Search for Q&As Submit a question

List of Q&As

Use of new technology for SCA

Is a Payment Services Provider (PSP) allowed to adopt innovative technologies for verifying Payment Services Users (PSUs) where the PSP maintains fraud levels below a certain threshold?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5621 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 16/11/2020 | Date of publication: 23/04/2021

Use of behavioural data for SCA

Can a Payment Service Provider (PSP) use behavioural data and auditable scores to apply Strong customer authentication (SCA) in a way that protects consumer privacy?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5620 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 16/11/2020 | Date of publication: 23/04/2021

Independence of the elements for SCA

Can a Payment Service Provider (PSP) apply Strong customer authentication (SCA) using elements from the same category provided that the elements are independent (i.e. breach of one does not compromise reliability of the other elements)?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5619 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 16/11/2020 | Date of publication: 23/04/2021

On the requirements for 'inherence' in strong customer authentication (SCA)

Do the elements required for ‘inherence’ in strong customer authentication (SCA) provide the complete authentication or can they form a part of an authentication decision with some non-biometric elements and still satisfy the inherence condition, for example, as one element of a user profile of several elements. For example, if the biometric, say keystroke dynamics, provides 50% of the decision and other characteristics (e.g. device data, location data) provide the other 50%, does this satisfy the requirement for inherence assuming the condition for 'very low probability of unauthorised access' is also satisfied and that another SCA condition, 'knowledge' or 'possession' is also satisfied? if so, is there a threshold, say 50%, below which it ceases to qualify as 'inherence'?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5353 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 06/07/2020 | Date of publication: 23/04/2021

Contingency Measures under Article 33

Does fallback access to a secondary instance of the dedicated interface in a different data center with dedicated resources, provide an acceptable strategy and plan for the contingency mechanism?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2019_5054 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 19/12/2019 | Date of publication: 23/04/2021

Application of the strong customer authentication (SCA) in case of refund

Does a refund, which is considered as an electronic payment transaction, be subject to  strong customer authentication (SCA)? Does a merchant that initiates a refund request be considered as a payer? If so, does a Payment service provider (PSP), that holds the payment account of a Merchant, have to set up SCA each time his Merchant is doing a refund from its payment account?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2019_4855 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 06/08/2019 | Date of publication: 23/04/2021

The use of the Collateral Simple and Comprehensive Methods under the Large Exposure regime

Does the phrase "where it is permitted to use" referred to in the third sub-paragraph of Article 403(1) of Regulation (EU) No 575/2013 (CRR) intend to prescribe that the treatment for collateralised exposures specified under Article 403(1)(b) is available for: • those institutions which are allowed to use both the Financial Collateral Simple and Comprehensive Methods?; or • collateral types which are eligible for both methods?

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

ID: 2014_793 | Topic: Large exposures | Date of submission: 29/01/2014 | Date of publication: 20/04/2021

Legal requirements for the authentication procedure when SCA exemptions are applied for remote payment transactions

What are the legal requirements for the type of authentication procedure used when conditions for the application of of Strong customer authentication (SCA) exemption for remote payment transactions are fulfilled?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2020_5673 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 28/12/2020 | Date of publication: 09/04/2021

How to use bank guarantees instead of PII

Is it acceptable to use third party (other than credit institutions) commitments that are covered by a guarantee from a credit institution as a comparable guarantee instead of professional indemnity insurance (PII)?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2017/08 - Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance

ID: 2020_5335 | Topic: Monetary amount of the professional indemnity insurance | Date of submission: 27/06/2020 | Date of publication: 09/04/2021

Card payments - acquirer

If an acquirer is not able to distinguish whether a card used for a payment is a card with an e-money function, is the acquirer required to report transactions with such cards under the EBA Guidelines on fraud reporting, and if so, under what breakdown?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)

ID: 2019_5045 | Topic: Fraud reporting | Date of submission: 13/12/2019 | Date of publication: 09/04/2021

Chip and Signature cards and their inclusion in the remit of RTS Article 11

Is cardholder signature a strong method of authentication when transacting with card present?If so, is there a requirement to ensure that on Chip and Signature cards we step up to signature from contactless after 5 contactless /cumulative value of 150 euros?If a signature is not considered to be strong customer authentication (SCA), are chip and signature cards exempt from SCA requirements under Article 11 of the RTS on strong customer authentication and secure communication?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2018_4342 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 24/10/2018 | Date of publication: 09/04/2021

