EBA Guidelines and other Convergence Instruments

To enhance predictability of the write-down and conversion and bail-in exchange mechanic, effective coordination of resolution plans and actions in a cross-border context and transparency and safeguard depositor and investor protection, these guidelines specify information to be made public by resolution authorities on how the write down and conversion will be applied, in particular in the context of the bail-in tool, in accordance with Articles 43 and 44, 46 to 50 and 59 to 62 of Directive 2014/59.

These guidelines apply in accordance with the scope of application as set out in Directive 2014/59/EU.

These guidelines are addressed to competent authorities as defined in points (v) of Article 4 (2) of Regulation (EU) No 1093/2010 (“resolution authorities”).

These guidelines apply from 1 January 2024.

These guidelines set out the steps credit and financial institutions should take when adopting or reviewing solutions to comply with their obligations under Article 13(1) points (a), (b) and (c) of Directive (EU) 2015/849 to onboard new customers remotely. It also sets out the steps credit and financial institutions should take when relying on third parties in accordance with Chapter I, Section 4 of Directive (EU) 2015/849, and the policies controls and procedures credit and financial institutions should put in place in relation to customer due diligence (CDD) as referred to in Article 8(3) and (4) point (a) of Directive (EU) 2015/849 where the CDD measures are performed remotely.

Competent authorities should have regard to these guidelines when assessing whether the steps credit and financial institutions take to comply with their obligations under Directive (EU) 2015/849 in the remote customer onboarding context are adequate and effective.

These guidelines are addressed to competent authorities as defined in Article 4(2) of Regulation (EU) No 1093/2010. These guidelines are also addressed to financial sector operators as defined in Article 4(1a) of that Regulation, which are credit and financial institutions as defined in Article 3(1) and 3(2) of Directive (EU) 2015/849.

These Guidelines specify, in accordance with paragraph 6 of Article 84 of Directive 2013/36/EU:

• The criteria for the identification, management and mitigation by institutions of IRRBB either if they implement internal systems or use the standardised methodology or the simplified standardised methodology for the evaluation of IRRBB.
• The criteria for the evaluation – measurement of IRRBB if an institution implements internal systems for it.
• The criteria for the assessment and monitoring by institutions’ internal systems of CSRBB.
• The criteria for determining which of the IRRBB internal systems implemented by institutions are not satisfactory for the purposes of paragraph 3 of Article 84 of Directive 2013/36/EU.

These Guidelines are addressed to competent authorities referred to in point (i) of Article 4(2) of Regulation (EU) No 1093/2010, and to financial institutions referred to in Article 4(1) of that regulation which are also institutions in accordance with point 3 of Article 4(1) of Regulation (EU) No 575/2013.

Note: These Guidelines apply at 30 June 2023 with the exception of sections 4.5 and 4.6 that apply at 31 December 2023. Guidelines EBA/GL/2018/02 shall be repealed as of 30 June 2023.

These guidelines specify, having regard to Article 10 (5) and 11 (1) of Directive (EU) 2014/595 the actions that institutions and resolution authorities should take to improve resolvability of institutions including entities referred to in Article 1(1) (“institutions”), groups or resolution groups in the context of the resolvability assessment as per Articles 15 and 16 of that Directive, specifically when the transfer tools are foreseen in the resolution strategy.

These guidelines should be read together with Guidelines 2022/1 of 13 January 2022 on improving resolvability for institutions and resolution authorities under Articles 15 and 16 Directive 2014/59/EU (“EBA Resolvability guidelines”).

These guidelines apply where a transfer tool is part of the preferred resolution strategy. However, resolution authorities may decide to apply resolution tool-specific parts of these guidelines (e.g. transfer strategies) to institutions whose planned preferred resolution strategy does not rely on these tools, such as only including transfer tools as variant strategy, as referred to in Article 22, 1st subparagraph, point 2(e), of Commission Delegated Regulation (EU) 2016/1075. These guidelines do not apply to institutions which are subject to simplified obligations for resolution planning in accordance with Article 4 of Directive 2014/59/EU.

In the case of a change of resolution strategy, in particular by new inclusion of a transfer tool in the preferred resolution strategy, then these guidelines should apply, in full, as quickly as possible and no later than 3 years as from the date of the approval of the resolution plan including the new resolution strategy.

Resolution authorities may decide to apply these guidelines in whole or in part to institutions subject to simplified obligations for resolution planning or to institutions whose resolution plan provides that they are to be wound up in an orderly manner in accordance with the applicable national law.

For institutions that are not part of a group subject to consolidated supervision pursuant to Articles 111 and 112 of Directive 2013/36/EU, these guidelines apply at the individual level. For institutions that are part of a group subject to consolidated supervision pursuant to Articles 111 and 112 of Directive 2013/36/EU, these guidelines apply to the whole resolution group, i.e. the resolution entities and its subsidiaries.

These guidelines specify the common procedures and methodologies for the functioning of the supervisory review and evaluation process (SREP) referred to in Articles 97 and 107(1)(a) of Directive 2013/36/EU5 , including those for the assessment of the organisation and treatment of risks, including money laundering and terrorist financing, referred to in Articles 76 to 87 of that Directive and processes and actions taken with reference to Articles 98, 100, 101, 102, 104, 104a, 104b, 104c, 105, 107(1)(b) and 117 of that Directive. In addition, these guidelines aim to provide common methodologies to be used by competent authorities when conducting supervisory stress tests in the context of their SREP as referred to in Article 100(2) of Directive 2013/36/EU.

These guidelines do not set methodologies for the stress tests conducted by the EBA in cooperation with other competent authorities in accordance with Article 22 of Regulation (EU) No 1093/2010; however, they do describe the range of stress tests to help set the appropriate context for the consideration of future EBA stress tests as one part of the supervisory stress tests.

These Guidelines specify, for the purposes of the oversight of remuneration policies in accordance with Article 75 of Directive 2013/36/EU, the information to be provided by selected institutions to competent authorities for benchmarking remuneration trends and practices, including information disclosed in accordance with the criteria for disclosure established in points (g), (h), (i) and (k) of Article 450(1) of Regulation (EU) No 575/2013 (‘remuneration data’) and the information to be provided for benchmarking the gender pay gap (‘gender pay gap data’).

These Guidelines also specify, in accordance with the sixth indent of point (ii) of Article 94 (1) (g) of Directive 2013/36/EU, the common reporting format to be used for the purposes of the benchmarking of approved higher ratios between the fixed and variable components of remuneration (‘higher ratios data’).

These Guidelines specify how competent authorities will collect from institutions the approved higher ratios, the remuneration and gender pay gap data (collectively referred to as ‘benchmarking data’) and how they will then submit the benchmarking data to the EBA.

These Guidelines specify, for the purposes of the oversight of remuneration policies in accordance with Article 34 of Directive (EU) 2019/2034, the information to be provided by selected investment firms to competent authorities for benchmarking remuneration trends and practices, including information disclosed in accordance with points (c) and (d) of the first subparagraph of Article 51 of Regulation (EU) 2019/2033 (‘remuneration data’) and the information to be provided for benchmarking the gender pay gap (‘gender pay gap data’).

These Guidelines specify how competent authorities will collect from investment firms the remuneration and the gender pay gap data (collectively referred to as ‘benchmarking data’) and how they will then submit the benchmarking data to the EBA.

These Guidelines specify, in accordance with Article 75(3) of Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC and Article 34(4) of Directive (EU) 2019/2034 of the European Parliament and of the Council of 27 November 2019 on the prudential supervision of investment firms and amending Directives 2002/87/EC, 2009/65/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU and 2014/65/EU, how these provisions should be implemented concerning the collection of information regarding the individuals per institution and per investment firm remunerated EUR 1 million or more per financial year, ensuring the consistency of the information submitted by institutions and investment firms to competent authorities and by competent authorities to the EBA.

These Guidelines apply in relation to the information that competent authorities should collect from institutions and investment firms regarding high earners and submit to the EBA for the purposes of publishing that information on an aggregate home Member State basis in a common reporting format.

When Article 13 of Regulation (EU) 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 or Article 7 of Regulation (EU) 2019/2033 of the European Parliament and of the Council of 27 November 2019 on the prudential requirements of investment firms apply these guidelines apply in accordance with paragraphs 12 and 15 at the consolidated level.

