Financial Data Access (FiDA)

Data exchange between the various players is to take place on the basis of a Financial Data Sharing Scheme (FDSS), which defines the necessary standards and also regulates their operationalisation. This includes technical standards relating to data, interfaces, protocols, authentication and regulations on liability, dispute resolution, compensation and other processes. Taking into account the heterogeneity of the data concerned and the various players in the European area, it is to be expected that several FDSSs will emerge in parallel, which must, however, guarantee interoperability and secure data exchange. The European Union has delegated the task of defining the FDSS to the market participants. The first potential candidates for FDSS development are already emerging in the banking and insurance sectors. With the concretisation from December 2024, the EU Council has limited the number of sharing schemes. Accordingly, a scheme should aim to represent at least 25% of the relevant clientele of a product in a geographical market - the three most important data holders must be notified to the supervisory authority.

The update to the draft regulation contains a staggered timetable. While there was initially talk of a single deadline, there is now a three-phase breakdown. This concerns both the overall implementation deadline and the deadline for joining an FDSS:

• 24 months Overall deadline: customer data on consumer credit agreements, accounts, savings and car insurance, deadline for FDSS requirements: 18 months
• 36 months Total period: Customer data on consumer credit agreements relating to residential property, investments in financial instruments, crypto investments and pension products, including PEPP, deadline for FDSS requirements: 30 months
• 48 months Total period: Other customer data: Deadline for FDSS requirements: 42 months

When implementing the requirements - especially in the FDSS context - it is important to take into account the other applicable legal requirements, such as the EU General Data Protection Regulation ("GDPR"), the Digital Operational Resilience Act ("DORA"), the Payment Services Directive 3 (PSD 3) or the Payment Services Regulation (PSR) and to secure them contractually and in the internal documentation and to carefully map the corresponding liability regulations.

The introduction of FiDA brings both challenges and business opportunities in varying degrees, depending on the role that banks, insurance companies, asset managers and other financial service providers will take on in the FiDA scheme, i.e. essentially whether a player will act as a data owner or data user (or both).

The main challenge for data owners is to adapt processes, data architecture, IT systems and data management within a very short implementation period in such a way that the FiDA requirements are met on time and compliance risks are avoided, particularly with regard to the required real-time provision of data. Many data owners will need to adapt, particularly in the areas of master data management, data quality, data governance and data platforms, in order to be able to provide the required data securely, efficiently and on time in the right quality and granularity. At the same time, data owners have the opportunity to utilise the potential of an improved data architecture in other ways and, not least, to offer innovative, data-based products themselves in the role of data user.

For data users, the FiDA Regulation offers extensive opportunities to develop and market new business areas and innovative products and services based on the data that is now available. In order to actually take advantage of the opportunities and realise further market potential and shares, data users must be able to use the appropriate IT systems, processes and governance to record and process the data accordingly and to develop and offer attractive, data-based products with real added value for customers. For existing data owners, the question arises as to whether and to what extent they may also want to become data users within the meaning of the FiDA in the future in order to participate in the resulting opportunities.

It is also to be expected that, in addition to data owners and data users, other players such as industry associations and technology providers will also become involved, for example as providers of a data exchange platform. The question for all stakeholders is whether and to what extent they should initially participate in the definition of an FDSS or join one or more of them.

Addressing the topic of FiDA in good time, even before the regulation comes into force, will be decisive in determining whether you are a frontrunner in shaping the implementation of FiDA and thus the future of the financial sector within your own economic environment and successfully realising business opportunities, or whether you are a latecomer struggling with the timely adaptation of IT systems, the launch of new products and the threat of compliance risks.

It is also to be expected that competitors will enter the market early on with innovative, data-based products and services.

Depending on which role(s) you will take on as a player in the FiDA scheme, it is advisable to address the following questions in an exploration phase at this early stage:

KPMG offers customised advice for every phase of FiDA implementation, taking all relevant dimensions and perspectives into account. To achieve this, we rely on an interdisciplinary team that combines in-depth expertise in the financial services sector with competence in the areas of strategy and operations, regulatory, legal, IT solutions and data management.

In the current early FiDA exploration phase, KPMG supports you and your company in the following important short-term steps:

* The legal services are provided by KPMG Law Rechtsanwaltsgesellschaft mbH.