Module 6: The Future Context - Preparing for PSR and FIDA
This final module synthesizes the technical knowledge of the openFinance framework with the strategic context of the forthcoming regulatory landscape, defined by two key pillars: the Payment Services Regulation (PSR) for payments and the Financial Data Access (FIDA) regulation for broader financial data. Understanding this dual evolution is critical for appreciating the long-term value of the Berlin Group's work and for making informed strategic decisions.
The Parallel Evolution: PSD3 and the Payment Services Regulation (PSR)
While FIDA creates the framework for Open Finance, the 3rd Payment Services Directive (PSD3) and the PSR are the direct successors to PSD2, refining and strengthening the rules for payment accounts. For API providers and users, the PSR introduces several critical changes that will directly impact technical implementations:
- Streamlined Strong Customer Authentication (SCA): The PSR aims to phase out clunky authentication journeys. It removes the mandatory requirement for banks (ASPSPs) to offer a redirect-based SCA flow. This strongly encourages a move towards more seamless, integrated authentication methods, such as decoupled or embedded flows, where the user can complete the entire process within the TPP app.
- Strengthening of Dedicated Interfaces (APIs): The regulation removes the obligation for banks to maintain a "fallback" mechanism (i.e., allowing TPPs to use the customer-facing online portal if the API is down), provided their dedicated API meets high-performance and availability standards. This places a much greater emphasis on the quality, reliability, and feature parity of the API itself, making robust standards such as those from the Berlin Group more important than ever.
- Mandatory Permission Dashboards: Similar to FIDA, the PSR mandates that all banks provide their customers with a clear "permission dashboard." This dashboard will allow users to monitor, manage, and revoke all consents they have given to TPPs for accessing their payment account data, reinforcing the principle of user control.
An Overview of FIDA's Scope and Key Requirements
The FIDA regulation, proposed by the European Commission in June 2023, is set to usher in the era of true Open Finance across the EU. It dramatically expands the principle of data sharing beyond payment accounts.
- Expanded Data Scope: FIDA applies to a vast range of customer financial data, including mortgage and loan agreements, savings accounts, investments in financial instruments, crypto-assets, pension products, and non-life insurance products. Payment accounts remain governed by the PSD3/PSR framework.
- Obligations on Data Holders: The regulation obliges financial institutions (acting as "data holders") to make customer data available to other authorised entities (acting as "data users") upon the customer's explicit request. This access must be provided without undue delay, continuously, and in real-time, where technically feasible.
- Customer Control via Permission Dashboards: A cornerstone of FIDA is customer empowerment. As with the PSR, data holders will be required to provide customers with a permission dashboard to manage all their data-sharing consents.
Financial Data Sharing Schemes (FDSS) and the Role of Standardised APIs
FIDA does not impose a single, top-down technical standard. Instead, it mandates a market-led approach through the establishment of Financial Data Sharing Schemes (FDSS).
- The FDSS Mandate: Within 18 months of the regulation coming into force, all data holders and data users must become members of at least one FDSS. These schemes are contractual arrangements between participants that will govern the rules of data access.
- The Role of APIs in FDSS: A central responsibility of each FDSS is to develop and agree upon common standards for the data to be shared and, crucially, the technical interfaces (APIs) through which it will be exchanged.
- Compensation Model: A key difference from PSD2 is that FIDA explicitly allows data holders to request "reasonable compensation" from data users in return for providing data access via the scheme's APIs. The rules and models for this compensation are to be determined by the members of each FDSS.
Positioning the openFinance Framework for a PSR and FIDA World
The dual requirements of PSR and FIDA create a clear and compelling case for the adoption of the Berlin Group openFinance API Framework. The framework is not just conceptually aligned; it provides a direct, practical, and market-proven technical blueprint for compliance with both sets of regulations.
The market will naturally need to converge on common standards to avoid the immense cost and inefficiency of a "Tower of Babel" scenario. The Berlin Group's openFinance framework is uniquely positioned to become this de facto standard. Its Extended AIS specifications already cover many of the data scopes required by FIDA, while its mature consent management and support for various SCA models provide a strong foundation for meeting the PSR's requirements.
For a financial institution, adopting the Berlin Group standard represents the most logical and cost-effective path to compliance. It allows them to leverage years of collaborative development, de-risking their FIDA and PSR projects and turning a significant regulatory challenge into a manageable technical implementation. Engaging with the openFinance API Framework is a strategic imperative for preparing for the next mandatory wave of data sharing in the European financial sector.
Module 6 Quiz
1. What is the primary objective of the proposed Financial Data Access (FIDA) regulation?
2. Under FIDA, what is the name of the governance structures that will be responsible for defining the contractual and technical rules for data access?
3. What is a key change for the user journey introduced by the new Payment Services Regulation (PSR) regarding Strong Customer Authentication (SCA)?