Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

List of Q&A's

non-discrimination in implementing PSD2 for safeguarding mechanisms

The PSD2 includes important provisions regarding safeguarding accounts for payment institutions (PIs) and electronic money institutions (EMIs). These accounts shall be additionally protected by the credit institutions providing them so they should be free from seizure and the funds kept at them shall not be considered the property of a PI or an EMI in case of bankruptcy of the safeguarding account holder. These provisions have been transposed into the law of the Republic of Poland effective in December 2018. However, according to the transposition, these safeguarding accounts provide these protections (freedom from seizure and not being considered the property of the bankrupt holder) only to the Polish PIs and Polish EMIs (so called “home” PIs and EMIs).  The law has been so formulated that the safeguarding accounts opened in Poland for the non-Polish (yet EEA-based), properly notified to Poland PIs or EMIs do not enjoy these protections.  Is this the proper transposition of the PSD2 provisions of safeguarding accounts or is this the example of the incorrect transposition resulting in the market discrimination of the PIs and EMIs which are not based in Poland?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Definition of "Communication Standards" under Article 30.3

a) Is ISO 20022 considered the communication standard referenced in Article 30(3) of the Regulatory Technical Standards (RTS), Commission Delegated Regulation (EU) 2018/389? b) How should NCAs ensure that ASPSPs comply with these standards, in accordance with Article 30.6 of the RTS?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Clarification needed in dedicated Interfaces supervision

We seek clarification and insights into how competent authorities shall fulfill their responsibilities in line with Recital 23 and Article 32.2 of the Commission Delegated Regulation (EU) 2018/389, specifically regarding the supervision of payment initiation service's dedicated interfaces to ensure effective oversight and monitoring.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Third party access to account attributes

In Norway there is a widely used scheme by which payees send out invoices containing structured payment information which is being used by the payee to match incoming payments with invoices. The information is in the form of a number defined by the payee. The number consists of up to 25 digits, including a control digit. The information flows all the way through the payment chain and back to the payee. The credit account number must be set up with attributes associated with it, according to scheme rules, which are defined jointly by the banks. The payee has to enter into an agreement with its bank in order to make use of the scheme. There is a nationwide registry covering all banks, containing information about agreements, accounts and attributes associated with each account. The banks have direct access to the registry. As and when the PSU (Payment Service User) keys in the invoice information, the bank checks in real time that what is being keyed in is correct according to information held in the registry. There is check that indeed the credit account is set up for the scheme. A control digit is checked, increasing the likelihood of a correct number being entered. If no number is keyed in, the PSU is told so, if the account is such that a number is required. While keypunching, the PSU is being informed there and then if the information is wrong such that the PSU may correct it. The bank will not accept the payment order unless it is pre-verified to pass the controls. Not so for TPPs (Third Party Provider). They are not granted access to the registry. The TPP does not know if the payment order will pass the controls. Not until payment initiation there is a check. This check is being performed by the bank, not by the third party. The TPP receives information from the bank about the outcome of the check. TPPs must revert back to the PSU and / or the payee, or the banks, and try to resolve any issues. There are costs associated with follow up and correction. PSD2 Article 66 number 4 letter (c) obliges ASPSPs to treat payment orders transmitted through the services of a payment initiation service provider without any discrimination other than for objective reasons, in particular in terms of timing, priority or charges vis-à-vis payment orders transmitted directly by the payer. Not having access to the registry puts the TPPs at a disadvantage, with a bearing on timing, as payments may be delayed and may become overdue. The banks' own payment services have direct access to the key payment information held in the registry, whereas third party payment services do not. The FSA of Norway seeks advice on whether this constitutes a discrimination according to PSD2 Article 66. Not having access to the registry puts the TPPs at a disadvantage. It leads to extra work for TPPs and others involved in the payment. Additional costs are being incurred. The FSA of Norway seeks advice on whether not giving TPPs access to the registry creates obstacles for TPPs as per Commission delegated regulation (EU) 2018/389 Article 32 number 3. Lastly, the FSA of Norway seeks advice on whether there are other relevant provisions in the regulation, and whether the principle of "level playing field" may apply in this case.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Requirement for loan agents to register as payment service providers under EU's Second Payment Services Directive 2015/2366 ("PSD2").

I would like some clarification on Directive 2015/2366/EU (PSD2) Article 4 paragraphh 22 - Money remittance. If a firm performs administrative services (including but not limited to the calculation of interest/fees and principal owing between lenders and a borrower) and as part of this service is required to regularly transfer money between lenders and a borrower (no fee involved), does this qualify as money remittance? No fees are charged for the transfer of money.  

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

The SCA-Exemption for account access based on art. 10 of Regulation (EU) 2018/389 as amended by Regulation (EU) 2022/2360.