When Article 13 of Regulation (EU) 575/2013 and Article 7 of Regulation (EU) 2019/2033 do not apply, these guidelines apply on an individual basis as set out in Articles 6 to 10 of Regulation (EU) 575/2013 and in Articles 5 and 6 of Regulation (EU) 2019/2033.

These guidelines specify further the criteria which competent authorities may take into account when exempting investment firms referred to in Article 12(1) of Regulation (EU) 2019/2033 from liquidity requirements in accordance with Article 43 of Regulation (EU) 2019/2033. These guidelines apply to investment firms on an individual basis within the scope set out in Article 43 of Regulation (EU) 2019/2033.

These guidelines specify the role, tasks and responsibilities of the AML/CFT compliance officer, the management body and senior manager in charge of AML/CFT compliance as well as internal policies, controls and procedures, as referred to in Article 8, and Article 45 and Article 46 of Directive (EU) 2015/849.

These guidelines apply to credit or financial institutions as defined in Article 3(1) and 3(2) of Directive (EU) 2015/849. These guidelines apply to all existing management body structures, irrespective of the board structure used (a unitary and/or a dual board structure and/or another structure) across Member States.

The terms ‘management body in its management function’ and ‘management body in its supervisory function’ are used throughout these guidelines without referring to any governance structure, and references to the management (executive) or supervisory (non-executive) function should be understood as applying to the bodies or members of the management body responsible for that function in accordance with national law. National company law may contain specific provisions regarding the management body and these guidelines apply without prejudice to these provisions.

These guidelines are addressed to competent authorities as defined in Article 4(2) (iii) of Regulation (EU) No 1093/2010. They are also addressed to credit or financial institutions as defined in Article 3(1) and 3(2) of Directive (EU) 2015/849, which are financial sector operators referred to in Article 4(1a) of Regulation (EU) No 1093/2010.

These Guidelines concern the assessment by competent authorities of whether the confidentiality and professional secrecy regime to which the third-country authorities mentioned in the Annex are subject is equivalent to the conditions set out in Title VII, Chapter 1, Section II of Directive 2013/36/EU; in Article 24 of Directive (EU) 2015/2366; in Article 84 and 98 of Directive 2014/59/EU; and in Chapter VI, Section 3, Subsection IIIa of Directive (EU) 2015/849.

These Guidelines apply to competent authorities’ assessment of the equivalence of the confidentiality regime to which the third-country competent authorities listed in the Annex are subject to for the following purposes:

a. in order to conclude cooperation arrangements with the third-country authority in accordance with Article 55 of Directive 2013/36/EU and also for the purposes of Article 24 of Directive (EU) 2015/2366 and Article 57a (5) of Directive (EU) 2015/849, or in accordance with Article 97 and 98 (1) of Directive 2014/59/EU; and

b. in order to enable the participation of the third-country authority in supervisory and resolution colleges in accordance with Article 116 (6) of Directive 2013/36/EU and Articles 88 and 89 of Directive 2014/59/EU; and in AML/CFT colleges in accordance with Chapter VI, Section 3, Subsection IIIa of Directive (EU) 2015/849 and the AML/CFT Colleges Guidelines.

These Guidelines specify the application of the exclusion under Article 3(k) of Directive (EU)2015/2366 on payment services in the internal market (PSD2). In addition, these Guidelines specify details on the notification process under Article 37(2) ofPSD2 and on the description of the activity made publicly available under Article 37(5) of PSD2.

These Guidelines apply in relation to the services based on specific payment instruments thatcan be used only in a limited way as specified under Article 3(k) of PSD2 that are excluded fromthe scope of application of PSD2. In particular, the Guidelines set out criteria and factors to betaken into account by competent authorities in the assessment of whether the activities should fall under the Article 3(k) exclusions.

These Guidelines also apply to the notification process under Article 37(2) of PSD2, including the calculation of the threshold and the information to be contained in the notificationsubmitted to competent authorities by issuers.

In addition, these Guidelines apply to the information to be made publicly available on thenational register of competent authorities and the central register of EBA in accordance with Article 37 (5) of PSD2.

Finally, parts of these Guidelines apply to services under Article 3(k) of PSD2 that are providedby regulated payment service providers and electronic money issuers.

Full Title: Guidelines on the characteristics of a risk‐based approach to anti‐money laundering and terrorist financing supervision, and the steps to be taken when conducting supervision on a risk‐sensitive basis under Article 48(10) of Directive (EU) 2015/849 (amending the Joint Guidelines ESAs 2016 72)

These guidelines specify in accordance with Article 48(10) of Directive (EU) 2015/849 thecharacteristics of a risk‐based approach to anti‐money laundering and countering the financingof terrorism (AML/CFT) supervision and the steps competent authorities should take whenconducting AML/CFT supervision on a risk‐sensitive basis.

Competent authorities should apply these guidelines when designing, implementing, revisingand enhancing their own AML/CFT risk-based supervision model (RBS Model).

These guidelines specify the resolution tool-specific actions that institutions, and resolution authorities should take to improve resolvability of institutions, groups and resolution groups in the context of the resolvability assessment performed by resolution authorities according to Articles 15 and 16 of Directive (EU) 2014/591.

These guidelines do not apply to institutions which are subject to simplified obligations for resolution planning in accordance with Article 4 of Directive 2014/59/EU. These guidelines do not apply to institutions whose resolution plan provides that they are to be wound up in an orderly manner in accordance with the applicable national law. In case of a change of strategy, in particular from liquidation to resolution, then the guidelines should apply in full as quickly as possible and no later than three years as from the date of the approval of the resolution plan including the new resolution strategy. Resolution authorities may decide to apply these guidelines in whole or in part to institutions subject to simplified obligations for resolution planning or to institutions whose resolution plan provides that they are to be wound up in an orderly manner in accordance with the applicable national law. Resolution authorities may decide to apply resolution tool-specific parts of these guidelines (e.g. bail-in) to institutions whose planned resolution strategy does not rely on these tools. For institutions that are not part of a group subject to consolidated supervision pursuant to Articles 111 and 112 of Directive 2013/36/EU, these guidelines apply at the individual level. For institutions that are part of a group subject to consolidated supervision pursuant to Articles 111 and 112 of Directive 2013/36/EU, these guidelines apply at the level both of the resolution entities and of its subsidiaries (‘resolution group level’).

These guidelines are addressed to financial institutions as defined in Article 4 (1) of Regulation (EU) No 1093/2010 that are institutions subject to resolvability assessment in accordance with Articles 15 and 16 of Directive (EU) 2014/59 and to competent authorities as defined in points (i), (v) and (viii) of Article 4 (2) of Regulation (EU) No 1093/2010 that supervise these institutions within the meaning of Article 2 (5), second subparagraph, of that Regulation.

These guidelines specify the resolution tool-specific actions that institutions, and resolution authorities should take to improve resolvability of institutions, groups and resolution groups in the context of the resolvability assessment performed by resolution authorities according to Articles 15 and 16 of Directive (EU) 2014/591.

These guidelines do not apply to institutions which are subject to simplified obligations for resolution planning in accordance with Article 4 of Directive 2014/59/EU. These guidelines do not apply to institutions whose resolution plan provides that they are to be wound up in an orderly manner in accordance with the applicable national law. In case of a change of strategy, in particular from liquidation to resolution, then the guidelines should apply in full as quickly as possible and no later than three years as from the date of the approval of the resolution plan including the new resolution strategy. Resolution authorities may decide to apply these guidelines in whole or in part to institutions subject to simplified obligations for resolution planning or to institutions whose resolution plan provides that they are to be wound up in an orderly manner in accordance with the applicable national law. Resolution authorities may decide to apply resolution tool-specific parts of these guidelines (e.g. bail-in) to institutions whose planned resolution strategy does not rely on these tools. For institutions that are not part of a group subject to consolidated supervision pursuant to Articles 111 and 112 of Directive 2013/36/EU, these guidelines apply at the individual level. For institutions that are part of a group subject to consolidated supervision pursuant to Articles 111 and 112 of Directive 2013/36/EU, these guidelines apply at the level both of the resolution entities and of its subsidiaries (‘resolution group level’).

These guidelines are addressed to financial institutions as defined in Article 4 (1) of Regulation (EU) No 1093/2010 that are institutions subject to resolvability assessment in accordance with Articles 15 and 16 of Directive (EU) 2014/59 and to competent authorities as defined in points (i), (v) and (viii) of Article 4 (2) of Regulation (EU) No 1093/2010 that supervise these institutions within the meaning of Article 2 (5), second subparagraph, of that Regulation.

