artikel / 23 nov 2023

Open Finance under FIDA – What to Expect from a Swedish Perspective

Digital technologies relying on data are increasingly driving change in the financial industry by providing fintech companies with new business models and ways to engage with customers. In an effort to modernize the current legal framework and to keep up with technical developments, the European Commission has proposed enhanced rules on financial data access (open finance). In this article, we focus on what can be expected from access to a broader set of financial data for a wider range of financial players, based on Swedish conditions.

The predecessor of open finance – the current legal framework for open banking

The second Payment Services Directive (PSD2), adopted in 2015, sets out the rules for payments in the EU with the purpose of ensuring a level playing field between existing financial players and upcoming payment providers. One of the main aims of the PSD2 is to increase competition and facilitate innovation in financial services by opening the EU market for upcoming providers, offering payment services based on access to financial data from payment accounts. This is achieved through the PSD2 forcing account servicing payment service providers (mainly the banks) to open access to their customers’ payment accounts data to external parties, so-called third-party providers (TTP), via APIs. These TPP are divided into two types: payment initiation service providers (PISP) and account information service providers (AISP).

While PSD2 has made significant progress in opening and fostering competition and innovation in the EU payment market through open banking, this has not targeted the wider financial sector, and has been limited to financial data from payment accounts. In response to this and following an evaluation of PSD2, the European Commission has put forward a series of proposals. These lay down the framework for the third Payment Services Directive (PSD3), the Payment Services Regulation (PSR) and the regulation on a framework for Financial Data Access (FIDA), fostering the move from open banking to open finance.[1]

Open finance under FIDA

Access to a broader set of financial data for a wider range of financial players

The proposed framework for open finance aims to facilitate the provision of individualised, data-driven products and services that may fit the individual customer’s specific needs. It is based on the open banking concept whereby customers have the option, but not the obligation, to enable access to their financial data. However, while PSD2 only applies to payment accounts, FIDA will cover a much wider range of financial data. Based on the principle that the financial data should demonstrate a high value-add for financial innovation, as well as low financial exclusion risk for customers, such data includes:

mortgages, loans and accounts (other than payment accounts regulated under PSD2);
savings products, financial instrument investments, crypto assets, real estate and related investments;
occupational and personal pension products;
non-life insurance products (excluding sickness and health insurance); and
data which forms part of a creditworthiness assessment of a firm.[2]

The right to access this wider set of financial data will apply for the following financial institutions:

credit institutions;
payment institutions including AISPs;
e-money institutions;
investment firms;
crypto assets service providers;
issuers of asset-referenced tokens;
managers of alternative investment funds;
management companies of undertakings for collective investment in transferrable securities;
insurance and reinsurance undertakings;
insurance intermediaries and ancillary insurance intermediaries;
institutions for occupational retirement provision;
credit rating agencies;
crowdfunding service providers;
PEPP providers.[3]

In addition to the above-mentioned financial institutions, FIDA will introduce a new type of authorised entity, the so-called financial information service provider (FISP). FISPs will be allowed to have access to customers’ data for the sole purpose of providing financial information services (more on the differences between financial institutions and FISPs below).[4]

Data access obligations

FIDA differentiates between data holders – entities that collect, store and otherwise processes customers’ data, and data users – entities that, following the permission of a customer, have lawful access to customer data. Upon customers’ request, institutions that act as data holders will be obliged to make customers’ data available to them without undue delay and free of charge.[5] The same obligation will apply where request for data access is sent by a data user that acts based on customers consent. However, in this case, financial institutions acting as data holders will be able to receive compensation for this service, which is one of the major differences between FIDA and PSD2.[6]

All financial institutions, except AISPs and FISPs, will generally be able to act as both data holders and data users. Thus, the roles of data holder and data user are not mutually exclusive. For example, an investment firm may be required to share customer data with data users at the request of a customer. But that same investment firm could be authorised by its customers to request data from other data holders, e.g., loan or pension providers, to improve its offerings.

