Following the European Commission's PSD3, PSR, and FIDA proposals, here we look at the potential transition of account information services (AIS) from PSD3 to FIDA.
Key considerations include defining AIS comprehensively, addressing potential changes in access interfaces, balancing authentication requirements for security and user convenience, accommodating various operating models, and ensuring a smooth transition between the two regulatory frameworks.
Tink's preferred approach is to maintain AIS under PSD3 while creating overlap with FIDA, allowing time for the industry to adapt before considering a full transition of AIS under FIDA. This balanced approach aims to promote innovation, competition, and consumer protection in the financial sector.
Following this summer’s publication of the new PSD3, PSR and FIDA proposals, the industry has been abuzz with discussions surrounding the European Commission's efforts for the evolution of financial regulation in the European Union. Tink, as a leading player in this space, has been actively engaged in these discussions, providing plenty of insights and input.
This blog follows our recent post on FIDA, and here we zoom in on one specific, yet very important, topic – the rescoping and/or descoping of AIS within the new open finance framework, which according to FIDA Article 31 is set to be considered four years after enforcement of the framework. The potential transition of AIS from PSD3 to FIDA (or maybe ‘FIDA2’ when the Commission has its next review) brings several critical considerations to the forefront, and we wish to address these concerns while advocating for a balanced approach.
One of the fundamental aspects that requires careful thought is the definition of AIS within this changing context. Under PSD2, AIS was defined as ‘an online service to provide consolidated information on one or more payment accounts held by the payment service user (PSU) with either another payment service provider or with more than one payment service provider’. Many national competent authorities (NCAs) interpreted this definition as a service that needed to be provided directly to the PSU, which initially interrupted existing ‘aggregator’ business models whereby an account information service provider (AISP) transferred the consolidated information to a third party – such as a credit institution.
In the proposed PSR, AIS is redefined as ‘an online service of collecting, either directly or through a technical service provider, and consolidating information’. This new definition offers clear framing for AIS and can improve the interpretation of what AIS is and the services that AISPs deliver.
Looking ahead to a future where AIS is rescoped under FIDA, there should be considerations for an overlapping definition under FIDA today. Specifically, in order to ensure that AIS can also be captured in the future scope of financial information service providers (FISPs) by introducing a definition for ‘financial information services’ (FIS) – which is currently absent in the proposed FIDA text.
Either by adopting the proposed definition in the PSR or by introducing a broader scope such as ‘accessing and processing of the information that is available in the interface(s) offered by a financial service provider with the permission of the user’ would ensure that AISPs that also operate as FISPs can provide comprehensive information services in a consistent way, encompassing not only payment accounts but also other relevant financial data such as savings accounts and credit cards.
The re-scoping of AIS under FIDA could have far-reaching implications for the interfaces through which AISPs access data. Under PSD2, many account servicing payment service providers (ASPSPs) opted to create dedicated interfaces in the form of APIs to give AISPs secure and efficient data access. And in the proposed PSR, dedicated interfaces won’t be optional, but mandatory for all ASPSPs.
In Tink’s survey from November 2021, for which we surveyed 308 executives at financial institutions across Europe, findings showed that the mean annual spending on open banking initiatives has been in the range of €32 million, with some retail banks reporting spending in excess of €80 million.
The total investment by financial institutions into such initiatives may only increase as the proposed FIDA text states that data holders (such as banks) and data users (such as FISPs) should be required to be part of ‘financial data sharing schemes’ in order to enable the contractual and technical interaction necessary for implementing data access between multiple financial institutions.
Changes in scope or requirements for these interfaces must be evaluated to safeguard these significant investments. For AISPs and ASPSPs alike, continuity in AIS-based applications is crucial. Ensuring that dedicated interfaces remain viable and even receive enhancements under FIDA is key for the seamless functioning of AIS.
Authentication requirements also come into focus as the regulatory landscape shifts. PSD2 introduced Strong Customer Authentication (SCA) when accessing payment accounts online or requesting payment account information through an AISP – and the PSR proposal is not changing this. If AIS are to be re-scoped, FIDA should consider retaining these requirements for initial user opt-in while exempting the SCA for subsequent requests. This approach balances security with user convenience, allowing for the introduction of streamlined AIS and FIS processes.
Over the years, AISPs have adopted various operating models to provide their services, from aggregation to acting as technical service providers. If AIS is to be rescoped under FIDA, the regulatory framework must accommodate these diverse models to ensure a competitive and innovative ecosystem. Additionally, the licensing and registration regime deserves attention. Many AISPs are currently also authorised as Payment Initiation Service Providers (PISPs) under PSD2. The rescoping of AIS must not contradict the requirements in terms of licensing and anti-money laundering (AML) regulations to prevent undue compliance burdens.
Tink's preferred model envisions retaining AIS within PSD3 while establishing overlap with the FIDA scope. This approach provides AISPs and ASPSPs with the time needed to amortise investments and mitigate risks to business continuity. The convergence of AIS entirely under FIDA could be considered at a later stage, once the industry has adapted to the evolving landscape.
"Open banking and the shift towards open finance is a highly anticipated industry movement. Policymakers have the right goals in mind, but it is necessary to ensure that new regulations align to established business models while increasing competition, innovation and consumer protection."
– Jan van Vonno, Head of Industry & Wallets at Tink
In conclusion, the evolution of PSD2 to PSD3 and the introduction of FIDA represents a significant milestone in developing the EU’s financial and data ecosystem. To ensure a smooth and balanced shift, it’s key that there is careful consideration of definitions, access interfaces, authentication requirements, operating models, and the licensing regime. A harmonised approach that combines the strengths of both frameworks will ultimately foster innovation, competition, and consumer protection in the financial sector. Tink remains committed to contributing to these crucial discussions and shaping a bright future for open finance.
---
Case studies, comparisons, statistics, research and recommendations are provided “AS IS” and intended for informational purposes only and should not be relied upon for operational, marketing, legal, technical, tax, financial or other advice. Visa Inc. neither makes any warranty or representation as to the completeness or accuracy of the information within this document, nor assumes any liability or responsibility that may result from reliance on such information. The Information contained herein is not intended as investment or legal advice, and readers are encouraged to seek the advice of a competent professional where such advice is required.
2024-11-19
12 min read
Discover how the eIDAS 2.0 regulation is set to transform digital identity and payment processes across the EU, promising seamless authentication, enhanced security, and a future where forgotten passwords and cumbersome paperwork are a thing of the past.
Read more
2024-10-08
6 min read
Enhancing your affordability assessment with Tink’s data-enriched solutions helps you put an end to inaccurate data, prevent fraud in loan origination and stay compliant – read on to explore the benefits.
Read more
2024-09-24
4 min read
Pay by Bank offers a solution that addresses the potentially higher transaction fees and fraud risks while enhancing the customer experience for luxury retailers.
Read more
Contact our team to learn more about what we can help you build – or create an account to get started right away.