Search for Q&As

Export options

Select / deselect all results on this page

List of Q&A's

ANNUAL REPORT ON NEW ARRANGEMENTS ON THE USE OF ICT SERVICES

Does Article 28(3) DORA require a separate and specific communication in addition to the Register of Information, or whether the communication of such data is already fulfilled through the annual submission of the same Register, constituting a single compliance obligation? In the event that a separate communication is required in addition to the annual submission of the Register of Information, what is the meaning of the term 'categories of third-party ICT service providers'?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Identification of ICT Service Providers

Can the ESAs confirm there is no expectation to capture within the Register of Information the ICT subcontractors of non-ICT service providers?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

How to fill the refPeriod field of the parameters.csv file for the DORA register of information

As part of the DORA register of information packaging process, we are required to include a parameters.csv file that contains a refPeriod field. Could you please confirm what specific date should be used for the refPeriod?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Obligation to maintain a register of information for FEs exempt under article 16

 Are financial entities, which according to article 16(1) in DORA are excluded from application of Articles 5 to 15, also are excluded from application of article 28 of DORA?    

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Scope of Register of Information for Contractual Arrangements on the use of ICT Services Provided by ICT Third-party Service Providers

According to Article 28(3) of DORA, must an EU parent bank, which has subsidiaries both within and outside the EU, maintain the register of information regarding all contractual arrangements for the use of ICT services only for subsidiaries that are subject to DORA (financial entities established in the EU), or does this requirement extend to subsidiaries established outside the EU for which DORA does not apply?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Elaboration on the meaning of a separated and dedicated network for ICT asset administration

In the "RTS on ICT Risk Management Framework and on simplified ICT Risk Management Framework"; How should we read: ''A separate and dedicated network for ICT asset administration, along with strict prohibition of direct internet access[...]''? (article 13, paragraph 1, sub (c)).A separate and dedicated network could be on-premises, but is a virtual-LAN sufficient? or is it enough to have it in the regular production-LAN with other systems? and what if the CMDB is in a cloud environment? is it then a de facto separated and dedicated network or not?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/1774 – RTS on ICT risk management framework and on simplified ICT risk management framework

The scope of the regulation described in Article 6 mismatches what is presented as an option in the Annex I, Part 2 of the same regulation

Do financial entities must include non-financial entities within the same group in the Register of Information? If not, why is there an option to do so?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Part 2 – Template specific instructions to template B_06.01

Data point B_06.01.0050 is missing from the official ITS templates. Is this data point no longer applicable?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Template specific instructions – primary keys

How to report data fields in case of missing values?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Template specific instructions – field B_05.02.0060 (Identification code of the recipient of sub-contracted ICT services)

How to report data field B_05.02.0060 if the ICT third-party service provider is a direct provider (rank =1)?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Template specific instructions – field B_05.01.0020 (Type of code to identify the ICT third-party service provider)

How to report type of identification code in data field B_05.01.0020 when using codes other than LEI or EUID?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Template specific instructions – field B_04.01.0040 (Identification code of the branch)

How to report data field B_04.01.0040 if the financial entity is not a branch?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Template specific instructions – field B_02.02.0160 (Location of management of the data)

How to report data field B_02.02.0160 where the ICT service is not based or does not foresee data processing?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Template specific instructions – field B_02.02.0130 (Country of the governing law of the contractual arrangement)

How to report field B_02.02.0150 where the ICT service is not related to storage of data (B_02.02.0140 = 'No')?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Template specific instructions – field B_02.02.0130 (Country of the governing law of the contractual arrangement)

How to report field B_02.02.0130 where the ICT service is not supporting a critical or important function considering that according to the data model this data field is a primary key?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Template specific instructions - field B_01.02.0060 (LEI of the direct parent undertaking of the financial entity)

What should be reported in case the financial entity does not have a direct parent undertaking (for example, is the parent undertaking itself) or reports the register on an individual basis?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Template specific instructions – field B_01.02.0050 (Hierarchy of the financial entity within the group)

What does ‘where applicable’ mean in the title of data field B_02.01.0050?  What should be reported in this field in case the entity that is being reported in this template is not a financial entity (i.e., option 22, 23, or 24 was selected in field B_01.02.0040 for the entity type)?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information

Duplicate ICT Incident Reporting

Is duplicate incident reporting via the ECB SSM Cyber Incident Reporting Framework required, alongside DORA incident reporting under Article 19?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Exemption for Non-EU ICT Intra-group Service Providers

