Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012, and in particular Articles 180(3), 181(3) and 182(4) thereof,


  1. (1)

    Once it starts implementing the Internal Ratings Based Approach (IRB Approach), an institution and any parent undertaking and its subsidiaries may request the competent authority's permission to use data covering a period of two rather than five years for probability of default (PD), own-loss given default (own-LGD) and own-conversion factor estimates for certain types of exposures. The conditions according to which the competent authorities may grant data waiver permissions should be set out.

  2. (2)

    Competent authorities should verify that institutions comply with the requirements laid down in Regulation (EU) No 575/2013 before they grant the data waiver permission. This Regulation however does not impose requirements for competent authorities for any specific regular review of the institutions' compliance with requirements for data waiver permission, therefore institutions ceasing to comply with the requirements of this Regulation have recourse to Article 146 of Regulation (EU) No 575/2013.

  3. (3)

    The shorter the data history, the more difficult it is to estimate risk parameters. With a view to ensuring that the data waiver permission is limited to a small subset of institution assets, a maximum quantitative threshold should be set, both at the level of the exposure value and at the level of the IRB Approach and the Standardised Approach calculated risk-weighted exposures amount for which the permission for the data waiver can be granted. For the same purpose, portfolios where composition of types of exposures firmly characterised by few or no defaults observed should be explicitly excluded from the scope of application of the permission for data waiver.

  4. (4)

    To ensure prudent calculation of own funds requirements, other considerations should also be taken into account by competent authorities when assessing requests for data waiver permissions. Specifically, institutions requesting permission for the use of shorter data series should apply an appropriate margin of conservatism. Moreover, institutions should prove to the satisfaction of the competent authorities the lack of accurate, complete or appropriate longer time series of data. Given that the impact on own funds requirements may be higher as a consequence of inaccurate data, institutions should also employ additional data quality validation procedures commensurate with the smaller sample size.

  5. (5)

    Types of exposures which are not included in the institution's portfolio at the time when the institution first implements the IRB Approach, should not be considered eligible for the granting of a data waiver permission. Conversely, data waiver permissions should be granted only for types of exposures that were included in the institution's portfolio at the time when the institution first implements the IRB Approach, irrespective of how these exposures move to the IRB Approach immediately or subsequently in accordance with the sequential roll-out plan.

  6. (6)

    The purpose of the data waiver is to provide an exemption from the obligation to use five years' historic data for the estimation of IRB parameters for types of exposures that exist in the institution's portfolio, when the institution first implements the IRB Approach. After five years from that first implementation, institutions should have collected sufficient data to no longer require use of the waiver. Therefore, data waiver permissions should not be granted after five years from the date an institution started implementing the IRB Approach.

  7. (7)

    There is a need to ensure that conditions laid down in this Regulation do not hamper the rating systems already in use by institutions, but that they instead assist with the smooth transition to the new regime, enhance legal certainty for institutions and avoid further costs to institutions. By virtue of Articles 180, 181 and 182 of Regulation (EU) No 575/2013, the data waiver permission concerns the use of two year data instead of five year data; as a result, it naturally expires three years after it is provided. Therefore, the regulatory technical standards should not affect the data waiver permissions already granted by competent authorities at the time of entry into force of this Regulation, because it would be disproportionate and would discourage use of the IRB Approach. The provisions in this Regulation are closely linked, since they all relate to the conditions under which a data waiver may be granted. To ensure coherence between those provisions, which should enter into force at the same time, and to facilitate a comprehensive view and compact access to them by persons subject to those obligations, it is desirable to include all of the regulatory technical standards required by Articles 180(3), 181(3) and 182(4) of Regulation (EU) No 575/2013 in a single Regulation.

  8. (8)

    This Regulation is based on the draft regulatory technical standards submitted by the European Banking Authority to the Commission.

  9. (9)

    The European Banking Authority has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the opinion of the Banking Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1093/2010 of the European Parliament and of the Council,