DIGITALEUROPE’s Response to the Call for Evidence on the Open Finance Framework

Executive summary

Of the policy options in the Inception Impact Assessment, DIGITALEUROPE supports the promotion of market-driven standardisation to address the existing technical obstacles to data reuse without introducing any new data access rights.

Within an EU voluntary data sharing framework, Open Finance could grow Europe’s digital economy by speeding up the introduction of new digital services on the EU Single Market and engaging new players in the European digital finance ecosystem.

The EU has a vital interest in getting it right. It should avoid a repeat of the rocky implementation of Open Banking. That means avoiding a rigid, prescriptive framework and embracing a principles-based one allowing for diverse commercial models that drive innovation and competition in Europe. Such approach should encourage voluntary data-sharing among companies as a way to expand Europe’s data ecosystem, including through the combination of data from different sectors in a voluntary manner. It should also reaffirm that the individual has rights over their personal data and is consequently entitled to access it. We believe market-driven standardisation can truly enhance new service delivery and improve customer experience, as opposed to the introduction of new mandated third-party data access rights that would disincentivise private investments into digitisation. DIGITALEUROPE strongly believes the success of the EU Open Finance framework will depend on:

• Fixing the shortcomings of the EU’s Open Banking
• High-quality Application Programming Interfaces (APIs)
• Customer trust in data-sharing
• Appropriate compensation for data holders
• Regulatory coherence with other horizontal EU data-related policies

Why Open Finance matters

The Commission’s ambition for Open Finance could herald new opportunities for embedded financial services where payments, loans, and even insurance become completely seamless operations for the customer. That means improving user-friendliness in fintech product usage and, in turn, making financial services more inclusive across Europe. Data-driven economies can offer the means to meet customer expectations.

The benefits of Open Finance are not just relevant to users, but also to stakeholders. They offer the opportunity to provide premium APIs, which would allow financial institutions to commercialise access to savings information, credit card information as well as investment information, among others.

Enablers of Open Finance

High-quality standardised APIs

The quality of APIs remains one of the challenges for the current adoption of Open Banking. APIs’ performance is key. Any EU initiative looking into API development for Open Finance should:

• Place industry at the forefront of API specification design. The Commission should recognise work already done under existing initiatives, like the PSD2, but must also provide the opportunity for industry to develop other mechanisms for real-time, secure data exchanges. There are ongoing market initiatives, like the SEPA Payment Account Access (SPAA) Scheme and Berlin Group, which the Commission should take into account to maximise synergies.
• Be technology-neutral. The focus should be on the framework conditions for data access, not on the API technology enabling the access. Doing otherwise will lock the industry into API specifications that will get technologically outdated in the future.
• Foster standardisation driven by the market. The need to prioritise market-led standardisation is one of the main lessons from the implementation of PSD2 and it is key for interoperability, including with other sectors beyond financial services. Standards should continue to be developed through consensus-based, market-driven, fair, inclusive and transparent processes in alignment with international and European standardisation organisations.

There are important learning points from the challenging and difficult implementation of Open Banking. Articles 66 and 67 of the PSD2 should have already made it a reality, but there are lingering problems around it.

For example, there still lie obstacles in the user interface which continue to inhibit access to customer payment account data by third-party providers (TPPs)[1] and, in turn, adoption of Open Banking by consumers and businesses. TPPs must be confident that they can build products based on an infrastructure that is reliable and will not cause issues such as cardholder abandonment and lower sales conversions. At the same time, consumers also need to trust that using APIs in Open Banking infrastructure will work.

Consumer trust in data-sharing

Consumer trust will be critical to developing Open Finance. All aspects of data sharing should address consumer protection, dispute resolution and liability in a manner that balances the provision of sufficient information to ensure transparent data processing with the opportunity to introduce new services within the data-sharing ecosystem. Trust is all the more important as real-time sharing of data with third parties poses security, data protection and fraud risks without proper safeguards in place.

We believe the Commission should guarantee trust around the following pillars:

• Alignment with the GPDR: the GDPR offers the necessary data protection framework for Open Banking and Open Finance. It is therefore key to ensure any initiative seeking to encourage personal data access aligns with it. Users should be given full control over their personal data. When required by law, consent of the payment service user must be freely given, specific, informed and unambiguous.
• Consent management tools: Open finance framework should explore the inclusion of the necessary tools to empower consumers to control their data. In this respect, the effective operationalisation of consent management tools will be important to improve the effective use of GDPR processing based on consent.
• Data and financial literacy: there is great added value in launching activities on these issues and directing them to consumers, developers and data holders while considering the specific sensitivities of each of these groups. For consumers, we recommend campaigns explaining each step of the open finance user journey.