Is it accurate to interpret that an ICT intra-group service provider established outside the EU (non-EU country), providing critical services to an EU-based financial institution (parent undertaking), falls within the exemption outlined in Article 31(8) of DORA, thereby exempting the need for establishing a subsidiary within the EU?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Critical Services Affected

Article 6 of the Delegated Act on the Classification of Major Incidents states that: "For the purpose of determining the criticality of the services affected as referred to in Article 18(1), point (e), of Regulation (EU) 2022/2554, financial entities shall assess whether the incident:(a) affects or has affected ICT services or network and information systems that support critical or important functions of the financial entity;(b) affects or has affected financial services provided by the financial entity that require authorisation, registration or that are supervised by competent authorities;(c) constitutes or has constituted a successful, malicious and unauthorised access to the network and information systems of the financial entity." Can you confirm please that ALL three of the components are cumulatively required to trigger the criteria on Critical Services Affected?

Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting

Data

Publications

Media centre

List of Q&A's

ANNUAL REPORT ON NEW ARRANGEMENTS ON THE USE OF ICT SERVICES

Identification of ICT Service Providers

How to fill the refPeriod field of the parameters.csv file for the DORA register of information

Obligation to maintain a register of information for FEs exempt under article 16

Scope of Register of Information for Contractual Arrangements on the use of ICT Services Provided by ICT Third-party Service Providers

Elaboration on the meaning of a separated and dedicated network for ICT asset administration

The scope of the regulation described in Article 6 mismatches what is presented as an option in the Annex I, Part 2 of the same regulation

Part 2 – Template specific instructions to template B_06.01

Template specific instructions – primary keys

Template specific instructions – field B_05.02.0060 (Identification code of the recipient of sub-contracted ICT services)

Template specific instructions – field B_05.01.0020 (Type of code to identify the ICT third-party service provider)

Template specific instructions – field B_04.01.0040 (Identification code of the branch)

Template specific instructions – field B_02.02.0160 (Location of management of the data)

Template specific instructions – field B_02.02.0130 (Country of the governing law of the contractual arrangement)

Template specific instructions – field B_02.02.0130 (Country of the governing law of the contractual arrangement)

Template specific instructions - field B_01.02.0060 (LEI of the direct parent undertaking of the financial entity)

Template specific instructions – field B_01.02.0050 (Hierarchy of the financial entity within the group)

Duplicate ICT Incident Reporting

Exemption for Non-EU ICT Intra-group Service Providers

Critical Services Affected

Regulation (EU) No 575/2013 (CRR)
Directive 2013/36/EU (CRD)
Regulation (EU) No 2022/2554 (DORA Reg)
Regulation (EU) No 2023/1114 (MiCAR)
Regulation (EU) No 2017/2402 (SecReg)
Directive 2009/110/EC (EMD)
Directive (EU) 2019/2034 (IFD)
Directive 2014/17/EU (MCD)
Directive 2002/65/EC (DMD) - relevant parts only
Directive 2014/49/EU (DGSD)
Directive (EU) 2023/2225 (CCD2)
Directive 2014/59/EU (BRRD)
Directive (EU) 2015/849 (AMLD)
Directive 2014/92/EU (PAD)
Directive 2015/2366/EU (PSD2)
Directive 2008/48/EC (CCD) (repealed)
Directive 2022/2556/EU (DORA Dir)
Regulation (EU) 2015/751 (IcFR - Interchange Fee Reg)
Regulation (EU) 2015/847 (WTR) (recast)
Regulation (EU) 2023/1113 (WTR II)
Regulation (EU) 2024/886 (IPR)
Regulation (EU) No 2019/2033 (IFR)
Regulation (EU) No 648/2012 (EMIR) - only RTS 2016/2251
Regulation (EU) No 909/2014 (CSDR) - only RTS 2017/390
Directive 2002/87/EC (FiCOD)
Other