These guidelines specify further, in accordance with Article 26(4) and Article 34(3) of Directive 2019/2034, the sound and gender neutral remuneration policies that investment firms should have in place for all staff and for staff whose professional activities have a material impact on the risk profile of investment firms or the assets they manage and facilitate the implementation of the derogations under paragraphs 4, 5, 6 of Article 32 of Directive (EU) 2019/2034.

While investment firms are required to have remuneration policies for all staff, additional requirements apply to remuneration policies and the variable remuneration of identified staff. Investment firms may apply on their own initiative the provisions of these guidelines concerning identified staff to all their staff.

These guidelines are addressed to competent authorities as referred to in Article 4 (2), point (viii) of Regulation No 1093/2010 and as defined in Article 3 (1), point 5 of Directive (EU) 2019/2034, and to financial institutions as referred to in Article 4 (1) of Regulation (EU) 1093/2010 that are investment firms as defined in Article 4(1)(1) of Directive 2014/65/EU, that do not fall under Article 2 (2) of Directive (EU) 2019/2034 and do not meet all of the conditions to qualify as small and non-interconnected investment firms under Article 12(1) of Regulation (EU) 2019/2033.

These guidelines specify, in accordance with Article 26(4) of Directive (EU) 2019/2034, the internal governance arrangements, processes and mechanisms that investment firms should implement in accordance with Title IV, Chapter 2, Section 2 of that Directive to ensure their effective and prudent management.

The guidelines apply without prejudice to the provisions set out in in Articles 9, 16, 23 and 24 of Directive (EU) 2014/65, in the Commission Delegated Regulation (EU) 2017/565 and in the Commission Delegated Directive (EU) 2017/593.

These guidelines are addressed to competent authorities as referred to in Article 4(2), point (viii) of Regulation (EU) 1093/2010 and defined in Article 3(1), point 5 of Directive (EU) 2019/2034, and to financial institutions as referred to in Article 4(1) of Regulation (EU) 1093/2010 that are investment firms as defined in Article 4(1)(1) of Directive (EU) 2014/65, that do not fall under Article 2(2) of Directive (EU) 2019/2034 and do not meet all of the conditions to qualify as small and non-interconnected investment firms under Article 12(1) of Regulation (EU) 2019/2033.

These guidelines specify the manner of cooperation and information exchange, particularly inrelation to cross-border groups and in the context of identifying serious breaches of anti-moneylaundering rules, according to Article 117(6) of Directive 2013/36/EU.

Competent authorities as defined in point (36) of Article 3(1) of Directive 2013/36/EU and in point (5) of Article 3(1) of Directive (EU) 2019/2034 should apply these guidelines at theindividual and consolidated level referred to in Article 110 of Directive 2013/36/EU.

Authorities entrusted with the public duty of supervising the obliged entities listed in points (1)and (2) of Article 2(1) of Directive (EU) 2015/849 for compliance with that Directive shouldapply these guidelines, both at individual level, and at the group-wide level set out in Article 48(5) of Directive (EU) 2015/849.

These Guidelines specify a common assessment methodology (‘CAM’) for granting authorisations in accordance with Directive 2013/36/EU (‘CRD’), in pursuance of the mandate conferred on the EBA by Article 8(5) of that Directive as amended by Directive (EU) 2019/878.

These Guidelines apply to all cases where, in accordance with Directive 2013/36/EU, as subsequently amended, competent authorities have to assess the granting of an authorisation as a credit institution – defined in letters (a) and (b) of point (1) of Article 4(1) of Regulation (EU) No 575/201310 (‘CRR’).

These Guidelines are addressed to competent authorities as defined in Article 4(2)(i) of Regulation (EU) No 1093/2010.

These guidelines delineate the available financial means (AFM) according to Article 2(1)(12) of Directive 2014/49/EU (DGSD) into those qualified AFM (QAFM) that were contributed according to Article 10(1) of the same Directive and, therefore, count towards reaching the target level, and other AFM that were neither directly nor indirectly contributed and thus do not count towards reaching the target level. Furthermore, these guidelines expand the reporting requirements of DGS funds to the EBA according to Article 10(10) of that Directive.

These guidelines aim at ensuring a harmonised application of the DGSD with regard to reaching the target level in the EU. They determine which AFM qualify towards reaching the target levelof the DGS. However, they are not to be read as determining which funds are available for each case of interventions. In the absence of uniform rules, DGSs across the EU may potentially levy contributions from affiliated credit institutions in such a way that consistent compliance with Article 10(2) DGSD is not ensured, i.e. that the target level is met within the timeframe specified in that Article. Furthermore, the diverging concepts of AFM that count towards reaching the target level may weaken the consistency of data reported to the EBA according to Article 10(10) of the DGSD and thereby hamper transparency. Consequently, in accordance with Article 26(1)and 26(2) of Regulation EU/1093/2010, the EBA adopts own initiative guidelines to remedy this situation.

These guidelines specify the minimum principles and content of stress tests that deposit guarantee schemes must perform pursuant to Article 4(10) of Directive 2014/49/EU (DGSD). They aim at helping designated authorities and DGSs to increase the resilience of the DGSs’ systems within the European Union by setting a minimum level of consistency, quality and comparability of DGSs’ stress tests.

The resilience of DGSs can be defined as the ability of DGSs to perform the tasks entrusted to them in accordance with Directives 2014/49/EU and 2014/59/EU. This definition covers all the tasks that a DGS is mandated to perform according to the national legislation, including the DGS repayment (Article 8(1) and 11(1) DGSD), the DGS repayment with cross-border cooperation (Article 14 DGSD), contribution to resolution (Article 109 Bank Recovery and Resolution Directive (BRRD)), contribution to failure prevention (Article 11(3) DGSD) and contribution to insolvency proceedings (Article 11(6) DGSD). The resilience of DGSs can be assessed by means of the stress tests provided in the guidelines.

These guidelines apply to DGSs when performing stress tests of their systems in accordance with Article 4(10) of Directive 2014/49/EU. Where designated authorities administer a DGS, they should apply these guidelines when performing stress tests of the DGS’s systems. When a DGS is administered by a private entity, designated authorities should ensure that these guidelines are applied by such DGSs.

These guidelines specify, in accordance with the mandate set out in Article 396(3) of Regulation (EU) No 575/2013, the criteria that competent authorities should use to assess the exceptional cases referred to in Article 396(1) of Regulation (EU) No 575/2013 and where a competent authority allows an institution to exceed the limits set out in Article 395(1) of Regulation (EU) No 575/2013. These guidelines also determine the criteria that competent authorities should use to determine the appropriate time for an institution to return to compliance with the large exposure limits of Article 395(1) of Regulation (EU) No 575/2013, and the measures to be taken to ensure the timely return to compliance with those limits.

In addition, these guidelines specify additional information that should be provided to the competent authority when reporting a breach of the large exposure limit in accordance with Article 396(1) of Regulation (EU) No 575/2013.

These guidelines apply in relation to the assessment by competent authorities of the exceptional cases referred to in Article 396(1) of Regulation (EU) No 575/2013. They also apply to how competent authorities can determine the time considered appropriate for returning to compliance and the measures to be taken to ensure the timely return to compliance of the institution, including the submission of a compliance plan.

These guidelines do not apply to the cases set out in Article 395(5) of Regulation (EU) No 575/2013 as long as the institution fulfils the conditions laid down therein.

These guidelines specify further, on the basis of Articles 74(3) and 75(2) of Directive 2013/36/EU, the sound and gender-neutral remuneration policies that institutions and investment firms that are subject to Title VII of Directive 2013/36/EU in application of Article 1(2) and (5) of Regulation 2019/2033/EU should have in place for all their staff and for staff whose professional activities have a material impact on the institutions’ risk profile in accordance with Articles 92 to 95 of that Directive (identified staff), including for staff and identified staff on an individual and consolidated or sub-consolidated basis as set out in paragraph 9. Institutions may apply on their own initiative the provisions of these guidelines concerning identified staff to all their staff on an individual and consolidated or sub-consolidated basis.

Addressees: These guidelines are addressed to competent authorities as defined in point (i) of paragraph 2 of Article 4 of Regulation (EU) No 1093/2010, and to financial institutions as set out in Article 4 (1) of Regulation (EU) No 1093/2010 that are either institutions, as defined in point 3 of Article 3 (1) of Directive 2013/36/EU, or investment firms that are subject to Title VII of Directive 2013/36/EU in application of Article 1 (2) and (5) of Regulation 2019/2033/EU. Each reference to institutions should be understood as including such investment firms.

