After PSD3 and PSR, the European Commission’s draft Financial Data Access (FiDA) Regulation introduces Open Finance in the financial sector.
- The European Commission has published the draft proposal for a Regulation on Financial Data Access (FiDA).
- FiDA introduces Open Finance in the financial sector.
- This Regulation comes with new challenges for Data Holders but also brings new opportunities for Financial Information Service Providers.
On the 28th of June, together with PSD3, PSR and Digital Euro, the European Commission (EC) published its proposal for a new Regulation on a Framework for Financial Data Access (FiDA), also commonly referred to as the Open Finance Framework (OFF).
A few years ago, ‘Open Banking’ was introduced in the European Union (EU) by the second Payment Services Directive (PSD2), which was also reviewed by the EC end of June.
Open Banking has enabled customers to allow Payment Services Providers (PSPs) to access to their payment accounts data which changed the way customers and business make use of payment services.
The FiDA now goes one step further and introduces ‘Open Finance’ by enlarging the scope of data that customers may allow to share and open the door to new types of services and business models in the financial industry.
Which data should be shared under FiDA?
Thanks to FiDA, customers will be able to share additional data, such as for example:
- Mortgage, other loans, savings accounts and all other accounts which are not yet in scope of PSD2 (or the draft PSR) including balance, conditions and transaction details;
- Creditworthiness assessment performed during a loan application process or a request for a credit rating;
- Investments in financial instruments, insurance-based investment products, crypto assets, real estate and other financial assets and economic benefits derived from it;
- Non-life insurance products, including data on insured assets (excluding life, health and sickness products)
- Suitability and appropriateness assessment under MiFID ;
- Sustainability-related data ;
- Pension rights in occupational pension schemes and personal pension products;
Which institutions are impacted by FiDA?
In short, Data Holders are those who dispose of data listed above and who need to share it with the Data Users.
Data Users are companies who obtained permission from Data Holders’ customers to access their data to provide Financial Information Services. Authorized Data Users are called Financial Information Service Providers (FISPs).
How should FISPs seek authorization?
To be able to access customer data, Data Users should either dispose of a financial institution authorization or seek an authorization as a FISP from the Competent Authority of the Member State where their registered office is located.
The draft FiDA provides further details on the authorization process and the details to be included in the application file that Data Users seeking an authorization as FISP should provide to their Competent Authority.
Those details include, amongst others, information related to:
- Business plan;
- Business continuity;
- Internal control measures, ICT and security risk management;
- Persons responsible for the management;
- Professional indemnity insurance, or alternatively the initial capital held by the FISP seeking authorization;
How should Data Holders share data with FISPs?
Leveraging on the experience on the implementation of PSD2 and the obvious application programming interface (API) fragmentation observed in the market, the European Banking Authority (EBA) had already reflected, in June 2022, on the idea of introducing a common API standard across the EU to be developed by the industry.
FiDA builds upon this idea by requiring Data Holders and Data Users to become members of one, or more, Financial Data Sharing Scheme(s). Those schemes should be mandated to enable data access between multiple Data Holders and Data Users, to develop standardized contracts but as well data sharing standards and industry recognized interface standards. Ensuring a certain standardization across the market for both APIs and data sharing will result in high-quality APIs and data quality which will increase customer confidence in Open Finance.
The draft FiDA provides further details on Financial Data Sharing Schemes, including membership, governance rules, data quality, data security, etc.
Who can access customers data?
FiDA builds upon an existing concept of Open Banking: customer’s permission. FISPs need to obtain permission from customer before accessing their data and permission may be withdrawn at any time by customers.
Similarly to what’s required in the PSR regarding data access management, Data Holders should ensure that their customers are able to easily manage, consult, re-establish and withdraw their permissions in a dedicated permission dashboard.
Can Data Holders expect a compensation for development of data access interfaces?
Unlike PSD2/PSR, FiDA is leaving the door open to a reasonable compensation for Data Holders who will have to contribute to the development of dedicated interfaces.
FiDA specifies that the methodology for calculating the compensation amounts should be determined by the Financial Data Sharing Schemes.
Inclusion of the Account Information Service Provider provisions in the scope of FiDA instead of PSR and PSD3?
It was expected that, given the nature of their business, provisions regarding Account Information Service Providers (AISPs) would be withdrawn from the PSR to be included in FiDA. This is not the case as AISPs remain ruled by the PSR and PSD3.
While the EC acknowledged that FISPs and AISPs’ businesses are very similar and should have consistent provisions, it however preferred not to expose these recent business models to a risk of disruption. This might be re-assessed in the future.
Provisions of the FiDA will enter into force 24 months after the publication of the final version on the Official Journal of the EU, except for those relating to the Financial Data Sharing Scheme which will enter into force 6 months earlier.
I'm an expert in financial regulations and innovations, particularly within the European Union (EU). My expertise stems from years of studying and analyzing regulatory frameworks, industry trends, and policy proposals within the financial sector. I've closely followed the evolution of financial data access regulations, including the Payment Services Directive (PSD) series, the Payment Services Regulation (PSR), and the recent developments surrounding the Financial Data Access (FiDA) Regulation proposed by the European Commission (EC).
Let's break down the key concepts and components discussed in the article regarding the FiDA Regulation:
FiDA Introduction and Scope:
- The European Commission proposes the FiDA Regulation, which introduces Open Finance within the financial sector.
- FiDA expands on the concept of Open Banking established by PSD2, allowing customers to share a broader range of financial data beyond payment accounts.
Data Shared Under FiDA:
- FiDA enables customers to share additional data such as mortgage information, savings accounts, creditworthiness assessments, investment details, non-life insurance products, sustainability data, and pension rights.
- The scope includes data not covered by PSD2 or the draft PSR.
- Data Holders possess the listed data and must share it with Data Users.
- Data Users, or Financial Information Service Providers (FISPs), obtain permission from customers to access their data for providing financial information services.
Authorization Process for FISPs:
- FISPs must obtain authorization from the Competent Authority of the Member State where they are registered.
- The authorization process involves submitting detailed information such as business plans, governance structures, internal controls, and security measures.
Data Sharing Mechanisms:
- FiDA mandates the establishment of Financial Data Sharing Schemes to facilitate data access between Data Holders and Data Users.
- These schemes develop standardized contracts, data sharing standards, and interface standards to ensure consistency and quality across the market.
Customer Permission and Data Access:
- Similar to Open Banking, FISPs require customer permission to access their data, which can be withdrawn at any time.
- Data Holders must provide a dedicated permission dashboard for customers to manage their data access permissions easily.
Compensation for Data Holders:
- Unlike PSD2/PSR, FiDA allows for reasonable compensation for Data Holders contributing to interface development.
- Financial Data Sharing Schemes determine the methodology for calculating compensation amounts.
Inclusion of AISPs and Timeline:
- AISPs remain under the PSR and PSD3, separate from FiDA.
- FiDA provisions will enter into force 24 months after publication in the Official Journal of the EU, with exceptions for Financial Data Sharing Scheme provisions.
Understanding these components of the FiDA Regulation is crucial for stakeholders within the EU financial sector to adapt to the evolving regulatory landscape and capitalize on emerging opportunities in Open Finance.