Search for Q&As Submit a question

List of Q&As

Usage of SMS for dynamic linking

Please clarify whether payment information and an authentication code sent via SMS to a mobile phone complies with the requirements for Dynamic Linking as defined in Article 5 of the RTS, and in particular paragraph 5.2.

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2018_4414| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 10/12/2018

Exemption of secure corporate payment processes and protocols

Is the exemption of applying strong customer authentication, in respect of legal persons initiating electronic payment transactions through the use of dedicated payment processes or protocols that are only made available to payers who are not consumers applicable to both payment initiation and account information services? Or, is it solely applicable to payment initiation service?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2018_4383| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 21/11/2018

Operational requirements for holdings of liquid assets

Can banknotes held in locations other than branches be classified as ‘coins and banknotes’ under Delegated Regulation 2015/61 and thus be eligible to be classed as Level 1 liquid assets if the operational requirements per Article 8 can be satisfied?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Delegated Regulation (EU) 2015/61 - DR with regard to liquidity coverage requirement

ID: 2019_4891| Topic: Liquidity risk| Date of submission: 30/08/2019

LCR - Treatment of securities borrowing-transactions for non-refinancing-purposes

How should securities borrowed which were not borrowed for refinancing-purposes be recognised in the LCR?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Delegated Regulation (EU) 2015/61 - DR with regard to liquidity coverage requirement

ID: 2019_4837| Topic: Liquidity risk| Date of submission: 19/07/2019

Outflows from other retail deposits

Would a retail deposit account, which can be serviced by telephony as well as by internet, not trigger the “internet only” risk factor for high outflow classification?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Delegated Regulation (EU) 2015/61 - DR with regard to liquidity coverage requirement

ID: 2019_4890| Topic: Liquidity risk| Date of submission: 29/08/2019

Interplay between Article 13a of Commission Delegated Regulation (EU) No 241/2014 as regards the deduction of software assets from Common Equity Tier 1 (CET1) items and Article 37(a) of Regulation (EU) No 575/2013 (CRR)

Would it be possible that the application of Article 37(a) of the CRR in conjunction with the new deduction rules established in Article 13a of the Commission Delegated Regulation (EU) No 241/2014 could lead to: • A negative deduction, i.e. an addition, of software assets when it comes to the determination of CET1 items, and/or • A non-adequate amount to be risk weighted?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2020_5567| Topic: Own funds| Date of submission: 20/10/2020

Scope of "Written Credit Derivatives"

Under Article 429a(5) of the Regulation (EU) No 575/2013 (CRR), as modified by Commission Delegated Regulation (EU) 2015/62, for written credit derivatives, institutions shall include in the exposure value the effective notional amounts, in addition to the treatment laid down in paragraph 1. Is it allowable to exclude from the scope of written credit derivatives, OTC derivatives on high credit quality central government bonds?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: Delegated Regulation (EU) 2015/62 - DR with regard to the leverage ratio

ID: 2018_4423| Topic: Leverage ratio| Date of submission: 17/12/2018

Aggregated first loss under credit insurance

Is the requirement in Article 213(1)(b) CRR met in case of a credit insurance whose contractual terms provide that the institution shall bear a first loss, which is calculated at aggregate level with regard to several different exposures?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2018_4184| Topic: Credit risk| Date of submission: 06/08/2018

Calculation of past due days on material credit obligations

For the purpose of the definition of default, should days when material credit obligation was past due, but repaid later on, be included in the calculation of 90 (180) consecutive days according to Article 178 of CRR, paragraph 1, point (b)?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2019_4504| Topic: Credit risk| Date of submission: 01/02/2019

Technical past due situation - Factoring

How should the situation in terms of technical default be treated when there are two past due purchased receivables (each individually material) and one of them is repaid by the obligor while the second one is still due?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2016/07 - Guidelines on the application of the definition of default under Article 178 CRR

ID: 2019_4505| Topic: Credit risk| Date of submission: 01/02/2019

Perform SCA by reusing an element used in an authentication exempted from SCA

When an element is used to access the payment account online, in the case the Payment Service Provider (PSP) is allowed not to apply Strong Customer Authentication (SCA) (only applying a single-factor authentication : login + password), is it possible to reuse this element to perform SCA to authenticate a transaction ?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5516| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 25/09/2020

Transport and parking exemption for parking and electric vehicle charging

Does the transport and parking exemption under Article 12 of Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication apply to transactions at unattended terminals for the payment of a parking fee that includes electric charging?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5224| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 29/04/2020

Payment Initiation Scope and Trusted Beneficiaries

Should non-payment accounts be listed as trusted beneficiaries where they are exempted from Strong Customer Authentication (SCA) as Beneficiaries of a Payment Transaction?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5135| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 18/02/2020

Using Trusted Beneficiary Lists to Auto Reject PISP Transactions

Is an Account Servicing Payment Service Provider (ASPSP) able to block a Payment Initiation Services Provider (PISP) transaction before attempting Strong Customer Authentication (SCA) if the beneficiary account does not appear in the Payment Services User (PSU)'s regular payee list/trusted beneficiary list?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5115| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 10/02/2020

Strong Authentication

Is one time passcode (OTP) Mail considered as a "Strong Customer Authentication" under Regulation (EU) 2018/389 – RTS on strong customer authentication and secure communication?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2018_4315| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 08/10/2018

Ability of static card data to be considered a possession factor?

Can static card data (Card number PAN + cardholder name +Exp. Date + static CVV2/CVC2) be considered a as a possession factor, and if so: is it strong enough to be a valid factor in a 2-factor Strong customer authentication (SCA)?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2018_4235| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 06/09/2018

SMS OTP and credit card as a two authentication factor

Can we consider Credit card and One Time Password (OTP) SMS as a two authentication factor ? 

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2018_4135| Topic: Strong customer authentication and common and secure communication (incl. access)| Date of submission: 18/07/2018

Unlikeliness to pay (UTP) - exit from NP status

Can a customer exit non-performing status immediately (provided of course no other UTP criteria are applicable), or does a period of 12 months need always to pass before the customer can exit?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/06 - Guidelines on management of non-performing and forborne exposures

ID: 2019_4867| Topic: Credit risk| Date of submission: 12/08/2019

Article 395 CRR – Shadow entities large exposure limits

If a bank invests through a vehicle, incorporated under the applicable Securitisation Law, with separate compartments per investor and where the paid out of each Note is segregated per portfolio of loans, may each Note be deemed a separate shadow entity?

Legal act: Regulation (EU) No 575/2013 (CRR) as amended

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2015/20 - Guidelines on limits on exposures to shadow banking entities which carry out banking activities outside a regulated framework under Article 395(2) of CRR

ID: 2019_4501| Topic: Large exposures| Date of submission: 01/02/2019

Criteria for rating transfer

Can “clear policies” referred to in paragraph 62 – such as recognising the relationship between a subsidiary and its consolidating parent or recognising any other form of control as defined in Article 4(1)(37) of Regulation (EU) No 575/2013 – which lack the features of a material contractual support – be considered as “appropriate guarantee", thereby supporting  the rating transfer?

Legal act: Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 (CRR2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2017/16 - Guidelines on PD estimation, LGD estimation and the treatment of defaulted exposures

ID: 2019_4745| Topic: Credit risk| Date of submission: 27/05/2019