In a nutshell, open finance refers to third-party access to personal financial data. Briefly put, open finance is broader in scope than open banking, as it covers not only payments but also banking, investment and insurance products. While open banking is already incorporated into financial market regulations as a result of the Second Payment Services Directive (PSD 2), there is no legal framework yet that sets out the terms for the overall, interoperable and legally and technically secure implementation of open finance. The European Commission is now seeking to change this with its digital finance strategy.

Possible scenario for accessing data in the context of open finance

In the above example, the customer, who has signed a life insurance contract with an insurance company, has granted an open finance service provider access to the customer’s data.

This open finance service provider offers the customer a pensions dashboard, allowing the customer to view all the pension products they have with different providers in a single app. To do this, the open finance service provider would also need access to the customer data that these other providers have.

Figure: Illustrative example of data-sharing in the context of open finance

© BaFin

Based on this and further information on the customer’s financial situation – data which the open finance service provider could also access in the context of open finance – the app could identify a potential pension gap, and the open finance service provider could suggest products that could close this gap. Such products would be offered based on a direct contract between the customer and the open finance service provider.

In this example, the open finance service provider, having first obtained the customer’s consent to access their data, approaches the insurance company, which then has to make the customer’s data available to the provider. Such data would generally be accessed via technical interfaces, meaning that a separate contract would no longer be needed between the insurance company and the open finance service provider in a regulated environment.

Conditions for the successful implementation of open finance from a supervisory perspective

In BaFin's view, certain conditions must be fulfilled in order to achieve the objective of promoting innovation and competition by providing access to data in the financial sector. This is based on BaFin’s legal mandate to maintain the integrity and stability of the financial system, protect the collective interests of consumers, and preserve public trust in the financial system.

Business models that build on open finance must also reflect the above. For this reason, BaFin has set out supervisory conditions and framework parameters that should be considered in an open finance framework from its point of view:

(1) Definition of “open finance service provider” and possible authorisation requirements for open finance service providers

First of all, it is necessary to determine what an open finance service provider is and who provides open finance services. This also prompts the question of whether and how open finance service providers should be subject to financial regulation in order to appropriately address the risks that new business models entail (e.g. IT risks, consumer protection risks, reputational risks etc.).

A regulatory/supervisory level playing field is also being considered, meaning that those providing similar services with an equivalent risk profile should be subject to the same regulatory requirements. In other words, the principle of “same business, same risks, same rules” should apply here, too. Steps should therefore be taken to examine whether and how these services will be subject to an authorisation requirement and whether they should therefore be subject to ongoing supervision as well.

(2) Level of standardisation and interoperability of technical interfaces and the standardisation of data

To ensure that data can be accessed securely in a way that is as direct, automated and standardised as possible, open finance significantly depends on technical implementation, the customer’s consent for their data to be accessed and the implementation of access to data itself. The interfaces that are already being used under the Second Payment Services Directive could be expanded for this purpose.

In addition to the standardisation of interfaces and data, there are also fundamental questions as to whether setting up interfaces should be mandatory or voluntary and who should be responsible for standardisation.

(3) Preventing supervisory gaps in light of the different competences of the relevant authorities

As with other areas relevant to digitalisation in the financial market, open finance falls within the remit of various competent authorities. The different competences should be coordinated as cohesively as possible to ensure that there are no blind spots to the extent possible.

One example is financial supervision and data protection, which have to be considered at the same time. An open finance service provider’s access to the data that a financial entity has is likely to be regulated under a future open finance legislative act, but the processing of this data by the provider will of course continue to be subject to data protection laws. In such cases where access to data and data processing fall within the remit of different authorities, supervisory competences should be aligned as best as possible.

(4) Reciprocity for access to data and/or potential pricing for access to technical interfaces and/or data

Reciprocity for access to data refers to the fact that data is made available not only by the supervised entities offering products but also by open finance service providers and, possibly, other companies as well. They, too, have data that can be relevant for the companies that offer products and have to provide data. Depending on the rules to be set out, a level playing field should be created for all providers, which would prevent a concentration of individual market participants such as an oligopoly or even a monopoly.

Pricing is one way to compensate for the costs associated with providing data and interfaces. Moreover, it could also compensate for cases where reciprocal access to data cannot be implemented or is not worthwhile. Furthermore, pricing could be an incentive to provide high-quality interfaces and data. However, prices should not be disproportionally high either, as this would prevent data from being accessed and shared. In addition to the question of whether pricing is an option that could be looked into, questions relating to how high pricing should be and a price formation mechanism play a key role as well.

Initial results following a discussion at BaFinTech 2022 in Berlin

At BaFinTech 2022, BaFin experts and market participants discussed open finance and the ways in which the aforementioned requirements could be set out in a framework.

It became clear during the discussion that making open finance service providers subject to regulation/supervision could be an appropriate measure in order to take risks into account and create a level playing field. The account information services under the Second Payment Services Directive – specifically those under section 1 (34) of the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz – ZAG) – could offer guidance for taking these aspects into account.

During the discussion, the participants pointed out that, due to the heterogeneity of products and data, the market should take on and/or be significantly involved in the development of application-related standards for technical access interfaces and data. In addition, the participants noted that one option would be to build on the access interfaces that are already being used or market-driven initiatives that are already ongoing. Those involved in the discussion also noted that an established standard developed on the market could also be introduced as a legal standard if the establishment of access interfaces becomes mandatory in future.

As for technical access interfaces, market participants pointed out during the discussion that they were also in favour of setting up functions that go beyond data access exclusively. This would allow interfaces to be used in order to initiate transactions – e.g. for signing contracts – via open finance service providers.

Next steps

In its work programme for 2023, the European Commission announced its plans to present a legislative proposal for an open finance framework in Q2 2023. The expert group on European financial data space, which the European Commission set up last year, has also published a report on open finance and forwarded it to the European Commission.

Although this report focuses on open data rather than on the financial market exclusively, the conditions for sharing data mentioned above correspond by and large to the issues identified by the expert group which are to be incorporated into an open finance framework. The report does not specify which rules and regulations on these issues are to be established in line with other applicable regulations (e.g. in the areas of data protection and financial regulation). According to the report, more work and discussions are necessary here, too.

BaFin is following discussions on the open finance framework and is maintaining a dialogue with various stakeholders. It will actively assert its position in further discussions on open finance based on its competences and duty to maintain the stability and integrity of the financial system and protect the collective interests of consumers.