European Banking Authority

Overview

The European Banking Authority (EBA) is the supranational regulatory authority responsible for developing binding technical standards, guidelines, and recommendations that harmonize banking regulation and payment services across all 27 European Union Member States and the European Economic Area. Operating since 1 January 2011, the EBA develops regulatory technical standards (RTS) and implementing technical standards (ITS) with binding force across the EU, directly affecting the authorization, supervision, and operation of payment service providers, electronic money institutions, and banks.

As a critical player in the European System of Financial Supervision (ESFS), the EBA maintains the central register of payment and electronic money institutions, develops strong customer authentication standards under PSD2/PSD3, coordinates supervisory convergence through national competent authorities, and oversees compliance with harmonized rules on capital requirements, operational resilience, and consumer protection. The EBA's work is particularly significant for payment services regulation, where it establishes mandatory standards for payment initiation services, account information services, open banking APIs, and fraud prevention.

Document Type: Comprehensive Regulator Profile

Entity: European Banking Authority (EBA) - Supranational Authority

Geographic Scope: European Union (27 Member States) + European Economic Area

Regulatory Authority: Binding through Regulatory Technical Standards and Implementing Technical Standards

Primary Focus Areas:

1. Banking regulation and supervision standards
2. Payment services regulation (PSD2/PSD3)
3. Electronic money institutions regulation
4. Consumer protection in banking and payments
5. Capital requirements and prudential regulation
6. Operational resilience and digital finance
7. Supervisory convergence and harmonization

Key Payment Services Competencies:

• Development of Strong Customer Authentication (SCA) standards
• Authorization and supervision standards for payment institutions
• Electronic money institution regulation
• Open banking and API standards
• Fraud prevention and consumer liability standards
• Central register of payment service providers

Strategic Significance: The EBA serves as the primary EU-level technical standard-setter for banking and payment services, ensuring harmonized implementation across all Member States and functioning as a critical link between EU policy objectives and national supervisory practices.

Basic Identity

Classification

2.1 Regulatory Entity Type

• Type: Supranational Authority (EU Agency)
• Control Layer: Layer 6 — Supranational (EU-wide authority)
• Legal Authority Level: Binding (through Regulatory Technical Standards and Implementing Technical Standards)
• Jurisdiction Level: Supranational

2.2 Legal Authority & Binding Instruments

The EBA's authority derives from Articles 10-15 of Regulation (EU) No 1093/2010, which grants the EBA power to:

1. Develop Regulatory Technical Standards (RTS)

• Binding technical standards adopted by the European Commission
• Require implementation by national competent authorities and financial institutions
• Establish detailed technical requirements for compliance with EU financial regulations

1. Develop Implementing Technical Standards (ITS)

• Binding standards specifying calculation methods, reporting formats, and procedures
• Adopted by the European Commission
• Provide detailed technical implementation guidance

1. Issue Guidelines and Recommendations

• Non-binding but represent best practices
• Addressed to national competent authorities and/or financial institutions
• Promote supervisory convergence and consistent application of EU law

1. Conduct Peer Reviews and Assessments

• Evaluate national supervisory authorities' compliance with standards
• Identify gaps and inconsistencies in supervisory practices
• Report findings to the European Commission

2.3 Jurisdiction & Regulatory Perimeter

Geographic Coverage:

• All 27 European Union Member States
• European Economic Area (EEA) countries (Iceland, Liechtenstein, Norway)
• Total supervisory reach: Approximately 8,000+ banks and tens of thousands of payment service providers

Regulated Entities:

• Credit institutions (banks)
• Investment firms
• Payment institutions (PIs)
• Electronic money institutions (EMIs)
• Crypto-asset service providers (CASPs) under MiCA
• Critical third parties under DORA

Regulatory Authority Over Payments:

While authorization of individual payment institutions remains under national competent authorities, the EBA develops all binding standards governing:

• Authorization procedures and requirements
• Prudential capital and liquidity rules
• Operational resilience requirements
• Strong customer authentication (SCA) standards
• Fraud prevention and consumer liability rules
• Open banking and API standards

Inclusion Justification

What This Entity Oversees

1. Entity Identification & Legal Status

1.1 Official Name and Acronym

• Official English Name: European Banking Authority
• Official French Name: Autorité Bancaire Européenne
• Acronym: EBA
• Classification: Supranational Independent Agency of the European Union

1.2 Establishment & Legal Foundation

The European Banking Authority was established by Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010, which was formally adopted on 24 November 2010. The EBA became fully operational on 1 January 2011, replacing the Committee of European Banking Supervisors (CEBS), which had operated from 2004 to 2010 as a Level 3 committee under the Lamfalussy supervisory framework.

The EBA is part of the European System of Financial Supervision (ESFS), established in response to the 2008-2009 global financial crisis to ensure harmonized regulation and supervisory convergence across all EU Member States. It functions as one of three European Supervisory Authorities (ESAs), alongside the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA).

