5 minute read 3 Aug 2023

How will Open Finance and the Financial Data Access Regulation impact the Financial Sector?

By Sigrid Hansen

EY Belgium Financial Services Risk & Compliance, Payments Lead Partner

Supporting Risk, Compliance and Internal Audit functions in their transformation journey. Leading the Payment Consulting practice in Belgium.

5 minute read 3 Aug 2023

After PSD3 and PSR, the European Commission’s draft Financial Data Access (FiDA) Regulation introduces Open Finance in the financial sector.

In brief:

  • The European Commission has published the draft proposal for a Regulation on Financial Data Access (FiDA).
  • FiDA introduces Open Finance in the financial sector.
  • This Regulation comes with new challenges for Data Holders but also brings new opportunities for Financial Information Service Providers.

On the 28th of June, together with PSD3, PSR and Digital Euro, the European Commission (EC) published its proposal for a new Regulation on a Framework for Financial Data Access (FiDA), also commonly referred to as the Open Finance Framework (OFF).

A few years ago, ‘Open Banking’ was introduced in the European Union (EU) by the second Payment Services Directive (PSD2), which was also reviewed by the EC end of June.

Open Banking has enabled customers to allow Payment Services Providers (PSPs) to access to their payment accounts data which changed the way customers and business make use of payment services.

The FiDA now goes one step further and introduces ‘Open Finance’ by enlarging the scope of data that customers may allow to share and open the door to new types of services and business models in the financial industry.
 

Which data should be shared under FiDA?

Thanks to FiDA, customers will be able to share additional data, such as for example:

  • Mortgage, other loans, savings accounts and all other accounts which are not yet in scope of PSD2 (or the draft PSR) including balance, conditions and transaction details;
  • Creditworthiness assessment performed during a loan application process or a request for a credit rating;
  • Investments in financial instruments, insurance-based investment products, crypto assets, real estate and other financial assets and economic benefits derived from it;
  • Non-life insurance products, including data on insured assets (excluding life, health and sickness products)
  • Suitability and appropriateness assessment under MiFID ;
  • Sustainability-related data ;
  • Pension rights in occupational pension schemes and personal pension products;
     

Which institutions are impacted by FiDA?

In short, Data Holders are those who dispose of data listed above and who need to share it with the Data Users.

Data Users are companies who obtained permission from Data Holders’ customers to access their data to provide Financial Information Services. Authorized Data Users are called Financial Information Service Providers (FISPs).
 

How should FISPs seek authorization?

To be able to access customer data, Data Users should either dispose of a financial institution authorization or seek an authorization as a FISP from the Competent Authority of the Member State where their registered office is located.

The draft FiDA provides further details on the authorization process and the details to be included in the application file that Data Users seeking an authorization as FISP should provide to their Competent Authority.

Those details include, amongst others, information related to:

  • Business plan;
  • Governance;
  • Business continuity;
  • Internal control measures, ICT and security risk management;
  • Persons responsible for the management;
  • Professional indemnity insurance, or alternatively the initial capital held by the FISP seeking authorization;

How should Data Holders share data with FISPs?

Leveraging on the experience on the implementation of PSD2 and the obvious application programming interface (API) fragmentation observed in the market, the European Banking Authority (EBA) had already reflected, in June 2022, on the idea of introducing a common API standard across the EU to be developed by the industry.

FiDA builds upon this idea by requiring Data Holders and Data Users to become members of one, or more, Financial Data Sharing Scheme(s). Those schemes should be mandated to enable data access between multiple Data Holders and Data Users, to develop standardized contracts but as well data sharing standards and industry recognized interface standards. Ensuring a certain standardization across the market for both APIs and data sharing will result in high-quality APIs and data quality which will increase customer confidence in Open Finance.

The draft FiDA provides further details on Financial Data Sharing Schemes, including membership, governance rules, data quality, data security, etc.
 

Who can access customers data?

FiDA builds upon an existing concept of Open Banking: customer’s permission. FISPs need to obtain permission from customer before accessing their data and permission may be withdrawn at any time by customers.

Similarly to what’s required in the PSR regarding data access management, Data Holders should ensure that their customers are able to easily manage, consult, re-establish and withdraw their permissions in a dedicated permission dashboard.
 

Can Data Holders expect a compensation for development of data access interfaces?

Unlike PSD2/PSR, FiDA is leaving the door open to a reasonable compensation for Data Holders who will have to contribute to the development of dedicated interfaces.

FiDA specifies that the methodology for calculating the compensation amounts should be determined by the Financial Data Sharing Schemes.

Inclusion of the Account Information Service Provider provisions in the scope of FiDA instead of PSR and PSD3?

It was expected that, given the nature of their business, provisions regarding Account Information Service Providers (AISPs) would be withdrawn from the PSR to be included in FiDA. This is not the case as AISPs remain ruled by the PSR and PSD3.

While the EC acknowledged that FISPs and AISPs’ businesses are very similar and should have consistent provisions, it however preferred not to expose these recent business models to a risk of disruption. This might be re-assessed in the future.
 

By when?

Provisions of the FiDA will enter into force 24 months after the publication of the final version on the Official Journal of the EU, except for those relating to the Financial Data Sharing Scheme which will enter into force 6 months earlier.
 

Newsletters EY Belgium

Subscribe to one of our newsletters and stay up to date of our latest news, insights, events or more. 

Subscribe

Summary

After PSD3 and PSR, how will Open Finance and the Financial Data Access Regulation impact the Financial Sector?

For more information on Open Banking, please consult our EY articles on the draft Payment Services Regulation (PSR) and the draft third Payment Services Directive (PSD3).

About this article

By Sigrid Hansen

EY Belgium Financial Services Risk & Compliance, Payments Lead Partner

Supporting Risk, Compliance and Internal Audit functions in their transformation journey. Leading the Payment Consulting practice in Belgium.