  • ID: 2025_7613
  • Topic: ICT-related incidents (management / classification / reporting)
  • Date of submission:
  • Published as final Q&A: 06/02/2026

Finrep Validation Rules v4975_m and v6058_m6

The validation rules v4975_m and v6058_m appear to systematically fail when institutions hold loans measured at fair value through other comprehensive income (FVOCI). These rules seem not to reflect that fair value remeasurement adjustments on FVOCI loans are recognised directly in the balance sheet through equity. Could the EBA confirm whether these validation rules should exclude FVOCI instruments from their scope, or whether they will be revised to properly reflect valuation adjustments recognised in the balance sheet under IFRS 9?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/3117 - ITS on supervisory reporting of institutions
  • ID: 2025_7611
  • Topic: Supervisory reporting - FINREP (incl. FB&NPE)
  • Date of submission:
  • Published as Rejected Q&A: 11/12/2025

Reporting of debt securities issued but not yet paid up

What is the expected representation for a debt security issued but not yet paid up in the templates REPRICING CASH FLOWS (J05, J06 and J07)? Is the expected monetary inflow supposed to be reported and if so in which row?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions (repealed)
  • ID: 2025_7610
  • Topic: Interest Rate Risk for Banking Book (IRRBB)
  • Date of submission:
  • Published as final Q&A: 24/04/2026

Reporting of registered covered bonds issued by the reporting institution

Is the definition of covered bonds issued in the context of F 35.00 ("Covered bond issuance") also applicable for F32.04 ("Sources of encumbrance");  i.e. should registered covered bonds issued by the reporting institution in compliance with 2009/65/EG; article 52; paragraph 4 be reported in lines 90 ("Debt securities issued") and 100 ( "of which: covered bonds issued") of F32.04?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions (repealed)
  • ID: 2025_7609
  • Topic: Supervisory reporting - Asset Encumbrance
  • Date of submission:
  • Published as Rejected Q&A: 05/06/2026

Obstacle assessment of an ASPSP offering only web redirection to TPPs while a superior native app authentication method exists for its direct users

Does an Account Servicing Payment Service Provider's (ASPSP) decision to offer only a web-based redirection for Third Party Provider (TPP) initiated journeys constitute an obstacle under Article 32(3) of the RTS, if that ASPSP also makes available a more convenient, direct authentication procedure in its native mobile application for its Payment Service Users (PSUs) when they access their accounts directly?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7608
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as Rejected Q&A: 11/05/2026

Definition of "equivalent authentication procedure" for journeys initiated from a mobile application

When a Payment Service User (PSU) initiates a service from a Third Party Provider's (TPP) mobile application, what is the correct "equivalent authentication procedure" of the ASPSP that should be used as the benchmark for assessing whether "unnecessary steps" have been added? Is it the ASPSP's mobile web browser authentication journey, or is it the ASPSP's native mobile banking application authentication journey?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7607
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/06/2026

Clarification of the scope of the term "authentication procedures" in the context of the RTS and the EBA Opinion on obstacles

Does the term "authentication procedures" in the context of the EBA Opinion on obstacles (EBA/OP/2020/10) refer only to the final SCA method, or does it encompass the entire end-to-end user journey required to complete the authentication? Does this mean that any additional steps in the TPP flow, such as the need to click on a QR code image or manually enter a username to invoke the authentication app, which are not present in the direct channel, constitute a failure to support the same "authentication procedure"?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7606
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/06/2026

Obstacle assessment of requiring an additional SCA for PIS within an existing authenticated AIS session

If a Payment Service User (PSU) initiates a payment (PIS) immediately after establishing a session for an Account Information Service (AIS) (for which SCA has already been performed), does the ASPSP's requirement for an additional, separate SCA—such as the need to fully log in to the mobile banking app before the payment confirmation screen is displayed—solely to access the payment function (and preceding the dynamic linking SCA) constitute an obstacle under Article 32(3) of the RTS?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7605
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as Rejected Q&A: 11/05/2026

Obstacle assessment of requiring multiple manual checkboxes for a single AIS consent

Does the practice of an ASPSP requiring a PSU to manually tick multiple, separate checkboxes for different categories of account data in order to grant a single consent for an Account Information Service (AIS) constitute an obstacle under Article 32(3) of the RTS, by adding unnecessary steps and friction to the user journey?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7604
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as Rejected Q&A: 11/05/2026

Execution of an authorized payment instruction made conditional on manual user redirection

If an Account Servicing Payment Service Provider (ASPSP) makes the execution of a payment instruction, already successfully authorized via Strong Customer Authentication (SCA) in its app, conditional on the Payment Service User (PSU) subsequently manually returning from the ASPSP's authentication app back to the Third Party Provider's (TPP) environment, does this condition constitute an obstacle under Article 32(3) of the RTS?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7603
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as Rejected Q&A: 11/05/2026