1.3 Predecessor Organization

Committee of European Banking Supervisors (CEBS) [2004-2010]

• Established: 2004 (Decision 2004/5/EC)
• First Meeting: 29 January 2004
• Superseded by: European Banking Authority (1 January 2011)
• Historical Role: Informal advisory group providing soft law guidance and recommendations to EU banking supervisors
• Transition: All CEBS tasks, responsibilities, and archives were transferred to the EBA

4. Headquarters & Location

4.1 Current Headquarters

Location: Europlaza Tower, 10 Rue de Flandre, 75019 Paris, France

Building Details:

• Modern office complex in the La Défense business district (Paris)
• Inaugurated: March 2019 (following relocation from London)
• Architecture: Europlaza is a landmark 41-storey tower in central La Défense

Relocation History:

• Original Location: London, United Kingdom (2011-2019)
• Relocation Trigger: Brexit and UK withdrawal from the EU (March 2019)
• Strategic Location: Paris chosen to maintain proximity to European Commission and French financial hub

Contact Information:

• Telephone: +33 (0)1 86 52 70 00
• Email: [email protected]
• Website: https://www.eba.europa.eu

Time Zone: Central European Time (CET) / Central European Summer Time (CEST)

5.1 Primary Mandate

The EBA's mandate is established in Articles 1-9 of Regulation (EU) No 1093/2010 and comprises:

1. Develop EU-wide Regulatory Standards

• Technical standards for consistent implementation of EU financial regulations
• Guidelines establishing best practices for supervisory convergence
• Recommendations addressing specific risks or concerns

1. Ensure Financial Stability

• Monitor systemic risks in the EU banking sector
• Promote convergence of supervisory practices
• Conduct stress testing and risk assessment
• Coordinate with the European Systemic Risk Board (ESRB)

1. Maintain Integrity & Efficiency of Financial Markets

• Develop standards ensuring fair and consistent competition
• Establish harmonized authorization procedures
• Monitor emerging risks (fintech, crypto-assets, AI)

1. Protect Consumers

• Develop consumer protection standards for banking products
• Establish transparency and disclosure requirements
• Monitor unauthorized transaction liability and redress mechanisms

5.2 Regulatory Scope: Banking & Payment Services

Banking Regulation

• Capital requirements (CRR/CRD framework)
• Operational risk capital calculations
• Liquidity requirements (LCR, NSFR)
• Leverage ratio
• Large exposures rules
• Internal governance and risk management
• Stress testing and SREP requirements
• Macro-prudential regulation

Payment Services Regulation

• Payment Services Directive 2 (PSD2) - Directive 2015/2366/EU
• Emerging PSD3 and Payment Services Regulation (PSR) framework
• Authorization and registration of payment institutions
• Electronic Money Institutions (EMIs) regulation
• Strong Customer Authentication (SCA) standards
• Open Banking and XS2A (Account Information Service APIs)
• Fraud prevention and consumer liability
• Payment institution prudential requirements
• Cross-border payment standards

Consumer Protection

• Mortgage credit transparency
• Consumer credit protection
• Payment accounts transparency and protection
• Payment services consumer rights
• Electronic money consumer protections
• Deposit guarantee standards
• Structured deposits risk disclosure

Emerging Areas

• Digital Operational Resilience Act (DORA) implementation
• Markets in Crypto-Assets Regulation (MiCA)
• Crypto-asset service provider oversight
• Artificial Intelligence Act implementation in financial services
• Decentralized finance (DeFi) risk monitoring
• Digital wallet and payment technology standards

5.3 Specific Payment Services Jurisdiction

The EBA holds comprehensive regulatory authority over payment services through development of mandatory standards under PSD2/PSD3:

Strong Customer Authentication (SCA)

• Binding Regulatory Technical Standards on SCA and Common/Secure Communication
• Three authentication elements: knowledge (something you know), possession (something you have), inherence (something you are)
• Mandatory implementation date: 14 September 2019 (with limited exemptions)
• Covers: Payment transactions, account access, sensitive operations

Payment Service Provider Authorization

• Guidelines on authorization and registration under PSD2
• Harmonized requirements for:
• Payment initiation service providers (PISPs)
• Account information service providers (AISPs)
• Payment institutions (PIs)
• Electronic money institutions (EMIs)
• Central register of authorized PSPs maintained at: https://www.eba.europa.eu/risk-and-data-analysis/data/registers/payment-institutions-register

Open Banking Standards (XS2A - Access to Accounts)

• Technical standards for secure APIs
• Redirection, embedded, and decoupled authentication approaches
• Data access and consent management
• Secure communication protocols

Fraud Prevention & Consumer Liability

• Unauthorized transaction liability standards
• Authorized Push Payment (APP) fraud prevention (enhanced under PSD3/PSR)
• Refund requirements and timelines
• Consumer protection in case of fraud or theft

