On 28 June 2023, the Commission unveiled three legislative initiatives in the field of digital finance. The Directorate-General for Financial Stability, Financial Services and Capital Markets Union (DG FISMA) introduced a regulation for financial data access (FIDA) establishing rights and obligations for managing customer data sharing in the financial sector. Under the same legislative package, DG FISMA presented a proposal to revise the Payment Services Directive and implement a Payment Services Regulation (PSR).
Financial Data Access Regulation
The proposed FIDA aims to enhance economic outcomes for both consumers and businesses in the financial services sector by fostering open finance in a digital context. Under the regulation, the notion of financial data access covers the access and process of business-to-business and business-to-consumer data. To foster consumers’ protection, the regulation requires market participants to provide clients with financial data dashboards, enabling customers to monitor and manage the permissions they provided.
Data users (i.e., firms that access customer data to provide services, such as credit and payment institutions, investment firms, cryptoasset service providers, credit rating agencies, and crowdfunding service providers) will have comprehensive access to the information stored by data holders (i.e., financial institutions that collect, store, and process customer data).
The proposal covers customer data typically collected, stored, and processed by financial institutions during their interactions with customers, including mortgage credit agreements, loans, and accounts; savings and investments in financial instruments; cryptoassets, real estate, and other financial assets; and pension rights in occupational pension schemes.
Customers will retain full control over who accesses their data and for what purposes, with permission dashboards providing transparency into data collection, processing, and usage. Financial institutions will share data through “financial data sharing schemes,” to which both data holders and users must adhere. This framework will facilitate data exchange in the financial sector while ensuring that information on customers is processed correctly.
Payment services directive and regulation
The Commission proposed to amend the existing PSD2 (to be renamed “PSD3”), and to implement a regulation (PSR) establishing specific rules for supervision of payment service providers (PSPs).
PSD2 served as the legal basis for all retail payments in the European Union, domestic and cross-border both in Euro and other currencies. The amendments proposed by DG FISMA are driven by the opinion of the European Banking Authority issued on 23 June 2022 and take into account the difficulties in relation to the current payment-related legal framework.
Notably, the proposed PSD3 addresses the issues arising from new types of fraud and strengthens the mechanisms preventing illegal activities in the payment services sector (e.g., Strong Customer Authentication). The Commission reinforces consumer rights and the level of information by introducing a dedicated data-access interface (permission dashboard), which enables users to manage their open banking access permissions to PSPs.
Finally, to enhance supervision over PSPs, the Commission has opted to replace a significant portion of PSD2 with a directly applicable regulation. The new regulation establishes specific definitions for supervision and outlines the rules that national competent authorities (NCAs) must enforce. NCAs will also have a list of breaches for which specific sanctions must be taken.
The Commission is consulting on FIDA, PSD3, and PSR until 6 September 2023. Financial services attachés of the European Council discussed the package at their meeting on 12 July 2023. The European Parliament referred the work on FIDA, PSD3, and PSR to the ECON Committee.