These Guidelines specify further, in accordance with Article 91(12) of Directive 2013/36/EU and Article 9(1) second subparagraph of Directive 2014/65/EU, the requirements regardingthe suitability of members of the management body in particular, the notions of sufficienttime commitment; honesty, integrity and independence of mind of a member of the management body; adequate collective knowledge, skills and experience of the management body; and adequate human and financial resources devoted to the induction and training of such members. The notion of diversity to be taken into account for the selection of members of the management body is also specified in accordance with the above-mentioned articles.

The Guidelines also specify elements regarding the suitability of the heads of internal controlfunctions and the chief financial officer (CFO), where they are not part of the management body, and, where identified on a risk-based approach by those institutions, of other keyfunction holders, as part of the governance arrangements referred to in Articles 74 and 88 of Directive 2013/36/EU and Articles 9(3), 9(6) and 16(2) of Directive 2014/65/EU, and on the related assessment processes, governance policies and practices, including the principle of independence applicable to certain members of the management body in its supervisory function.

Addressees: These Guidelines are addressed to competent authorities as defined in Article 4 (2) (i) of Regulation 1093/2010 and in Article 4(3) (i) of Regulation 1095/2010, to financial institutions as defined in Article 4(1) of that Regulation that are institutions for the purposes of the application of Directive 2013/36/EU as defined in point 3 of Article 3(1) of Directive 2013/36/EU also having regard to Article 3 (3) of that Directive, and to financial market participants as defined in Article 4(1) of Regulation 1095/2010 that are investment firms as defined in Article 4(1)(1) of Directive 2014/65/EU (‘institutions’).

Annex 1

These guidelines specify further the internal governance arrangements, processes and mechanisms that institutions, that are subject to Directive 2013/36/EU and investment firms that are subject to Title VII of Directive 2013/36/EU in application of Article 1(2) and (5) of Regulation 2019/2033/EU, should implement in accordance with Article 74(1) of Directive 2013/36/EU to ensure their effective and prudent management.

Addressees: These guidelines are addressed to competent authorities as defined in point (i) of Article 4 2) of Regulation (EU) 1093/2010, and to financial institutions as defined in Article 4(1) of Regulation (EU) 1093/2010 that are either institutions for the purposes of the application of Directive 2013/36/EU as defined in point 3 of Article 3(1) of Directive 2013/36/EU also having regard to Article 3 (3) of that Directive or investment firms subject to Title VII of Directive 2013/36/EU in application of Article 1(2) and (5) of Regulation 2019/2033/EU (‘institutions’).

These guidelines lay down how to calculate and monitor the threshold for the obligation to establish an intermediate EU parent undertaking according to Article 21b of Directive 2013/36/EU and specify certain procedural aspects on the establishment of intermediate EU parent undertakings.

These guidelines apply to credit institutions and investment firms authorised in the Union, which are subsidiaries of third-country groups (“institutions”) as defined in Article 3(1), point (64) of Directive 2013/36/EU, and to the branches referred to in Article 21b(5), point (b) of Directive 2013/36/EU (“third-country branches”).

These Guidelines derive from the mandate given to the EBA in Article 96(3) of Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (PSD2).

In particular, these Guidelines specify the criteria for the classification of major operational or security incidents by payment service providers as well as the format and procedures they should follow to communicate, as foreseen in Article 96(1) of PSD2, such incidents to the competent authority in the home Member State.

In addition, these Guidelines deal with the way these competent authorities should assess the relevance of the incident and the details of the incident reports that, according to Article 96(2) of PSD2, they shall share with other domestic authorities.

Moreover, these Guidelines also deal with the sharing with the EBA and the ECB of the relevant details of the incidents reported, for the purposes of promoting a common and consistent approach.

These guidelines specify criteria for the use of data inputs in the risk-measurement model referred to in Article 325bc according to Article 325bh(3) of Regulation (EU) No 575/2013.

These guidelines apply in relation to the permission for institutions to use alternative internal models in accordance with Title IV of Part Three, Chapter 1 of Regulation (EU) No 575/2013, and in particular to compliance with the requirements set out in Articles 325bh of that Regulation.

Competent authorities should apply these guidelines in accordance with the level of application set out in Title II of Regulation (EU) No 575/2013.

Full Title: Guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions (‘The ML/TF Risk Factors Guidelines’) under Articles 17 and 18(4) of Directive (EU) 2015/849

These guidelines set out factors firms should consider when assessing the money laundering and terrorist financing (ML/TF) risk associated with their business, and with a business relationship or an occasional transaction with any natural or legal person (‘the customer’). They also set out how firms should adjust the extent of their customer due diligence (CDD) measures in a way that is commensurate to the ML/TF risk they have identified. These guidelines’ main focus is on risk assessments of individual business relationships and occasional transactions, but firms should use these guidelines mutatis mutandis when assessing ML/TF risk across their business in line with Article 8 of Directive (EU) 2015/849. The factors and measures described in these guidelines are not exhaustive and firms should consider other factors and measures as appropriate.

EBA Guidelines EBA/GL/2020/02 as amended by EBA/GL/2020/08 were reactivated on 02.12.2020 and amended.

A consolidated version of the Guidelines can be downloaded from the EBA website.

These guidelines specify, pursuant to Article 133(6) of Directive 2013/36/EU, the appropriatesubsets of sectoral exposures to which the relevant authority may apply a systemic risk buffer (SyRB) in accordance with Article 133(5)(f) of that directive. In addition, these guidelines further specify the application of the systemic risk buffer (SyRB) tothose subsets of sectoral exposures in accordance with Article 133 of Directive 2013/36/EU, inparticular, the systemic relevance of the risks stemming from these sectoral exposures, theinteraction of the sectoral SyRB with other macroprudential measures and reciprocity.

These guidelines specify the requirements for using credit risk mitigation in accordance with the relevant provisions of Part Three, Title II, Chapter 3 of Regulation (EU) No 575/2013 as provided by Article 108(2) of that Regulation. These guidelines also derive from the EBA final draft regulatory technical standards on the IRB assessment methodology, EBA/RTS/2016/03 (RTS on IRB assessment methodology), of 21 July 2016.

These guidelines apply in relation to the IRB approach in accordance with Part Three, Title II, Chapter 3 of Regulation (EU) No 575/2013 and, in particular, to institutions that have been permitted to use own LGD estimates in accordance with Article 143 of that Regulation. In particular, these guidelines specify the recognition of unfunded credit protection (defined in Article 4(1)(59) of Regulation (EU) No 575/2013) in accordance with Article 160(5), Article 161(3), Article 163(4), Article 164(2) and Article 183 of that Regulation as well as the recognition of funded credit protection (defined in Article 4(1)(58) of that Regulation) in accordance with Articles 166 and 181 of that Regulation.

These guidelines provide guidance to competent authorities across the EU on the treatment of structural foreign exchange positions referred to in Article 352(2) of Regulation (EU) No 575/2013.

These guidelines apply with regard to requests for permission by institutions applying the requirements of Regulation (EU) No 575/2013 on an individual basis as well as to requests for permission by institutions applying the requirements of Regulation (EU) No 575/2013 on a consolidated basis. Where institutions request a permission at both these levels these guidelines apply separately at each level, even if the request for that permission is made at the same time.

These guidelines apply to all institutions, irrespective of whether they calculate the own funds requirements for foreign exchange risk in accordance with the standardised approach referred to in Title IV, Chapter 3 of Regulation (EU) No 575/2013 for all of their positions, or in accordance with the internal model approach referred to in Title IV, Chapter 5 of that Regulation for all of their positions, or based on one of these approaches for some of their positions and the other approach for the remaining positions.

These guidelines specify how the reporting of credit risk, market risk, own funds and leverage ratio and disclosure of leverage ratio should be performed on the basis of Commission Implementing Regulation (EU) No 680/2014 and Commission Implementing Regulation (EU) 2016/200 in order for institutions to comply with Regulation (EU) No 575/2013 as amended by Regulation (EU) 2019/876 and Regulation (EU) 2020/873.

These guidelines should be applied at the individual and consolidated levels, as set out for reporting and disclosure requirements in Part One, Title II of Regulation (EU) No 575/2013.