Trusted Beneficiaries

Article 13 of the RTS on strong customer authentication (SCA) and secure communication does not seem to restrict the use of trusted beneficiaries beside the fact that the payee must be in the list of trusted beneficiaries when initiating the payment transaction. Is it correct to conclude from this that the usage of trusted beneficiaries is not further restricted and can, therefore, also be implemented as a generic beneficiary approval step prior to every initiation of a payment transaction?

Legal act: Directive 2015/2366/EU (PSD2)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ID: 2018_4338 | Topic: Strong customer authentication and common and secure communication (incl. access) | Date of submission: 24/10/2018 | Date of publication: 09/04/2021

NPE calculations of NPE workout options

Should the NPV calculations that paragraph 143 of the EBA Guidelines on management of non-performing and forborne exposures describes be performed with a risk adjusted discount rate, i.e. the original effective interest rate should not be used for these calculations?

Legal act: Directive 2013/36/EU (CRD)

COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/06 - Guidelines on management of non-performing and forborne exposures

ID: 2019_4814 | Topic: Credit risk | Date of submission: 02/07/2019 | Date of publication: 09/04/2021

Scope of the Covered Bond Exemption as set out in Article 30 of the Margin Rules.

Does the exemption in Article 30 of the Margin Rules concerning OTC derivatives concluded in connection with covered bonds apply where the conditions in Article 30.2 are satisfied in respect of all such covered bonds or only to those covered bonds that are issued by credit institutions that have their registered office in the European Union and which are subject to special public supervision designed to protect bond holders?

Legal act: Regulation (EU) No 648/2012 (EMIR) - only RTS 2016/2251

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2016/2251 - RTS on risk mitigation techniques for OTC derivatives not cleared by a central counterparty (CCP)

ID: 2017_3511 | Topic: Market infrastructures | Date of submission: 04/09/2017 | Date of publication: 19/03/2021

FINREP Payment services Template 22.2

The definition of Payment services has been updated in the FINREP DPM 2.9.2. Can the information asked in template 22.2 row 120 Payment services be removed?

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2020_5399 | Topic: Supervisory reporting - FINREP (incl. FB&NPE) | Date of submission: 31/07/2020 | Date of publication: 19/03/2021

Contingent encumbrance

For Scenario A of Contingent Encumbrance reporting template F34.00, should the 30% decrease in value be assumed for the instrument that is encumbered, or should it be considered whether such an instrument itself has underlying values for which the 30% decrease in value should be assumed?

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2020_5359 | Topic: Supervisory reporting - Asset Encumbrance | Date of submission: 09/07/2020 | Date of publication: 19/03/2021

Validation Rule on C 09.02 Template - V4787

Is validation rule v4787 correct?

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2020_5338 | Topic: Supervisory reporting - COREP (incl. IP Losses) | Date of submission: 30/06/2020 | Date of publication: 19/03/2021

Reporting of International Organizations not treated as sovereign in template C43

Should exposures to International Organizations not treated as sovereign be included in Row 160 of template C43?

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2020_5309 | Topic: Supervisory reporting - COREP (incl. IP Losses) | Date of submission: 16/06/2020 | Date of publication: 19/03/2021

Fair value changes of the hedged items in portfolio hedge of interest rate risk in Prudent Valuation

How should fair value changes of the hedged items in portfolio hedge of interest rate risk be reported in the context of Prudent Valuation in COREP C 32.01?

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2020_5303 | Topic: Supervisory reporting - COREP (incl. IP Losses) | Date of submission: 15/06/2020 | Date of publication: 19/03/2021

Reporting of positions in a securitisation that has not achieved SRT in C14.01.

It is not clear whether these positions should be reported in C14.01, or under which approach.

Legal act: Regulation (EU) No 575/2013 (CRR)

COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (as amended)

ID: 2020_5252 | Topic: Supervisory reporting - COREP (incl. IP Losses) | Date of submission: 13/05/2020 | Date of publication: 19/03/2021