Accounting and auditing
Arrears and foreclosure
Authorisation and registration
Authorisation of issuers of ARTs and EMTs (MiCAR)
Benchmark rate in the ESIS
BRRD Reporting
Capital requirements
Central contact points
Central Contact Points (AML/CFT)
Central register of the EBA
Classification of crypto assets (MiCAR)
Colleges of Supervisors
Colleges of supervisors
Complaints handling (MiCAR)
Complaints handling by payment service providers
Complaints to competent authorities regarding alleged infringements of PSD2)
Complaints-handling by creditors and credit intermediaries
Concentration risk
Conflict of interest (MiCAR)
Cooperation between competent authorities in the supervision of payment institutions operating cross-border
Cooperation within the Union (incl. stress testing)
Credit agreements for consumers
Credit risk
Credit Risk – Non performing exposures / loan origination
Creditworthiness assessments
Cross-border resolution
Customer Due Diligence
Digital operational resilience testing
Discretion to apply CRR/CRD for IF
Early intervention
Electronic fund transfers
External Credit Assessment Institutions (ECAI)
Financial conglomerates
Fixed overheads requirement
Fraud reporting
Funding provisions (financing means, use of funds, borrowing, calculation of contributions)
Governance arrangements (MiCAR)
Highly liquid financial instruments (MiCAR)
ICT risk management
ICT third-party risk management
ICT-related incidents (management / classification / reporting)
Instant payments
Interactions with the BRRD
Interactions with the CRR / CRD IV
Interactions with the CRR / CRD IV and the BRRD
Interactions with the DGS and the BRRD
Interest Rate Risk for Banking Book (IRRBB)
Internal governance
Internal Governance
Intra-group financial support
K-factor requirements
Large exposures
Leverage ratio
Liquidity of the reserve of assets for ARTs (MiCAR)
Liquidity risk
Liquidity risk
Major incidents reporting
Market infrastructures
Market risk
Model validation
Monetary amount of the professional indemnity insurance
MREL
Not applicable
Operational risk
Orderly redemption plans (MiCAR)
Other DORA topics
Other issues
Other issues - IFD
Other MiCAR topics
Other topics
Oversight framework of CTPPs
Own funds
Own Funds (MiCAR)
Passporting
Passporting and supervision of branches
Passporting of mortgage credit intermediaries
Payment accounts
Professional Indemnity Insurance for mortgage credit intermediaries
Provisions applicable to all securitisations
Prudential consolidation
Qualified Holdings (MiCAR)
Recognition, membership and supervision of DGS
Recovery plans
Recovery plans (MiCAR)
Register of information (DORA)
Remuneration
Remuneration
Reporting of ARTs and EMTs (MiCAR)
Resolution financing arrangements
Resolution objectives and triggers
Resolution plans
Resolution safeguards
Resolution tools and powers
Rights of depositors (Eligibility, coverage level, repayable amount, repayment, claim against DGS, depositor information)
Risk Assessment
Sanctions
Scope and definitions (MiCAR)
Securitisation and Covered Bonds
Security measures for operational and security risks
Simple Transparent and Standardised securitisation
Simplified obligations
Special management
Stress testing (MiCAR)
Strong customer authentication and common and secure communication (incl. access)
Suitability of the management body (issuers of ARTs - no CASPS) (MiCAR)
Supervision
Supervision and Sanctions
Supervision of investment firm groups
Supervisory colleges (MiCAR)
Supervisory reporting
Supervisory reporting - Asset Encumbrance
Supervisory reporting - COREP (incl. IP Losses)
Supervisory Reporting - FiCOD
Supervisory reporting - FINREP (incl. FB&NPE)
Supervisory reporting - Funding Plans
Supervisory Reporting - IFR Reporting framework
Supervisory reporting - IRRBB
Supervisory reporting - Large Exposures
Supervisory reporting - Leverage ratio
Supervisory reporting - Liquidity (LCR, NSFR, AMM)
Supervisory reporting - Other
Supervisory reporting - Supervisory Benchmarking
Supervisory review and evaluation (SREP) and Pillar 2
Supervisory review and evaluation (SREP) and Pillar 2
Supplemental requirements for issuers of significant ARTs (MiCAR)
Suspicious Transaction Reporting
Third country branches
Third country policy
Transitional period (MiCAR)
Transparency and Pillar 3
Transparency and Pillar 3
Use of ARTs as a means of exchange (MiCAR)
Valuation
White papers (MiCAR)
Write-down and conversion of capital instruments

