.svg)
The EU’s proposed open finance framework appears to lack alignment with existing legislation, notably the Data Act and the Payment Services Regulation (PSR), experts in the payments and banking sector have said.
The criticism suggests that the sector is gearing up to lobby hard over the European Commission’s Financial Data Access (FIDA) proposal, which must be approved and may be amended by the European Parliament and national governments before becoming law.
The commission put forward the FIDA proposal in June 2023, alongside its payments legislation. It will introduce an open finance framework, bringing provisions that already exist for the banking sector into new areas such as wealth management and insurance.
This week, the legislation is being voted on for the first time by the European Parliament’s Economic and Monetary Affairs (ECON) Committee, and although there is acknowledgement in Brussels that the legislation will deliver benefits, there is also concern that FIDA may not take into account other key EU proposals.
“A coherent and synergistic regulatory environment is crucial to avoid conflicts and redundancies between FIDA and other regulatory frameworks,” said Michael Busk-Jepsen, executive director for digitisation at Denmark’s financial trade association Finans Danmark. “We think that there is a need for a better alignment with, especially, the Data Act.”
A spokesperson for Payments Europe meanwhile said that the regulations that the trade association are primarily focusing on in relation to FIDA are the General Data Protection Regulation, the Data Act and the PSR.
“These regulations are crucial as they interact closely with FIDA, and if they're not aligned, it becomes challenging to implement it effectively,” she said.
According to Guillaume Couneson, a partner at Linklaters law firm, some aspects seem to conflict with the spirit of the GDPR.
“The European Commission wants to put individuals at the centre with control over their data, which functions well when Bank A needs to share a specific piece of data with Bank B in a controlled manner,” he said. “The complexity arises from the need for banks to collaborate on a large scale to enable the exchange of potentially massive amounts of data even before any concrete requests, raising intricate questions."
Couneson, who is based in Brussels, said that there is an “unresolved tension” between data protection and the ambitious efforts to foster data openness.
“This issue was particularly apparent during the review by the EU of the Anti-Money Laundering package,” he said. “The EU data protection authorities defended the fundamental right to data protection and were very reluctant to approve any form of personal data sharing in this context, even if this could be beneficial in the fight against money laundering and terrorism financing.
“Such tensions may present significant challenges during practical implementation of the EU digital framework, especially given the scale of data exchanges involved."
PSD3/PSR overlaps
It is not just the GDPR and other data regulations that are causing problems with FIDA either, with experts warning that the PSR and a proposed update to the Payment Services Directive (PSD3) also potentially conflict with the FIDA framework.
"As things stand, there are blurred lines between the different data sets. This is most acute for banks under FIDA who will also need to comply with PSD3,” said Simon Treacy, senior associate at Linklaters. “Other types of entity are in scope of FIDA, but banks are most exposed to discrepancies between the two regimes.”
Emőke Péter, head of European public and regulatory affairs at global paytech Worldline, meanwhile pointed out that in terms of transaction monitoring, the PSR introduces provisions allowing payment service providers to voluntarily exchange personal data, such as unique identifiers of payees. "These exchanges are governed by information-sharing arrangements, which outline participation details and operational elements, including the use of dedicated IT platforms."
For Péter, the concern arises from the potential overlap between the data provisions outlined in FiDA and those in PSD3/R. "To mitigate this, it's crucial to clarify the interaction between these regulations. This ensures that all stakeholders operate under the same rules regarding the handling of financial data, thereby minimising confusion and facilitating proper implementation."
Data and compensation
The Payments Europe spokesperson told Vixio that regarding the Data Act, it provides the framework within which FIDA will need to operate, adding that it also addresses the issue of compensation.
“This is of significant interest to the industry,” she said. “Without a viable compensation model that allows at least for the recovery of cost related to research, development and implementation it's not feasible and extremely difficult for the industry to deliver on FIDA requirements.”
This need for compensation is, according to Payments Europe, consistent across various regulations, such as those concerning the digital euro. “Incentivising investment is crucial, and aligning FIDA with the Data Act could ensure that reasonable compensation is provided."
Jakub Górka, a professor of finance at the University of Warsaw, told Vixio that, originally, there was optimism about a horizontal approach to open data. “It hasn't fully materialised yet,” he said.
“Envisioning a scenario where all these components are combined suggests a larger and more vibrant ecosystem, although it's clear that it's not functioning optimally yet,” he said. “This underscores the potential economic benefits of open data."
However, the problem that the European Commission appears to have is a lack of joined up approach, something which various payments lobbyists in Brussels have expressed concern about before.
For example, payments sources in Brussels have previously complained to Vixio that the EU’s digital identity framework was let down by a siloed approach. Similar has been said about the approach to legislation focused on topics such as open banking and open finance, and how they link with other data regulation.
To end this problem, Péter suggested that the European Commission should consider adding a top data official to its college of commissioners in the next mandate, “with responsibilities such as oversight of privacy, security, innovation, economic prosperity, accountability, and ethical considerations within the digital ecosystem”.
“As data and digital technologies continue to play an increasingly integral role in our society, having a specialised EU mandate, focused on data governance and regulation, could be a logical next step to enhance the EU's ability to address the complex and evolving challenges related to data privacy, security, and ethical use,” she said.
Still optimism
In spite of the perceived weaknesses in the draft text, there is still a degree of optimism about the changes that open finance could bring about.
"I think that the EU's approach to data can at times appear scattered, but I am optimistic that the different pieces of legislation match up horizontally,” said Verena Ritter-Döring, a partner at law firm Taylor Wessing. “FIDA is just one facet of a whole framework."
She said there is a lot of excitement from fintechs as they see the opportunity for this legislation to improve customer experience, but warned that traditional and incumbent entities, such as insurance firms, may still be in for a shock, and could find it harder to innovate.
“They may lack the creativity necessary for something like open finance. I think that traditional players will play hard to get, but eventually will have to open up their data,” she said. “As we saw after PSD2, we could see some of the more successful fintechs being acquired by or partnering with larger players in light of FIDA and the open finance ecosystem growing."
