The European Commission (EC) has developed a comprehensive data strategy that encompasses various aspects, one of which enables consumers to provide access to their financial services data beyond the scope of Open Banking (ie, beyond payment accounts defined in PSD2). The primary objective of this regulation is to tackle the absence of a well-established market in the EU where data sharing has evolved through bilateral or industry-led initiatives. The aim is to create a framework that fosters secure and efficient data sharing, promoting innovation and competition in the financial sector and empowering consumers and businesses to make better financial decisions and access financial products beyond what's already available in Open Banking.
Under PSD2, the definition of a payment account has led to confusion due to varying implementations by different member states. This has resulted in some accounts, like credit card accounts, being considered in scope in some jurisdictions and out of scope in others.
PSR (Payment Services Regulation) introduces a clearer definition of a payment account: any account used to make or receive payments to or from third parties. So, a credit card account under this definition definitely qualifies as a payment account because it is used for payments to third parties.
Who is subject to FIDA ?
The proposal requires that the data for the specified financial products and providers must be accessed through APIs under the umbrella of a scheme, which must consist of specified participants. However, the proposal lacks details on the prioritization and coordination of such data-sharing schemes. This will pose challenges as different industries and providers need to independently set up schemes within a relatively aggressive 18-month timeline across Europe. Prioritisation for different sectors to help the roll out of data sharing schemes would be beneficial to industry.
Who exactly can access the data? Is it only fintech third parties?
Yes, if they attain the FISP authorisation.
Will there be a need for API standards for premium APIs?
The primary intention behind FIDA is to facilitate data access through APIs. The impact assessment provided by the Commission reveals that the preferred option for data sharing is via APIs and with compensation, which is meant to be reasonable and non-discriminatory. Consequently, there is not the same distinction between premium and non-premium APIs as there currently is under PSD2.
Nevertheless, FIDA contains an article specifying that if the market fails to create a scheme, the Commission reserves the right to mandate a scheme and, under this provision, the Commission could mandate free access This provision serves as an incentive to encourage the industry to develop its own data schemes. While the rationale behind this provision is understandable, it is challenging for the Commission to establish data standards and access schemes for the financial service sector.
Many valuable lessons from Open Banking and SPAA can be applied by the industry when considering FIDA. However, the challenge lies in how these lessons will be embraced and implemented by the non-banking sector, given they have not undergone the same journey and evolution. While they might come up with innovative solutions, the process of aligning various data holders from different industries and ensuring timely implementation according to the specified timelines is bound to be challenging.
The mandate for the dashboard exists in both the PSR and FIDA. While one might assume that it will be standardised across all service providers, we must acknowledge that this is merely an assumption, not a certainty. Ideally, it would be beneficial if the permissions dashboard remained consistent for all providers, but there is no strict requirement for it.
The primary objective of the dashboard is to facilitate consumer transparency by providing an easy way to identify the entities they have granted consent to. Furthermore, users should have the option to modify their consent parameters or revoke consent promptly and effortlessly.
The crucial aspect of the dashboard lies in its utility. A dashboard that enhances consumer transparency and user-friendliness, will only be truly effective if it is conveniently located within the customer's online banking interface. In online banking, users typically know where to find specific information, such as direct debits or standing orders, by clicking on a designated section. Permissions dashboards should be positioned alongside such a list for easy access.
What are the initial reactions from third parties regarding their willingness to pay for the data?
At the OFA, our stance has always been clear: for a well-functioning Open Banking and Open Finance ecosystem, there must be a commercial incentive for all parties involved. So, the issue of compensation itself is not a problem. The real challenge lies in determining the appropriate level of compensation.
Nilixa is the Chair of the Open Finance Association and founder of Payments Solved, a regulatory consultancy advising on the regulatory framework for CBDC, crypto assets, Open Banking, and payment services both in the UK, EU and globally. Nilixa is a member of the ECB Digital Euro Market Advisory Group, the European Payment Systems Market Expert Group and the European Data Expert Group. Nilixa works with regulators, legislators, and industry to drive changes in the financial services ecosystem for outcomes that support secure, transparent, and inclusive financial services. Nilixa is also a well-known public speaker and a contributing member of the Digital Euro Association and the Digital Pound Foundation.
The Open Finance Association (OFA) represents companies focused on empowering consumers and businesses through opening up financial data and payments. OFA believes secure, open APIs are key to competition and innovation in this space and the means to extending the principles of open banking to other financial sectors - such as savings, investments, mortgages and pensions.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now