After PSD3 and PSR, the European Commission’s draft Financial Data Access (FiDA) Regulation introduces Open Finance in the financial sector.
- The European Commission has published the draft proposal for a Regulation on Financial Data Access (FiDA).
- FiDA introduces Open Finance in the financial sector.
- This Regulation comes with new challenges for Data Holders but also brings new opportunities for Financial Information Service Providers.
On the 28th of June, together with PSD3, PSR and Digital Euro, the European Commission (EC) published its proposal for a new Regulation on a Framework for Financial Data Access (FiDA), also commonly referred to as the Open Finance Framework (OFF).
A few years ago, ‘Open Banking’ was introduced in the European Union (EU) by the second Payment Services Directive (PSD2), which was also reviewed by the EC end of June.
Open Banking has enabled customers to allow Payment Services Providers (PSPs) to access to their payment accounts data which changed the way customers and business make use of payment services.
The FiDA now goes one step further and introduces ‘Open Finance’ by enlarging the scope of data that customers may allow to share and open the door to new types of services and business models in the financial industry.
Which data should be shared under FiDA?
Thanks to FiDA, customers will be able to share additional data, such as for example:
- Mortgage, other loans, savings accounts and all other accounts which are not yet in scope of PSD2 (or the draft PSR) including balance, conditions and transaction details;
- Creditworthiness assessment performed during a loan application process or a request for a credit rating;
- Investments in financial instruments, insurance-based investment products, crypto assets, real estate and other financial assets and economic benefits derived from it;
- Non-life insurance products, including data on insured assets (excluding life, health and sickness products)
- Suitability and appropriateness assessment under MiFID ;
- Sustainability-related data ;
- Pension rights in occupational pension schemes and personal pension products;
Which institutions are impacted by FiDA?
In short, Data Holders are those who dispose of data listed above and who need to share it with the Data Users.
Data Users are companies who obtained permission from Data Holders’ customers to access their data to provide Financial Information Services. Authorized Data Users are called Financial Information Service Providers (FISPs).
How should FISPs seek authorization?
To be able to access customer data, Data Users should either dispose of a financial institution authorization or seek an authorization as a FISP from the Competent Authority of the Member State where their registered office is located.
The draft FiDA provides further details on the authorization process and the details to be included in the application file that Data Users seeking an authorization as FISP should provide to their Competent Authority.
Those details include, amongst others, information related to:
- Business plan;
- Business continuity;
- Internal control measures, ICT and security risk management;
- Persons responsible for the management;
- Professional indemnity insurance, or alternatively the initial capital held by the FISP seeking authorization;
How should Data Holders share data with FISPs?
Leveraging on the experience on the implementation of PSD2 and the obvious application programming interface (API) fragmentation observed in the market, the European Banking Authority (EBA) had already reflected, in June 2022, on the idea of introducing a common API standard across the EU to be developed by the industry.
FiDA builds upon this idea by requiring Data Holders and Data Users to become members of one, or more, Financial Data Sharing Scheme(s). Those schemes should be mandated to enable data access between multiple Data Holders and Data Users, to develop standardized contracts but as well data sharing standards and industry recognized interface standards. Ensuring a certain standardization across the market for both APIs and data sharing will result in high-quality APIs and data quality which will increase customer confidence in Open Finance.
The draft FiDA provides further details on Financial Data Sharing Schemes, including membership, governance rules, data quality, data security, etc.
Who can access customers data?
FiDA builds upon an existing concept of Open Banking: customer’s permission. FISPs need to obtain permission from customer before accessing their data and permission may be withdrawn at any time by customers.
Similarly to what’s required in the PSR regarding data access management, Data Holders should ensure that their customers are able to easily manage, consult, re-establish and withdraw their permissions in a dedicated permission dashboard.
Can Data Holders expect a compensation for development of data access interfaces?
Unlike PSD2/PSR, FiDA is leaving the door open to a reasonable compensation for Data Holders who will have to contribute to the development of dedicated interfaces.