Delegated Regulation (EU) 2015/61 - DR with regard to liquidity coverage requirement
EBA/GL/2023/08 - Guidelines on the benchmarking of diversity practices, including diversity policies and gender pay gap
Regulation (EU) 2022/2454 – ITS on the reporting of intra-group transactions and risk concentration for financial conglomerates
Regulation (EU) 2023/2175 - RTS on the risk retention requirements for originators, sponsors, original lenders, and servicers
Regulation (EU) 2024/1772 - RTS on the classification of ICT-related incidents and cyber threats
Regulation (EU) 2024/1774 – RTS on ICT risk management framework and on simplified ICT risk management framework
Regulation (EU) 2024/2956 - ITS on the register of information
Regulation (EU) 2024/857 - RTS on the IRRBB standardised approach
Delegated Regulation (EU) 2015/62 - DR with regard to the leverage ratio
Delegated Regulation (EU) 2015/63 - DR on ex ante contributions to resolution financing arrangements
Delegated Regulation (EU) 2016/1075 - DR on the content of recovery and resolution plans, financial support, independent valuers, contractual recognition of write down and conversion powers, notices of suspension and resolution colleges
Draft ITS on reporting and disclosure requirements for investment firms
Draft ITS on Supervisory Reporting of Institutions
Draft ITS on Supervisory Reporting of Institutions (for benchmarking the internal approaches)
Draft ITS on the provision of information for the purpose of resolution plans
EBA/GL/2013/01 - Guidelines on retail deposits subject to different outflows for purposes of liquidity reporting
EBA/GL/2014/01 - Guidelines on applicable notional discount rate for variable remuneration
EBA/GL/2014/03 - Guidelines on disclosure of encumbered and unencumbered assets
EBA/GL/2014/04 - Guidelines on harmonised definitions and templates for funding plans of credit institutions - repealed by EBA/GL/2019/05
EBA/GL/2014/05 - Guidelines on significant credit risk transfer
EBA/GL/2014/07 - Guidelines on data collection exercise regarding high earners
EBA/GL/2014/08 - Guidelines on remuneration benchmarking exercise
EBA/GL/2014/09 - Guidelines on the types of tests, reviews or exercises that may lead to support measures
EBA/GL/2014/10 - Guidelines on criteria to identify other systemically important institutions (O-SIIs)
EBA/GL/2014/11 - Guidelines on measures to reduce or remove impediments to resolvability
EBA/GL/2014/13 - Guidelines on common procedures and methodologies for the SREP
EBA/GL/2014/14 - Guidelines on materiality, proprietary, confidentiality and disclosure frequency under Pillar 3
EBA/GL/2015/03 - Guidelines on triggers for use of early intervention measures
EBA/GL/2015/04 - Guidelines on the effectiveness of the sale of business tool
EBA/GL/2015/05 - Guidelines on the asset separation tool
EBA/GL/2015/06 - Guidelines on the minimum list of services or facilities
EBA/GL/2015/07 - Guidelines on failing or likely to fail
EBA/GL/2015/08 - Guidelines on the management of interest rate risk arising from non-trading activities
EBA/GL/2015/09 - Guidelines on payment commitments
EBA/GL/2015/10 - Guidelines on methods for calculating contributions to deposit guarantee schemes
EBA/GL/2015/11 - Guidelines on creditworthiness assessment
EBA/GL/2015/12 - Guidelines on arrears and foreclosure
EBA/GL/2015/16 - Guidelines on the application of simplified obligations under Article 4(5) of Directive 2014/59/EU
EBA/GL/2015/17 - Guidelines specifying the conditions for group financial support under Article 23 of Directive 2014/59/EU
EBA/GL/2015/19 - Guidelines on passport notifications
EBA/GL/2015/20 - Guidelines on limits on exposures to shadow banking entities which carry out banking activities outside a regulated framework under Article 395(2) of CRR
EBA/GL/2016/02 - Guidelines on cooperation agreements between deposit guarantee schemes
EBA/GL/2016/07 - Guidelines on the application of the definition of default under Article 178 CRR
EBA/GL/2016/08 - Guidelines on implicit support for securitisation transactions
EBA/GL/2016/09 - Guidelines on corrections to modified duration for debt instruments under Article 340(3) CRR
EBA/GL/2016/10 - Guidelines on ICAAP and ILAAP information collected for SREP purposes
EBA/GL/2016/11 - Guidelines on disclosure requirements under Part Eight of CRR
EBA/GL/2017/01 - Guidelines on LCR disclosure to complement the disclosure of liquidity risk management under Article 435 CRR