Full title: Guidelines amending Guidelines EBA/GL/2018/01 on uniform disclosures under Article 473a of Regulation (EU) No 575/2013 (CRR) on the transitional period for mitigating the impact of the introduction of IFRS 9 on own funds to ensure compliance with the CRR ‘quick fix’ in response to the COVID-19 pandemic

These guidelines amend Guidelines EBA/GL/2018/01 on uniform disclosures under Article 473a of Regulation (EU) No 575/2013 (the ‘Guidelines’) to ensure compliance with Regulation (EU) No 575/2013, as amended by Regulation (EU) 2019/876 (CRR 2) and Regulation (EU) 2020/873 (CRR ‘quick fix’). These guidelines are addressed to competent authorities as defined in point (i) of Article 4(2) of Regulation (EU) No 1093/2010 and to credit institutions as defined in point (1) of Article 4(1) of Regulation (EU) No 575/2013.

These guidelines specify the pragmatic application of Guidelines EBA/GL/2014/13 (the SREP Guidelines) for the supervisory review and evaluation process for the SREP 2020 cycle. These guidelines are addressed to competent authorities as defined in point i of Article 4(2) of Regulation (EU) No 1093/2010.

These guidelines specify the methodology for measuring the maturity of a tranche (MT) as the weighted average maturity (WAM) of the contractual payments due under the tranche (CFt) referred to in point (a) of Article 257(1) of Regulation (EU) No 575/2013. For that purpose, these guidelines set out how to determine contractual payments referred to in that article. They also specify the data necessary to apply the WAM approach and its monitoring and implementation.

These guidelines specify the internal governance arrangements, processes and mechanisms, as laid down in Article 74(1) of Directive 2013/36/EU, requirements on credit and counterparty risk, as laid down in Article 79 of that directive, and requirements in relation to the creditworthiness assessment of the consumer, as laid down in Chapter 6 of Directive 2014/17/EU and Article 8 of Directive 2008/48/EC.

Letter to the WKÖ: supervisory expectations in relation to the implementation of EBA//GL/2020/06 - Guidelines of Loan Origination and Monitoring as well as in relation with substainable loan origination standards for the financing of residential real estate (in German only)

Paragraph 10(f) of Guidelines EBA/GL/2020/02 on legislative and non-legislative moratoria on loan payments applied in the light of the COVID-19 crisis is amended as follows: ‘(f) the moratorium was launched in response to the COVID-19 pandemic and was applied before 30 September 2020. However, this deadline can be revised in the future depending on the evolution of the current situation associated to the COVID-19 pandemic.’

A consolidated version of EBA/GL/2020/08 can be downloaded from the EBA website.

These guidelines specify the content and uniform formats to be required by competent authorities when exercising their supervisory powers for reporting on:

• exposures that meet the conditions set out in paragraph 10 of EBA Guidelines on legislative and non‐legislative moratoria on loan repayments applied in light of the COVID‐19 crisis,
• exposures subject to forbearance measures applied in response to the COVID‐19 crisis; and
• newly originated exposures subject to public guarantee schemes introduced in Member States in response to the COVID‐19 crisis.

Furthermore, these guidelines specify the content and uniform formats to be required by competent authorities when exercising their supervisory powers for the disclosure of:

• exposures that meet the conditions set out in paragraph 10 of the EBA Guidelines on legislative and non‐legislative moratoria on loan repayments applied in the light of the COVID‐19 crisis;
• newly originated exposures subject to public guarantee schemes introduced in Member States in response to COVID‐19 crisis.

Amendment of the VERA-V used for implementing these Guidelines.

These guidelines specify the prudential treatment of legislative and non-legislative moratoria on loan payments introduced in response to the COVID-19 pandemic.

These guidelines apply in relation to the application of the definition of default in accordance with Article 178 of Regulation (EU) No 575/2013 and classification of forbearance in accordance with Article 47b of that Regulation.

These guidelines establish a framework for cooperation and information exchange between competent authorities through either bilateral engagements or anti-money laundering/combatting the financing of terrorism (AML/CFT) colleges and govern the establishment and functioning of AML/CFT colleges.

These guidelines build on the provisions of Article 74 of Directive 2013/36/EU (CRD) regarding internal governance, and derive from the mandate to issue guidelines in Article 95(3) of Directive (EU) 2015/2366 (PSD2).

These guidelines specify the risk management measures that financial institutions must take in accordance with Article 74 of the CRD to manage their ICT and security risks for all activities and that payment service providers (PSPs) must take, in accordance with Article 95(1) of PSD2, to manage the operational and security risks (intended as ‘ICT and security risks’) relating to the payment services they provide. The guidelines include requirements for information security, including cybersecurity, to the extent that the information is held on ICT systems.

These guidelines apply in relation to the management of ICT and security risks within financial institutions. For the purposes of these guidelines, the term ICT and security risks addresses the operational and security risks of Article 95 of PSD2 for the provision of payment services.

For PSPs these guidelines apply to their provision of payment services, in line with the scope and mandate of Article 95 of PSD2. For institutions these guidelines apply to all the activities that they provide.

01/2018 FMA Guide on ICT Security in Credit Institutions will be repealed on 30.06.2020 when the EBA Guidelines enter into force.

These are revised Guidelines that amend Guidelines EBA/GL/2018/05 on fraud reporting under the Payment Services Directive (PSD2)

These guidelines specify the content, instructions and uniform formats for the reporting of funding plans on the basis of paragraph 4 of Recommendation A of the Recommendation of the European Systemic Risk Board of 20 December 2012 on funding of credit institutions (‘ESRB Recommendations’ and ‘ESRB Recommendation A’).

Annex 1 - Reporting on Funding Plans

Annex 2 - Reporting template

These guidelines specify the internal governance arrangements, including sound risk management, that institutions, payment institutions and electronic money institutions should implement when they outsource functions, in particular with regard to the outsourcing of critical or important functions.

The guidelines specify how the arrangements referred to in the previous paragraph should be reviewed and monitored by competent authorities, in the context of Article 97 of Directive 2013/36/EU, supervisory review and evaluation process (SREP), Article 9(3) of Directive (EU) 2015/2366, Article 5 (5) of Directive 2009/110/EC by fulfilling their duty to monitor the continuous compliance of entities to which these guidelines are addressed with the conditions of their authorisation.

Date of application 30.09.2019 - the CEBS Guidelines on Outsourcing of 14.12.2006 as well as the EBA Recommendations on Outsourcing to Cloud Service Providers (EBA/REC/2017/03) are repealed with effect from 30 September 2019.

These guidelines specify the requirements for the estimation of loss given default (LGD) appropriate for an economic downturn in accordance with Part Three, Title II, Chapter 3, Section 6 of Regulation (EU) No 575/2013, Article 181 of that Regulation and the EBA final draft regulatory technical standards on the IRB assessment methodology EBA/RTS/2016/03 [RTS on IRB assessment methodology] of 21 July 2016 as well as EBA final draft regulatory standards on the specification of an economic downturn EBA /RTS/2018/04 [RTS on economic downturn] of 16 November 2018. These guidelines should be considered as an amendment of EBA on PD estimation, LGD estimation and the treatment of defaulted exposures EBA/GL/2017/16 [EBA GL on PD and LGD] published on 20 November 2017.

These guidelines specify the content and uniform disclosure formats for credit institutions for disclosures related to non-performing exposures (NPEs), forborne exposures (FBEs) and foreclosed assets.

These guidelines apply to credit institutions that are subject to all or some of the disclosure requirements specified in Part Eight of Regulation (EU) No 575/2013 (the CRR), in accordance with Articles 6, 10 and 13 of the CRR.

These guidelines apply to all exposures meeting the definitions of ‘non-performing’ and ‘forbearance’ as set out in Annex V to Commission Implementing Regulation (EU) No 680/2014. 

Proportionality applies based on the significance of the credit institution and on the level of NPEs reported according to the scope of application specified for each individual template. While some templates apply to all credit institutions, some are applicable only to credit institutions that are significant and have a gross NPL ratio of 5% or above.

These guidelines specify sound risk management practices for credit institutions for managing non-performing exposures (NPEs), forborne exposures (FBEs) and foreclosed assets. These guidelines also provide competent authorities with guidance on assessing credit institutions’ risk management practices, policies, processes and procedures for managing NPEs and FBEs as part of the supervisory review and evaluation process (SREP).

