The EU has signalled a shift from its past focus on privacy rights – as in the general data protection regulation (GDPR) – with reforms to encourage the controlled sharing of financial data. This could see data flow from established financial institutions, such as banks, to their personal and business customers, and then on to other financial services.
‘Careful cost-benefit analysis of each product or market is needed to avoid sector fragmentation’
The European Commission, which is the EU executive body, could be eyeing the potential of fintech with its proposed reforms. An October 2022 report from consultancy McKinsey, Europe’s fintech opportunity, highlights the potential prize: ‘If fintech ecosystems in all European countries were able to attain the same level of performance as the best in the region… fintech jobs in Europe would grow by a factor of 2.7 to more than 364,000; funding would more than double to almost €150bn from €63bn; and valuations would grow by… 2.3 to almost €1 trillion.’ That is twice the combined market capitalisation of Europe’s top 10 banks.
The reforms would help new financial services win business. The European Commission has also proposed a regulation on financial data access to lay down rules for sharing such information. It has simultaneously updated the EU’s payment services directive to version 3, introducing uniformity of implementation by hiving off some of the directive legislation into a regulation and imposing the same rules on all 27 member states.
Open finance
A note from Deloitte highlights some key consequences of the financial data access regulation. First, data holders, such as banks, could ‘ask for reasonable compensation for making data accessible to data users’ who might offer third-party services to their customers. Second, these data users would be restricted to read-only access, unable to initiate transactions via such access. ‘Both could affect the uptake and potential benefits of open finance,’ Deloitte points out.
The European Banking Federation (EBF) advises caution, saying that for the financial data access regulation to unlock new opportunities for customers, any data sharing system must ensure fair competition, ‘with a fair distribution of value and risk’. It argues that the proposed data access rights do not sufficiently assess the risks involved in sharing such financial information, and that ‘careful cost-benefit analysis of each product or market’ is needed to avoid fragmenting the EU financial sector.
‘More choice and more tailored products is down to sharing of information’
The European Commission wants the EU to develop a more competitive and diverse financial sector through the release of data, while ensuring consumers retain control over what information is shared.
Mairead McGuinness, the commissioner for EU financial services, says: ‘We are offering more choice and more tailored products, and this is down to… sharing of information – but really important also [is] who controls the information.’
Safe sharing
A Commission briefing note explains it wants to ensure individual and small business customers can safely share their financial information with other data users, such as banks and fintechs, in a secure machine-readable format. By doing so, these customers should ‘receive new, cheaper and better data-driven financial and information products and services’.
The reforms would force financial institutions to make this data available to other users, such as rival banks, payment services companies and fintechs, if customers request this. Financial institutions would have to establish the technical infrastructure to enable this, with data being transferred in a standardised format.
The Commission says it wants to enable ‘full control by customers over who accesses their data and for what purpose’, with the regulation mandating ‘dedicated permission dashboards and strengthened protection of customers’ personal data’, meeting GDPR rules. Companies would be held liable for data breaches, although dispute resolution mechanisms would be established, ‘so that liability risks do not act as a disincentive for data holders to make data available’.
Payments
As for the payment services legislation reforms, the new legislation would authorise payment service providers – although not including banks or fintechs in this instance – to share fraud-related information between themselves.
Refund rights would also be extended for consumer fraud victims. Payments services would have to check payees’ IBAN numbers against their account names before transactions were made.
‘Changes should focus on allowing consumers and businesses to reuse their data as they see fit’
The harmonisation of much of the EU’s new payment rules as a regulation should improve enforcement, given that past directives have permitted national governments more flexibility in implementation.
The clear beneficiaries of the payment-processing move – third-party non-bank providers providing such services to merchants and other businesses – have been far more positive about the reforms. ETPPA, the European trade association of bank-independent third-party providers, says changes should ‘focus on allowing consumers and businesses to reuse their data as they see fit’, so they can ‘obtain a broader range of products and services than the data holder is offering itself’. Customers, ETPPA adds, should be able to access and retrieve data in real time for free, either by themselves or via an authorised third party.
Practicalities
A KPMG assessment stresses the practical measures, such as the requirement that payment service providers must ensure that strengthened customer authentication methods (such as dual factor systems) ‘do not depend on one single technology, device or mechanism, such as the possession of a smartphone’.
Deloitte says the European Commission, the European Parliament and the EU Council of Ministers may take until 2025 to agree the package, with EU member states having two more years for implementation.
Ultimately, however, these changes will enable further reforms. Romain Swertvaeger, EY Luxembourg partner and fintech leader, says: ‘New regulations in digital finance are set to enhance the frictionless experience for customers and e-commerce across Europe.’