In this page, we present the compliance of EU and non-EU banks with the requirements extracted from the European regulations (the Payments Service Directive 2 and the related Regulatory Technical Standard).

Requirements definition

Req. Number	Definition
RL1	If a software authenticator or an authentication code is used through a multi-purpose device, the integrity of the device must be checked
RL2	MFA protocols must be always employed when the user performs risky operations
RL3	Every MFA protocol must employ at least two different types of Authentication Factors
RL4	Every MFA protocol must employ at least two independent Authentication Factors
RL5	Every MFA protocol must result in the generation of an authentication code that is unique, dynamically linked to a specific operation and accepted only once.
RL6	Every MFA protocol must make the user aware of crucial information on the operation she is going to authorize
RL7	Identity proofing must be performed with a high level of confidence
RL8	The binding procedure for every authenticator must be executed in a secure manner
RL9	Every remotely delivered authenticator must be activated before its usage

---

EU Banks

Bank Name	Country	RL1	RL2	RL3	RL4	RL5	RL6	RL7	RL8	RL9
Deutsche Bank	DE
VR Bank	DE
Commerzbank	DE
HSBC	UK
Barclays	UK
LLoyds	UK
BNP Paribas	FR
Credit Agricole	FR
Societè Generale	FR
Unicredit	IT
Banca Intesa	IT
Banco BPM	IT
Banco Santander	ES
BBVA	ES
La Caixa	ES
ING	NL
Rabobank	NL
ABN AMRO	NL
Nordea	SW
Svenska Handelsbanken	SW
SEB	SW
Legend: requirements can be fulfilled, partially violated or violated.

Non-EU Banks

Bank Name	Country	RL1	RL2	RL3	RL4	RL5	RL6	RL7	RL8	RL9
ICBC	CN
CCB	CN
ABC	CN
Chase	US
Bank Of America	US
Wells Fargo	US
UBS	CH
Credit Suisse	CH
Raiffeisen	CH
Legend: requirements can be fulfilled, partially violated or violated.

Back to survey table