Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

Final Q&As Q&As under review Rejected Q&As Archived Q&As All Q&As

List of Q&A's

Knowledge element of SCA.

Can an API key be considered as a Knowledge element of SCA?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2024_7286
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 29/08/2025

Proxy matrices

Are credit institutions (ASPSPs) allowed to facilitate proxy matrices implemented by their (corporate) clients that allocate proxy to only certain users to invoke the services of third party payment service providers (TPPs)?  

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2024_7265
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 29/08/2025

Obstacles Faced by PISPs in Accessing Payment Status Information Under PSD2

Are ASPSPs allowed to require PISPs to provide any additional identifier beyond what is specified in Article 35.4.b of the RTS in order to access information about the execution of a payment order?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2024_7261
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 29/08/2025

Annex XI, INSTRUCTIONS FOR REPORTING ON LEVERAGE, Derivative cash collateral exposure reporting in C43 template

Where should the cash collateral receivables on derivative transactions related to trading book be disclosed in template C43

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2016/11 - Guidelines on disclosure requirements under Part Eight of CRR
  • ID: 2024_7215
  • Topic: Supervisory reporting - Leverage ratio
  • Date of submission:
  • Published as final Q&A: 29/08/2025

ANNUAL REPORT ON NEW ARRANGEMENTS ON THE USE OF ICT SERVICES

Does Article 28(3) DORA require a separate and specific communication in addition to the Register of Information, or whether the communication of such data is already fulfilled through the annual submission of the same Register, constituting a single compliance obligation? In the event that a separate communication is required in addition to the annual submission of the Register of Information, what is the meaning of the term 'categories of third-party ICT service providers'?

  • Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information
  • ID: 2025_7309
  • Topic: Register of information (DORA)
  • Date of submission:
  • Published as final Q&A: 14/08/2025

Use of conditional sale agreements to season assets by an originator instead of the originator purchasing the assets and then selling the same to a securitisation SPE

Can an entity: (i) who manages and establishes a traditional securitisation; and (ii) where the securitisation special purpose entity (SSPE) enters into a conditional sale agreement with it be classified as the originator and act as an eligible retainer?

  • Legal act: Regulation (EU) No 2017/2402 (SecReg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2021_5851
  • Topic: Securitisation and Covered Bonds
  • Date of submission:
  • Published as final Q&A: 08/08/2025

Meaning of "established in the Union"

Article 18 of the Securitisation Regulation requires that “The originator, sponsor and SSPE involved in a securitisation considered STS shall be established in the Union”: Would this provision deemed to be fulfilled in the case of originators, sponsors and SSPEs established in an EEA country? Would it be deemed to be fulfilled in the case of an originator which is an EU branch of a subsidiary  established in an EEA State pertaining to a banking group established in the EU?

  • Legal act: Regulation (EU) No 2017/2402 (SecReg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2022_6539
  • Topic: Simple Transparent and Standardised securitisation
  • Date of submission:
  • Published as final Q&A: 08/08/2025

Qualification of a branch as originator, designation of Competent Authority and compliance with STS requirements

May a branch of a credit institution be considered as an entity within the meaning of Article 2.3 of the Regulation (EU) 2017/2402 and hence as originator under Article 29(5) thereto?  Should the answer to the above question be affirmative, which Competent Authority (home or host) should be responsible to supervise the STS requirements set out in Articles 18 to 27 of the Regulation (EU) 2017/2402?

  • Legal act: Regulation (EU) No 2017/2402 (SecReg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_6984
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 08/08/2025

Identification of ICT Service Providers

Can the ESAs confirm there is no expectation to capture within the Register of Information the ICT subcontractors of non-ICT service providers?

  • Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_7089
  • Topic: ICT third-party risk management
  • Date of submission:
  • Published as final Q&A: 08/08/2025

How to fill the refPeriod field of the parameters.csv file for the DORA register of information

As part of the DORA register of information packaging process, we are required to include a parameters.csv file that contains a refPeriod field. Could you please confirm what specific date should be used for the refPeriod?

  • Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information
  • ID: 2025_7387
  • Topic: Register of information (DORA)
  • Date of submission:
  • Published as final Q&A: 08/08/2025

Obligation to maintain a register of information for FEs exempt under article 16

 Are financial entities, which according to article 16(1) in DORA are excluded from application of Articles 5 to 15, also are excluded from application of article 28 of DORA?    

  • Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2025_7388
  • Topic: Register of information (DORA)
  • Date of submission:
  • Published as final Q&A: 08/08/2025

Maturity floor for SFT transactions under a master netting agreement that does not fulfill the enforceability criteria of CRR Article 206.

Does the EBA recognise that Securities Financing Transactions (SFT) conducted under an industry master netting agreement (MNA) such as GMRA or GMSLA could be subject to the 5-day floor maturity under CRR Article 162(2)(d) to the extend such MNA (i) meets the requirements of CRR Article 207 (2) to (4) on the eligibility of the collateral but (ii) does not necessarily fulfill the close-out netting enforceability criteria of Article 206 due to local law and absence of robust netting legislation for instance? 

  • Legal act: Regulation (EU) No 575/2013 (CRR)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2025_7397
  • Topic: Credit risk
  • Date of submission:
  • Published as final Q&A: 01/08/2025

Discretionary pension benefits

According to Section 151 of the EBA Guidelines on sound remuneration policies under CRD, EBA/GL/2021/04 (“EBA Guidelines”), pension benefits included in the company’s pension scheme that are not based on performance and that are consistently granted to a category of staff should be considered as part of routine employment packages.  What is the minimum number of persons that can form a category of staff in the meaning of the aforementioned Section? For example, can the Chief Executive Officer and Deputy Chief Executive Officer of an institution together (i.e. two persons) be considered “a category of staff” in the meaning of Section 151 of the EBA Guidelines? 

  • Legal act: Directive 2013/36/EU (CRD)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2021/04 - Guidelines on sound remuneration policies under CRD (repealing EBA/GL/2015/22)
  • ID: 2025_7493
  • Topic: Remuneration
  • Date of submission:
  • Published as final Q&A: 01/08/2025