Decoding the FIDA regulation
In a pivotal step toward opening up access to financial data in the EU, the European Commission revealed ambitious plans in June 2023 to transform the access and sharing of financial data within the EU. This proposal, named the Framework for Financial Data Access (FIDA), mandates institutions to participate in financial data sharing schemes and introduces a new authorisation framework for financial information service providers. This article will delve into the key proposals of the draft regulation, its scope and impact as well as the subsequent steps in the process.
FIDA surpasses the second Payment Services Directive (PSD2) by expanding the range of data customers can share, ushering in “Open Finance” and paving the way for innovative financial services. While it presents challenges for data holders, it also offers new opportunities for Financial Information Service Providers (FISPs).
The regulation establishes precise rules governing the access, sharing and use of specific categories of customer data within financial services. Additionally, it outlines regulations concerning the authorisation and operation of FISPs.
In a nutshell, financial institutions will be obliged to provide customer data upon request without undue delay, free of charge, continuously and in real-time, not only to the customers themselves but also to other financial entities and FISPs.
FIDA applies to the following entities when acting as data holders or data users:
- Credit institutions
- Payment institutions
- Electronic money institutions
- MiFID investment firms
- MiCA crypto-asset service providers & issuers of asset-referenced tokens
- Alternative investment fund managers
- UCITS management companies
- Insurance and reinsurance undertakings
- Insurance intermediaries and ancillary insurance intermediaries
- Institutions for occupational retirement provision
- Credit rating agencies
- Crowdfunding service providers
- PEPP providers
- Financial information service providers
The regulation covers a diverse range of customer data in the financial sector, including information related to mortgage credit agreements, loans and accounts, encompassing details on balances, conditions and transactions. It extends to data concerning savings, investments in financial instruments, insurance-based investment products, crypto–assets, real estate and associated financial assets, including the economic benefits derived from them. Additionally, the regulation includes input data collected for MiFID suitability and appropriateness assessments, pension rights in occupational pension schemes and pan-European personal pension products. Non-life insurance products, excluding sickness, health, or medical insurance, are within the scope, along with data forming part of a firm’s application for a creditworthiness assessment.
Notably, customer data related to payment accounts falls outside the scope due to existing coverage under open banking rules established by PSD2.
Raoul Mulheims, CEO of Finologee, during the ALFI Global Distribution Conference in 2023: “The FIDA regulation propels us toward a future where data is accessible, shared responsibly with consumer consent, fostering a secure environment for financial institutions. By focusing on access, responsible usage, and organised financial data exchange, we uphold customer trust and regulatory integrity.”
Read the full article of the Delano magazine : No game changers on the regulatory front (21/09/2023)
In order to enable the contractual and technical interaction necessary for implementing data access between multiple financial institutions, data holders and data users (i.e. firms that want to access customer data to provide innovative services) will be required to be part of financial data sharing schemes.
The schemes will be responsible for governing access to customer data in compliance with FIDA and other applicable EU rules and will have to develop common standards for data sharing and interface requests, set member contractual liabilities, and provide effective dispute resolution mechanisms.
This approach aims to promote high-quality APIs and to enhance overall data quality, fostering a reliable data ecosystem.
Data holders must offer a user-friendly permission dashboard, enabling customers to manage permissions effortlessly, ensuring transparency and control over their data-sharing choices.
One of the major differences between FIDA and PSD2 open banking rules is that data holders will have the right to ask for “reasonable” compensation from data users. FIDA specifies that the methodology for calculating the compensation amounts should be determined by the financial data sharing schemes.
- Make data available to data users when requested by a customer
- Make data available in a standardised way and of the same quality
- Communicate the data securely
- Provide the customer with a permission dashboard
- Respect confidentiality, trade secrets and intellectual property rights
- Only access customer data for the purpose they have been granted permission
- Respect confidentiality, trade secrets and intellectual property rights
- Prevent the transfer of non personal data when unlawful
- Ensure security of customer data & storage limitation – delete customer data when it is no longer necessary
- For groups of companies, data to be accessed only by the entity of the group that acts as the data user
1. Data structure alignment
Defining the structure of data points and information to be shared and aligning them with the existing setups and reality maintained by data holders is essential.
2. Unstructured data hurdles for smaller entities
Significant challenge for smaller entities and industry segments where data that will have to be shared is not structured or stored in systems so it can be easily exposed over API. This is different from the changes that banks had to deal with when the PSD2 needed to be implemented: payments-related data is by definition shared among at least two banks or other players, systems handling payments are designed this way. The challenge for banks was to link their systems to the API portals and processes that had to be deployed to initiate payments and share payments account information. But all this data was already in the banks’ systems and used for web banking interfaces.
Smaller entities and specific industry segments face significant hurdles, especially when the data to be shared lacks structure or appropriate storage in systems. Unlike previous implementations such as PSD2, where payments-related data was inherently shared and integrated into banks’ systems, FIDA presents a unique challenge due to the nature of financial product data.
3. Integration and real time operation challenges
Data related to financial products is frequently scattered across various systems, many of which are not operating real time, making it challenging to connect seamlessly to an API portal.
4. Need for clarification in several aspects, i.e. data sharing schemes
Numerous uncertainties persist regarding the mandate for data holders and FISPs to engage in financial data sharing schemes within 18 months of the FIDA framework’s implementation. These uncertainties revolve around defining a qualifying sharing scheme, developing common standards for sharing access to certain categories and determining membership criteria for such schemes. This complexity may even lead to significant fragmentation in technical, operational, and commercial aspects of data access between local and international systems.
Please note that the current discussions are centred around the initial draft of the regulation, which is subject to revisions. Industry representatives are encouraged to offer their feedback during this stage, as the regulatory process is still in its preliminary phase.
The typical EU legislative process, spanning 12-18 months, is currently in progress. However, it is important to note that the impending European Parliament elections may impact this timeline significantly. If trilogue negotiations commence before the elections in May, it is expected that the final version of the law will be reached around the end of 2024 or early 2025.
Furthermore, the rules concerning financial data sharing schemes become applicable 18 months after the FIDA regulation comes into force as do the authorisation requirements for FISPs. Additionally, the other requirements in the FIDA regulation start to apply 24 months after it enters into force. However, given the complexity of the proposed framework, particularly in relation to its operational and technical aspects, it is crucial for financial institutions to make effective use of the moment now, before it comes into force. Institutions must start preparing for implementation in a timely and proactive manner.
At Finologee, we recognise the transformative impact of FIDA on the financial landscape. Leveraging our extensive experience and expertise, we stand ready to assist financial institutions and FISPs in navigating the complexities of FIDA compliance. Our solution ensures seamless integration with the new regulatory framework.
As the FIDA regulation evolves, Finologee remains steadfast in our commitment to supporting our clients, guaranteeing not just compliance, but operational excellence in this new era of financial data access.
