Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

Final Q&As Q&As under review Rejected Q&As Archived Q&As All Q&As

List of Q&A's

Minimum monetary amount of professional indemnity insurance in ongoing supervision

Are points 5.4, 5.7, 5.10 and 7.4 of EBA/GL/2017/08 guideline applicable only while applying for authorisation or in ongoing supervision as well? Is 50 000 per indicator minimal amount after authorisation procedure/first year as well?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2017/08 - Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance
  • ID: 2025_7317
  • Topic: Monetary amount of the professional indemnity insurance
  • Date of submission:

Knowledge element of SCA.

Can an API key be considered as a Knowledge element of SCA?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2024_7286
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:

Proxy matrices

Are credit institutions (ASPSPs) allowed to facilitate proxy matrices implemented by their (corporate) clients that allocate proxy to only certain users to invoke the services of third party payment service providers (TPPs)?  

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2024_7265
  • Topic: Other topics
  • Date of submission:

Obstacles Faced by PISPs in Accessing Payment Status Information Under PSD2

Are ASPSPs allowed to require PISPs to provide any additional identifier beyond what is specified in Article 35.4.b of the RTS in order to access information about the execution of a payment order?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2024_7261
  • Topic: Other topics
  • Date of submission:

Payment service user - both payer and payee

Can a payment service user be both payer and payee on a money remittance service?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_7184
  • Topic: Other topics
  • Date of submission:

Transactions executed via electronic mail (email)

Do transactions ordered by email and executed by an employee of the payment service provider, e.g., credit transfers orders sent from the e-mail address of the payer to the e-mail address of the payment service provider and executed accordingly qualify as transactions executed through a remote channel, at-distance channel or a payment instrument which may imply a risk of payment fraud or other abuses, pursuant to Article 69, Article 70, Article 72 and Article 97(1)(c) PSD2?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2024_7150
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:

Exclusion of cash withdrawal services from PSD2

Is it a prerequisite for an ATM operator,to qualify for the exemption of article 3(o), to co-operate with a Payment Service Provider (authorised within the EEA or with a relative passport where necessasry) offering payment service number 2 of the Annex 1 of the PSD2?  

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_7136
  • Topic: Other topics
  • Date of submission:

Providing payment service via Internet banking (web-application)

Is providing payment service via Internet banking (web-application) payment initiation channel considered to be issuing of payment instruments? 

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2017/09 - Guidelines on authorisation and registration under PSD2
  • ID: 2024_7115
  • Topic: Authorisation and registration
  • Date of submission:

Provision of external payroll accounting services to an employer

Does the activity of external payroll processing for an employer constitute a payment service under PSD2, if it consists of receiving funds for wages and related deductions (taxes, health and social insurance) in the payroll processor’s payment account from the employer, and transferring these to employees, tax authorities, insurance companies etc.? Would the answer change depending on whether the payroll processor  maintains an account separately for each employer?   

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_7065
  • Topic: Authorisation and registration
  • Date of submission:

Credit

Does this credit qualify as consumer credit, exclusively available to individual consumers? Or can it also be extended to legal entities?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2024_7056
  • Topic: Other topics
  • Date of submission:

Legal requirement for ASPSPs to provide for cancellation of future dated pay-ments through its dedicated payment initiation services interface

Is there a legal requirement for ASPSPs to allow its PSU to cancel/revoke future dated payments via a payment initiation service provider, using the ASPSPs dedicated payment initiation services interface?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2024_7017
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:

Interpretation of payment instrument

What devices or procedures can be considered as payment instrument as per Art. 4(14) of PSD2?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2023_6910
  • Topic: Other topics
  • Date of submission:

Paper-based postal money orders as defined by the Universal Postal Union

1. Should postal transfers as defined by the Universal Postal Union, which are not made in paper form but by electronic means, be excluded from the scope of PSD2?     2. If postal transfers, as defined by the Universal Postal Union, in both electronic and paper format, are inseparable from the postal operator’s accounting system, should also paper-based postal transfers not fall outside the scope of PSD2?     3. Should such transfers be excluded from the scope of PSD2 in either case, or agree that the payment institution is not entitled to credit those funds to the payment service customers’ funds accounts where the money of the payment service users is kept separate?     4. Can a payment institution that is also a postal service provider simultaneously provide both PSD2 regulated services and services related to payments but outside the scope of PSD2?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2022_6391
  • Topic: Other topics
  • Date of submission:

Application of strong customer authentication (SCA) where Account Information Service users access the Account Information Service Providers’ (AISPs) own channels and the previously retrieved payment account information compiled and stored therein

Are Account Information Service Providers (AISPs) exempt, in respect of their own channels, from the requirements of Article 97(1) of Directive (EU) 2015/2366 and of Article 10 of Regulation (EU) 2018/389, and therefore allowed: to let users of their Account Information Service, access the AISPs’ own channels and the payment account information compiled and stored therein – previously retrieved by AISPs from the users’ respective Account-Servicing Payment Service Providers (ASPSPs) – without applying any strong customer authentication (SCA) upon that access to AISPs’ own channels, irrespective of whether the conditions of Article 10 of Regulation (EU) 2018/389 are satisfied – such that AISPs may, in their own channels, allow users of their service to consult, without SCA, previously retrieved payment account information of a broader scope (more than the last 90 days’ worth of data, and potentially the users’ complete transactional history) as compared to the data that ASPSPs may, without SCA, display to the same users in the ASPSPs’ own channels (maximum the last 90 days’ worth of data, and provided that SCA was applied no more than 90 days prior) – and such that AISPs, despite being payment services providers (PSPs), need not afford users of their services the same level of protection that ASPSPs are required to, and can expose said users to the risks of abuses referred to in Article 97(1)(c) of Directive 2015/2366?  

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2021_6248
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission: