FiDA is still on its way: moving from open banking to open finance in the EU

The European Commission proposed its framework for financial data access (FiDA) in June 2023 to transform the way financial data is accessed and shared in the European Union.

The proposed framework looks to improve consumer protection and competition in electronic payments and empower consumers to share their data to gain access to a wider range of more favourable financial products and services. As another pillar of the EU’s overall strategy to make data more accessible throughout the EU, it will sit alongside the Data Act and Data Governance Act as well as the European Health Data Space.

FiDA standardises data interfaces and enhancing consumer rights in order to foster greater transparency, competition and innovation within the financial sector. The regulation is poised to have a significant impact on how financial institutions operate and how consumers interact with their financial data.

Promising ambitions

The aim and potential of the regulation looks promising. In particular, FiDA seeks to create more room for development and growth for new financial products, innovative business models and personalised services by FiDA.

However, the FiDA proposal has been viewed critically by some banks and insurance companies. Amid this ongoing debate about FiDA, there were contradictory reports this February as to whether the EU would pursue FiDA after all.

On the basis of a leaked draft of the Commission’s work programme, there were claims that FiDA would be withdrawn on the basis that it was incompatible with policy to reduce EU bureaucracy.

Trialogue negotiations

Now, however, it can be said with certainty: FiDA is still on the way. Trialogue negotiations on FiDA started in April and the framework is expected to be finalised in the third or fourth quarter of this year. Currently, however, no start has been set for the second trilogue; a preparatory meeting is to be held on 27 May by the European Council’s working party on financial services and the banking union.

The Commission is now widely expected to publish a “non-paper” on FiDA, which is intended to facilitate its implementation and is awaited by the industry with great anticipation.

Key idea: Open banking to open finance

FiDA is part of the Commission’s payments and financial data access package, which also contains an amended version of the current Payment Services Directive, known as PSD3, and a new Payment Services Regulation. FiDA is similar to the already established PSD2 in the banking sector but is more comprehensive and far reaching.

The key idea of FiDA is the extension from open banking to open finance. Open banking was already established under PSD2 and granted access to payment account data. Account-holding institutions are obliged to grant payment-initiation service providers, or PISPs, and account-information service providers, or AISP, access to payment accounts and payment account data.

Open finance will be established under FiDA and will grant a wider access to financial data.

As a result, this means extending open banking data-sharing principles to enable consent-based sharing and use of a broader range of customer financial data (not only payment account data).

FiDA grants a legal right of access to customer data (related to legally specified data categories) within the regulated financial industry for customers and, with their authorisation, also for third parties (data users) vis-à-vis data-holding financial institutions (data owners).

Scope of application: data holders and data users

FiDA is applicable to financial institutions as data holders and data users. A data holder is “a financial institution other than an account information service provider that collects, stores, and otherwise processes the data listed in article 2(1)” (article 3 paragraph 5 of the FiDA draft).

This includes nearly all institutions under existing regulation:

• Banks
• Payment service providers
• E-money institutions
• Financial service providers
• Crypto-asset service providers,
• Alternative investment fund managers, UCITS (undertakings for collective investment in transferable securities) and management companies
• Insurance companies etc. (see the full list in article 2 paragraph 2 FiDA Draft).

A data user is “any of the entities listed in article 2(2) who, following the permission of a customer, has lawful access to customer data listed in article 2(1)” (article 3 paragraph 6 FiDA draft).

New category of service provider: financial information service providers

Institutions newly introduced and regulated under FiDA are so-called financial information service providers (FISP) (article 2 para. 2 lit. o) FiDA draft).

FISP are defined as “a data user that is authorised under article 14 to access the customer data listed in Article 2(1) for the provision of financial information services” (Art. 3 para. 7 FiDA Draft). A FISP will need a licence for its activities (according to Art. 14 FiDA draft).

