The European Union’s drive to create an integrated financial data market is entering a new phase as Brussels prepares legislation that will require banks, insurers, pension providers, investment firms and other financial institutions to share customer data with third parties – extending rules that have already transformed retail banking.
First implemented in 2018, the Second Payment Services Directive (PSD2) forced banks to share account data with licensed third parties through standardised interfaces, creating a wave of fintechs offering account aggregation and payment initiation services.
Now the European Commission aims to extend this model across the financial sector through the Financial Data Access (FIDA) regulation. First published in draft form in June 2023, FIDA will require financial institutions to make customer data available through application programming interfaces (APIs). The regulation covers amongst others customer data related to credit agreements and accounts (excluding payment accounts), savings, investments in financial instruments, insurance-based investment products, crypto-assets, pan-European personal pension products, and certain non-life insurance products.
The proposed move comes as financial data sharing initiatives continue to gain momentum. Brazil’s central bank mandated open finance in 2021, while Australia’s Consumer Data Right reform has enabled enhanced data sharing in the banking and energy sector. The UK – which pioneered open banking regulation in 2017 – is developing an open finance framework through the Data Protection and Digital Information Bill.
Representing the first sector-specific implementation of the European Data Strategy published in 2020, which identified 14 industries for data sharing initiatives, FIDA will extend data sharing requirements beyond banks to insurers, asset managers and other financial institutions creating opportunities for fintechs to build new services around customer data.
“Financial services is one of 14 sectors defined in this data strategy,” explains Chris Schmitz, partner at professional services firm EY and the company’s EMEIA fintech leader. “As is often the case, financial services is the first sector to undergo such comprehensive data sharing regulation. While the European Commission supports data sharing efforts across other industries, the financial services industry is clearly leading the way.”
Chris says the impact on financial services providers will be substantial. “Real time access to data is something that overall the industry has not experienced so far in that broadness,” he says. “Many of the industry players specifically in insurance and asset management are not used to providing customer data to third parties in real time and for sure not over API infrastructures. A substantial amount of Financial Services players may need to upgrade legacy systems to support real-time data sharing via APIs, which could involve significant investment in technology and staff training.”
FIDA implementation creates new technology requirements for banks
Financial institutions face a tight implementation timeline. The current draft gives them a minimum of 24 months after the regulation is finalised to implement real-time API access to product information. The regulation is anticipated to be approved in the second quarter of 2025, followed by the above-mentioned 24-month transition period (longer periods for certain products apply), leading to an initial compliance deadline in the second half of 2027. However, this timeline might be subject to change based on the legislative process within EU institutions.
“The current draft anticipates a first transition period of 24 months following the regulation’s approval by European governments,” explains Chris. “If approval occurs as expected in the second quarter of 2025, organisations will only have two years to implement real-time API access to product information.”
The regulation introduces new roles in the financial data ecosystem. Data holders – e.g., banks, insurers and asset managers – must share customer information with data users: licensed third parties who have obtained customer consent. This, Chris highlights, creates opportunities for fintech companies to aggregate data across providers and build new services.
“The fundamental aim is to empower both corporate and retail clients to make the most of their data held by financial providers,” Chris notes. “This sharing capability gives clients the power to receive better market offerings, enjoy improved customer journeys and gain a comprehensive view of their services while accessing competitive alternatives.”
Industry standards create additional implementation challenges
The development of data sharing schemes presents a major challenge for industry players. These schemes must define the scope of data exchange, compliance requirements and potential monetisation models.
“The regulator has established the term of ‘Financial Data Sharing Schemes’, effectively delegating the responsibility for defining these schemes to the industry itself,” Chris explains. “Industry participants must collectively determine the scope of data exchange and establish regulations governing adherence to these schemes.”
The complexity extends beyond technical implementation to include commercial considerations. “There’s also the matter of scheme monetisation and data exchange,” Chris notes. “A comprehensive set of agreements must be developed in the coming months and years to ensure data exchange is properly governed by these Financial Data Sharing Schemes.”
These agreements will have direct technical implications. Any agreements reached within these schemes must be implemented in the backend systems and API infrastructure.
Even for banks with experience of PSD2 implementation, the breadth of data covered by FIDA creates new technical challenges. “It’s a significant undertaking even for banks, as they must implement real-time data access across major backend systems,” Chris emphasises. “Many industry players, particularly in insurance and asset management, have no experience providing real-time data through API infrastructures. For these sectors, the challenge is even more substantial.”
Brazil open finance provides valuable insights for European implementation
The implementation of open finance in Brazil provides insights into the potential impact of FIDA. The Brazilian central bank introduced mandatory data sharing in 2021 through a “top-down led process,” which has gained 30 million users and generated two billion weekly API calls.
“Banks were required to comply within a year, and since its launch, the system has attracted 30 million users across Brazil, generating more than 40 million client consents.” Chris explains.
The volume of API calls indicates substantial client activity in the Brazilian market, and as Chris highlights. “We’ve observed a decrease in interest rates for individual loans,” he reports. “Credit acceptance rates have risen, as banks and lenders can access a more comprehensive view of their clients by drawing data from multiple sources, rather than relying solely on their own records.”
The Brazillian experience provides a potential blueprint for European implementation. “I'm optimistic that the European landscape will deliver similar benefits to both clients and financial service providers.”
Data sharing creates new commercial models for finance
Ultimately, the FIDA regulation aims to empower customers to derive value from their financial data. The core objective is to give both corporate and retail clients the freedom to leverage their financial data effectively with their service providers, creating opportunities for both data monetisation and enhanced service provision.
“There's potential to monetise data by providing access to third parties, but you can also gain greater transparency,” Chris comments. “When you share data, providers can develop a comprehensive, 360-degree view of your financial situation.”
The model creates reciprocal benefits for financial services providers. “From the providers’ perspective, with client consent, they too can develop a complete picture of their clients' financial activities.”
This comprehensive view enables a customised service provision. Providers can analyse competitors' offerings, pricing structures and product parameters and can see which services and products clients purchase, enabling them to craft more competitive proposals to win client relationships.
The exchange of data becomes central to service delivery. “Data exchange and monetisation will become fundamental to the future of financial service delivery”, Chris observes. “It’s a reciprocal arrangement – the incumbent players, in their capacity as ‘data holders’ have the obligation to share data, but they can now also utilise this regulation to better understand their clients and enhance their service offerings.”
Implementation requires careful consideration of commercial models. “The monetisation aspect is crucial – organisations must carefully evaluate how much they can afford to pay for data access and how this investment will affect their customer acquisition costs and overall business model.”
Fintech companies eye customer experience opportunities
Fintech companies are well positioned to benefit from the new regulation through their ability to innovate quickly and leverage the new data access rights, according to Chris. He expects fintech firms to become data users, creating services that give customers a comprehensive view of their financial position across different providers.
“Fintech companies are ideally positioned to be significant players in this new market,” Chris explains. “They will become data users, utilising the new regulation and their licences to acquire data and provide customers with enhanced oversight - essentially creating a financial home for clients.”
The opportunity stems from fintech companies’ track record in enhancing customer experiences. “Fintech firms have historically excelled at enhancing customer journeys. With FIDA, they’ll be able to aggregate information from various sources to deliver an even better experience.”
The regulation could also revitalise fintech entrepreneurship. “We’ve observed a decline in the number of new businesses being founded recently, but I believe this will spark a new wave of innovation in the fintech industry, with fresh entrepreneurs positioning themselves in this space,” Chris observes. “I anticipate fintech companies will play a substantial role in driving growth within the data economy. They recognise this is a worthwhile venture, as FIDA essentially opens the gateway to the data economy.”
Incumbents may struggle to match fintech innovation in customer experience. “Traditional institutions have historically found it more challenging to develop these sophisticated customer journeys,” Chris points out. “The key will be creating user experiences that demonstrate clear advantages to clients who choose you as their data user.”
Regulatory requirements create barriers to entry
However, fintech companies must prepare for both the opportunities and regulatory requirements. They will need to obtain licences and participate in eventually multiple data sharing schemes, which may operate at national rather than European level.
“From today’s point of view we anticipate data sharing schemes will not be uniform across Europe,” Chris explains. “Instead, we’re likely to see numerous schemes at the national level, with different industries potentially serving as structuring factors for data sharing schemes.” From an efficiency point of view a harmonised European scheme would be preferable, but discussions among the industry players regarding uniform schemes have not commenced.
Participation in the schemes is fundamental to market access. “Becoming a member of data sharing schemes is a prerequisite for data users who wish to take advantage of the available data,” notes Chris. “You must obtain a licence and negotiate within the financial data sharing schemes to establish access to the appropriate data.”
The dual challenge of regulation and innovation requires careful planning. “It’s a two-pronged consideration,” Chris observes. “Organisations must prepare for the opportunities this creates whilst also addressing the regulatory requirements necessary to achieve them.”
Companies must balance customer experience development with regulatory compliance. “You’ll need to create user journeys that demonstrate clear advantages to your clients as a data user,” Chris points out. “While fintech firms are accustomed to understanding and meeting client needs, they must now simultaneously navigate substantial regulatory and licensing requirements.”
For asset managers and insurers now mandated to share data with third parties - lessons can be learned from banks’ approach - adopting ecosystem style approaches to partnerships, collaborating with an array of fintechs for specific needs, as opposed to hedging bets on one technology provider.
EU data strategy places finance first among 14 sectors
The selection of financial services as the initial sector for increased EU regulation points to its potential impact on data sharing across industries in the future.
“If the data economy proves successful – which will need to be demonstrated and validated by participants – I envision a promising future for financial services, as it will generate significantly better value for clients,” Chris observes.
The implications extend beyond individual services to the broader financial ecosystem. "This will drive fintech growth and advance the monetisation and exchange of data as a core component in future financial service delivery,” Chris says. “We’ll see the industry's reputation and impact strengthen.”
Strategic planning required for implementation success
As Chris emphasises, fintech companies must begin preparation for FIDA implementation. “Get thoroughly involved with the regulation – understand it, study it and engage with all parties who will be your future partners in data sharing schemes,” he says.
This planning process will require engagement with multiple stakeholders. “Engage in dialogue with everyone who will shape these schemes and determine how you want to utilise them moving forward,” he advises. "Consumer protection agencies will also play a role in the scheme.”
Companies need to develop clear value propositions. “Establish how you’ll provide additional value to potential clients and begin mapping out user journeys that will ultimately convince them of your service's merit,” notes Chris.
The implementation requires a multi-faceted approach. “It’s a combination of commercial perspective, strategic vision and technical considerations regarding how to access and leverage the regulation to become part of the ecosystem.
“FIDA will potentially also open the door for big tech to offer financial services i.e. become more active in this space. Hence besides the points already mentioned, fintechs also need to embrace enhanced competition by the large tech players and platform businesses.”
Explore the latest edition of FinTech Magazine and be part of the conversation at our global conference series, FinTech LIVE.
Discover all our upcoming events and secure your tickets today.
FinTech Magazine is a BizClik brand