Electronic Money Regulation

• Authorization requirements for EMI issuers
• Prudential capital requirements
• Segregation of customer funds
• Redemption rights standards
• Consumer protection for e-money holders

6. Core Functions & Regulatory Products

6.1 Regulatory Standard Development

Regulatory Technical Standards (RTS)

RTS are binding technical standards developed by the EBA and formally adopted by the European Commission, establishing:

Recent RTS Examples (2024-2025):

• Strong Customer Authentication and Secure Communication (PSD2)
• Capital Requirements Regulation (CRR) - capital ratio calculations
• Operational Risk capital requirements
• Own Funds Requirements for payment institutions
• Booking arrangements for payment transactions
• Supervisory cooperation and colleges procedures
• Markets in Crypto-Assets Regulation (MiCA) compliance standards
• Digital Operational Resilience Act (DORA) standards

Implementing Technical Standards (ITS)

ITS are detailed binding standards specifying:

• Calculation methods and formulas
• Supervisory reporting formats and templates
• Data exchange protocols
• Disclosure and transparency templates
• Procedural requirements for authorization

Scope: All ITS are binding and implemented through supervisory reporting systems and institutional compliance procedures

Guidelines & Recommendations

Non-binding guidance issued by the Board of Supervisors:

Key Guidelines:

• Guidelines on authorization and registration under PSD2
• Guidelines on internal governance (CRD)
• Guidelines on supervisory review and evaluation process (SREP)
• Guidelines on proportionate retail diversification methods
• Consumer protection guidelines
• Guidelines on AML/CFT compliance (legacy, transferred to AMLA from 1 January 2026)

6.2 Supervisory Frameworks

Supervisory Review and Evaluation Process (SREP)

The SREP is the EBA-coordinated framework for comprehensive bank supervision:

Components:

1. Business Model Analysis - Assessment of institution's strategy and competitive position
2. Internal Governance Assessment - Evaluation of board structure, risk management, internal controls
3. Capital Risk Assessment - Analysis of credit, market, operational, and other risks
4. Liquidity Risk Assessment - Evaluation of funding and liquidity adequacy
5. Stress Testing - Resilience under adverse scenarios
6. Overall Capital Assessment - Determination of Pillar 2 capital requirements

Frequency: Annual supervisory cycle

Methodology: Guidelines published at https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/supervisory-review-and-evaluation-process-srep-4

Stress Testing

EU-wide annual stress testing coordinated by the EBA:

• Coordinated with ECB and national supervisors
• Large bank sample (typically 50+ significant institutions)
• Scenarios: Baseline and adverse macroeconomic scenarios
• Publication: Results released publicly annually

6.3 Peer Review & Convergence

Supervisory Convergence Review: Annual assessment of harmonization across national authorities

• Peer reviews of national supervisory practices
• Identification of best practices and inconsistencies
• Recommendations for convergence

Recent Publication: 2024 Report on Supervisory Convergence

6.4 Central Register Maintenance

Register of Payment and Electronic Money Institutions

• URL: https://www.eba.europa.eu/risk-and-data-analysis/data/registers/payment-institutions-register
• Coverage: EU-27 and EEA
• Data: Authorized payment institutions, electronic money institutions, small payment institutions
• Transparency: Public access to verify regulated status of payment service providers
• Purpose: Consumer protection through transparency on regulated entity status

8. Capital Requirements Regulation (CRR/CRD)

8.1 Regulatory Framework

Legal Basis:

• Regulation (EU) No 575/2013 - Capital Requirements Regulation (CRR)
• Directive 2013/36/EU - Capital Requirements Directive (CRD IV/VI)
• Regulation (EU) 2019/2175 - Recent amendments

Purpose: Implement Basel III standards for capital adequacy in the EU

Scope: All credit institutions, investment firms, and certain third-country branches

8.2 Key CRR/CRD Components

1. Pillar 1: Minimum Capital Ratios

• Common Equity Tier 1 (CET1): Minimum 4.5%
• Tier 1 capital: Minimum 6%
• Total capital: Minimum 8%
• Plus capital buffers: Capital conservation, countercyclical, systemic risk buffers

1. Pillar 2: Supervisory Review (SREP)

• Institution-specific capital requirements based on risk assessment
• Determined through SREP process
• Pillar 2 Requirement (P2R) set by national authorities

1. Pillar 3: Disclosure & Transparency

• Public reporting of capital ratios
• Risk data disclosure
• Prudential disclosures (Pillar 3 templates)

1. Operational Risk Framework

• Standardized Approach (SA) or Advanced Measurement Approach (AMA)
• Business Indicator (BI)-based calculation
• Recent RTS on operational risk capital requirements (2025)

1. Large Exposures

• Concentration limits on single counterparty exposures
• Maximum 25% of institution's capital

1. Leverage Ratio

• Non-risk-weighted backstop: Minimum 3%

1. Liquidity Requirements

• Liquidity Coverage Ratio (LCR): Minimum 100%
• Net Stable Funding Ratio (NSFR): Minimum 100%

