Open insurance: EU aims to ensure a free flow of data in the financial sector with FIDA
While the flow of data is already a reality in the banking world, insurance is still in its infancy when it comes to open insurance. This is set to change: the European Commission has presented a draft regulation to regulate access to financial sector data. What is open insurance and to what extent are insurers affected by FIDA? Below is an overview.
Whether open data, open science or open banking, the idea of ‘openness’, i.e. open access to certain scientific processes or data, is nothing new. However, the move towards a comprehensive open data economy is gaining in importance, especially in view of new innovative technologies, the increasing emergence of digital platforms and ecosystems, and changing customer needs. The insurance industry is not unaffected by these developments – the key term here being open insurance.
Creation of an EU financial data space
The two approaches known as open banking and open insurance are combined under the term ‘open finance’, and are part of the overarching data strategy of the European Commission of 19 February 2020. According to the EU’s report on open finance dated October 2022, the European data strategy calls for the creation of a common European financial data space to promote innovation, market transparency, sustainable finance and access to finance for European companies through improved data sharing (‘Report on open finance’).
Open finance: the flow of financial data beyond payment transactions
According to the EU’s report, open finance refers to the access, sharing and re-use of personal and non-personal data of the financial industry. This has already been made possible in the banking world with the revised Payment Services Directive (PSD2), which was adopted in 2015 – an important step towards open banking. Subject to the client’s consent, banks have been obliged to permit third-party providers (account information and payment initiation services) to access accounts and certain data belonging to their clients under the PSD2 directive since September 2019.
Open finance extends its scope beyond payment transactions to include banking, investment and insurance products, taking into account the GDPR. Access to data by third parties takes place only with the consent of the customer and usually via technical interfaces.
The meaning of open insurance – EIOPA
According to the European Insurance and Occupational Pensions Authority (EIOPA), there is still no universally applicable definition for the term open insurance. EIOPA defines open insurance in the broadest sense as accessing and sharing insurance-related data, usually via Application Programming Interfaces (APIs). The data should be available in a standardised format. In February 2021, the EIOPA published a discussion paper entitled ‘Open insurance:accessing and sharing insurance-related data’ to prepare the insurance sector for the European data strategy and to discuss key issues.
The EU wants to create a legal framework for data flows in the financial sector
With the exception of open banking, the flow of data in the financial sector has not yet been regulated. This is why the European Commission now wants to create a binding legal framework for the flow of data in the financial sector with the draft regulation ‘Framework for Financial Data Access (FIDA)’. FIDA was published and submitted for consultation on 28 June 2023 (FIDA draft). The proposal builds on the revised Payment Services Directive (PSD2) and also concerns the insurance industry.
FIDA requires flows of data
The FIDA draft regulation requires banks, insurers and financial institutions to allow third-party providers access to certain financial data at the request of their customers. Third-party providers that are not financial institutions need to be certified by the national supervisory authorities. The draft explicitly states that FIDA is consistent with the GDPR.
Access to data is subject to the following conditions:
- Customers are not obliged to share their data with data users
- Holders of customer data are obliged to make the data available to data users
- Customers have full control over who accesses their data and for what purpose
- Standardisation of customer data and the necessary technical interfaces
With regard to the insurance sector, the following companies or products are affected by FIDA: Life insurers with insurance-based investment products (IBIP), PEPP providers, providers of company pension schemes and non-life and accident insurers. FIDA does not apply to health insurance providers. Biometric products are also excluded.
Data from transactions with private and business customers
The regulation covers personal and non-personal data from transactions with private and business customers. Data must be made available electronically – promptly, free of charge, continuously, in real time and on the basis of generally accepted standards. A Financial Sharing Data Scheme aims to regulate the secure and standardised flow of data. In addition, financial institutions are required to provide their clients with a permission dashboard that allows them to manage and control data access rights. (FIDA draft)
FIDA aims to facilitate innovation in the financial sector
The regulation aims to give consumers more control over their financial data, make it easier to compare products and make it easier to switch providers. At the same time, it should make it easier for third-party providers to offer innovative, customer-centric financial products and services. These opportunities can also be seized by insurers, as they are not only data holders, but also data users, i.e. third-party providers.
‘What’s next?’
It is still unclear when FIDA will enter into force. The feedback period ended on 1 November 2023. The German Insurance Association (GDV) submitted a statement on the draft back in July 2023. Now the European Parliament and the European Council are negotiating on FIDA. According to Jan Ceyssens, Head of the Digital Finance Unit at the European Commission, the legislative process ‘will take at least another year, maybe even longer’. Ceyssens said this at a GDV webinar on 7 November 2023. The upcoming European elections in 2024 could further delay the process.
We will keep an eye on FIDA and update you on further developments in our blog.
