PURPOSE: to establish a framework for responsible access to individual and business customer data across a wide range of financial services (open finance).
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: a responsible data economy, which is driven by the generation and use of data, is an integral part of the Union internal market that can bring benefits to both Union citizens and the economy. Digital technologies relying on data are increasingly driving change in financial markets by producing new business models, products and ways for firms to engage with customers.
Customers of financial institutions, both consumers and firms, should have effective control over their financial data and the opportunity to benefit from open, fair, and safe data-driven innovation in the financial sector. Those customers should be empowered to decide how and by whom their financial data is used and should have the option to grant firms access to their data for the purposes of obtaining financial and information services should they wish.
A dedicated and harmonised framework for access to financial data is therefore necessary at Union level to respond to the needs of the digital economy and to remove barriers to a well-functioning internal market for data. Specific rules are required to address these barriers to promote better access to customer data and hence make it possible for consumers and firms to realise the gains stemming from better financial products and services. Data-driven finance would facilitate industry transition from the traditional supply of standardised products to tailored solutions that are better suited to the customers’ specific needs, including improved customer facing interfaces that enhance competition, improve user experience and ensure financial services that are focused on the customer as the end user.
CONTENT: the proposed Regulation establishes rules on the access, sharing and use of certain categories of customer data in financial services. It also establishes rules concerning the authorisation and operation of financial information service providers.
The general objective of this proposal is to improve economic outcomes for financial services customers (consumers and businesses) and financial sector firms by promoting digital transformation and speed up adoption of data-driven business models in the EU financial sector.
The proposed Regulation will apply to following categories of customer data on:
- mortgage credit agreements, loans and accounts, except payment accounts as defined in the Payment Services Directive (EU) 2015/2366, including data on balance, conditions and transactions;
- savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets as well as the economic benefits derived from such assets;
- pension rights in occupational pension schemes;
- pension rights on the provision of pan-European personal pension products;
- non-life insurance products, except for sickness and health insurance products;
- data which forms part of a creditworthiness assessment of a firm which is collected as part of a loan application process or a request for a credit rating.
This proposal will establish clear rights and obligations to manage customer data sharing in the financial sector beyond payment accounts, namely:
- possibility but no obligation for customers to share their data with data users (e.g. financial institutions or fintech firms) in secure machine-readable format to receive new, cheaper and better data-driven financial and information products and services (i.e. such as financial product comparison tools, personalised online advice);
- obligation for customer data holders (e.g. financial institutions) to make this data available to data users (e.g. other financial institutions or fintech firms) by putting in place the required technical infrastructure and subject to customer permission;
- full control by customers over who accesses their data and for what purpose to enhance trust in data sharing, facilitated by a requirement for dedicated permission dashboards and strengthened protection of customers' personal data in line with the General Data Protection Regulation (GDPR);
- standardisation of customer data and the required technical interfaces as part of financial data sharing schemes, of which both data holders and data users must become members;
- clear liability regimes for data breaches and dispute resolution mechanisms as part of financial data sharing schemes so that liability risks do not act as a disincentive for data holders to make data available;
- additional incentives for data holders to put in place high-quality interfaces for data users through reasonable compensation from data users in line with the general principles of business-to-business (B2B) data sharing laid down in the Data Act proposal (and smaller firms will only have to pay compensation at cost).
In practice, this proposal will lead to more innovative financial products and services for users and it will stimulate competition in the financial sector. For example, consumers will benefit from improved personal finance management and advice. Previously burdensome processes such as comparison services or switching to a new product will become smoother and cheaper, including for example, automated processing of mortgage applications. SMEs would also be able to access a wider range of financial services and products, such as more competitive loans resulting from their creditworthiness data being more easily accessible.