New regulations in the European Union (EU) regarding payments and access to financial data lay the foundation for open finance.
While these initiatives aim to drive innovation and improve the customer experience in the financial services industry, they can also pose complex and costly implementation challenges for the industry, according to a note from the Institute of International Finance (IIF) published on May 22, 2024.
The note, released On May 22, it examines recent regulatory changes in the EU data sharing landscape, focusing on the impact of new open finance rules on financial institutions.
One of the highlights of the European Commission’s proposal is the package on access to financial data and payments. released in June 2023. The package includes proposals for a revised Payment Services Directive (PSD3), a new Payment Services Regulation (PSR) and a draft Financial Data Access Regulation (FIDA). These proposals aim to extend access to data beyond payments, improve fraud prevention and lay the foundations for open finance.
Payment innovation and fraud prevention
PSD3 and RPS aim to replace and modernise the current Payment Services Directive (PSD2). Their objectives include combating fraud, strengthening customer rights, improving access to bank accounts for non-banks and, ultimately, facilitating open finance.
The European Parliament voted in favour of PSD3 and PSR on 23 April 2024, marking a significant step forward in defining the future of open finance in the EU. It proposed several changes to the texts, mainly to improve fraud prevention. These changes include:
- Strengthening consumer protection in a context of growing fraudulent activity;
- Promoting innovation through new payment services, risk-based strong customer authentication (SCA) and interoperability;
- Increase transparency and user control over data sharing;
- Improving fraud data sharing through a dedicated IT platform supervised by the European Banking Authority (EBA); and
- Clarify the scope of regulation regarding e-money tokens, location-based discrimination and direct debit refunds.
The EBA responded just days after the Parliament’s vote, making specific suggestions on 29 April 2024 for further amendments to the PSD3 and PSR texts, such as requiring two different SCA factors, mandating comprehensive fraud risk management frameworks and ensuring pre-execution transaction monitoring for instant payments.
Finalized versions of PSD3 and PSR are now expected by the end of 2024, with potential implementation around 2026, expects to Sia Partners, consulting firm.
Giving customers more control over their data
FIDA, for its part, aims to establish clear rights and obligations for managing customer data sharing in the financial sector, giving customers control over their data and allowing third parties to access a wide range of financial information. This includes data on mortgages, loans, savings, investments, insurance, pensions and credit assessments.
FIDA’s proposals include requiring financial institutions to provide data access to other institutions or fintechs, subject to customer permission. Customers will have full control over who accesses their data and for what purpose, increasing trust in data sharing. In addition, data holders and users will be required to adhere to Financial Data Sharing Schemes (FDSS), which will govern data access in line with FIDA and other EU regulations.
IFAD was voted in by the European Parliament’s Committee on Economic and Monetary Affairs on 18 April 2024. However, industry experts don’t wait IFAD will be finalized before 2025.
Impact on financial institutions
According to the IIF, PSD3, PSR and FIDA provide opportunities for the financial services industry to collaborate with new ecosystem players to develop innovative value-added products and services and improve the customer experience.
The industry association, however, highlights the significant challenges that financial institutions may face in implementing these measures. It notes in particular that meeting IFAD’s real-time data sharing requirements may be technically difficult and costly for data holders.
In addition, industry players remain skeptical about the expected benefits of the new regulations. A 2023 study by the European Commission examined The study examined the application and impact of PSD2 and found that the costs of implementing PSD2, particularly for API development (estimated at €3.2 billion) and SCA deployment (estimated at around €5 billion), were substantial. An overwhelming majority of banks and associations consulted for the study suggested that these costs far outweigh the benefits they derive from it.
Featured Image Credit: Edited from free pic