What are the Joint Committee complaints-handling guidelines?

The Joint Committee guidelines (JC 2014 43, extended by JC 2018 35) are a set of complaint-governance standards issued jointly by the EBA, ESMA, and EIOPA. They set baseline expectations for how European financial firms design their complaints management policy, staff the complaints function, register cases, respond to customers, and analyse root causes.

What must a complaints management policy contain?

The policy should define what the firm counts as a complaint, set out internal escalation paths and timelines, describe how complaints data is reported to senior management, and explain how the firm handles conflicts of interest. The guidelines expect the policy to be approved by the management body and reviewed regularly.

What is a complaints management function?

A complaints management function is the internal unit or role responsible for investigating complaints fairly and independently. The guidelines require that the function can investigate without being overruled by the business area that caused the complaint, and that it has enough authority and resources to reach fair outcomes.

What information should a complaint register capture?

At a minimum: the complainant identity, the date of receipt, the product or service involved, a summary of the complaint, the applicable deadline, current status, all correspondence, the outcome, and any redress or corrective action taken.

What is root-cause analysis under the guidelines?

The guidelines expect firms to analyse complaint data to identify recurring or systemic problems rather than treating each case in isolation. Root-cause analysis should determine whether a complaint pattern points to a broader product, process, or conduct issue that needs corrective action beyond the individual case.

What customer information must firms provide?

Firms should publish how to submit a complaint, what information helps the firm assess it, the expected timeline for a response, and the available external escalation routes such as ADR bodies or ombudsman schemes. This information should be easy to find on the firm's website and in customer-facing materials.

How do the Joint Committee guidelines relate to PSD2?

PSD2 Article 101 sets the complaint-response deadline for payment service providers. The Joint Committee guidelines provide the governance layer underneath that deadline: the policy, function, registration, reporting, and root-cause analysis that make consistent and fair complaint handling possible across the firm.

Resources Knowledge BaseEuropean Union

RG-003EU22 min readUpdated 31 March 2026

EBA Guidelines on Complaint Handling: What Payment Firms Must Know

Q: Do the guidelines apply to payment institutions?

Yes. JC 2018 35 extended the original Joint Committee guidelines to payment institutions, electronic money institutions, and account information service providers under PSD2. These firms must comply with the same governance, registration, and root-cause analysis standards.

A control-focused guide to the Joint Committee and EBA complaint-handling framework: governance, policy design, registration, reporting, root-cause analysis, and cross-border consistency.

Complaints management policyComplaints management functionRegistration, reporting, and root-cause analysisCross-border governance consistency

Why the governance framework matters as much as the deadline

Most payment firms know the complaint-response deadline that applies to them. Fewer have invested equally in the governance layer that sits behind it: the written policy, the independent function, the structured register, the reporting cadence, and the recurring-issue analysis that turn individual case handling into a controlled process.

The Joint Committee guidelines exist to fill that gap. They describe the operating system behind consistent complaint handling. A firm that meets every deadline but has no documented policy, no register, and no root-cause analysis is still exposed to supervisory criticism and, more importantly, to systemic customer harm it has no mechanism to detect.

That matters especially for payment institutions and electronic money issuers that added complaints handling after authorisation rather than building it into the original operating model. The guidelines set out what a credible complaints-governance framework looks like regardless of firm size.

Scope and application

The original Joint Committee guidelines on complaints handling (JC 2014 43) were issued jointly by the three European Supervisory Authorities: the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), and the European Insurance and Occupational Pensions Authority (EIOPA). They applied to investment firms and insurance undertakings at the point of publication.

JC 2018 35 extended those guidelines to the entities brought into scope by PSD2, covering payment institutions, electronic money institutions, and account information service providers. That extension is important because it means the governance standards now apply to many firms that were not previously subject to formal complaint-handling framework requirements at the European level.

The guidelines apply across banking, investment, insurance, and payments sectors.
JC 2018 35 brought payment institutions, EMIs, and AISPs into scope.
National competent authorities may impose additional or stricter requirements; firms should check transposition in each jurisdiction where they operate.