8.3 Recent Updates: CRD VI & CRR III (Basel IV Implementation)

Adoption: June 2024

Scope: Final components of Basel III implementation

Key Updates:

• Credit valuation adjustment (CVA) risk refinements
• Operational risk capital standardization
• Market risk framework updates
• Large exposures rule clarifications

9. Digital Finance, Innovation & Emerging Technologies

9.1 Digital Finance Strategy

The EBA maintains a dedicated Digital Finance regulatory focus area covering:

Areas of Focus (2024-2026):

• Fintech innovation and impact on traditional banking
• Decentralized Finance (DeFi) risks and supervision
• Cryptocurrency and crypto-asset regulation
• Artificial Intelligence and machine learning applications
• Digital wallet technologies
• API standardization and open banking evolution

Key Initiative: EU Supervisory Digital Finance Academy (SDFA)

• Collaboration with ESMA, EIOPA, European Commission
• Objective: Strengthen supervisory capacity in innovative digital finance
• Training and knowledge transfer for national authorities
• Emerging risk identification and monitoring

9.2 Markets in Crypto-Assets Regulation (MiCA)

Legal Basis: Regulation (EU) 2023/1114 (Markets in Crypto-Assets Regulation)

EBA Role:

• Develops technical standards for crypto-asset service provider (CASP) authorization
• Establishes operational resilience and governance standards
• Clarifies interplay between MiCA and PSD2/PSD3
• Monitors asset-referenced tokens (ARTs) and electronic money tokens (EMTs)

2024 Deliverables:

• 20 technical standards and guidelines for crypto-asset markets
• Supervisory framework for significant ARTs and EMTs
• Templates and procedures for information exchange
• Clarification on PSD2-MiCA interplay for payment services

9.3 Digital Operational Resilience Act (DORA)

Legal Basis: Regulation (EU) 2022/2554

EBA Role:

• Oversight of critical third parties (TPPs) designated under DORA
• Development of operational resilience standards
• ICT risk management requirements
• Incident reporting and management procedures

Status (2025-2026):

• Designation of critical TPPs in progress
• Operational oversight processes established
• Charging mechanisms for oversight fees
• Building supervisory capacity for ICT risk assessment

9.4 Artificial Intelligence in Financial Services

Focus Areas:

• Mapping AI Act requirements against banking regulations
• Assessment of AI/ML applications in banking and payments
• Risk identification in algorithmic decision-making
• Bias and discrimination prevention
• Explainability and transparency requirements
• Model risk management for AI systems

Recent Work: AI Act implications study and follow-up actions (2025-2026)

10.1 Historical AML Role & Transition

Historical Mandate (until 31 December 2025):

• Development of AML/CFT guidelines and standards
• Oversight of payment institutions' AML compliance
• Coordination of supervisory cooperation on AML matters
• Assessment of ML/TF risks in payment sector

Transition (1 January 2026):

• Transfer of all AML/CFT responsibilities to newly established Anti-Money Laundering Authority (AMLA)
• Continuity: Existing EBA AML/CFT guidelines remain valid until replaced by AMLA
• Article 54 AMLA Regulation: All existing EBA standards continue binding effect during transition

10.2 Key AML Findings & Standards (Legacy EBA)

Payment Institutions Risk Assessment:

• EBA Report on ML/TF Risks in Payment Institutions identified significant gaps
• Finding: Payment institutions generally do not manage ML/TF risk adequately
• Issues: Insufficient internal controls, weak ongoing monitoring, inadequate AML policies
• Compliance breaches focused on: Customer identification, ongoing monitoring, AML governance

Supervisory Cooperation Protocol:

• Joint Committee of EBA, ESMA, EIOPA established AML cooperation framework
• Cross-border information exchange procedures
• Coordination of agent and branch supervision

10.3 Post-Transition (AMLA Authority)

New Authority: Anti-Money Laundering Authority (AMLA)

• Established: 1 January 2026
• Role: Centralized oversight of AML/CFT in EU
• Relationship with EBA: Coordination on overlapping prudential and AML matters
• Standard continuity: Existing EBA standards remain valid until replaced

11.1 Scope of Consumer Protection Authority

The EBA maintains comprehensive consumer protection authority across:

Products Covered:

• Mortgage credit (consumer mortgages)
• Consumer credit (personal loans, credit cards)
• Payment accounts
• Payment services
• Electronic money (e-money) products
• Deposits (including structured deposits)

Key Areas:

• Transparency and disclosure requirements
• Fee transparency (uniform fee comparison formats)
• Authorization and trustworthiness standards for payment service providers
• Fraud prevention and unauthorized transaction liability
• Data protection and privacy in payment services
• Consent and permission management for data access
• Complaint handling and dispute resolution procedures