Financial data sharing schemes

Within 18 months from the entry into force of FIDA, data holders and data users will be required to join one or more financial data sharing schemes. The schemes will be responsible for governing access to customer data in compliance with FIDA, and other applicable EU rules (such as the GDPR and the Data Act). Financial data sharing schemes will have to develop common standards for data sharing and interface requests, set member contractual liabilities, and provide effective dispute resolution mechanisms. Financial data sharing schemes will also establish the model to determine the maximum compensation data holders may charge users. [7]

If no financial data sharing scheme is developed for a category of customer data covered by the FIDA, the European Commission will be empowered to adopt a delegated act to set common standards for data sharing and technical interfaces, a model to determine maximum charges for data sharing and the liability of entities making customer data available.[8]

A number of Swedish-specific factors

In a Setterwalls article from July 4 2023, we focused on the Swedish Financial Supervisory Authority’s (the SFSA) report on the use of open financial services in Sweden.[9] In preparation for the upcoming regulations, the SFSA has on behalf of the Swedish government conducted a survey of how these services are used in Sweden, and identified and analysed any risks and opportunities linked to them.[10]

The SFSA’s report highlights that Swedish fintech companies have been earlier adopters of open financial services compared to the rest of Europe. This is attributed to the highly digitised financial industry in Sweden, the presence of innovative fintech companies, and the early and extensive use of mobile e-IDs. Amongst the open financial services, payments are one of the most widely used applications, but payment initiations through open financial services have been shadowed by and recently also lost ground to other popular payment services.[11] This may indicate that the Swedish market has reached a high level of competition regarding payment initiation services and that FIDA is a much-needed regulation for fintech companies to provide open financial services within financial sectors not limited to payment initiations.

According to the SFSA, the use of open financial services within the insurance sector, although lacking a regulated retrieval method and not widely used at present, shows a rising trend of use in Sweden. Thus, there seems to be a need for regulated open financial services within the insurance sector, but the need for such services depends on the insurance in question. As an example, for non-life insurances and pension insurances, the primary interest is considered to be a good basis for warranting a switch of insurance company. Thus, the current use in these fields tends to be mainly sales-driven, rather than providing the insurance holder with more information and a better overview of their insurances.[12]

Another sector of interest is the savings and investments industry, where the use of open financial services according to the SFSA’s report is relatively low. Following dialogue with industry stakeholders, the SFSA notes that Sweden is deemed advanced in the development of pensions and savings transfers, which may be provided through open financial solutions.[13] This industry is thus not currently subject to a high level of use (or perhaps supply) of open financial services and there may be potential for innovation.

To conclude

The proposed framework for financial data access is a welcome development for innovation within the financial industry, providing new opportunities for both current major financial players, as well as up-and-coming fintech companies. FIDA still needs to find its way through the EU legislative process, which may be prolonged by the upcoming EU election. Nevertheless, due to the complexity of FIDA, financial institutions should use this time wisely, in order to start preparing in advance for ultimate implementation. Setterwalls will continue to closely follow all developments as FIDA goes through the EU legislative process, and will also monitor any further updates from the Swedish government.

[1] https://finance.ec.europa.eu/publications/financial-data-access-and-payments-package_sv

[2] FIDA, Article 2(1).

[3] Ibid, Article 2(2).

[4] FIDA, Preambles 31-34 and Articles 2(2) and 3(7).

[5] Ibid, Article 4.

[6] Ibid, Article 5.

[7] Ibid, Articles 9 and 10.

[8] Ibid, Article 11.

[9] Setterwalls’ article from July 4 2023, Key takeaways from the new SFSA report on open finance in Sweden.

[10] The SFSA Report from June 28 2023, Användningen av öppna finansiella tjänster i Sverige.

[11] Ibid, p. 7-8.

[12] Ibid, p. 9-10.