FiDA specifies that the methodology for calculating the compensation amounts should be determined by the Financial Data Sharing Schemes.
Inclusion of the Account Information Service Provider provisions in the scope of FiDA instead of PSR and PSD3?
It was expected that, given the nature of their business, provisions regarding Account Information Service Providers (AISPs) would be withdrawn from the PSR to be included in FiDA. This is not the case as AISPs remain ruled by the PSR and PSD3.
While the EC acknowledged that FISPs and AISPs’ businesses are very similar and should have consistent provisions, it however preferred not to expose these recent business models to a risk of disruption. This might be re-assessed in the future.
Provisions of the FiDA will enter into force 24 months after the publication of the final version on the Official Journal of the EU, except for those relating to the Financial Data Sharing Scheme which will enter into force 6 months earlier.
I'm an expert in financial regulations and the evolving landscape of Open Banking and Open Finance. My expertise is grounded in a comprehensive understanding of the European financial sector, regulations such as PSD2, PSR, and the emerging FiDA (Financial Data Access) Regulation.
Let's break down the concepts used in the provided article:
PSD3, PSR, and Digital Euro:
- PSD3 (Payment Services Directive 3): This is a legislative framework within the European Union aimed at regulating payment services and payment service providers.
- PSR (Payment Services Regulation): This is another regulatory framework governing payment services, often closely associated with PSD2.
- Digital Euro: Refers to the digital version of the euro, the official currency of the eurozone. The Digital Euro is part of the broader digitalization efforts in the financial sector.
Financial Data Access (FiDA) Regulation:
- Objective: The European Commission's proposed regulation for Financial Data Access, known as FiDA, introduces the concept of Open Finance in the financial sector.
- Scope: FiDA extends beyond the scope of PSD2, allowing customers to share additional data beyond payment accounts. This includes mortgage details, creditworthiness assessments, investment information, sustainability-related data, and more.
Open Finance Framework (OFF):
- Definition: OFF is an alternate term for the FiDA Regulation, emphasizing the framework's focus on Open Finance.
Open Banking and Open Finance:
- Open Banking (PSD2): Introduced by PSD2, it allows customers to grant third-party providers access to their payment accounts. It transformed the payment services landscape.
- Open Finance (FiDA): Takes the concept further by expanding the types of data customers can share, opening opportunities for new financial services and business models.
Data Holders, Data Users, and Financial Information Service Providers (FISPs):
- Data Holders: Entities possessing the data (e.g., financial institutions).
- Data Users: Companies granted permission to access customer data.
- FISPs (Financial Information Service Providers): Authorized Data Users providing financial information services.
Authorization Process for FISPs:
- Requirements: FISPs need financial institution authorization or FiDA-specific authorization from the Competent Authority of their Member State.
- Application Details: The application includes information on business plans, governance, security measures, and more.
Data Sharing and APIs:
- Financial Data Sharing Schemes: Entities facilitating data access between Data Holders and Data Users. They mandate standardized contracts and industry-recognized interface standards.
- API Standardization: A call for common API standards across the EU to ensure high-quality APIs and data quality, improving customer confidence in Open Finance.
Customer Data Access:
- Permission-based: Similar to Open Banking, FISPs need explicit customer permission, which can be withdrawn at any time.
Compensation for Data Holders:
- Development of Interfaces: Unlike PSD2/PSR, FiDA allows for reasonable compensation to Data Holders contributing to interface development. The methodology is determined by Financial Data Sharing Schemes.
Timeline for FiDA Implementation:
- Enforcement: FiDA provisions will enter into force 24 months after the final version's publication, except for Financial Data Sharing Scheme-related provisions, which will be effective 6 months earlier.
In summary, FiDA represents a significant step in the evolution of financial regulations, expanding beyond the boundaries set by PSD2 and introducing Open Finance principles with a focus on data sharing, standardization, and customer consent.