11.2 Payment Services Consumer Rights

Unauthorized Transaction Liability:

• Maximum consumer liability: €50 (reduced in specific circumstances)
• Institution liability: Full amount minus €50
• Timeline: Refund within 10 business days of dispute
• Burden of proof: Shifts to institution in certain cases

Pre-Execution Disclosure:

• Information about payment, fees, exchange rates
• Time required for execution
• Beneficiary notification requirements
• Refund rights

Post-Execution Information:

• Confirmation of payment execution
• Details of payment amount and charges
• Exchange rate applied (if applicable)

11.3 Electronic Money Consumer Protections

Redemption Rights:

• E-money holders have right to redeem e-money at par value
• Issuer must accept redemption requests at all times
• No fees for redemption (or minimal regulatory fee)

Segregation of Funds:

• Customer e-money funds segregated from EMI operational accounts
• Protection in case of EMI insolvency
• Covered by deposit guarantee scheme in certain cases

Consumer Liability:

• Unauthorized e-money transactions: €50 maximum liability (under PSD2)
• Enhanced protections for stolen or lost payment instruments

14. Work Programme & Strategic Priorities (2025-2027)

14.1 Digital Finance & Innovation Priorities

EU Supervisory Digital Finance Academy (SDFA):

• Joint initiative with ESMA, EIOPA, European Commission
• Objective: Strengthen supervisory capacity in digital finance
• Ongoing: Training programs and knowledge transfer to national authorities

Emerging Risk Monitoring:

• Decentralized Finance (DeFi) risks and market structure
• Cryptocurrency market volatility and systemic implications
• Digital wallet technologies and new payment methods
• Algorithmic and automated trading in financial markets

AI and Machine Learning:

• AI Act implementation in banking and payment sectors
• Mapping AI Act requirements against sectoral measures
• Assessment of AI/ML applications and associated risks
• Model risk management and explainability requirements

14.2 Payment Services Modernization (2025-2027)

PSD3/PSR Implementation:

• Development of new Regulatory Technical Standards
• Authorization procedure updates
• Own Funds Requirements standards (Method B default)
• Fraud prevention and liability standards

Open Banking Evolution:

• Permission dashboard technical standards
• API standardization advancement
• Data access and consent management enhancement
• Third-party oversight integration

Electronic Money Regulation:

• Incorporation into PSD3 framework
• Updated authorization procedures
• Enhanced consumer protection standards

14.3 Operational Resilience (2025-2027)

Digital Operational Resilience Act (DORA):

• Completion of critical TPP designation process
• Operational oversight of designated critical third parties
• ICT risk assessment and monitoring
• Incident reporting and management procedures

Third-Party Oversight:

• Charging mechanisms for oversight fees implementation
• Performance of ongoing oversight activities
• Building supervisory ICT risk capacity

14.4 Capital Requirements & Prudential Reform

Basel IV (CRD VI/CRR III) Implementation:

• Operational risk capital standards finalization
• Credit valuation adjustment (CVA) risk refinements
• Market risk framework implementation
• Large exposures rule updates
• Leverage ratio application

Stress Testing Evolution:

• Annual EU-wide stress testing coordination
• Scenario design and refinement
• Reverse stress testing methodology updates

14.5 Anti-Money Laundering Transition

Transfer to AMLA (1 January 2026):

• Transition of AML/CFT responsibilities to new AMLA authority
• Continuity of existing EBA standards during transition period
• Coordination mechanisms with AMLA on overlapping matters
• Legacy guideline and standard continuation

14.6 Consumer Protection Enhancement

Mortgage and Consumer Credit:

• Updated guidelines for responsible lending
• Transparency requirements refinement
• Vulnerability and consumer harm assessment

Payment Fraud Prevention:

• Authorized Push Payment (APP) fraud standards
• Updated liability and refund frameworks
• Enhanced consumer education
• Industry best practice development

14.7 Supervisory Convergence

Peer Reviews:

• Periodic assessment of national supervisory authority practices
• Identification of best practices and inconsistencies
• Recommendations for harmonized approaches

Annual Supervisory Convergence Report:

• Comprehensive review of supervisory practice harmonization
• Identification of remaining gaps
• Recommendations for further convergence

15. Regulatory Output & Publications

15.1 Types of Regulatory Products

Regulatory Technical Standards (RTS)

• Binding technical requirements adopted by the European Commission
• Directly applicable across all Member States
• Require compliance by regulated entities and supervisors
• Recent examples: SCA standards, operational risk capital, crypto-assets standards

Implementing Technical Standards (ITS)

• Detailed technical implementing rules
• Specify calculation methods, reporting formats, procedures
• Adopted by the European Commission (binding)
• Examples: Supervisory reporting templates, prudential reporting formats

Guidelines

• Non-binding best practice guidance
• Addressed to national competent authorities and/or financial institutions
• Establish consistent supervisory approaches
• Examples: SREP guidelines, authorization guidelines, consumer protection guidelines