Level playing field in access to financial data

A level playing field is crucial to encourage innovation and thus build an EU data-sharing ecosystem which is truly sustainable and competitive. SMEs can play an important role in such ecosystem and advance new use cases in the field of open finance, including use cases drawn from across multiple sectors and based on voluntary data-sharing.

This is why the EU Open Finance framework must apply to all TPPs, regardless of the size of the entity, and develop clear taxonomies and market standards appropriately applicable to all market participants. Competition and innovation in the EU Single Market will thrive if the focus is on ensuring a sustainable data-sharing framework across industries, guaranteeing reciprocity across participants aligned with the move towards Open Finance, and facilitating data flows between companies belonging to a variety of sectors in full respect of the freedom of contract principle.

Appropriate compensation for data holders

The EU Open Finance regulatory framework should clearly recognise that it is often incentives which drive innovation and competition. We believe it is essential to establish consistent compensation provisions for all data holders of all sizes. These provisions should be based on market value, as defined by market actors, so as not to disincentivise first movers into Open Finance. Compensation should not only cover setting up and maintaining the infrastructure to make data available, or collecting and structuring the data. There are important costs for product development to consider in compensation provisions. There should also be an emphasis to maintain policy coherence. To this extent, it is important to avoid that Data Act provisions under Article 9 (3), which allow implementing legislation or other EU law to reduce or eliminate compensation in sectorial frameworks, do not create inconsistencies with the EU Open Finance framework, or even market asymmetries, by reducing or eliminating compensation in specific sectors such as finance.

Any regulatory framework should enable financial institutions to derive value from and compete for the best APIs available in the market. Developers should have the ability to access data through APIs and other secure communication protocols, in order to incentivise financial institutions to develop best-in-class APIs. A future framework must be comprehensive and complementary to existing initiatives. That would help mitigate the risk of fragmented national legislation, which could exclude compensation or provide for lower compensation for making data available, which in turn may lead to market asymmetries.

Regulatory coherence

The EU Open Finance framework should take into account existing regulations and be designed in coordination with ongoing legislative initiatives. Policy-makers must ultimately ensure consistency in the overall stock of data-related policies and regulations in the EU, either already adopted or in the making. We lament that such consistency is not fully present in ongoing EU regulatory discussions. The EU Open Finance framework should contribute to these goals of regulatory consistency and coherence. It should complement in a clear manner other horizontal and sector-specific EU data policies. Examples of relevant pieces of law, either recently adopted or being still discussed, include the Data Act proposal, the Digital Markets Act, the Digital Services Act, the GDPR, the Data Governance Act (DGA) and international data transfer agreements, as well as sectoral initiatives such as the Payment Services Directive 2 (PSD2) and the Digital Operational Resilience Act (DORA). Data transfers and cloud security are for example a clear focus area where regulatory coherence must still be ensured. A DIGITALEUROPE’s in-depth analysis of upcoming European legislation on these aspects, including the European Cybersecurity Certification Scheme for Cloud Services (EUCS) and the Data Act, reveals major flaws and tensions with equivalent rules set out in the GDPR.^[2]

Finally, we also highlight how the EUCS’s focus on data localisation, EU headquarters and EU control will not only severely affect the quality and security in the European cloud market, but will also make it more difficult for European companies to operate globally. We have highlighted how data flows are essential, especially in data-rich sectors like finance. Studies show data analytics can reduce payments’ fraud by between 3 and 30%. Allowing financial data to flow globally is key to improve the security, resilience and innovation of the EU financial ecosystem.^[3]

Use case

We specifically highlight the benefits of market-driven standardisation with regards to fostering the sharing of datasets from households on their energy use and property, all without granting new mandated access rights to such data. These datasets can help making sound advice on greener energy choices or green financing for renewable energy installation. The Open Finance Framework could encourage the deployment of funding, including from the Digital Europe Programme, to support such market-driven standardisation activities.

References

[1] According to Directive (EU) 2015/2366 on payment services (PSD2), a third-party provider is an entity authorised to access accounts upon customer consent (while not operating those account itself). Payment initiation service providers and Account information service providers are examples of TPPs under the PSD2.

[2] DIGITALEUROPE, Data Transfers in the EU Data Strategy: Understanding myth and reality, 2022

[3] DIGITALEUROPE, The importance of international data flows in the European financial ecosystem, 2021