List of Q&As

FINREP Taxonomy 2.7 Treatment of ECLs on FVOCI Assets

ECLs on FVOCI assets are recognised in equity, as per IFRS 9.5.5.2. How should these be treated on FINREP template 4.3.1?

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2017_3146 | Topic: Supervisory reporting - FINREP (incl. FB&NPE) | Date of submission: 02/02/2017

Basis of reporting value - C 04.00 row 840 - Own funds based on Fixed Overheads

Please clarify the basis for reporting this number should it be on the basis of a risk weighted exposure or an own funds requirement.exposure at 8%

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2014_1574 | Topic: Supervisory reporting - COREP (incl. IP Losses) | Date of submission: 24/10/2014

Obstacle to the provision of payment initiation and account information services

Should Article 32.3 of Regulation (EU) 2018/389, read together with paragraphs 33 to 41 of the Opinion of the European Banking Authority on obstacles under Article 32(3) of the RTS on SCA and CSC, be interpreted so as to consider that interface implementations that require, in a redirection approach, Payment Initiation Services Providers (PISPs) to always transmit the payer’s IBAN to initiate a payment order, are an obstacle to the provision of payment initiation services because the payment service user is required to manually enter their IBAN while in the PISP’s domain? Should Article 32.3 of Regulation (EU) 2018/389 be interpreted identically where the interface implementations require Account Information Service Providers (AISPs) to always transmit the IBAN(s) of the account(s) to be accessed, therefore requiring the payment service user to manually enter their IBAN(s) while in the AISP’s domain?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2021_5763 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 04/03/2021

Use of new technology for SCA

Is a Payment Services Provider (PSP) allowed to adopt innovative technologies for verifying Payment Services Users (PSUs) where the PSP maintains fraud levels below a certain threshold?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5621 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 16/11/2020

Use of behavioural data for SCA

Can a Payment Service Provider (PSP) use behavioural data and auditable scores to apply Strong customer authentication (SCA) in a way that protects consumer privacy?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5620 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 16/11/2020

Independence of the elements for SCA

Can a Payment Service Provider (PSP) apply Strong customer authentication (SCA) using elements from the same category provided that the elements are independent (i.e. breach of one does not compromise reliability of the other elements)?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5619 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 16/11/2020

On the requirements for 'inherence' in strong customer authentication (SCA)

Do the elements required for ‘inherence’ in strong customer authentication (SCA) provide the complete authentication or can they form a part of an authentication decision with some non-biometric elements and still satisfy the inherence condition, for example, as one element of a user profile of several elements. For example, if the biometric, say keystroke dynamics, provides 50% of the decision and other characteristics (e.g. device data, location data) provide the other 50%, does this satisfy the requirement for inherence assuming the condition for 'very low probability of unauthorised access' is also satisfied and that another SCA condition, 'knowledge' or 'possession' is also satisfied? if so, is there a threshold, say 50%, below which it ceases to qualify as 'inherence'?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5353 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 06/07/2020

Contingency Measures under Article 33

Does fallback access to a secondary instance of the dedicated interface in a different data center with dedicated resources, provide an acceptable strategy and plan for the contingency mechanism?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2019_5054 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 19/12/2019

Application of the strong customer authentication (SCA) in case of refund

Does a refund, which is considered as an electronic payment transaction, be subject to  strong customer authentication (SCA)? Does a merchant that initiates a refund request be considered as a payer? If so, does a Payment service provider (PSP), that holds the payment account of a Merchant, have to set up SCA each time his Merchant is doing a refund from its payment account?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2019_4855 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 06/08/2019

The use of the Collateral Simple and Comprehensive Methods under the Large Exposure regime

Does the phrase "where it is permitted to use" referred to in the third sub-paragraph of Article 403(1) of Regulation (EU) No 575/2013 (CRR) intend to prescribe that the treatment for collateralised exposures specified under Article 403(1)(b) is available for: • those institutions which are allowed to use both the Financial Collateral Simple and Comprehensive Methods?; or • collateral types which are eligible for both methods?

