The EBA Board of Supervisors come to the erroneous conclusion that a ".bank" TLD would be a security threat. In reality, the *lack* of a .bank TLD is a potent and growing security threat. The line of reasoning in the EBA's statement is tantamount to saying that banknotes should be printed on normal paper, using ink and printing machines available to anyone. It goes without saying that the ability to produce the distinguishing markers in security features must be restricted. In the case of banknotes, access to the special paper, ink, printing machines etc. is tightly controlled. The same applies of course to a .bank TLD: it must be reserved to banks that have gone through a stringent screening process, designed for the purpose. Furthermore, banks using the .bank TLD must be required to comply with a specific policy framework. Those policies must be developed and maintained by banks' regulatory and self-regulatory agencies. This is why the EBA should assume a regulatory role for the .bank TLD, in consultation with other financial regulatory agencies.To build reliable infrastructure for financial transactions on the Internet is not a nice-to-have. It is the duty of the EBA. It is appropriate for the EBA to insist that ICANN adapts its New gTLD Program to the needs of key public resources like the .bank TLD. But it would be entirely inappropriate for the EBA to block, as a result of a misunderstanding, an urgently needed security enhancement.