These guidelines specify the criteria relating to simplicity, standardisation and transparency for asset-backed commercial paper (ABCP) securitisations in accordance with Articles 24 and 26 of Regulation (EU) 2017/2402 of the European Parliament and of the Council of 12 December 2017. These guidelines apply in relation to the transaction- and programme-level requirements of ABCP securitisations. Competent authorities should apply these guidelines in accordance with the scope of application of Regulation (EU) 2017/2402 as set out in its Article 1. These guidelines are addressed to the competent authorities referred to in Article 29(1) and (5) of Regulation (EU) No 2017/2402 and to the other addresses under the scope of that Regulation.

These guidelines specify the criteria relating to simplicity, standardisation and transparency for non-asset-backed commercial paper (non-ABCP) securitisations in accordance with Articles 20, 21 and 22 of Regulation (EU) 2017/2402 of the European Parliament and of the Council of 12 December 2017. These guidelines apply in relation to the criteria of simplicity, standardisation and transparency of non-ABCP securitisations. Competent authorities should apply these guidelines in accordance with the scope of application of Regulation (EU) 2017/2402 as set out in its Article 1. These guidelines are addressed to the competent authorities referred to in Article 29(1) and (5) of Regulation (EU) No 2017/2402 and to the other addressees under the scope of that Regulation.

These guidelines specify which types of exposures other than those mentioned in Article 128(2) of Regulation (EU) No 575/2013 are to be associated with particularly high risk and under which circumstances, as mandated by Article 128(3) of Regulation (EU) No 575/2013.

In addition, on the EBA’s own initiative, these guidelines specify, for the purposes of the present guidelines only, definitions for the notions of ‘venture capital’ and ‘private equity’, as referenced in points (a) and (c) of Article 128(2) of Regulation (EU) No 575/2013.

Scope of application: These guidelines clarify the notions of investments in venture capital firms and investments in private equity as mentioned in Article 128(2), points (a) and (c), CRR. The guidelines also specify which types of exposures, other than those mentioned in Article 128(2) CRR, are to be associated with particularly high risk and under which circumstances, in line with the mandate in Article 128(3) CRR.

Addressees: These guidelines are addressed to competent authorities as defined in point (i) of Article 4(2) of Regulation (EU) No 1093/2010 and to institutions as defined in Article 4(1) of Regulation No 1093/2010.

Date of application: from 01.07.2019

These Guidelines specify the conditions, set out in Article 33(6) of Commission Delegated Regulation (EU) 2018/389 (the RTS), to exempt the account payment service providers that have opted for a dedicated interface from the obligation to set up the contingency mechanism described in Article 33(4) of the RTS. These Guidelines further provide guidance on how competent authorities should consult the EBA for the purposes of the exemption in accordance with Article 33(6) of the RTS.

These guidelines specify:

• the systems to be implemented by institutions for the identification, evaluationand management of the interest rate risk arising from the non-trading bookactivities, also referred to as interest rate risk arising from the banking book,(IRRBB) referred to in Article 84 of Directive 2013/36/EU;
• institutions’ internal governance arrangements in relation to the management of IRRBB;
• sudden and unexpected changes in the interest rate in accordance withArticle 98(5) of Directive 2013/36/EU for the purposes of the review and evaluation performed by competent authorities;
• general expectations for the identification and management of credit spread riskin the non-trading book (CSRBB).

These guidelines aim to provide common organisational requirements, methodologies and processes for the performance of stress testing by institutions, taking into account capital adequacy and risk management, as part of their risk management processes (‘institutions’ stress testing’). Within the context of groups, these guidelines also apply to institutions participating in a particular stress testing exercise in accordance with the perimeter of application of that particular stress testing exercise and the level of application set out in Articles 108 and 109 of Directive 2013/36/EU.

In order to ensure the adequate protection of consumers, these Guidelines seek to clarify expectations relating to firms’ organisation relating to complaints-handling; provide guidance on the provision of information to complainants; provide guidance on procedures for responding to complaints; harmonise the arrangements of firms for the handling of all complaints they receive; and ensure that firms’ arrangements for complaints-handling are subject to a minimum level of supervisory convergence across the EU.

The Guidelines on complaints-handing for the securities and banking sectors correspond to the 2014 version of the Guidelines in terms of their content. The scope of application was, however, extended to cover new providers in accordance with PSD II and the MCD. The BMDW is competent for the supervision of providers pursuant to the MCD (credit intermediation services).

These Guidelines provide detail on statistical data on fraud related to different means of payment that payment service providers have to report to their competent authorities, as well as on the aggregated data that the competent authorities have to share with the EBA and the ECB, in accordance with Article 96(6) of Directive (EU) 2015/2366 (PSD2).

Recommendations amending Recommendations EBA/REC/2015/01 on the equivalence of confidentiality regimes

These guidelines specify the requirements for the estimation of probability of default (PD) and loss given default (LGD), including LGD for defaulted exposures (LGD in-default) and best estimate of expected loss (ELBE) in accordance with Part Three, Title II, Chapter 3, Section 6 of Regulation (EU) No 575/2013, Article 159 of that Regulation and the EBA final draft regulatory technical standards on the IRB assessment methodology EBA/RTS/2016/03 [RTS on IRB assessment methodology] of 21 July 2016.

These guidelines specify the approach institutions, as defined under point (3) of Article 4(1) of Regulation (EU) No 575/2013, should take when applying the requirement to group two or more clients into a ‘group of connected clients’ because they constitute a single risk in accordance with Article 4(1)(39) of that Regulation. These guidelines are addressed to competent authorities as defined in point (i) of Article 4(2) of Regulation (EU) No 1093/2010 and to financial institutions as defined in Article 4(1) of Regulation No 1093/2010.

These guidelines specify how the consolidating supervisor and the home and host competent authorities should, within the framework of colleges of supervisors established either under Article 116 or under Article 51(3) of Directive 2013/36/EU, cooperate to supervise and coordinate the exercise of their powers referred to in Title V, Chapter 4 and Title VII, Chapters 1 and 3 of the Directive and in Title II, Section 2 of Directive 2014/59/EU in relation to branches of Union institutions established in another Member State.

These guidelines are addressed to competent authorities as defined in point (i) of Article 4(2) of Regulation (EU) No 1093/2010.

This recommendation specifies how legal entities and branches (entities or group entities) should be covered in the group recovery plan, drawn up and submitted in accordance with Articles 5 to 9 of Directive 2014/59/EU, Articles 3 to 21 of Commission Delegated Regulation (EU) No 2016/1075, EBA/GL/2015/02 on recovery plan indicators and EBA/GL/2014/06 on the range of recovery plan scenarios.

Full title: Joint Guidelines under Article 25 of Regulation (EU) 2015/847 on the measures payment service providers should take to detect missing or incomplete information on the payer or the payee, and the procedures they should put in place to manage a transfer of funds lacking the required information

Subject matter and scope

1. These guidelines are addressed to:

a) payment service providers (PSPs) as defined in point (5) of Article 3 of Regulation (EU) 2015/847 where they act as the PSP of the payee, and intermediary payment service providers (IPSPs) as defined in point (6) of Article 3 of Regulation (EU) 2015/847; and

b) competent authorities responsible for supervising PSPs and IPSPs for compliance with their obligations under Regulation (EU) 2015/847.

2. These guidelines:

a) set out the factors PSPs and IPSPs should consider when establishing and implementing procedures to detect and manage transfers of funds that lack required information on the payer and/or the payee to ensure that these procedures are effective; and

b) specify what PSPs and IPSPs should do to manage the risk of money laundering (ML) or terrorist financing (TF) where the required information on the payer and/or the payee is missing or incomplete.

3. Competent authorities should use these guidelines when assessing the adequacy of the procedures and measures adopted by PSPs and IPSPs to comply with Articles 7, 8, 11 and 12 of Regulation (EU) 2015/847.

4. PSPs, IPSPs and competent authorities should also use these guidelines to ensure compliance with Articles 9 and 13 of Regulation (EU) 2015/847.

5. The factors and measures described in these guidelines are not exhaustive. PSPs and IPSPs should consider other factors and measures as appropriate.

6. These guidelines do not apply to restrictive measures imposed by regulations based on Article 215 of the Treaty on the Functioning of the European Union, such as Regulations (EC) No 2580/2001, (EC) No 881/2002 and (EU) No 356/2010 (‘the European sanctions regime').

