Shortly after Konsentus published “A Perspective on Open Finance Delivery in Europe” over a year ago, the European Commission announced its proposal to bring payments and the sharing of financial data into the digital age. The draft proposals were split into measures to:
- Revise the Payment Services Directive (what will become PSD3)
- Establish a Payment Services Regulation (PSR)
- Establish clear rights and obligations to manage customer data sharing in the financial sector beyond payment accounts (a legislative proposal for a framework for Financial Data Access – FiDA)
Of the three legislative proposals, we believe FiDA will have the biggest impact on the transition to open finance, and a year on from its announcement we reflect upon:
- How our core guiding principles for open finance were adopted into the FiDA proposals
- What progress has been made over the past twelve months and the likely timescales for adoption
- Measures data providers can put in place to prepare themselves for regulatory change
a) An update on how our core guiding principles for open finance have been adopted into the FiDA proposals
Open data rather than open banking/finance
Konsentus recommended that there should be a coherent and predictable European approach to open data access and that data sets should be accessible across different industries.
Data sharing is already widely used across many industries, but usually in a proprietary format and subject to bilateral agreements. In the finance vertical, this is sometimes referred to as Premium APIs and provides a richer access to data than the mandated open banking APIs.
While open data is the end game, the FiDA proposals provide the foundations for a much-needed structure to the multiple different financial verticals to create a common open ecosystem. The proposals also identify the need for specific schemes to put in place the standards required.
Programme management and metrics
Konsentus stated the need for a central entity to manage the progress of open banking and open finance in the EEA, much like there is in other markets.
FiDA called for the establishment of such schemes to “own” and manage the standards for each vertical, with the EPC taking the lead on open finance payments.
Balancing regulation with innovation
Konsentus stated the need for a holistic implementation that unites legal, technical, operational and business requirements.
In FiDA, the establishment of a scheme to govern the development of each vertical, rather than primary legislation or regulation, should ensure that the needs of both data owners and data users are addressed and that innovation is both enabled and encouraged.
Incentives to support regulation
Konsentus stated that without the appropriate incentivisation model (i.e. monetisation) the industry would be slow to both enable and embrace the benefits of the move towards open finance and ultimately open data.
The FiDA regulation introduces compensation models to provide revenue streams to the data providers, but we still need to see more detail on these to determine if they do provide the right incentives.
Increased harmonisation of standards
The various flavours of API “standards” in open banking in Europe that have been witnessed mean that API “aggregators” have played a greater role in connectivity than was originally envisaged.
FiDA provides for dedicated schemes to manage each vertical to ensure a much more rigorous approach to standard APIs enforcing conformance, which should enable more open connectivity between parties.
Unambiguous identification of parties
Our original paper stressed the importance of identifying all participants within an open ecosystem enabling secure and trusted data exchange.
We understand that FiDA will mandate the use of eIDAS certificates for the identification of the different entities, in line with PSD2 open banking, but it is also vital that there is an accessible and reliable way to ensure that each is indeed authorised to access data both at a regulatory and scheme level.
While the schemes may have ownership of this authorisation data, they may not have the operational capability to respond to the volume and speed of authorisation verification requests necessary to support on-line, real-time transactions within the scheme. Market-led solutions may be necessary, as we have seen with PSD2 open banking.
An appropriate security-UX balance
Konsentus invited the industry to discuss how the security-user experience (UX) balance can reach optimal levels for certain use cases.
In open banking we see the challenges posed by 90 day-reauthentication, and the rise of the introduction of the Variable Recurring Payments (VRP) model to provide a simplified flow for low-risk payments.
The FiDA proposals should enable owning schemes (rather than the primary legislator) to determine the Security-UX Balance to ensure it supports, rather than stifles, innovation.
Enabling physical retail payments
In the paper, Konsentus drew attention to payment initiation services, based on open banking, not having reached their full potential. However, with the introduction of VRPs this is starting to grow, but there is still further work to do.
Point of sale payments are not strictly within scope of the FiDA framework but will be a key revenue driver in open finance and therefore will attract investment.
There are already prototypes in place using an EMV-like application for managing a credential/token which could provide an intuitive way to offer such a service to customers.
Clarity on Participant Scope
Konsentus advocated for further clarity on the scope of participants in the open finance ecosystem and their responsibilities within a trust framework.
Under the proposed FiDA regulation, it will be the responsibility of the new scheme owners to ensure all the players are identified so data providers can easily see who is accessing their customers’ data.
b) Progress made over the past twelve months and likely timescales for adoption
The starting gun has been fired, but this is a marathon and not a sprint. A year after the European Commission announced the framework for Financial Data Access, the route and finishing line are still work in progress.
An EY report, published May 2024, expects FiDA to become fully effective by early to mid 2027. However, while this is still some time off, the timescale is recognised as still being very aggressive for many of the larger financial service providers.
Separately, the recent EU elections may draw focus away from major market-level initiates with resources instead being channelled into domestic agendas, but we do not believe that this will have a major impact on timings.
We are also picking up some level of market concern that the timescale may slip (as we saw with PSD2) but there is no real evidence to back this up. There are other suggestions that the proposals may be cut back to something far less ambitious to ease the burden on data providers but how this would play out in reality has yet to be determined.
However, as open data evangelists, Konsentus is still optimistic that the regulatory route FiDA is following, rather than the Directive approach PDS2 took, should enable the proposals to progress more smoothly and accommodate any bumps in the road as the race progresses.
c) Measures data providers can put in place to prepare themselves for regulatory change
The scope of open finance is much wider than open banking and therefore will take considerable preparation.
One of the biggest challenges facing our customers is not in providing APIs, (although that may also be significant), but in providing a harmonised approach across multiple, different areas of their business.
Ensuring the payments, savings & investments, loans and insurance parts of a business can agree on a common approach is a huge challenge for many of the larger banks with legacy infrastructures. But what is perhaps an even bigger challenge is to create a common user interface to service a common customer. This is going to be one of the biggest obstacles organisations will have to overcome to be successful within an open finance ecosystem – and organisations should start planning now!
So, whilst FiDA may still be some way off, there’s a considerable amount of preparatory work that can be started today.
We recommend determining who in the business is responsible for wider open finance strategy and implementation, and to put plans in place to ensure they are ready to act when the next level of details emerge.
At Konsentus we believe that simplifying and standardising the way access to data is controlled across business units provides the best security for customers’ data and we are enhancing our platform to ensure we are supporting our customers on every step in their open data journey.