Element 1: Complaints management policy

The guidelines expect every firm to have a complaints management policy that is approved and regularly reviewed by the management body. That policy is the top-level control document for how the firm handles complaints, and it anchors every subsequent operational decision.

A well-structured policy should cover at least the following elements:

Definition of a complaint : The firm's working definition of what counts as a complaint, aligned with the relevant regulatory definition. Without a clear definition, cases are lost in general customer-service queues and never enter the complaints workflow.

Escalation paths and timelines : A description of how complaints move through investigation, review, and decision stages, including the applicable response deadline and the process for interim or holding communications.

Conflicts of interest : An explanation of how the firm identifies and mitigates conflicts of interest during complaint investigation, particularly when the business area that originated the product or service is involved in the review.

Reporting to senior management : A description of how complaint data and themes are reported to the management body, including the frequency and format of management information.

External escalation disclosure : A statement of how the firm informs customers about external dispute-resolution routes, such as ADR bodies, ombudsman schemes, or national competent authorities.

Policy review cycle : A commitment to review the policy at regular intervals and following any material change to the firm's product range, regulatory environment, or complaint volume.

Element 2: Complaints management function

The guidelines require firms to establish a complaints management function that enables complaints to be investigated fairly and that identifies and mitigates potential conflicts of interest. This does not prescribe a specific org-chart structure, but it does set a clear standard: the function must be able to reach fair outcomes without being overruled by the business area responsible for the subject of the complaint.

For smaller payment institutions, this may mean a named individual with documented authority. For larger firms, it means a dedicated team with clear reporting lines, case-handling authority, and the resources to investigate thoroughly.

The function must have authority to investigate complaints and to require information from other business areas.
Staff investigating complaints should not be investigating their own work or the work of their direct reporting line.
The function should have access to all relevant information needed to assess a case, including transaction records, communications, and internal decision logs.
The firm should review whether the function is adequately resourced relative to complaint volume and complexity, and adjust when either changes.

Element 3: Staff training and competence

The guidelines expect firms to ensure that staff involved in complaints handling are competent and trained for the task. That includes both the staff who investigate complaints and those who interact with customers during the complaints process.

Training should not be treated as a one-time onboarding step. It should cover the firm's complaints management policy, the applicable regulatory framework, the internal systems and processes used to handle complaints, and the firm's approach to vulnerable customers and sensitive complaint categories.

Provide training on the firm's complaints management policy and procedures at induction and at regular intervals thereafter.
Include training on the relevant regulatory framework, including applicable response timelines and customer-information obligations.
Ensure that staff know how to use the firm's complaint-registration and case-management systems.
Cover vulnerable-customer identification and handling, and ensure that staff know how to escalate cases that require specialist support.

Element 4: Complaint registration

The guidelines expect firms to register every complaint in an internal register that supports effective case management, supervisory reporting, and management information. This is the foundational data-quality control in the framework. Without a credible register, root-cause analysis, reporting, and trend detection are all unreliable.

A well-structured register should capture at least the following fields for each complaint:

Identity of the complainant and any representative.
Date of receipt of the complaint.
Product, service, or activity that is the subject of the complaint.
Summary of the complaint, including the harm or loss described.
Applicable response deadline and any extension with reasons.
Current status of the complaint (open, under investigation, awaiting information, closed).
All relevant correspondence, including holding responses and the final response.
Outcome, including any redress, corrective action, or rejection with reasons.

For payment institutions handling significant volumes, the register should be electronic, searchable, and integrated with the case-management workflow rather than maintained as a stand-alone spreadsheet. The register is also the source of truth for supervisory reporting obligations, so data-quality checks should be built in rather than applied after the fact.

Treat the register as a control, not an administrative chore.
Build data-quality checks into the registration workflow so fields are completed at the right stage.
Connect the register to management-information and reporting outputs so they stay in sync.
Review the register periodically for cases that have been open longer than the applicable deadline without a recorded reason.

