In June 2023 the European Commission issued a legislative proposal for a Framework for Financial Data Access (FiDA), which focuses on expanding access to customer data across a wide range of financial services.
Given the tight coupling of the finance and technology service industries between the EU and Switzerland, it is reasonable to expect that FiDA will affect a broad range of Swiss-based entities. This includes institutions serving EU customers directly and the service providers supporting them.
FiDA has not yet entered into force, but the effort required to comply with it may be substantial. In the following sections we examine the framework itself and consider its impact on companies in Switzerland.
The FiDA framework is another step towards implementation of the EU’s digital finance strategy for building a more competitive and innovative European financial sector. This strategy, adopted in 2020, is designed to promote data-driven innovation in finance by establishing a common financial data space. This is in addition to the principles of open banking as defined in the 2nd Payment Services Directive (PSD2) which has been in force since 2018.
EU’s president von der Leyen, in her 2022 State of the Union Letter, confirmed that data access in financial services is among the key new initiatives for 2023 and beyond. The speech was followed up with a report on open finance from an Expert Group on the European Financial Data Space, which discussed key elements of an open finance system and made an assessment of selected data sharing use cases.
At the time of this publication, FiDA remains in the proposal stage and the exact adoption date is not yet confirmed. In December 2024, the Council of the European Union issued a communication affirming its preparedness to negotiate the final form of the legislation with the European Parliament. This represents the final significant step before the legislation comes into effect; however it is challenging to predict the duration of the negotiations.
FiDA establishes an obligation for EU-based financial institutions to enable third-party access to customers’ data and sets rules that govern it. The regulation is far reaching and covers the majority of financial service providers, including (but not limited to):
However, with prior authorisation, non-financial firms will also be granted access, greatly increasing the number of players in the EU’s open data ecosystem.
Participating entities can assume the following (either or both at the same time) roles:
Data holder – an entity that maintains (holds) and processes data provided by customers and data generated as a result of customer interaction.
Data user – any entity listed in FiDA that has lawful access to customer data following permission from a customer.
The proposed framework contains the following key provisions:
On obtaining a customer's consent, a financial institution (data holder) shall make data available to an authorised third party (data user) without undue delay, continuously, and in real time. The data shall be provided in a format based on generally recognised standards and at least in the same quality available to the data holder. Data holders and data users shall have interfaces and communication channels in place to enable data transfers and for data users to make efficient use of the data.
In particular, financial service providers with an EU presence (acting either as data holders or data users) are likely to be affected by both new compliance obligations and increased competition due to improved data access for other firms.
Companies that decide to enter the EU market as data users shall appoint a legal representative in one of the EU member states and obtain authorisation as a Financial Information Service Provider, to meet the requirements outlined in Article 12 of FiDA on application for authorisation.
The impact on suppliers will depend largely on the type and extent of the services they provide. For example, service providers that work directly with customer data may need to develop new data storage and transmission functionalities to comply with the requirements of a particular data sharing scheme.
Based on our experience with EU regulations, we have listed several specific areas where we anticipate that companies will face challenges when either introducing new processes and controls or evidencing current arrangements in response to regulatory changes introduced by FiDA:
Deloitte in Switzerland offers a wide range of services that can help
data holders and data users to prepare for FiDA, in particular: