The European Commission launched three consultations on May 10, two related to the review of the second payment service directive (PSD2) and one about open finance.
The open finance consultation, which came in the form of a questionnaire, offers information about the public policies that the EU may be considering.
The commission defines open finance as third-party service providers’ access to (business and consumer) customer data held by financial sector intermediaries to provide a wide range of financial and information services.
Currently, third-party service providers only have access to certain customer data by law, but this consultation seeks feedback about whether to extend that access to more customer data. New laws proposed or adopted by the EU, such as the Data Act or the Data Governance Act, don’t provide any new data access rights in the financial sector.
If the EU were to extend data access rights, according to the questionnaire, the banking, payments, insurance, asset management, securities trading, brokerage and pensions sectors could be affected. The list is not exhaustive and other industries could be included, but it seems clear that it will be limited to financial services, and sectors like health, education, and energy may not be included.
According to the commission, access to this data could support comparison tools that facilitate provider switching, online brokerages that provide financial products, personal finance management tools, alternative credit scoring methods for financial inclusion or quicker customer onboarding with financial service providers.
After outlining possible sectors, the commission asked a few questions relating to the extension of these data access rights, such as who should be obliged to provide data, how much data and whether companies holding the data should be compensated for providing this data.
The questionnaire didn’t provide straight answers, but some questions suggested that financial firms holding customer data may be able to share data with other financial firms, whether these are licensed financial institutions or service providers, which is a broader scope than the current situation.
The commission also sought feedback on compensation, but rather than looking for a yes or no answer, it was interested in finding out what type of compensation (i.e. just the cost of providing it or with a small margin to cover other costs) would be appropriate.
Another concern for EU regulators is the possibility that accumulation of data could lead to monopolies. To that end, the commission has been seeking feedback about Big Tech companies’ access to consumers financial data. The commission is considering prohibiting “gatekeepers,” or Big Tech platforms, from having this access. It is also considering whether financial institutions should have access to consumers’ non-financial data, which could include data held by Big Tech companies.
A Question of Responsibility
The commission is also addressing liability in cases where data shared is misused, incorrect or out-of-date. The growing number of fraud cases and scams has emphasized the need to establish clear rules about who is responsible when the data is misused. The questionnaire only provides a range of options, from issuing industry best practices with little liability to binding regulation with liability established horizontally across the sector or “sector-by-sector.”
To reduce the number of misused data cases and to foster data sharing in a secure way, the commission is also exploring a regulation that customers identify themselves and give consent using a European Digital Identity Wallet.
Even if this questionnaire hints that regulation is a strong possibility, which it does not, the EU regulator is also asking whether in the absence of regulation, larger financial institutions in the EU will provide consent-based access to key customer data via standardized APIs in the open finance space. The answers to this question may help regulators to assess whether regulation is needed and to what extent.