Even though it looked as if the Financial Data Access Regulation (Fida) had slipped off the agenda for a while, the trilogue negotiations between the EU Commission, Council and Parliament on the implementation of the rules got underway at the beginning of April. The rules provide for the standardised provision of customer data for banks and insurers, among others.

„Fida marks the transition from open banking to open finance. The scope of the regulation is considerable – almost all companies that fall under European financial services law are affected,“ Daniel Lühmann, Partner at Simmons & Simmons specialising in Financial Services Regulation, told Börsen-Zeitung. „Provided the customer has given their consent, licensed third parties will in future have access to extensive financial information, from ETF purchases to insurance, as so-called data users via standardised APIs.“

The fields for the exact implementation of the Fida are now being mapped out in the trilogue. The initial situation looks like this: After the proposal for the legal framework was on the verge of being cancelled in mid-February at the instigation of France, which does not want data sharing, it was then finally included in the list of projects by the Directorate-General for Financial Market Regulation, when EU Financial Services Commissioner Maria Luís Albuquerque exerted pressure. The task now is to mediate between the different positions, says Lühmann. „The EU Commission had already formulated an initial draft of a regulation in mid-2023, but in April and December 2024, the Parliament and Council came up with proposals for amendments, which were in favour of differentiated and gradual implementation by product category.“

His expectation for the timetable is that the negotiations in the trilogue could be completed by the end of 2025. The legislative process could be finalised by the beginning of 2026. The data schemas would then have to be developed, which are needed to define the data transfers. „Only on this basis can the API development then take place. And data sharing under the Fida regime could then start at the beginning of 2028.“

The overarching aim of the regulation is to give customers control over their data and free it from silos in the sense of an open ecosystem. Access and disclosure of customer data in the context of financial services would thus be placed on a new legal footing, says Lühmann. As data owners, the banks are not entirely in favour of this. Together with insurers, they are now looking at what can be negotiated or limited.

Tanja Müller-Ziegler, member of the BVR Executive Board, says that the regulation would above all introduce additional bureaucratic requirements that would weaken Europe as a financial centre in global competition, and impair the desired competitiveness and innovative strength of the EU financial industry. She takes exception to the „excessively broad scope of application of the regulation“. The BVR considers it disproportionate that data collected during the advisory process could also be requested in future. There is also the risk of an uncontrolled outflow of European financial data to international data companies such as the Big Techs. The BVR therefore expressly warns against a hasty approach in the trilogue.

If open questions are not clarified in a timely manner, the project will have to be postponed. The BVR is in favour of market-driven solutions such as GiroAPI, an initiative of the cooperative financial group that is being driven forward together with the other associations under the umbrella of the German Banking Industry Committee (DK). As a scheme, GiroAPI creates a standardised account interface that enables third-party service providers with a supervisory licence to simplify payments and retrieve account information in a more targeted manner with the involvement of their customers. The DK had already announced at the end of January that there were plans to extend the scheme to other applications in the context of request-to-pay and open finance. The GiroAPI scheme is based on the EU-wide standardisation initiative „Berlin Group“ (OpenFinance API Framework), which keeps an eye on everything to do with payment transactions for the banking sector.

The APIs of German banks are generally recognised by fintechs as being of good quality. „We are already seeing the positive impact of PSD2, which made open finance applications for consumers possible in the first place. However, the overregulation within PSD2 has prevented truly efficient and customer-friendly solutions from being created,“ says André Rabenstein, CEO of WealthAPI. „One example from our sector of selective overregulation is the requirement for two-factor authentication for transaction data that is more than three months old.“

To counteract overregulation, Rabenstein believes that the EU should only define targets, such as reducing fraud to a certain percentage, but leave it up to the companies to decide how to achieve these targets. „I recognise the need for a robust and effective framework for access to financial data. However, the original Fida proposal had weaknesses that would have led to unnecessary bureaucracy and burdens for businesses. In this respect, it is good that the Commission and Council have already recognised such concerns", he says.

For the banks, the start of the trilogue means that they must start to prepare themselves for Fida. „Institutions should not wait until the regulation has been finalised. In particular, the IT requirements for setting up the customer dashboard and implementing interfaces for the exchange of customer data will be significant and cannot be implemented in the short term,“ says Daniel Lühmann.

This means that affected data owners will have to set up independent IT projects, for which there must be a plan and budget to ensure the portability of customer data. In future, customers will be able to make a request to their insurance company that relevant data is made available for use by third parties via a user-friendly format, the dashboard – for example, to be passed on to other providers as data users. „This increases transparency in the market and makes it easier for consumers to compare products or switch providers,“ says Lühmann. And insurtechs have the opportunity to develop new offers based on API data from insurance groups. WealthAPI CEO Rabenstein puts it this way: „We need a framework that promotes innovation and at the same time guarantees the protection of customer data.“