Europe`s approach to Open Finance: what is to be expected?

On 10 May 2022, the European Commission (EC) launched a public consultation and two targeted consultations to gather evidence for the review of Directive 2015/2366/EU (PSD2) and to inform its work on Open Finance. The two targeted consultations close on 5 July 2022, the non-targeted consultation closes on 2 August 2022, and they are all available here.

What is the European approach to Open Finance going to be about? The consultation documents define Open Finance as 'third-party service providers’ access to (business and consumer) customer data held by financial sector intermediaries and other data holders for the purposes of providing a wide range of financial and information services'.  It is consequently to be expected that a future EC Open Finance Legal Framework proposes rules about customer data access rights in the financial sector. Such rules would have the aim to complement the PSD2 rules about payment accounts data of both retail and business customers, as well as the rules of Regulation 2016/679/EU (GDPR) about personal data held by any financial service provider. 

Furthermore, while the GDPR enables third-party service providers to have direct access only when it is technically feasible, a future EC Open Finance Legal Framework may try and guarantee such an access, have a price attached to it and a remuneration in place for the data holder provider which has put in place a data holding infrastructure other service providers want to access.

The February 2022 EC Data Act proposal does not introduce any new data access rights in the financial sector, but hints at the possibility that a subsequent legislative initiative will do so. The Data Act’s aim is to regulate data access and use, creating a cross-sectoral governance framework and ensuring fairness in the allocation of value from data among actors in the data economy. As a horizontal proposal, the Data Act envisages basic rules for all sectors as regards the rights to use data, and leaves room for vertical legislation to set more detailed rules for the achievement of sector-specific regulatory objectives. The EC’s future Open Finance Legal Framework is to be the subsequent vertical initiative for the financial services sector.

And how is this linked to the review of the PSD2? As announced in the EC Retail payments strategy of 24 September 2020, a PSD2 review has been launched and the lessons learnt from PSD2 as regards third-party service providers’ access rights to payment accounts upon customer request will be taken into account when designing the Open Finance framework, as will the application programming interface (API) standardisation and access schemes.

When analysing the three EC consultation papers, we see that the data element is constantly referred to from different angles. As for the public consultation, besides the expected questions about the transparency of fees linked to digital payments, about the need to review when strong customer authentication (SCA) is to be used and how SCA solutions should be offered, many questions refer to customer data access and data exploitation. For example, there is a question about why account information service providers’ (AISPs) and payment initiation service providers’ (PISPs) services are used or not - and whether users have concerns about how such providers could share their data -, as well as questions about whether financial service providers holding customers data should be obliged to share them with other financial or third-party service providers, provided that the customer has given his or her consent, and whether also financial service providers that hold customer data always ask for the customer consent before sharing those data with other financial or third-party service providers, and whether – if the consent has been indeed asked –  they use these data exclusively for the purposes for which the customer has agreed them to be used for.

The data infrastructure element is also considered, as a question is asked about whether service providers holding data who have put in place an infrastructure to hold this data should be able to charge a fee to other service providers who access data using this infrastructure.

As for the targeted consultation on an Open Finance framework and data sharing in the financial sector, it includes questions about whether financial firms holding customer data should be allowed to share their customer data with the customer’s permission with regulated financial institutions only, or with any third-party firm, including in other sectors of the economy and about whether financial firms holding customer data should be entitled to compensation by third parties for making the data available in an appropriate quality, frequency and, format. 

The level of remuneration this access to data must entail is also mentioned, and the consultation document asks whether its level is to either: 1) be limited to the cost of putting in place the required technical infrastructure, or 2) allow for a reasonable return on investment for collecting and structuring the data, or 3) be set in another way. Moreover, the question of whether there is a need to clarify the attribution of liability for the quality of customer data that is shared via further rules is also proposed.

Furthermore, the consultation raises the question of whether all third-party service providers that access customer data held by financial service providers should be subject to financial supervision and regulation. This may entail, when looking at the PSD2 review, both an extension of the PSD2 scope and an extension of the scope of AISP licenses put in place under PSD2 to cover all financial services where new data access rights for third-party service providers would be introduced.

Moreover, the consultation mentions “contractual schemes” (these would be voluntary data-sharing mechanisms that are based on a contract) and refers to the Euro Retail Payments Board’s (ERPB) current work on a contractual scheme between data holders and data users for access to data, which might be useful in the context of an Open Finance framework. The questions about the cost of membership in such a scheme - including costs of joining the scheme, compliance/adjustment costs to meet the scheme’s requirements, costs of providing the required data access under the scheme – are also raised in the consultation.

Finally, as the Data Act refers to the portability of data, the consultation on Open Finance refers to the transferability of customer-profile data – which would include information such as the customer’s risk, transaction track record, ability to bear losses, wealth, income, and the customer’s investment horizon.    

Based in Brussels for the past 19 years, Monica is the Owner and MD of TrustEuAffairs. She is a member of the Society of European Affairs Professionals (SEAP) since 2004, and served as a member of the SEAP Board from 2012 to 2015. Before founding TrustEuAffairs, Monica has been Senior Manager for EU Regulatory Affairs in the Legal Department of Visa Europe for more than ten years, being responsible for the relations with the European Commission, Parliament, and Council, as well as with various national regulators. She previously worked as a Consultant for both Andersen, Deloitte & Touche and the OECD in Paris as well as the Council of Europe in Strasbourg, dealing with a variety of financial services matters.

Trust EU Affairs is a regulatory affairs consultancy specialising in financial services legislation at the European Union level. It was founded in Brussels in 2013.