EBA/GL/2017/05 - Guidelines on ICT Risk Assessment under SREP
EBA/GL/2017/06 - Guidelines on credit institutions' credit risk management practices and accounting for expected credit losses
EBA/GL/2017/08 - Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance
EBA/GL/2017/09 - Guidelines on authorisation and registration under PSD2
EBA/GL/2017/13 - Guidelines on procedures for complaints of alleged infringements under PSD2
EBA/GL/2017/14 - Guidelines on supervision of significant branches
EBA/GL/2017/15 - Guidelines on connected clients under Article 4(1)(39) CRR
EBA/GL/2017/16 - Guidelines on PD estimation, LGD estimation and the treatment of defaulted exposures
EBA/GL/2018/01 - Guidelines on uniform disclosure requirements on IFRS 9 transitional arrangements
EBA/GL/2018/02 - Guidelines on the management of interest rate risk arising from non-trading book activities
EBA/GL/2018/03 - Guidelines on the revised common procedures and methodologies for SREP and supervisory stress testing (consolidated version)
EBA/GL/2018/04 - Guidelines on institutions' stress testing
EBA/GL/2018/05 - Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)
EBA/GL/2018/06 - Guidelines on management of non-performing and forborne exposures
EBA/GL/2018/07 - Guidelines on the exemption from the contingency mechanism under Regulation (EU) 2018/389
EBA/GL/2018/08 - Guidelines on the STS criteria for ABCP securitisation
EBA/GL/2018/09 - Guidelineson the STS criteria for non-ABCP securitisation
EBA/GL/2018/10 - Guidelines on disclosure of non-performing and forborne exposures
EBA/GL/2019/01 - Guidelines on specification of types of exposures to be associated with high risk under Article 128(3) of CRR
EBA/GL/2019/02 - Guidelines on outsourcing arrangements
EBA/GL/2019/03 - Guidelines for the estimation of LGD appropriate for an economic downturn
EBA/GL/2019/04 – Guidelines on ICT and security risk management - repealing EBA/GL/2017/17
EBA/GL/2019/05 – Guidelines on harmonised definitions and templates for funding plans of credit institutions under Recommendation A4 of ESRB/2012/2 - repealing EBA/GL/2014/04
EBA/GL/2020/04 - Guidelines on the determination of weighted average maturity (WAM) of contractual payments due under the tranche per of Article 257(1) (a) CRR
EBA/GL/2020/05 - Guidelines on credit risk mitigation for institutions applying the IRB approach with own estimates of LGDs
EBA/GL/2020/06 - Guidelines on loan origination and monitoring
EBA/GL/2020/09 - Guidelines on the treatment of structural FX under Article 352(2) of CRR
EBA/GL/2020/13 - Guidelines on the appropriate subsets of sectoral exposures to which competent or designated authorities may apply a systemic risk buffer in accordance with Article 133(5)(f) of CRD
EBA/GL/2020/14 - Guidelines on the specification and disclosure of systemic importance indicators
EBA/GL/2021/01 - Guidelines specifying the conditions for the application of the alternative treatment of institutions’ exposures related to ‘tri-party repurchase agreements’ set out in Article 403(3) of CRR
EBA/GL/2021/02 - Guidelines on customer due diligence and the factors institutions should consider when assessing the ML /TF risk associated with individual business relationships and occasional transactions under Articles 17 and 18(4) of AMLD
EBA/GL/2021/03 - Guidelines on major incident reporting under PSD2 - repealing EBA/GL/2017/10
EBA/GL/2021/04 - Guidelines on sound remuneration policies under CRD (repealing EBA/GL/2015/22)
EBA/GL/2021/05 - Guidelines on internal governance under CRD - repealing EBA/GL/2017/11
EBA/GL/2021/06 - Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body and key function holders under CRD and MiFID - repealing EBA/GL/2017/12
EBA/GL/2021/07 - Guidelines on criteria for the use of data inputs in the risk-measurement model referred to in Article 325bc of CRR
EBA/GL/2021/08 - Guidelines on the monitoring of the threshold and other procedural aspects on the establishment of intermediate EU parent undertakings under Article 21b of CRD
EBA/GL/2021/09 - Guidelines specifying criteria to assess exceptional cases when institutions exceed the large exposure limits of Article 395(1) CRR and time and measures to return to compliance under Article 396(3) CRR
EBA/GL/2021/10 - Revised Guidelines on stress tests of deposit guarantee schemes under DGSD (repealing and replacing EBA/GL/2016/04)