These guidelines specify the uniform disclosure format in accordance with which the disclosures required under Article 473a of Regulation (EU) No 575/2013 (the ‘CRR’) should be made. These guidelines apply to institutions referred to in paragraph 1 of Article 473a of the CRR that are subject to all or part of the disclosure requirements specified in Part Eight of the CRR in accordance with Articles 6, 10 and 13 of the CRR. These guidelines apply during the transitional period referred to in paragraph 6 of Article 473a of the CRR.

These Guidelines derive from the mandate given to the EBA in Article 96(3) of Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (PSD2).

In particular, these Guidelines specify the criteria for the classification of major operational or security incidents by payment service providers as well as the format and procedures they should follow to communicate, as laid down in Article 96(1) of the above-mentioned directive, such incidents to the competent authority in the home Member State.

In addition, these Guidelines deal with the way these competent authorities should assess the relevance of the incident and the details of the incident reports that, according to Article 96(2) of the said directive, they shall share with other domestic authorities.

Moreover these Guidelines also deal with the sharing with the EBA and the ECB of the relevant details of the incidents reported, for the purposes of promoting a common and consistent approach.

Annex 1

Annex I to EBA/GL/2017/10

These Guidelines address the requirement for the EBA to issue Guidelines under Article 100(6) of Directive (EU) 2015/2366 of 25 November 2015 on payment services in the internal market. These Guidelines apply to complaints submitted to competent authorities with regard to payment service providers’ alleged infringements of Directive (EU) 2015/2366 as laid down in Article 99(1) of the Directive. These complaints are to be taken into consideration by competent authorities to ensure and monitor effective compliance with Directive (EU) 2015/2366, as referred to in Article 100(6) of the Directive. These complaints may be submitted by payment service users and other interested parties, including payment service providers that are affected by the situation(s) that gave rise to the complaint and consumer associations (‘complainants’).

These guidelines set out the information to be provided to the competent authorities in the application for the authorisation of payment institutions, in the application for registration of account information service providers and in the application for authorisation of electronic money institutions.

These guidelines apply in relation to: (a) applications for authorisation as a payment institution in accordance with Article 5 of Directive (EU) 2015/2366; (b) registration as an account information service provider, in accordance with Article 5 and Article 33 of Directive (EU) 2015/2366; and (c) applications for authorisation as an electronic money institution, by virtue of the application mutatis mutandis of Article 5 of Directive (EU) 2015/2366 to electronic money institutions, in accordance with Article 3(1) of Directive 2009/110/EC.

These guidelines specify sound credit risk management practices for credit institutions associated with the implementation and ongoing application of expected credit loss (‘ECL’) accounting frameworks. These guidelines also provide competent authorities with guidance on evaluating the effectiveness of an institution’s credit risk management practices, policies, processes and procedures that affect allowance levels.

These Guidelines, drawn up pursuant to Article 107(3) of Directive 2013/36/EU aim to ensure the convergence of supervisory practices in the assessment of the information and communication technology (ICT) risk under the supervisory review and evaluation process (SREP) referred to in Article 97 of Directive 2013/36/EU and further specified in the EBA Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP). In particular these Guidelines specify the assessment criteria that competent authorities should apply in the supervisory assessment of institutions’ governance and strategy on ICT and the supervisory assessment of institutions’ ICT risk exposures and controls. These Guidelines form an integral part of the EBA SREP Guidelines.

These guidelines specify criteria and indicators on how to stipulate the minimum monetary amount of the professional indemnity insurance (PII) or other comparable guarantee to be held by undertakings that apply for:

i. authorisation to provide payment services under point (7) of Annex I (payment initiation services, PIS) in accordance with Article 5(2) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market (PSD2);

ii. registration to provide payment services under point (8) of Annex I (account information services, AIS) in accordance with Article 5(3) of PSD2;

iii. authorisation to provide both payment services under point (7) and (8) of Annex I to PSD2.

Pursuant to Article 48(6) of Directive 2014/59/EU, these guidelines address the interrelationship between Regulation (EU) No 575/2013 and Directive 2013/36/EU with Directive 2014/59/EU for the purposes of the sequence of writedown and conversion. The guidelines clarify this interrelationship for the purposes of Article 48 of Directive 2014/59/EU, which governs the sequence of writedown and conversion when the bail-in tool is applied. They are also relevant to Article 60 of Directive 2014/59/EU regarding the sequence of writedown and conversion of capital instruments at the point of non-viability (PONV). ‘Capital instruments’ for the purpose of these guidelines is taken to mean instruments which qualify as CET1, AT1 or T2 instruments for the purposes of Regulation (EU) No 575/2013.

These guidelines, which have been prepared pursuant to Article 50(4) of Directive 2014/59/EU (the BRRD), are on the setting of conversion rates of debt to equity in bail-in. They are also relevant to the conversion of relevant capital instruments at the point of non-viability, because Article 60(3)(d) makes compliance with Article 50, including the EBA guidelines, a condition for converting the relevant capital instruments.

Pursuant to Article 47(6) of Directive 2014/59/EU (the Bank Recovery and Resolution Directive, BRRD), these guidelines set out the circumstances in which it would be appropriate, when applying the bail-in tool set out in Article 43 or the writedown or conversion of capital instruments set out in Article 59, to take one or both of the following actions:

(a) cancel existing shares or other instruments of ownership or transfer them to bailed-in creditors;

(b) dilute existing shareholders and holders of other instruments of ownership as a result of the conversion of:

(i) relevant capital instruments issued by the institution pursuant to the power referred to in Article 59(2) of the BRRD; or

(ii) eligible liabilities into shares or other instruments of ownership issued by the institution under resolution pursuant to the power referred to in Article 63(1)(f) of the BRRD.

These guidelines set out the characteristics of a risk-based approach to anti-money laundering and countering the financing of terrorism (AML/CFT) supervision and the steps competent authorities should take when conducting supervision on a risk-sensitive basis as required by Article 48(10) of Directive (EU) 2015/849.

These Guidelines are aimed at clarifying the procedural rules and the assessment criteria to be applied by competent authorities for the prudential assessment of acquisitions and increases of qualifying holdings in the financial sector. These Guidelines apply to competent authorities in the prudential assessment of acquisitions or increases of qualifying holdings in target undertakings.

These Guidelines aim to ensure convergence of supervisory practices for the assessment of

institutions’ internal capital adequacy assessment process (ICAAP) and internal liquidity

adequacy assessment process (ILAAP) under the supervisory review and evaluation process

(SREP) in accordance with the EBA Guidelines on common procedures and methodologies for

SREP (SREP Guidelines). In particular, these Guidelines specify what information, regarding

ICAAP and ILAAP, competent authorities should collect from institutions in order to perform

their assessments following the criteria specified in the SREP Guidelines.

These guidelines specify the requirements on the application of Article 178 of Regulation (EU) No 575/2013 on the definition of default, in accordance with the mandate conferred to the EBA in Article 178(7) of that Regulation.

These guidelines specify how to apply corrections to the calculation of the modified duration to reflect prepayment risk, in accordance with the mandate conferred to the EBA in the last subparagraph of Article 340(3) of Regulation (EU) No 575/2013

These Guidelines specify requirements for the design and implementation of remuneration policies and practices, in relation to the offering or provision of banking products and services to consumers by institutions as defined in paragraph 17, with a view to protecting consumers from undesirable detriment arising from the remuneration of sales staff.

These guidelines specify what constitutes arm’s length conditions and when a transaction is not structured to provide support, according to Article 248 of Regulation (EU) No 575/2013. The guidelines also elaborate further on the notification and documentation requirements of Article 248(1) of Regulation (EU) No 575/2013.

These guidelines specify, in accordance with Article 12(2) of Regulation (EU) No 537/2014, the requirements for the establishment of effective dialogue between competent authorities supervising credit institutions, on the one hand, and statutory auditor(s) and audit firm(s) carrying out the statutory audit of those institutions, on the other hand.

These guidelines specify the minimum principles and content of stress tests that deposit guarantee schemes (‘DGSs’) must perform pursuant to Article 4 (10) of Directive 2014/49/EU.

These guidelines specify how information should be provided in summary or collective form for the purposes of Article 84(3) of Directive 2014/59/EU, pursuant to the mandate conferred on the EBA in Article 84(7) of that Directive.

Institutions have to apply sound remuneration policies to all staff and specific requirements for the variable remuneration of staff whose professional activities have a material impact on the institutions’ risk profile (identified staff). Articles 74 and 75 of Directive 2013/36/EU (CRD) mandate the EBA to develop guidelines on both remuneration policies for all staff as part of institutions’ internal governance arrangements and remuneration policies for identified staff.