Element 5: Response procedures and timelines

The guidelines require firms to respond to complaints within the applicable national or sector-specific deadline. For payment institutions under PSD2, that is 15 business days under Article 101, extendable to 35 business days in exceptional circumstances. For firms subject to other sectoral rules, the applicable deadline may differ.

The response itself should be clear, complete, and written in language the customer can understand. The guidelines expect the response to address the substance of the complaint, explain the firm's findings, describe any redress or corrective action, and inform the customer of external escalation routes.

Start the complaint clock from the date of receipt, not from the date the investigation begins.
Use the applicable sector-specific deadline as the default target, not as a best-case aspiration.
Send a holding response where the deadline cannot be met, including the reason for the delay and an expected completion date.
Include external escalation information in every final response, whether the complaint is upheld, partly upheld, or rejected.

Element 6: Customer information

The guidelines expect firms to make complaint-submission information easy to find and easy to understand. That includes explaining how to submit a complaint, what information the firm needs to assess it, what timeline the customer should expect, and what external routes are available if the customer remains dissatisfied.

This customer-information obligation applies to all channels: the firm's website, customer-facing documentation, branch materials, and any relevant contractual or pre-contractual information.

Publish complaint-submission instructions on the firm's website and in relevant customer-facing materials.
Explain the expected response timeline in language a customer can follow without legal advice.
Name the applicable ADR body, ombudsman, or competent authority and explain how to escalate.
Keep jurisdiction-specific details up to date, especially where the firm operates across multiple European markets with different external dispute-resolution bodies.

Element 7: Root-cause analysis

The guidelines expect firms to analyse complaint data to identify and address recurring or systemic problems. This is the step that transforms complaint handling from a reactive process into a forward-looking control function. Individual cases close, but root causes persist until someone investigates the pattern.

Effective root-cause analysis should look beyond the individual complaint narrative and ask whether the same issue is affecting other customers, products, or processes. The output should feed into product governance, conduct-risk assessment, and operational-change processes rather than remaining inside the complaints team.

Analyse complaints to identify shared root causes across individual cases.
Assess whether a root cause could affect products, services, or customer segments that have not yet generated complaints.
Correct the root cause where it is reasonable to do so, rather than only resolving the individual complaint.
Report root-cause findings to senior management and relevant governance forums on a regular basis.

Element 8: Management information and reporting

The guidelines expect firms to produce regular management information on complaint volumes, themes, outcomes, timelines, and root-cause findings. This management information should be reported to the management body and used to inform decision-making about products, processes, and controls.

Good management information is specific, timely, and connected to action. A slide deck showing total complaint counts by month is not the same as a report that identifies which product areas are generating the most upheld complaints, which root causes have not been addressed since the previous reporting period, and which response-time metrics are deteriorating.

Report complaint volumes, outcomes, and timelines to the management body at a frequency that matches the firm's risk profile.
Include root-cause analysis findings and track whether previously identified root causes have been addressed.
Segment management information by product, service, customer type, and jurisdiction where the firm operates across multiple markets.
Use management information to identify areas where the complaints management policy or function needs to be updated.

Cross-border considerations

For firms operating across multiple European jurisdictions, the guidelines expect a group-level complaints management policy that sets consistent standards while allowing for local regulatory variation. That balance is hard to strike, but the alternative is a patchwork of inconsistent processes that creates supervisory risk and customer-experience gaps.

The practical challenge is that national competent authorities may impose additional or stricter requirements on top of the Joint Committee baseline. Firms should map the local overlay in each jurisdiction where they operate and build that into the group policy rather than treating it as an exception.

Establish a group-level complaints management policy that sets the minimum standard across all jurisdictions.
Map national variations in complaint definition, response timelines, registration requirements, and external escalation routes.
Ensure that local complaint teams have access to the group policy and understand which local requirements apply on top of the baseline.
Review the group policy when entering a new jurisdiction, launching a new product, or when a national competent authority updates its complaint-handling expectations.

Governance framework at a glance

Related guides

RG-002