In-scope data

Article 2 paragraph 1 of the FiDA draft covers a comprehensive range of data. It applies to the following categories of customer data:

• Credit data: Mortgage credit agreements, loans, and accounts
• Investment data: Savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate, and other related financial assets
• Pension data: Pension rights in occupational pension schemes
• Insurance data: Non-life insurance products, creditworthiness assessments of companies

But the following are not covered by FiDA:

• Payment accounts data (already covered by PSD2)
• Credit score-related data for natural persons
• Data related to sickness and health insurance
• Data on life insurance products

Obligations under FiDA

The obligations under FiDA are manifold and differ depending on the addressee. The exact shape of FiDA will only become clear once the trialogue process has been completed. Based on the current draft, however, there will be three main categories of obligations: safeguarding customer financial data, customer dashboard and financial data sharing schemes (FDSS).

Customer dashboard

Data holders will need to provide the customer with a permission dashboard to monitor and manage the permissions a customer has provided to data users (article 8 paragraph 1 FiDA draft).

The permission dashboard serves as a customer interface for managing and monitoring authorisations for data users. It provides the customer with an overview of each ongoing permission given to data users. It allows the customer to withdraw a permission given to a data user, to re-establish any permission withdrawn and to include a record of permissions that have been withdrawn or have expired for a duration of two years.

Financial data sharing schemes

In order to establish obligatory technical and interface standards, FiDA proposes as one of its central elements to provide for the organisation of data exchange via so called financial data sharing schemes (FDSSs).

These schemes are framework agreements established by data holders, data users and representative customer and consumer organisations to self-regulate the management of data access among FDSS members.

Data holders and data users must join an FDSS as a member within 18 months of FiDA coming into force (article 9 paragraph 1 FiDA draft).

FiDA delegates the development and management of these FDSS to the market participants. FDSSs will be organised around data types (for example,  securities account data or credit data). The primary responsibility of FDSS members is to establish common standards for customer data ands for data exchange between data holders and users (article. 10 paragraph 1 lit. g) FiDA draft). The schemes should also address appropriate remuneration for data holders for formatting, transmitting and storing data (article 10 paragraph 1 lit. h) FiDA draft).  Additionally, liability allocation between data users and holders, aligned with General Data Protection Regulation liability provisions, should be included (article 10 paragraph 1 lit. i) FiDA draft).

If these  schemes for customer data categories are not developed by the market participant, the “fallback mechanism” applies (article 11 FiDA). The Commission can then supplement FIDA requirements via a delegated act with:

• common standards for data and technical interfaces for data exchange (article 5 paragraph 1 FiDA draft);
• a model for determining maximum remuneration for data provision; and
• liability rules for companies involved in providing customer data.

According to Germany’s financial regulatory authority BaFin, the sharing of data takes place as follows:

Conclusion and outlook

The EU’s FiDA proposal represents a significant step forward in the evolution from open banking to open finance. By extending data-sharing principles to a broader range of financial data, FiDA aims to enhance consumer control, foster innovation and improve competition within the financial services sector. The legal framework established by FiDA will provide explicit customer data access rights, enforce new rules for data users and mandate cooperation through financial data sharing – all while maintaining stringent security standards.

From a legal perspective, FiDA will impact a wide array of financial institutions by requiring them to comply with new obligations regarding data sharing and customer data protection. The introduction of the (FDSSs will further promote efficiency and innovation in financial data sharing.

FiDA is expected to be ratified by end of 2025, with its application commencing 24 months after it comes into force. This means that the full implementation of FiDA is anticipated by early 2027. Additionally, there is a mandatory requirement for membership in the FDSS within 18 months of FiDA coming into force, providing a transition period for institutions to adapt to the new regulations.

In conclusion, the FiDA proposal is poised to significantly transform the financial services landscape in the EU. By empowering consumers, fostering innovation and enhancing competition, FiDA will create a more dynamic and consumer-friendly financial market. As we look ahead, financial institutions must prepare for the upcoming changes and leverage the opportunities presented by open finance to stay competitive and deliver greater value to their customers.