EBA/GL/2021/11 - Guidelines on recovery plan indicators under Article 9 BRRD - repealing EBA/GL/2015/02
EBA/GL/2021/12 - Guidelines on a common assessment methodology for granting authorisation as a credit institution under Article 8(5) CRD
EBA/GL/2021/13 - Guidelines on sound remuneration policies under Directive (EU) 2019/2034
EBA/GL/2021/14 - Guidelines on internal governance under Directive (EU) 2019/2034
EBA/GL/2021/17 - Guidelines on the delineation and reporting of available financial means (AFM) of DGS
EBA/GL/2022/02 - Guidelines on the limited network exclusion
EBA/GL/2022/03 - Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP) and supervisory stress testing under Directive 2013/36/EU
EBA/GL/2022/08 – Guidelines on the data collection exercises regarding high earners
EBA/GL/2022/14 - Guidelines on interest rate risk arising from non-trading book activities
EBA/REC/2017/03 - Recommendation on outsourcing to cloud service providers
JC/GL/2016/72 - Guidelines on risk based AML/CFT supervision
JC/GL/2017/16 - Guidelines to prevent the abuse of fund transfers for ML/TF purposes
JC/GL/2018/35 - Joint Committee Guidelines on complaints-handling for the securities and banking sectors
JC/GL/2019/81 - Guidelines on cooperation and information exchange for AML/CFT supervision purposes
Not applicable
Regulation (EU) 2015/2197 - ITS on closely correlated currencies (as amended)
Regulation (EU) 2015/233 - ITS on currencies with an extremely narrow definition of central bank eligibility
Regulation (EU) 2015/2344 - ITS on currencies with constraints on the availability of liquid assets
Regulation (EU) 2015/585 - RTS for the specification of margin periods of risk
Regulation (EU) 2015/942 - RTS on materiality of extensions and changes in internal approaches for market risk
Regulation (EU) 2016/100 - ITS specifying the joint decision process with regard to the application for certain prudential permissions
Regulation (EU) 2016/101 - RTS for prudent valuation under Article 105(14) CRR
Regulation (EU) 2016/1400 - RTS on business reorganisation plan content
Regulation (EU) 2016/1450 - RTS specifying criteria for MREL (minimum requirements for liabilities eligible for bail-in)
Regulation (EU) 2016/1799 - ITS with regard to the mapping of credit assessments of external credit assessment institutions
Regulation (EU) 2016/200 - ITS on disclosure of the leverage ratio for institutions
Regulation (EU) 2016/2070 - ITS on Supervisory Reporting (for benchmarking the internal approaches) (as amended)
Regulation (EU) 2016/2251 - RTS on risk mitigation techniques for OTC derivatives not cleared by a central counterparty (CCP)
Regulation (EU) 2016/709 - RTS specifying the conditions for the application of the derogations concerning currencies with constraints on the availability of liquid assets
Regulation (EU) 2016/911 - ITS on disclosure of group financial support agreement
Regulation (EU) 2016/962 - ITS on proportionality notifications templates
Regulation (EU) 2016/98 - RTS specifying the general conditions for the functioning of colleges of supervisors
Regulation (EU) 2016/99 - ITS determining the operational functioning of colleges of supervisors
Regulation (EU) 2017/1230 - RTS on criteria for preferential outflow or inflow rate for cross-border undrawn credit or liquidity facilities within a group or IPS
Regulation (EU) 2017/2055 - RTS on passporting under PSD2
Regulation (EU) 2017/208 - RTS for additional liquidity outflows corresponding to collateral needs resulting from the impact of an adverse market scenario on an institution's derivatives transactions
Regulation (EU) 2017/323 correcting Regulation (EU) 2016/2251 – RTS on risk mitigation techniques for OTC derivatives not cleared by a central counterparty (CCP)
Regulation (EU) 2017/390 - RTS on prudential requirements of CSDs (CSDR-related)
Regulation (EU) 2018/1108 - RTS on CCP to strengthen fight against financial crime
Regulation (EU) 2018/1624 - ITS on the provision of information for resolution plans
Regulation (EU) 2018/171 - RTS on the materiality threshold for credit obligations past due
Regulation (EU) 2018/33 - ITS with regard to the standardised presentation format of the statement of fees
Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Regulation (EU) 2018/728 - RTS for excluding transactions with third country non-financial counterparties from own funds requirement for CVA risk