Obstacle assessment of a mandatory client segment selection screen in a redirection journey

Does a mandatory step in a redirection journey, where a Payment Service User (PSU) must manually select their client segment (e.g., retail or corporate) on an intermediary screen (web interface) before being redirected to the ASPSP's authentication app, constitute an obstacle under Article 32(3) of the RTS, if such a step is not present when the PSU accesses their account directly via the ASPSP's native mobile application?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2025_7602
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/06/2026

Clarification request - CP Pillar 3 ESG - Template 2 covered bonds

We are reaching out regarding the Consultation Paper published by EBA on 22/05 concerning Pillar III ESG disclosures. Specifically, we would kindly request clarification about the additional line required in Template 2 related to covered bonds: "In addition, a breakdown for information on cover pool of covered bonds is requested in rows for the Total EU area and Total non-EU area (rows 1.1 and 6.1 respectively)."   As stated in the CP document: “Following Recital 55 of the CRR3, the EBA is asked to assess means to enhance the disclosures on ESG risks of cover pools of covered bonds and to consider whether information on the relevant exposures of the pools of loans underlying covered bonds issued by institutions, either directly or through the transfer of loans to a special purpose vehicle (SPV), should either be included in the revised ITS or in the regulatory and disclosure framework for covered bonds”   We would appreciate your guidance on the following points: • Should only the covered bonds issued by the institution reporting the template be considered? Or does this also include covered bonds acquired from other institutions (other banks - in addition to the already mentioned SPVs)? • Considering the scope of the template, the exposures to be reported refer to the loans collateralized by the immovable properties securing the bonds, and not the value of the bonds themselves, is that correct? • Should the total amount be reconciled with a specific cell in the FINREP reporting framework?   Thank you in advance for your kind clarification.

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2025_7600
  • Topic: Transparency and Pillar 3
  • Date of submission:
  • Published as Rejected Q&A: 12/01/2026

Article 12 of Regulation (EU) 2024/857 - non-performing exposures (NPEs) exceeds the 2% threshold.

Could the EBA clarify, in relation to the applicable reporting reference dates, from which point in time institutions are expected to implement and apply the corresponding model adjustment in their IRRBB reporting once this 2% threshold has been breached? Specifically, should the model change be reflected from the reporting period during which the threshold was exceeded, or from the beginning of the next full reporting period following the breach?

  • Legal act: Directive 2013/36/EU (CRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/857 - RTS on the IRRBB standardised approach
  • ID: 2025_7598
  • Topic: Supervisory reporting - IRRBB
  • Date of submission:
  • Published as Rejected Q&A: 11/02/2026

COREP CVA Risk reporting – exempted CCP-related transactions

In case of an institution that is also a clearing member to a QCCPs, for its CCP-related transactions that are exempted from CVA own funds requirements under CRR article 382(3), should these be reintegrated/reported in COREP template C25.01 row 0050?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/3117 - ITS on supervisory reporting of institutions
  • ID: 2025_7597
  • Topic: Supervisory reporting - COREP (incl. IP Losses)
  • Date of submission:
  • Published as Rejected Q&A: 12/11/2025

COREP Template 236. Specialised Lending Supervisory Slotting Method

How should institutions reflect, in COREP template C 08.01, credit risk mitigation (CRM) techniques applied to exposures subject to the slotting approach?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/3117 - ITS on supervisory reporting of institutions
  • ID: 2025_7596
  • Topic: Supervisory reporting - COREP (incl. IP Losses)
  • Date of submission:
  • Published as Rejected Q&A: 27/10/2025

ASF factors for Additional Tier 1 items as wells as Tier 2 items and other capital instruments maturing between 6 month and 1 year

For the purpose of calculating the NSFR, which appropriate available stable funding factor shall institutions apply for Additional Tier 1 items as well as Tier 2 items and other capital instruments maturing between 6 month and 1 year?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions (repealed)
  • ID: 2021_6017
  • Topic: Supervisory reporting - Liquidity (LCR, NSFR, AMM)
  • Date of submission:
  • Published as final Q&A: 07/10/2025

Customers short sales internally matched with other clients’ long positions, as part of primary brokerage services

What is the expected treatment in the Liquidity Coverage Ratio of an internalized transaction, maturing within 30 calendar days, where the institution grants a margin loan to a client against a collateral that does not qualify as liquid assets and where this collateral is lent to another client to cover short sales?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Delegated Regulation (EU) 2015/61 - DR with regard to liquidity coverage requirement
  • ID: 2025_7595
  • Topic: Liquidity risk
  • Date of submission:
  • Published as Rejected Q&A: 10/11/2025