Payments in Europe have undergone a profound transformation over the past decade.
And with innovation and digitalization redefining the expectations of end consumers and merchants alike, regulators and institutions have understood the importance of having a regulatory framework to protect users and foster competition in the payments sector.
Like PSD2, which marked a decisive turning point in terms of strong authentication, FIDA (Financial Institutions Data Act) is the regulation for everything to do with data sharing!
Want to know more?
Let’s decipher the main points of this regulation, and its impact on your sector of activity as a merchant.
PSD2 & FIDA: complementary European regulations
In the payments sector, European regulations are constantly developing to guarantee the protection of your data and that of your consumers.
In January 2018, for example, the Second Payment Services Directive saw the light of day to step up standards and regulations for strong authentication.
In concrete terms, before PSD2, strong authentication of your consumers was only recommended, afterwards it became mandatory (and we invite you to read our article on PSD2 to find out all about it 😊).
Beyond cal, the major difference lies in the fact that PSD2 covers only part of the financial data with two major services: payment initiation on behalf of third parties and bank account information aggregation.
For FIDA, it will only be a question of authorizing read access to information, without being able to initiate payments on behalf of one of your customers.
Indeed, FIDA is in line with these regulatory developments in payments, responding to crucial issues in the fight against money laundering and the financing of terrorism, as well as to perfect the protection of sensitive data and the confidentiality of financial information.
As far as the stakeholders concerned are concerned, for FIDA the range is much wider than with PSD2, and FIDA provides for financial compensation for making data available to third parties.
And, any company that processes or uses its customers’ financial data is affected, so it’s not just banks and payment providers, as merchants you’re also affected especially if you’re in the insurance sector 😊.
What impact will FIDA have on merchants?
Any company managing its customers’ financial data (with the exception of the healthcare sector, which remains subject to stricter controls) is likely to be impacted, particularly in terms of the process of collecting and storing financial information.
By way of example, in the insurance sector, a large amount of so-called sensitive information is included in the scope of application of FIDA, such as data relating to insurance, provident and pension products.
Similarly, in the consumer credit and mortgage sectors, a large amount of data is collected to categorize a customer, including bank account data.
For all these players, known as Financial Information Service Providers (FISPs), FIDA has established strict rules for data sharing, involving the reinforcement of information and data storage systems to minimize the risk of data leakage and ensure that information shared with trusted third parties is properly protected.
And many areas will be impacted within financial information service providers, including :
- Marketing/communication departments, who will be responsible for informing customers about the processing of their data and any potential sharing with other players (while obviously respecting customer consent),
- Legal departments in charge of ensuring compliance with regulations,
- Business / CFOs: FIDA provides financial compensation for the use of secure data, giving companies an opportunity to increase the value of their stored data,
- IT departments, which will have to make data available via dedicated programming interfaces (APIs) and develop dedicated dashboards so that end customers can manage their consents.
FIDA: when is it due?
The first version of the FIDA regulation was proposed by the European Commission in June 2023 and included in the European Union’s finance strategy, then voted on in April 2024.
→ Concretely, its implementation is scheduled for 2026 or 2027, as it must be implemented within 18 to 24 months in all EU member states, following the example of PSD2.
FIDA, seen by many as a constraint, is in fact a real opportunity!
FIDA will lead to data sharing and greater transparency for all players, from banks and payment service providers to fintechs, start-ups and insurance companies.
For all of them, data infrastructures and, more broadly, information systems will have to be adapted to be able to manage and share all data securely.
In conclusion, FIDA marks a turning point in the way financial data is managed in Europe, and a crucial step in the transition to open banking.
While companies face significant challenges in terms of compliance, this legislation also presents opportunities to modernize processes, strengthen the security of financial systems and win the trust of consumers.
By adopting a proactive approach and fostering cooperation with your partners, if you as a merchant are concerned, you will not only have to comply with the new requirements, but also capitalize on this legislation to be able to create long-term value.