Technical Opinions

• Expert analysis and recommendations on specific regulatory questions
• Non-binding but highly influential
• Addressed to European Commission or Member States
• Examples: PSD3/PSR opinions, fintech impact assessments

Reports & Assessments

• Thematic reports on regulatory topics
• Peer review findings
• Supervisory convergence assessments
• Risk assessments and monitoring reports

15.2 Publication Channels

Official Website: https://www.eba.europa.eu

Publications & Resources:

• Press Releases: https://www.eba.europa.eu/publications-and-media/press-releases
• Work Programme: https://www.eba.europa.eu/publications-and-media/work-programme
• Annual Report: https://www.eba.europa.eu/publications-and-media/annual-report
• Single Rulebook: https://www.eba.europa.eu/regulation-and-policy/single-rulebook
• Payment Institutions Register: https://www.eba.europa.eu/risk-and-data-analysis/data/registers/payment-institutions-register

17. Authority Levels & Regulatory Binding

17.1 Legal Authority Classification

Authority Type: Binding through Regulatory Technical Standards and Implementing Technical Standards

Binding Instruments:

1. Regulatory Technical Standards (RTS)

• Legally binding across all EU Member States
• Adopted by European Commission as delegated regulations
• Directly applicable without further national legislation
• Enforced through national supervisory authorities and ECJ review

1. Implementing Technical Standards (ITS)

• Legally binding across all EU Member States
• Adopted by European Commission as implementing regulations
• Directly applicable to regulated entities
• Enforced through supervisory procedures and national courts

1. Guidelines & Recommendations

• Non-binding guidance but with "comply or explain" force
• National authorities must explain non-compliance
• Establish expected supervisory practices
• Failure to follow can result in supervisory action

17.2 Enforcement Mechanisms

National Competent Authorities (NCAs):

• Implement EBA standards through supervisory authority mandates
• Enforce compliance through licensing conditions, examinations, enforcement actions
• Apply sanctions for non-compliance (fines, license revocation, etc.)

European Commission:

• Formal adoption of RTS/ITS
• Delegation review under Regulation (EU) No 1093/2010
• Potential legal challenge under EU law

European Court of Justice (ECJ):

• Final arbiter on interpretation of EBA standards and authority
• Review of European Commission delegated acts
• Member State compliance disputes

20. Document Control & Maintenance

Document ID: A016-european-union-supranational-european-banking-authority-supranational-authority

Version: 1.0

Date Created: 5 April 2026

Last Updated: 5 April 2026

Next Review Date: 5 July 2026 (Quarterly)

Document Status: Active

Maintenance Notes:

• Monitor EBA leadership changes (Executive Director appointment expected)
• Track PSD3/PSR implementation progress (2026-2027)
• Monitor AMLA transition and coordination mechanisms (post-January 1, 2026)
• Update work programme annually as new priorities emerge
• Verify technical standards updates through Single Rulebook

Regulatory Powers

This entity exercises integrated regulatory powers across multiple financial sectors:

Regulatory Role and Function

3.1 Governance Framework

The EBA is governed by a dual governance structure comprising the Board of Supervisors (decision-making) and the Management Board (operational oversight):

Board of Supervisors (BoS)

Composition:

• Heads of national banking supervisory authorities from all 27 EU Member States
• European Commission (observer status)
• ESRB, ESMA, EIOPA representatives (where relevant)
• EBA Chairperson (Chair of the Board)

Responsibilities:

• Adopt draft Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS)
• Adopt guidelines, recommendations, and technical opinions
• Adopt annual reports and work programmes
• Approve the EBA budget
• Take all major policy decisions
• Establish Board committees and working groups

Decision-Making: Qualified majority voting (as defined in Article 40 of Regulation 1093/2010)

Management Board (MB)

Composition:

• EBA Chairperson (Chair)
• 6 representatives from national competent authorities (representing participating and non-participating Member States)
• European Commission representative
• Head of EBA internal audit (observer status)

Responsibilities:

• Oversee EBA operations and financial management
• Approve the draft annual and multi-annual work programmes
• Manage specific budgetary matters and resource allocation
• Approve staff policy plans and recruitment
• Ensure the EBA fulfills its mission and tasks

3.2 Leadership Structure

Chairperson

Current: François-Louis Michaud

• Appointment Date: Appointed by Council of the European Union
• Effective Date: 16 April 2026 (takes office)
• Term: 5 years
• Appointment Note: Michaud will transition from his position as Executive Director to Chair, effective 16 April 2026, with a new Executive Director to be appointed

Previous Chairperson: José Manuel Campa (2019-2026)

Executive Director

Status: New appointment to be made following Michaud's transition to Chair

• Outgoing Executive Director: François-Louis Michaud (appointed 1 September 2020, until 15 April 2026)
• Reports to: Board of Supervisors and Management Board
• Responsibilities: Day-to-day operations, staff management, preparation of Board meetings

