How should Data Holders share data with FISPs?
Leveraging on the experience on the implementation of PSD2 and the obvious application programming interface (API) fragmentation observed in the market, the European Banking Authority (EBA) had already reflected, in June 2022, on the idea of introducing a common API standard across the EU to be developed by the industry.
FiDA builds upon this idea by requiring Data Holders and Data Users to become members of one, or more, Financial Data Sharing Scheme(s). Those schemes should be mandated to enable data access between multiple Data Holders and Data Users, to develop standardized contracts but as well data sharing standards and industry recognized interface standards. Ensuring a certain standardization across the market for both APIs and data sharing will result in high-quality APIs and data quality which will increase customer confidence in Open Finance.
The draft FiDA provides further details on Financial Data Sharing Schemes, including membership, governance rules, data quality, data security, etc.
Who can access customers data?
FiDA builds upon an existing concept of Open Banking: customer’s permission. FISPs need to obtain permission from customer before accessing their data and permission may be withdrawn at any time by customers.
Similarly to what’s required in the PSR regarding data access management, Data Holders should ensure that their customers are able to easily manage, consult, re-establish and withdraw their permissions in a dedicated permission dashboard.