Regulation (EU) 2019/348 - RTS on simplified obligations for recovery and resolution planning
Regulation (EU) 2019/410 - ITS on EBA register under PSD2
Regulation (EU) 2019/411 - RTS on EBA register under PSD2
Regulation (EU) 2019/758 – RTS on implementation of group wide AML/CFT policies in third countries
Regulation (EU) 2020/1423 - RTS on central contact points under PSD2
Regulation (EU) 2021/2153 - RTS on the criteria for subjecting certain investment firms to the CRR (EUR 5bn)
Regulation (EU) 2021/2154 - RTS on Identified Staff
Regulation (EU) 2021/2155 - RTS on Instruments variable remuneration
Regulation (EU) 2021/2284 - ITS on Disclosure of Own funds
Regulation (EU) 2024/3117 - ITS on supervisory reporting of institutions
Regulation (EU) 2021/2284 - ITS on Reporting and disclosures of Investment firms
Regulation (EU) 2021/451 – ITS on supervisory reporting of institutions (repealed)
Regulation (EU) 2021/453 - ITS with regard to the specific reporting requirements for market risk
Regulation (EU) 2021/622 – ITS with regard to uniform reporting templates, instructions and methodology for reporting on MREL
Regulation (EU) 2021/637 - ITS with regard to disclosures of information referred to in Titles II and III of Part Eight CRR
Regulation (EU) 2021/763 – ITS with regard to the supervisory reporting and public disclosure of MREL
Regulation (EU) 2022/2453 - ITS on ESG disclosures
Regulation (EU) 2022/76 - RTS to specify adjustments to the K-DTF coefficients
Regulation (EU) No 1030/2014 - ITS on disclosure of values used to identify global systemically important institutions (as amended)
Regulation (EU) No 1125/2014 - RTS-on PII for mortgage credit intermediaries
Regulation (EU) No 1151/2014 - RTS on information to be notified when exercising the right of establishment and the freedom to provide services
Regulation (EU) No 1152/2014 - RTS on the identification of the geographical location of relevant credit exposures for institution-specific countercyclical capital buffer rate
Regulation (EU) No 1187/2014 - RTS for determining the overall exposure to a client or a group of connected clients in respect of transactions with underlying assets
Regulation (EU) No 1222/2014 - RTS on methodology for the identification of global systemically important institutions (GSII) and the definition of GSII subcategories
Regulation (EU) No 1423/2013 - ITS on disclosure of own funds requirements
Regulation (EU) No 183/2014 - RTS for the calculation of specific and general credit risk adjustments
Regulation (EU) No 241/2014 - RTS for Own Funds requirements for institutions
Regulation (EU) No 484/2014 - ITS on hypothetical capital of a CCP
Regulation (EU) No 523/2014 - RTS on close correspondence between the values of an institution's covered bonds and assets
Regulation (EU) No 524/2014 - RTS on information exchange between home and host competent authorities
Regulation (EU) No 525/2014 - RTS on the definition of market
Regulation (EU) No 526/2014 - RTS on proxy spread and limited smaller portfolios for CVA risk
Regulation (EU) No 527/2014 - RTS on classes of other instruments appropriate for the purposes of variable remuneration
Regulation (EU) No 528/2014 - RTS on non-delta risk of options in the standardised market risk approach
Regulation (EU) No 529/2014 - RTS on materiality of extensions and changes in the advanced approaches (IRB and AMA)
Regulation (EU) No 530/2014 - RTS on materiality of thresholds for internal approaches to specific risk in the trading book
Regulation (EU) No 602/2014 - ITS for the convergence of supervisory practices regarding the implementation of additional risk weights
Regulation (EU) No 604/2014 - RTS Remuneration: criteria to identify categories of staff
Regulation (EU) No 620/2014 - ITS on information exchange between home and host competent authorities
Regulation (EU) No 625/2014 - RTS on requirements for investor, sponsor, original lenders and originator institutions of transferred credit risk exposures
Regulation (EU) No 650/2014 - ITS on disclosure by competent authorities
Regulation (EU) No 680/2014 - ITS on supervisory reporting of institutions (repealed)
Regulation (EU) No 710/2014 - ITS on joint decision process for institution-specific prudential requirements
Regulation (EU) No 926/2014 - ITS on notifications relating to the exercise of the right of establishment and the freedom to provide services
Regulation (EU) No 945/2014 - ITS on relevant appropriately diversified indices