These guidelines specify the objectives and minimum content of cooperation agreements between DGSs or, where appropriate, designated authorities, required to have such cooperation agreements in place in accordance with Article 14(5) of Directive 2014/49/EU.

These guidelines specify the methodology that should be used by institutions, as part of their internal processes and policies, for addressing and managing concentration risk arising from exposures to shadow banking entities. In particular, these guidelines specify criteria for  setting an appropriate aggregate limit on exposures to shadow banking entities which carry out banking activities outside a regulated framework, as well as individual limits on exposures to such entities.

These guidelines specify the minimum criteria that a business reorganisation plan is to fulfil for approval by the resolution authority pursuant to Article 52(7) of Directive 2014/59/EU.

These guidelines specify the conditions set out in points (b), (d), (f), (g) and (h) of Article 23(1) of Directive 2014/59/EU.

These guidelines deal with the requirement for competent authorities of the home Member States to notify the competent authorities of host Member States in relation to credit intermediaries intending to carry out business in another Member State (‘passport notification’) as laid down in Article 32 of Directive 2014/17/EU. These guidelines also specify requirements to update the public register for credit intermediaries related to the passport notification.

These Guidelines specify the criteria by setting out a list of mandatory indicators against which institutions should be assessed when determining whether it is appropriate for simplified obligations to be applied to the institution.

These guidelines specify methods for calculating contributions to DGSs. They specify the objectives and principles governing DGS contribution schemes.

Article 10(3), subparagraph 2, of Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes mandates the EBA with the task of issuing guidelines on payment commitments. For this purpose, these guidelines provide terms to be included in the contractual or statutory arrangements under which a credit institution provides payment commitments to a DGS, as well as the criteria for eligibility and management of the collateral.

Guidelines on factual circumstances amounting to a material threat to financial stability and on the elements related to the effectiveness of the sale of business tool under Article 39(4) of Directive 2014/59/EU.
The resolution authority may apply the instrument sale of business tool without complying with the requirement to market, if the following conditions are met
- a material threat to financial stability arising from or aggravated by the failure or likely of the institution under resolution, and
- compliance with those requirements would be likely to undermine the effectiveness of the sale of business tool
These guidelines specify the factual circumstances amounting to a material threat to financial stability arising from or aggravated by the failure or likely failure of an institution under resolution.

Guidelines on the determination of when the liquidation of assets or liabilities under normal insolvency proceedings could have an adverse effect on one or more financial markets under Article 42(14) of Directive 2014/59/EU.
The guidelines promote the convergence of supervisory and resolution practices regarding the determination of when the liquidation of the assets or liabilities under normal insolvency proceeding could have an adverse effect on one or more financial markets. When evaluating a potential adverse effect on one or more financial markets, the resolution authorities should at least take the described elements within the guidelines into account.

EBA Guidelines on the minimum list of services or facilities that are necessary to enable a recipient to operate a business transferred to it under Article 65(5) of Directive 2014/59/EU.
To ensure the effectiveness of the partial transfer of the business of an institution or group, Directive 2014/59/EU establishes a number of powers ancillary to the resolution tools, including the power to require continuity of essential services from other parts of a group or, where the residual part of the institution is liquidated following the partial transfer of the business, to require services to enable the purchaser, bridge institution or asset management vehicle to carry out the activities or services transferred to it.
The guidelines specify a core list that resolution authorities should consider requiring as a minimum and taking into account the specific circumstances of the case.

Pursuant to Article 32(6) of Directive 2014/59/EU, these Guidelines intend to promote the convergence of supervisory and resolution practices regarding the interpretation of the different circumstances when an institution shall be considered as failing or likely to fail.

For this purpose, these Guidelines provide a set of objective elements that should support the determination that an institution is failing or likely to fail, in accordance with the circumstances laid down in Article 32(4)(a),(b) and (c) of Directive 2014/59/EU. When such a determination is made by the competent authority, it will be based on the outcomes of the SREP performed in accordance with Article 97 of Directive 2013/36/EU and further specified in the SREP Guidelines. In this respect the resolution authority may have to interpret the outcomes of the SREP when consulted by the competent authorities in accordance with Article 32(1)(a) of Directive 2014/59/EU.

These Guidelines do not purport to constrain the ultimate discretion of the competent authority and of the resolution authority in making the determination that an institution is failing or likely to fail. The identification that an objective element enlisted in Title II of these Guidelines has materialised in respect of a particular institution should not lead the competent or the resolution authority as the case may be, to the automatic determination that the institution is failing or likely to fail or result in an automatic application of resolution tools. Similarly, the list of objective elements specified in these Guidelines is not exhaustive and should remain open since not all crisis circumstances can be reasonably foreseen.

These Guidelines should be read in conjunction with the conditions laid down in Article 32(1)(b) and (c) of Directive 2014/59/EU, which specify the other two requirements, in addition to ‘failing or likely to fail’, that need to be met for taking resolution actions. As a consequence, the determination that an institution is failing or likely to fail made by the competent authority and/or the resolution authority in compliance with these Guidelines, does not in itself entail that all conditions to take resolution actions are met. For sake of completeness it is worth keeping in mind that pursuant to Article 32(1)(b) and (c) of Directive 2014/59/EU respectively, the taking of resolution action is also subject to the absence of alternative private sector or supervisory action that can be taken to remedy the situation within a reasonable timeframe, and that the resolution action is necessary in the public interest.

The provisions in these Guidelines should also apply when a determination that an institution is failing or likely to fail is conducted by the relevant authority in the context of determining that an institution is no longer viable for the purpose of exercising the write-down and/or conversion power in accordance with Article 60 of Directive 2014/59/EU.

These Guidelines deal with the establishment of product oversight and governance arrangements for both, manufacturers and distributors as an integral part of the general organisational requirements linked to internal control systems of firms. They refer to internal processes, functions and strategies aimed at designing products, bringing them to the market, and reviewing them over their life cycle. They establish procedures relevant for ensuring the interests, objectives and characteristics of the target market are met. However, these Guidelines do not deal with the suitability of products for individual consumers.

These Guidelines aim at promoting convergence of supervisory practices in relation to the application of early intervention measures as provided for in the Bank Recovery and Resolution Directive (BRRD). The Guidelines establish a link between the on-going supervision conducted by the Competent Authorities according to the Capital Requirement Directive (CRD) and the early intervention powers set out in the BRRD.

These guidelines apply to the sound application of the criteria specified in Article 3(2) of Directive 2014/92/EU to be used by competent authorities when establishing a provisional list of the most representative services linked to a payment account and subject to a fee.

These Guidelines complement the EBA technical standards on resolution planning and resolvability assessment by setting out the circumstances under which resolution authorities can impose measures to overcome obstacles to resolvability identified by the assessment.

These Guidelines determine general criteria for the Assessment of O-SIIs, with the intention of creating a level playing field in Europe on the one hand, and on the other hand also taking into consideration national specificities of the sectors.

These Guidelines specify the types of tests, reviews and exercises and provide details of the main features of such measures. They are part of the EBA’s work to promote the consistent and coherent approach to bank resolution across the European Union.

ESMA and the EBA are proposing to develop complaint handling guidelines for the investment and banking sectors that are identical to the existing EIOPA guidelines for the insurance sector. The objective is to provide EU consumers with a single set of complaints handling arrangements, irrespective of the type of product or service and of the geographical location of the firm in question. This will also allow firms to streamline and standardise their complaints handling arrangements and national regulators to supervise the same requirements across all sectors of financial services.

These Guidelines aim to set out the calculation of the discount rate for variable remuneration and clarify how the discount factor should be applied.

This Recommendation on the use of the Legal Entity Identifier (LEI) requires all entities for which information is required under EU reporting obligations to obtain a pre-Legal Entity Identifier (pre-LEI) code for reporting purposes.

The EBA adopted a formal Recommendation to ensure that major EU cross-border banks develop group recovery plans by the end of 2013. The plans shall be submitted to the respective competent authorities and discussed within colleges of supervisors. The aim of the Recommendation is to spur the development of recovery plans and to foster convergence on the highest standards across the Union.

These Recommendations addressed to national supervisory authorities aim at setting consistent supervisory practices for the oversight of the Euribor submission process. They focus on strengthening the panel banks’ internal governance arrangements, including a code of conduct. The aim of this Recommendation is to improve the identification and management of conflicts of interest and of internal control arrangements, including audits, record keeping and comparison with actual transactions.