Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

Final Q&As Q&As under review Rejected Q&As Archived Q&As All Q&As

List of Q&A's

Prudential consolidation of special funds

Strictly following the instructions for presenting fully owned CIUs in FINREP leads to possibly unwanted outcomes as compared to IFRS accounts. Can competent authorities allow for fully owned CIUs to be consolidated in order to allow for the use of a look-through approach for FINREP?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions
  • ID: 2020_5668
  • Topic: Supervisory reporting - FINREP (incl. FB&NPE)
  • Date of submission:
  • Published as final Q&A: 26/11/2021

Include all entities which belong to a group of connected clients in Large exposure templates

Should credit institution report all entities which belong to a group of connected clients in their C 29.00 template, including those which do not have any direct or indirect exposure with this credit institution?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions
  • ID: 2019_4525
  • Topic: Supervisory reporting - Large Exposures
  • Date of submission:
  • Published as final Q&A: 26/11/2021

EAD for over-collateralised securities financing transactions under the Financial Collateral Comprehensive Method

For SFTs which are over-collateralised (the collateral received exceeds the exposure thus generating an EAD of zero), how should they be represented in the C07 template, if at all?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions
  • ID: 2015_2010
  • Topic: Supervisory reporting - COREP (incl. IP Losses)
  • Date of submission:
  • Published as final Q&A: 26/11/2021

Elements of possession (SIM card) and knowledge (knowledge-based responses to challenges or questions)

1. Can evidence of possession (SIM card) can also be verified by reading and identifying the phone number used for the phone call? 2. Can a knowledge element be based on a) transaction history of the customer; b) contact information of the customer?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2020_5215
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 05/11/2021

Merchant IDs and SCA

In the situation where Strong Consumer Authentication (SCA) was completed at the time of completing a hotel booking by an Online Travel Agent (OTA) or hotelbrand.com under their Merchant ID but the actual payment will take place at the time of arrival: will the SCA authentication token remain valid for the hotel (merchant) making the charges and its respective Merchant ID?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4797
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 05/11/2021

Updated: Operational Risk - Gross Losses & Rapidly recovered loss events

A credit institution recently changed the scope of the gross losses for operational risk reported in COREP. The credit institution explained that they do not automatically report some types of incidents in the ‘gross losses’ for operational risk in COREP (C17.01a) when the amount is recovered after 5 days. We refer here to transfer of cash involving e.g. a human input error whereby a cash amount is transferred for a far greater size than intended, at the wrong price, or with any number of other input errors, or to the wrong counterparty. The credit institution explained that gross losses for operational risk should be reported in COREP only if there is a P&L movement in the financial statements. Therefore, if the credit institution considers that there is a high probability to recover the amount linked to the operational risk event, even if they recover the money after more than 5 days, they will not increment any amount in the financial statements, they do not consider it as loss, and therefore they will not report the amount in the COREP ‘gross losses’ for operational risk. According to us, the competent authorities, this interpretation seems to be incorrect. Our interpretation is that the gross losses for operational risk in COREP should not be dependent on the decision of the credit institution to book losses in its financial statements for this operational risk event. Therefore, if there is an operational risk event, the amount should be reported in COREP in the ‘gross losses’ for operational risk. The only exception is if the losses are recovered within 5 days, in which case it is considered as a “rapidly recovered loss events” and can be deducted from the reported gross losses in COREp (C17.01a) Could you please clarify which interpretation is correct?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions
  • ID: 2020_5261
  • Topic: Supervisory reporting - COREP (incl. IP Losses)
  • Date of submission:
  • Published as final Q&A: 15/10/2021

Leasing - Contagion du défaut aux paiements minimaux - Default contagion for minimum payments

En méthode standard, dans le cadre de contrat de crédit-bail mobilier (leasing véhicule), si plus de trois mois de loyers sont impayés, le déclassement "en défaut" doit-il s'appliquer à ces seuls loyers échus impayés ou une contagion du défaut doit-elle impérativement s'appliquer à l'ensemble des loyers prévisionnels non encore échus (paiements minimaux prévus au contrat de crédit-bail : cf. article 134-7 CRR) ? Under the standardised method, in the context of equipment leasing (vehicle lease), if more than three months of the lease are unpaid, must the default definition be applied to these due and unpaid payments of the lease only, or is it essential that a default contagion be applied to all projected lease payments which are not yet due (minimum payments provided for in the lease: see Article 134(7) CRR?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2016/07 - Guidelines on the application of the definition of default under Article 178 CRR
  • ID: 2020_5357
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 01/10/2021

Commitment received to upgrade collateral from Level 2B to Level 1

If a credit institution received a unilateral commitment from another credit institution to trade in 2 business days a collateral upgrade from Level 2B assets to Level 1 assets which last more than 35 business days, could this trade be considered as an inflow?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Delegated Regulation (EU) 2015/61 - DR with regard to liquidity coverage requirement
  • ID: 2019_4971
  • Topic: Liquidity risk
  • Date of submission:
  • Published as final Q&A: 24/09/2021

Partially collateralised loans: CCF - collateral simple method approach

How is the RWA is calculated for the undrawn amount of a partially collateralised loan?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2019_4986
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 24/09/2021

LCR treatment of settled-to-market derivatives

Should settlement payments (or receipts) made in the context of derivatives structured as "settled-to-market" (or "STM") be considered under Article 2(1) of Delegated Regulation (EU) 2017/208?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2017/208 - RTS for additional liquidity outflows corresponding to collateral needs resulting from the impact of an adverse market scenario on an institution's derivatives transactions
  • ID: 2019_5020
  • Topic: Liquidity risk
  • Date of submission:
  • Published as final Q&A: 24/09/2021

Is a financial counter-incentive which is triggered in case of a default of a borrower on certain specific contractual obligations considered as an incentive to redeem?

