28 Jun 2023

EU to mandate data sharing in real-time across financial services

The European Union has proposed a new regulation called the Framework for Financial Data Access (FFDA). The goal of this regulation is to give consumers more control over their financial data and to provide them with access to data-driven financial services and financial products beyond just payments

New framework mandates data sharing in real-time when customer requests it by electronic means;
Products in-scope include mortgages, credit agreements, most insurance products, savings etc;
Sets out definition of ‘data user’ and ‘financial information service provider’.

The FFDA covers a wide range of data, including mortgages, credit agreements, loans, accounts, savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate, and other related financial assets. It also includes pension rights in occupational pension schemes and European personal pension products, as well as the provision of non-life insurance products. Data that is part of a creditworthiness assessment of a firm is also included.

The FFDA defines several key terms. A "data holder" is a party with an obligation to grant access to and share data. A "data user" is a licensed party with lawful access to customer data. The regulation differentiates between a "financial information service provider," which is authorised to access data to provide financial information services, and a "financial institution," which can be both a data holder and a data user.

Under the FFDA, data sharing is mandated. Upon request by a customer submitted electronically, the data holder must make the data available to the data user for the purposes for which the customer has granted permission. This must be done without undue delay and in real-time. Data users must first be authorised by competent authorities to access data held by data holders.

Data holders are also required to provide customers with a "permission dashboard" to monitor and manage the permissions they have provided to data users. The European Banking Authority (EBA) will develop, operate, and maintain an electronic central register containing information about authorisations granted for data access. This register will be publicly available on the EBA's website.

Cross-border access to data is also addressed in the FFDA. A financial information service provider wishing to access data in another member state must communicate certain information to the competent authority in their home member state. This information will then be sent to the competent authorities of the host member state.

In practice, data will be shared through "financial data sharing schemes." Data holders and users must be members of one or more of these schemes and will make data available according to the scheme's rules and modalities. If no scheme is developed for certain categories of customer data or if there is no realistic prospect of one being established, the Commission may adopt a delegated act specifying common standards for the data and technical interfaces.

These developments will be closely monitored in the UK as we look to build a ‘smart data’ framework, which is enabled by the Data Protection and Digital Information Bill (no. 2) – currently making it’s way through Parliament.

The design of a domestic framework is being guided by a ‘Smart Data Council’ which looks to transpose the approach and success of Open Banking to other sectors, such as energy; enabling greater sharing of data to benefit customers. techUK are a member of this Council and I recently had the pleasure of joining the meeting to help shape the direction and approach with insight from the FS sector.

Also read: EU introduces key changes to payment regulations.

Return to listing