3.3 Internal Organization

Organizational Structure:

• Departments: 6 major departments
• Units: 20 specialized units covering regulatory, supervisory, and operational functions
• Staff: Approximately 200+ regulatory and supervisory professionals
• Budget: Funded by contributions from national competent authorities and EU budget

Functional Departments (typical structure):

1. Prudential Regulation and Risk (Capital Requirements, Operational Risk)
2. Payment Systems and Market Infrastructure
3. Consumer Protection and Supervisory Convergence
4. Digital Finance and Innovation
5. Governance and Administrative Affairs
6. Operations and Finance

Legal Foundation

13.1 Single Rulebook Concept

The Single Rulebook is the harmonized set of technical standards, implementing standards, and guidelines developed by the EBA (and other ESAs) to ensure consistent application of EU financial regulations across all Member States.

Components:

• Capital Requirements Regulation (CRR) and Directive (CRD)
• Payment Services Directive 2 (PSD2) and emerging PSD3/PSR
• Electronic Money Directive
• Markets in Crypto-Assets Regulation (MiCA)
• Digital Operational Resilience Act (DORA)
• Consumer protection rules and guidelines
• All EBA Regulatory Technical Standards and Implementing Technical Standards

13.2 Interactive Single Rulebook

Online Tool: https://www.eba.europa.eu/regulation-and-policy/single-rulebook/interactive-single-rulebook

Features:

• Searchable database of all binding technical standards
• Cross-references to applicable EU regulations
• Categorization by regulatory area
• Navigation by topic and requirement type
• Updated regularly with new standards and amendments

Coverage Areas:

• Capital Requirements Regulation (CRR)
• Capital Requirements Directive (CRD)
• Payment Services Directive 2 (PSD2)
• Consumer protection standards
• Operational risk frameworks
• Supervisory procedures and methodologies

Licensing and Authorization Relevance

The ============================================================================ issues authorizations within its regulatory mandate in European Union:

[Specific license types and requirements require verification from official sources]

Payments and Money Movement Relevance

7.1 Payment Services Directive 2 (PSD2) - Current Framework

Legal Basis: Directive 2015/2366/EU

Scope: Regulation of payment services across all EU Member States and EEA

Key Requirements:

1. Strong Customer Authentication (SCA)

• Two or more independent authentication elements
• Mandatory for: Payment transactions, account access, sensitive operations
• Exemptions: Low-risk transactions, recurring payments, trusted beneficiaries (limited)
• EBA Regulatory Technical Standards (RTS) on SCA/CSC: Binding technical implementation

1. Open Banking Requirements

• API-based Account Information Services (AIS)
• Payment Initiation Services (PIS)
• Secure and standardized communication protocols
• No prohibition of third-party access to payment data

1. Authorization & Supervision

• National competent authorities conduct authorization
• EBA develops harmonized guidelines and standards
• Central register maintained by EBA

1. Consumer Protection

• Unauthorized transaction liability limits (maximum €50 in certain cases)
• Transparency requirements (fees, terms, conditions)
• Pre-execution disclosure of payment information
• Refund rights for unauthorized transactions

1. Payment Institution Prudential Requirements

• Capital requirements (Own Funds)
• Operational risk coverage
• Liquidity standards
• Large exposure limits

7.2 PSD3 & Payment Services Regulation (PSR) - New Framework

Status: Provisional agreement reached 27 November 2025

Expected Implementation: 2026-2027

Key Modernizations:

1. Enhanced Authorization Framework

• Streamlined and clarified authorization procedures
• Incorporation of electronic money institutions as payment services subcategory
• Updated prudential requirements

1. Own Funds Requirements

• Method B promoted as default for payment institutions
• Methods A and C limited to specific high-value business models
• NCA validation and Regulatory Technical Standards (RTS) to detail criteria

1. Fraud Prevention & Liability Reform

• Authorized Push Payment (APP) fraud addressed with enhanced prevention standards
• Updated liability and redress frameworks
• Enhanced consumer protection against APP scams

1. Permission Dashboard

• Payment Service Users (PSUs) will have real-time visibility into third-party data access
• Dynamic permission management
• Ability to withdraw and re-grant permissions at any time

1. Integrated Payment Services

• Consolidation of payment account services with payment initiation
• Enhanced open banking capabilities
• Broader data sharing for innovation

7.3 EBA Technical Standards on Payment Services

Strong Customer Authentication (SCA) Standards

• Regulatory Technical Standard on SCA and Common/Secure Communication
• Three authentication methods:
• Redirection approach: Customer redirected to ASPSP authentication page
• Embedded approach: TPP collects authentication data within its own interface
• Decoupled approach: Authentication through separate device or channel
• Exemptions and low-risk transaction thresholds

Payment Institution Authorization Guidelines

• Criteria for assessing authorization applications
• Fit-and-proper requirements for managers and owners
• Business plan evaluation
• Technical infrastructure assessment
• Compliance resource adequacy

