Blog

What an enabling Open Finance framework can look like

6min Read · 6 Nov 2023
open finance ecosystem

The European Parliament Policy Department for Economic Policies just published its latest study/report, requested by the ECON (Economic and Monetary Affairs) Committee, and focusing on Open Finance. It is entitled “What can an enabling framework look like?”. The experts focused on several different aspects, from tech and data to governance and IT resources.

 

The report assesses the potential benefits, costs and risks of data sharing in the European financial sector, as well as the implications for consumers, companies and obviously the financial sector itself.

Digital is transforming the economy and especially the financial services industry by enabling new business models, by changing consumer behavior, by favoring the rise of non-bank forms of credit, and much more. How data is accessed and used, as well as favorable and reassuring pieces of regulations, will be key in this overall digital revolution. Now, moving from Open Banking to Open Finance, how can a robust ecosystem be creating? Below, find some of the key findings shared in the report.

 

Technology & the new challenges for financial regulation

  • Digital technologies, the related financial sector business models and changing consumer behavior have accelerated structural change in the EU financial sector and have led to a decentralization of finance.
  • The adoption of digital finance technologies and business models raises consumer welfare, given greater product variety and efficiency of new financial service providers.
  • The perimeter of EU financial regulation has already been broadened to encompass third party providers in the payments system. PSD2 also defined a regulatory framework for the sharing of payments-related data.
  • Etc.

 

Data sharing in the financial system

  • The benefits of the digital economy for productivity depend on scale economies in data use (larger datasets), and network effects (number of users adopting a similar standard).
  • Data use is therefore subject to positive externalities, as the social value of data use exceeds the private value.
  • Financial markets also suffer from information barriers between lenders and borrowers, and between data holders and potential data users.
  • Data are normally tightly controlled by individual data owners or shared in groups with limited access rights for outsiders, exhibiting the characteristics of a ‘club good’.
  • Etc.

 

The potential of Open Finance in the EU financial system

  • Consumers are likely to benefit from the future EU open finance regime due to greater financial access, lower search costs and product differentiation. These gains may however be limited due to inadequate digital access and also due to consumer behavioral biases, evident for instance in limited switching between products or the persistent choice of a single provider.
  • In EU countries with poor financial literacy, there is also a risk of mis-selling of financial services by data users to poorly informed consumers. Permission dashboards will be of limited use in exercising data privacy rights.
  • Financial exclusion and discrimination against certain consumers are only risks in an environment of abundant data availability in which the consumer’s decision to not disclose data is interpreted as signalling inferior credit quality.
  • As regards non-personal corporate data, only creditworthiness indicators have been included in the proposed FIDA regulation. The open finance regime could result in more suitable products and a greater variety of products being offered by outside providers, including for instance more suitable risk sharing features.
  • Etc.

 

Privacy & Data Governance

  • The proposed Regulation on a framework for Financial Data Access (COM(2023) 360 final) (FIDA) does not replace the GDPR (Regulation (EU) 2016/679), but rather serves as a complement to it.
  • This means that access to personal financial data must be based on the grounds recognised by the GDPR. Most access to personal financial data that has been granted to date under PSD2 has been based on the necessity to fulfil a contract (Art. 6(1)(b) GDPR), rather than on informed consent (Art. 6(1)(a) GDPR).
  • FIDA provides mechanisms for data users located in non-EU/EEA third countries to receive the financial data of EU/EEA consumers if they fulfil suitable conditions. In principle, this should enable suitable US-based and UK-based data users to access the data of EU/EEA consumers, because both countries enjoy adequacy decisions under the GDPR. There are many other countries that do not enjoy an adequacy decision, and there is also a risk of legal challenges to the adequacy decisions of the US and the EU, so this area is likely to be a risk area for FIDA for quite some time.
  • Etc.

 

Data infrastructure & IT resources

  • The lack of consistent standards and application programming interfaces (APIs) has been a major impediment to the effectiveness of PSD2 to date.
  • In the proposed Regulation on a Framework for Financial Data Access (FIDA), the Commission seeks to solve the lack of standards by obligating each data holder and data user to adhere to at least one financial data sharing scheme. Each financial data sharing scheme would be associated with a set of rules and modalities with which its members would be obliged to comply when exchanging data bilaterally with one another.
  • FIDA includes a provision to empower the Commission to provide standards if the sector is unable or unwilling to produce them. This will hopefully not be necessary, but it constitutes an appropriate and vitally important safeguard provision.
  • Even so, the risk of barricades and “slow rolling” on the part of incumbent data holders is substantial. There is a significant risk that suitable standards either will not appear at all, or else will be slow to appear. This is a high risk area that will warrant attentive monitoring as FIDA goes into implementation.
  • SCA has been seen as a major success for PSD2, and has reduced fraud by as much as an estimated 80%; however, there are known gaps. The proposed Payment Services Regulation (PSR, sometimes referred to as PSR3) as proposed in COM(2023) 367 final) would oblige a broader range of financial services providers to implement SCA, and to strive by various means to reduce the risk of fraud by means of “social engineering”.
  • Lack of skilled experts in financial services ICT is likely to pose challenges for the sector.
  • Etc.

 

International experience

  • Most OECD countries promote the expansion of data sharing provisions in payments and banking. Only a few countries cover non-financial data, such as utilities.
  • Australia has consistently promoted the benefits of consumer data sharing and has made consumer data rights more transparent. Dedicated programs and fiscal spending underpin the digital agenda, with a government website setting out benefits to consumers.
  • API development is generally market-led, not defined in regulation. Industry-run collective arrangements mandated by regulation, as proposed in FIDA, appear unique.
  • In general, given diverging privacy and data rights standards, inter-operability with non-EU/EEA jurisdictions will be challenging.
  • Etc.

 

They way forward

  • A key goal of the EU is to move from Open Banking to Open Finance, as embodied in the proposed FIDA regulation.
  • FIDA must be understood as part of the overall EU legal acquis. FIDA was intended to work in concert with a broad range of existing law and regulation, as well as with a new regulation that replaces and supplements PSD2.
  • The overarching objectives of FIDA are (1) to increase competition in the offering of a wide range of financial services; (2) to provide greater consumer choice; and (3) to facilitate market entry of new and innovative financial service providers.
  • Key areas that warrant further elaboration over the course of the FIDA trilogue are (1) the expansion of the regulatory perimeter; (2) bridging divisions within the single market; and (3) making industry-led initiatives work.
  • The legislative proposal is short on detail on how the resources, let alone the competences, of EU-level supervisors (EBA, EIOPA and ESMA) need to be beefed up to reflect the expansion of the regulatory perimeter with the shift towards Open Finance.
  • A number of known deficiencies in GDPR can be expected to adversely impact the effectiveness of FIDA in practice.
  • In order to create economies of scope and scale that reflect the EU as a whole, it is necessary to have consistent rules that enable cross-border financial transactions across the EU/EEA.
  • Etc.

 

Download the report

 

Source: European Parliament

Useful Resources See All
Press Release Six major banks in Luxembourg select LUXHUB as their VOP service provider
#PAYEE VERIFICATION PLATFORM
4min Read · 8 Apr 2025
Blog Why an Open Banking expert is the ideal partner for VOP
#Payee Verification Platform
3min Read · 6 Feb 2025
Press Release LUXHUB obtains ISO 27001 certification
2min Read · 13 Feb 2025
In the Media How FIDA opens unprecedented opportunities: 5 innovative and concrete use cases
2min Read · 25 Nov 2024