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2014_793 | Topic: Large exposures | Date of submission: 29/01/2014

Legal requirements for the authentication procedure when SCA exemptions are applied for remote payment transactions

What are the legal requirements for the type of authentication procedure used when conditions for the application of of Strong customer authentication (SCA) exemption for remote payment transactions are fulfilled?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5673 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 28/12/2020

How to use bank guarantees instead of PII

Is it acceptable to use third party (other than credit institutions) commitments that are covered by a guarantee from a credit institution as a comparable guarantee instead of professional indemnity insurance (PII)?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2017/08 - Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance

ID: 2020_5335 | Topic: Monetary amount of the professional indemnity insurance | Date of submission: 27/06/2020

Card payments - acquirer

If an acquirer is not able to distinguish whether a card used for a payment is a card with an e-money function, is the acquirer required to report transactions with such cards under the EBA Guidelines on fraud reporting, and if so, under what breakdown?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - EBA Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

ID: 2019_5045 | Topic: Fraud reporting | Date of submission: 13/12/2019

Chip and Signature cards and their inclusion in the remit of RTS Article 11

Is cardholder signature a strong method of authentication when transacting with card present?If so, is there a requirement to ensure that on Chip and Signature cards we step up to signature from contactless after 5 contactless /cumulative value of 150 euros?If a signature is not considered to be strong customer authentication (SCA), are chip and signature cards exempt from SCA requirements under Article 11 of the RTS on strong customer authentication and secure communication?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2018_4342 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 24/10/2018

Trusted Beneficiaries

Article 13 of the RTS on strong customer authentication (SCA) and secure communication does not seem to restrict the use of trusted beneficiaries beside the fact that the payee must be in the list of trusted beneficiaries when initiating the payment transaction. Is it correct to conclude from this that the usage of trusted beneficiaries is not further restricted and can, therefore, also be implemented as a generic beneficiary approval step prior to every initiation of a payment transaction?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2018_4338 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 24/10/2018

NPE calculations of NPE workout options

Should the NPV calculations that paragraph 143 of the EBA Guidelines on management of non-performing and forborne exposures describes be performed with a risk adjusted discount rate, i.e. the original effective interest rate should not be used for these calculations?

Legal act: Directive 2013/36/EU (CRD)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/06 - Guidelines on management of non-performing and forborne exposures

ID: 2019_4814 | Topic: Credit risk | Date of submission: 02/07/2019

Scope of the Covered Bond Exemption as set out in Article 30 of the Margin Rules.

Does the exemption in Article 30 of the Margin Rules concerning OTC derivatives concluded in connection with covered bonds apply where the conditions in Article 30.2 are satisfied in respect of all such covered bonds or only to those covered bonds that are issued by credit institutions that have their registered office in the European Union and which are subject to special public supervision designed to protect bond holders?

Legal act: Regulation (EU) No 648/2012 (EMIR) - only RTS 2016/2251

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2016/2251 - RTS on risk mitigation techniques for OTC derivatives not cleared by a central counterparty (CCP)

ID: 2017_3511 | Topic: Market infrastructures | Date of submission: 04/09/2017

FINREP Payment services Template 22.2

The definition of Payment services has been updated in the FINREP DPM 2.9.2. Can the information asked in template 22.2 row 120 Payment services be removed?

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2020_5399 | Topic: Supervisory reporting - FINREP (incl. FB&NPE) | Date of submission: 31/07/2020

Contingent encumbrance

For Scenario A of Contingent Encumbrance reporting template F34.00, should the 30% decrease in value be assumed for the instrument that is encumbered, or should it be considered whether such an instrument itself has underlying values for which the 30% decrease in value should be assumed?

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2020_5359 | Topic: Supervisory reporting - Asset Encumbrance | Date of submission: 09/07/2020

Validation Rule on C 09.02 Template - V4787

Is validation rule v4787 correct?

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2020_5338 | Topic: Supervisory reporting - COREP (incl. IP Losses) | Date of submission: 30/06/2020