Electronic Money Institution Regulation

• Authorization and supervision procedures
• Segregation of customer funds requirements
• Redemption rights and consumer protections
• Business model restrictions (cannot take deposits, limited lending)

Payment Systems Governed or Overseen

Payment Systems Oversight & Regulation (EBA Mandate)

Direct Regulatory Authority:

SEPA Infrastructure Governance (2024-2025 Context)

EBA Clearing Coordination

Emerging Payment Systems & Consumer Protection

Statistical Context: European Payment Ecosystem Under EBA Oversight

Payment Method Distribution (2024):

• Card payments: 56% of transaction volume
• Credit transfers: 22% of transaction volume
• Direct debits: 15% of transaction volume
• Other methods: 7%

Regulatory Compliance Milestones:

• Jan 9, 2025: PSP optional participation in SCT Inst
• Oct 9, 2025: PSP mandatory participation in SCT Inst (enforced by EBA)
• Q4 2025: Full compliance assessment with Instant Payments Regulation
• 2026: PSD3 implementation phase begins

Cross-Border Payment Infrastructure:

• T2 RTGS: €235.1T daily value settlement (H1 2025)
• TIPS instant settlement: 24/7/365 operation in central bank money
• EBA Clearing systems: €22.62B+ annual transaction volume (2024)

Relationship to Other Regulators

12.1 European System of Financial Supervision (ESFS)

The EBA operates within the ESFS, a coordinated network of EU and national authorities:

Other European Supervisory Authorities:

• European Central Bank (ECB) - Prudential supervision of significant banks, monetary policy
• European Insurance and Occupational Pensions Authority (EIOPA) - Insurance and pensions regulation
• European Securities and Markets Authority (ESMA) - Securities and markets regulation
• European Systemic Risk Board (ESRB) - Macro-prudential supervision and financial stability

Coordination Mechanisms:

• Joint Committee of ESAs (EBA, ESMA, EIOPA) - Quarterly coordination meetings
• Joint Task Forces on emerging risks and standards
• Bilateral information sharing and consultation

12.2 National Competent Authorities (NCAs)

The EBA coordinates with national supervisors across all EU Member States:

Supervisory Colleges:

• Home and host authority colleges for significant cross-border institutions
• Coordinated supervision of branches and subsidiaries
• Information exchange on compliance and risk assessment

Supervisory Cooperation:

• Peer reviews and convergence assessments
• Technical guidance and training
• Joint supervisory teams for stress testing and examination

12.3 European Commission

Relationship:

• European Commission delegates RTS/ITS development to EBA
• Commission formally adopts EBA standards (binding regulatory products)
• Quarterly liaison meetings on policy coordination
• Joint consultation processes on major regulatory initiatives

12.4 International Coordination

Basel Committee on Banking Supervision (BCBS):

• Alignment of EBA standards with Basel III international standards
• Implementation coordination with other jurisdictions
• Ongoing engagement on standards evolution

Financial Action Task Force (FATF):

• Coordination on AML/CFT standards (pre-AMLA transition)
• Mutual Evaluation Programme participation
• Standards alignment on money laundering and terrorist financing

Financial Stability Board (FSB):

• Participation in global financial stability coordination
• Cross-border regulatory coordination
• Systemic risk monitoring contribution

Geography and Jurisdiction Notes

Important Departments and Divisions

Key Public Resources

16.1 Official Contact Details

Headquarters Address:

• Europlaza, 10 Rue de Flandre
• 75019 Paris
• France

Communication Channels:

• Telephone: +33 (0)1 86 52 70 00
• Email: [email protected]
• Website: https://www.eba.europa.eu
• English Portal: https://www.eba.europa.eu/english

Social Media:

• LinkedIn: https://www.linkedin.com/company/european-banking-authority

16.2 Key Links & Resources

Regulatory Resources:

• Single Rulebook Interactive Database: https://www.eba.europa.eu/regulation-and-policy/single-rulebook/interactive-single-rulebook
• Payment Services & E-Money: https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money
• Consumer Protection: https://www.eba.europa.eu/regulation-and-policy/consumer-protection
• AML/CFT (Legacy): https://www.eba.europa.eu/regulation-and-policy/anti-money-laundering-and-countering-financing-terrorism
• Digital Finance: https://www.eba.europa.eu/regulation-and-policy/digital-finance

Governance & Organization:

• Organization & Governance: https://www.eba.europa.eu/about-us/organisation-and-governance
• Board of Supervisors: https://www.eba.europa.eu/about-us/organisation-and-governance/governance-structure-and-decision-making/board-supervisors

Data & Registers:

• Payment Institutions Register: https://www.eba.europa.eu/risk-and-data-analysis/data/registers/payment-institutions-register
• CEBS Archive (Legacy): https://www.eba.europa.eu/cebs-archive

Notes on Naming and Language