We require a clarification with reference to the art. 10 of Regulation (EU) 2018/389 as amended by Regulation (EU) 2022/2360, regarding the meaning of the sentence: “…provided that access is limited to one of the following items online…”.  Does it mean that the 180days exemption is not allowed in case the PSU requires at the same time and in the same request: i) balance and ii) transactions-list of her/his payment account?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Eligibility of communication by AISPs with ASPSP throughout interface used for authentication and communication with the ASPSP's payment services users in case of ASPSP’s exemption from the fall back mechanism

Question no 1:   Does a fact, that based on art. 33(6) RTS, given ASPSP was granted by competent authority with exclusion from the obligation to set up the contingency mechanism described under art. 33(4) RTS, means, that such exemption merely gives this ASPSP a right not to set up the contingency mechanism, and hence, this is up to ASPSP to enjoy and to follow this exclusion, or whether, in opposition, this exemption creates on ASPSP side obligation to bring this exclusion to life.   Question no 2:   Does a fact, that given ASPSP was granted by competent authority with exclusion from the obligation to set up the contingency mechanism described under art. 33(4) RTS, creates on AISP’s end any kind of obligation, for instance lack of right to communicate with ASPSP in question throughout interface made available to the payment service users for the authentication and communication with their ASPSPs.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

requirements for professional experience of representatives and board members of EMIs

Dear Sir/Madam,    In the process of licensing an EMI, the management of the company aplying for a licese is required to have certain professional qualifications: experience, clean record, good reputation,etc... As PSD2 does not regulate this topic, each National Bank has set different requirments. The same pereon may be elidgible under the requirments of central bank of one country while not elidgible for another. Usually, the requirments are for banking and equivalent proffesional background and experience.  Profesionals with technology background (eg. Computer Science, blockchain, software development, AI, information management) are not elidgible. However technology is one of the main drivers of innovation and competitiveness in both banks and fintech.    In this regard, I have two questions:  1. Is EBA discussing any harmonisation of requirments for profesional experience of managing teams of EMIs to be enforced in a new updated PSD2? 2. If yes, does EBA consider allowing technology related profesionals to hold management possitions in EMIs?    Best regards,  Filip Mutafis  

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Initial Capital

What is the initial capital requirement if a payment institution is providing: (a) any of the payment services as referred to in points (1) to (5) of Annex I and service (6) and (7). (b) any of the payment services as referred to in points (1) to (5) of Annex I and service (6) . (c) any of the payment services as referred to in points (1) to (5) of Annex I and service (7).

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Publication of quarterly statistics, according to GL 3 of the “Guidelines on the conditions to benefit from an exemption from the contingency mechanism under Article 33(6) of Regulation (EU) 2018/389 (RTS on SCA & CSC)”

In what concerns the performance and availability statistics that ASPSPs need to make available on their websites in accordance to GL 3 of the “Guidelines on the conditions to benefit from an exemption from the contingency mechanism under Article 33(6) of Regulation (EU) 2018/389 (RTS on SCA & CSC)”, do ASPSPs need to disclose all their quarterly reports since the entry into production of their APIs? For instance, if the ASPSP made their API available in September 2019, does the ASPSP need to have all the reports online since then? If not, is there any recommended timeframe for the reports to be kept available online?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/07 - Guidelines on the exemption from the contingency mechanism under Regulation (EU) 2018/389

Online foreign exchange

Does the business of foreign currency exchange-Forex require an authorisation as payment institution under PSD2, provided that: (a) the currency exchange takes place via online exchange platform; and (b) the client deposits certain base in cash or sends it by bank transfer to a bank account of the Forex company; and (c) the client receives the quote (exchanged) currency in an online client account in the platform from where the exchanged amount may be sent to a client's bank account or may be withdrawn in cash at the Forex company's offices?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Services offered by means of ATM by providers

Which is the appropriate payment service for ATM withdrawals, where the ATM provider is required to be authorised but is acting on behalf of one or more card issuers, which are not a party to the framework contract with the customer withdrawing money from a payment account? 

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Safeguarding requirements

Are transactions where both the payer and the payee are outside the EEA (e.g. a transfer between China and Hong Kong) outside the scope of the safeguarding requirements or not?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Interpretation of payment instrument

What devices or procedures can be considered as payment instrument as per Art. 4(14) of PSD2.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Roles that can be assigned to electronic money institutions in certificates

Please clarify which roles may be assigned to electronic money institutions (EU 2015/2366 Art 1(1) b) by qualified trust service providers (QTSPs) in the certificates. There seems to be some contradiction between EU 2015/2366 Art 11(1) and the EBA Opinion on the use of eIDAS certificates under the RTS on SCA and CSC (EBA-Op-2018-7) item 26.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

The amount of a card payment transaction authorised online in HRK

Please clarify for card payment transactions authorised by the Payment Services User (PSU) in Member State A’s currency online on a web shop of an EU merchant that has an domain extension of Member State A, but that is not a Member State A merchant.The payment service provider is an EU acquirer (not from Member State A).The Member State A’s Payment Services Provider (PSP) issuing the payment card charges the PSU a different amount in Member State A’s currency (different from the amount that has been authorised).The difference between the original and charged amounts is caused by a currency conversion due to a card transactions settlement in another currency (EUR, USD, etc.) in the Payment Scheme.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Requirement for credit institutions and electronic money institutions wishing to offer PIS and AIS to take out professional indemnity insurance or a comparable guarantee / Obbligo di dotarsi di un'assicurazione per la responsabilità civile o analoga garanzia, per gli Enti creditizi o Istituti di moneta elettronica che vogliono offrire i servizi di PIS e AIS

Can an electronic money institution or a credit institution wishing to offer Payment Initiation Service (PIS) and Account information service (AIS) consider its own funds to be a guarantee that is comparable to professional indemnity insurance (PII)?***IT:   Un Istituto di Moneta elettronica o un Ente creditizio che vuole offrire i servizi di PIS e AIS, può considerare i fondi propri come analoga garanzia rispetto all’assicurazione per la responsabilità civile professionale? 

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2017/08 - Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance