Legislative proposal for a new open finance framework

In “A Europe Fit for the Digital Age”

PDF version

In the context of the Digital Finance Strategy, the European Commission announced a proposal on open finance, which would refer to the access and reuse of customer data, with consent, across a range of financial services. This initiative would enable data sharing and third party access for a wide range of financial sectors and products, in line with data protection and consumer protection rules. It would be based on the principle that financial services customers own and control the data they supply and the data created on their behalf. The final aim is to provide more innovative financial products and services for users and to stimulate competition in the financial sector. 

On 28 June 2023, the Commission put forward a legislative proposal for a framework for financial data access (open finance framework). The framework aims to establish clear rights and obligations to manage customer data sharing in the financial sector beyond payment accounts. The proposed regulation establishes rules on the access, sharing and use of certain categories of customer data in financial services. It also establishes rules concerning the authorisation and operation of financial information service providers. The proposed regulation will apply to following categories of customer data on:

1. mortgage credit agreements, loans and accounts, except payment accounts as defined in the Payment Services Directive (EU) 2015/2366, including data on balance, conditions and transactions;

2. savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets as well as the economic benefits derived from such assets;

3. pension rights in occupational pension schemes;

4. pension rights on the provision of pan-European personal pension products;

5. non-life insurance products, except for sickness and health insurance products;

6. data which forms part of a creditworthiness assessment of a firm which is collected as part of a loan application process or a request for a credit rating.

The proposal aims to establish clear rights and obligations to manage customer data sharing in the financial sector beyond payment accounts, namely:

- possibility but no obligation for customers to share their data with data users (e.g. financial institutions or fintech firms) in secure machine-readable format to receive new, cheaper and better data-driven financial and information products and services (i.e. such as financial product comparison tools, personalised online advice);

- obligation for customer data holders (e.g. financial institutions) to make this data available to data users (e.g. other financial institutions or fintech firms) by putting in place the required technical infrastructure and subject to customer permission;

- full control by customers over who accesses their data and for what purpose 

- standardisation of customer data and the required technical interfaces

- clear liability regimes for data breaches and dispute resolution mechanisms 

- additional incentives for data holders to put in place high-quality interfaces for data users 

In the European Parliament, the Committee on Economic and Financial Affairs (ECON) is responsible for the file. On 19 July 2023, ECON Committee appointed MEP Michiel Hoogeveen as rapporteur. The Committee on Legal Affairs (JURI), The Committee on Internal Market and Consumer Protection (IMCO), and the Committee on Civil Liberties, Justice and Home Affairs (LIBE) has been proposed for an opinion. The JURI and IMCO Committes have decided not to give an opinion.  

On 13 December 2023, the rapporteur published his draft report. He welcomes the proposal and suggested modifications along the following main axes: 1. Enhancing customer trust; 2. Promoting innovation; 3. Improving interoperability and supervision. 

On 18 April 2024, the ECON Committee adopted its report for a harmonised framework for access to financial data at the EU level, with 43 votes to 1 and 5 abstentions. According to ECON Members, the framework should be established for the access of customer data processed by financial institutions across the financial sector beyond payment account data. Based on owner’s permission, their data would be made available in order to develop and provide tailor-made and data-driven financial products and services.

For smaller companies the access to data would be useful when attracting new customers, lowering costs and barriers of entry thus increasing competition and innovation for financial products and services.

Customers would decide how and by whom their financial data is used. The access should be based on customers’ explicit permission and data users would have to specify what they intend to make with them. The data could not be transferred to a third-party without permission. Moreover a consent could be withdrawn at any time and free of charge.

Financial data access scheme members, including data holders and data users, should therefore be required to agree on the contractual liability for potential data breaches, which foresees customer compensation in case data was misused, for instance if data was to be transferred to a third-party without the customer’s explicit permission.

Data related to sickness and health cover would be excluded from the scope, as well as confidential business data and undisclosed know-how. MEPs also decided that the large digital platforms designated as Gatekeepers pursuant to the Digital Markets Act should not be eligible to become financial information service providers 

The European Banking Authority (EBA) should establish a register of authorised financial information service providers, as well as financial data access schemes agreed between data holders and data users.

In the Council, discussions have started within the Council preparatory bodies.

The file will be followed up by the new Parliament after the 6-9 June European elections.

References

For further information: Stefano Spinaci, legislative-train@europarl.europa.eu

As of 20/05/2024.