- The proposed Financial Data Access (FIDA) regulation would regulate the sharing and use of financial customer data in the EU.
- The objective is to give financial sector companies and other licensed operators access to the sector’s customer data.
- According to the European Commission, access to customer data would enable the development of better and more personalised services for customers, but there is no demonstrated market demand for such data.
- Finance Finland holds that the proposal should be considerably simplified and its scope narrowed. If the proposal cannot be amended to be fit for purpose, the initiative should be withdrawn.
- FIDA is in conflict with the EU’s Competitiveness Compass, which aims for simplifying and reducing regulation. The costs of the framework are estimated to be unreasonably high for individual companies; the price tag for mid-sized banks, for example, may reach up to €90–100 million.
Although the FIDA proposal was already withdrawn once during the drafting of the Commission’s work programme, it was included in the final programme for the term. The proposal will next be discussed in trilogue negotiations between the European Parliament, the Council and the Commission. The Council has asked the Commission to present a simplification proposal, which it will be issuing to the Council and the Parliament in May.
The European Commission’s legislative proposal for a framework for financial data access (FIDA), also known as the Open Finance framework, is making progress. According to Finance Finland’s Legal Adviser Tuulia Karvinen, the contents of the proposal are greatly in need of clarification. In their current form, none of the three legislative proposals to be soon discussed in trilogue negotiations meet the market’s genuine, practical needs.
“If FIDA is to be implemented, its scope must be limited to use cases in which customers would genuinely benefit from tailored products and services. The negotiations should also focus on simplifying the regulation’s scope and administrative burden and on minimising costs”, Karvinen says.
Scope of application must be clarified in terms of both operators and data
According to Karvinen, the scope of the regulation should exclude large companies and institutional entities, which already have access to tailored services and products and therefore have no need for the FIDA framework. Furthermore, sensitive personal data, such as health information, should not be shared under the regulation if there is no real need to do so. For these reasons, life, health and sickness insurance products, for example, have already been excluded from the proposal’s scope.
Karvinen argues that a similar exclusion should apply to pensions and insurances that are in the scope of national social security schemes. Such insurances include occupational accidents and illnesses policies, for example.
In its current form, FIDA would apply to non-life insurances, mortgages, savings, occupational pension schemes, financial instruments and insurance-based investment products. Life, health and sickness insurances have been excluded from the scope due to data security risks, but the policymakers have overlooked a potential backdoor in the proposal that enables indirect access to such data.
“Customers’ health data can fall in the scope of sharing obligations through other insurance products, such as workers’ compensation and motor liability insurances”, Karvinen explains.
According to Karvinen, it would be wiser to first implement a limited version of FIDA with carefully selected and restricted use cases.
“It’s always possible to broaden the scope of application later if there is genuine market demand for data and we get the FIDA framework running smoothly”, she adds.
Open access, few obligations – FISPs must have clear rules
An issue that calls for special attention according to Karvinen is the new role of Financial Information Service Providers (FISPs), also proposed in the FIDA proposal. Karvinen says the proposed obligations for the new FISPs would be merely administrative and financial.
“The legislative proposal does not clearly define who is eligible to apply for a FISP licence. FISPs can be anything from FinTech companies to start-ups and large companies as long as they meet the formal criteria. Neither does the proposal define clearly enough what FISPs are allowed to do with the data they access. FISPs have the right to buy data, but they don’t have the obligation to share or sell their own data to other operators”, criticises Karvinen.
According to Karvinen, FISP licences should be granted only to operators established inside the EU so that if things go wrong, authorities can step in more effectively. Gatekeeper companies designated under the EU Digital Markets Act – such as the digital giants Google and Meta – should be excluded from FISP eligibility to mitigate risks related to data security and market dominance, which could undermine the development of a secure EU data economy.
Karvinen points out that FIDA’s benefits are unclear and its costs alarmingly high.
“For a mid-sized bank, the implementation of FIDA requirements would cost about €90–100 million – and for bigger banks, even more. In the insurance sector, the price tag could be even higher due to how complex and unstandardised its data is. Companies must not be expected to make such massive investments unless there is demonstrated market demand for the data that is to be shared under the FIDA framework”, says Karvinen.
Still have questions?
|Contact our experts
Looking for more?
Other articles on the topic
Is the FIDA proposal worth its cost or a hundred million dud?
Study: The digital euro would create costs, impact payment systems and potentially shake financial stability – still no proof of benefits
Member of Parliament Aura Salla on the digital euro: Why is the ECB messing with the market by building a new payment system?
Financial data sharing to improve services – The Open Finance proposal has potential but lacks concrete solutions