Would a subordinated loan agreement clause, under the terms of which contractual penalties or other similar financial counter-incentives are triggered in case of a default of a borrower on certain specific contractual obligations be considered a provision, which includes an incentive for the principal amount of the subordinated loan to be repaid prior to its maturity?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) No 241/2014 - RTS for Own Funds requirements for institutions
  • ID: 2020_5202
  • Topic: Own funds
  • Date of submission:
  • Published as final Q&A: 24/09/2021

Territorial scope of the Guidelines on outsourcing arrangements in relation to supervisory cooperation requirements for credit institutions

1. Is it correct to conclude that the cooperation requirements under paragraph 63 of the Guidelines on outsourcing arrangements should be complied with in regard to EU establishments only, considering the distribution of responsibilities between competent supervisors set out in relevant EU law? 2. If a service provider is part of a third-country group but is located in an EU Member State as a separate legal entity, should it be considered outside of the scope of paragraph63 of the GLs?

  • Legal act: Directive 2013/36/EU (CRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5245
  • Topic: Internal governance
  • Date of submission:
  • Published as final Q&A: 24/09/2021

Risk weight for the credit risk of third countries with supervisory and regulatory arrangements at least equivalent to those applied in the Union according to Article 114(7) CRR

If an institution has an exposure to a third country which has supervisory and regulatory arrangements at least equivalent to those applied in the Union (such as Turkey) but do not have fully corresponding liabilities denominated in that currency to cover the entire exposure, what risk weight for the credit risk should assigned to the exposure of this country?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5294
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 24/09/2021

Allocation of direct costs associated with the realisation of funded credit protection in case of partial coverage of an exposure by unfunded credit protection

Does paragraph 38(c) of the EBA/GL/2020/05 require the allocation of direct costs associated with the realisation of the funded credit protection to the part of the exposure that is covered by the funded credit protection?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2020/05 - Guidelines on credit risk mitigation for institutions applying the IRB approach with own estimates of LGDs
  • ID: 2021_5677
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 24/09/2021

Interpreting the definitions of "client activity" and "unexpected" in modern financial services market in the context of CRR

Are “top ups” a “client activity” as defined in Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012 (herein ‘CRR')? How “unexpected” should they be interpreted in the modern payments environment?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5341
  • Topic: Large exposures
  • Date of submission:
  • Published as final Q&A: 24/09/2021

Counterparties referred to in Article 428h (1) (c) CRR

Does Article 428h (1) (c) of regulation 2019/876, amending Regulation No 575/2013, imply that the counterparty necessarily must be a bank? More specifically, would this condition also be met if the counterparty is a private limited liabilities company, which according to Regulation 575/2013 is not required to apply the NSFR?

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5253
  • Topic: Liquidity risk
  • Date of submission:
  • Published as final Q&A: 24/09/2021

Requirements towards SCA if association is done based on phone call

Does the requirement to apply Strong customer authentication (SCA) under Article 24 paragraph 2 b of Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication apply when customer is served using telephone call? Or is the only possibility to associate authentication credentials with the customer not having active credentials at hand, only possible having customer present?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2020_5650
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 24/09/2021

Delegation of 2-Factor Authentication (2FA) to PISP, AISP or other third party

Where a Payment Service Provider (PSP) is providing financial services via a third party application - either through a Payment Initiation Services Provider (PISP), Account Information Service Provider (AISP) or by providing embedded financial products or banking as a service solutions (i.e. financial services via an Application Programming Interface (API)) - is it permitted for the PSP to delegate the application of 2-Factor Authentication (2FA) to the third party?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2020_5643
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 24/09/2021

Association with the payment service user by means of a remote channel

Is it sufficient to use a company level knowledge element, in combination with a peronal posession element to associate a user of a business application with personalised security credentials such as authentication software or a knowledge element?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2020_5626
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 24/09/2021

Clarification on level of protection required for the processing of the IBAN outside the inter-PSP environment

Can the IBAN of the payer or payee be handled in cleartext outside the inter Payment Service Provider (PSP) environment? For instance could a payer’s IBAN be contained in cleartext in a payer-presented QR-code provided by the payer’s device to the merchant’s point of interaction for the initiation of an (instant) credit transfer? Or could a merchant’s IBAN be contained in cleartext in a merchant-presented QR-code at the merchant’s point of interaction to be read by the payer’s device for the initiation of an (instant) credit transfer?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2020_5477
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 24/09/2021