FIDA regulation: What banks and insurers should do now

FIDA regulation – the elephant in the room

If there were an “elephant in the room” among the upcoming EU regulations for the financial sector, FIDA (Financial Data Access) would be a hot candidate. The current draft of the European open finance regulation covers a wide range of products – from investments and loans to insurance policies – whose data must be made available to third parties at the customer’s request in future. Hardly any regulated financial institution does not fall within the scope of the future regulation per se. At the same time, FIDA is still under the radar in many of the companies affected and is rarely on the agenda of the management board.

Despite the prospect of simplification – as proposed in a recent non-paper by the EU Commission as part of the trilogue negotiations with the EU Parliament and Council – and a (very small) residual risk that FIDA will still be overturned shortly before the home straight, there are important reasons why financial institutions should not adopt a “wait-and-see” attitude, but should actively engage with the planned EU regulation as quickly as possible.

Five reasons why financial institutions should get to grips with FIDA now

1. It is very likely to happen. After briefly wavering in the first quarter of 2025, FIDA has been transferred to the trilogue talks, the next phase of which is now imminent. Despite opposition from various industry associations, the (probably somewhat streamlined) regulation will be successfully adopted in the coming months.
2. It remains a major compliance challenge. Even in a simplified form (for example, by removing large companies as a customer group or older data), FIDA will lead to a great deal of effort, which will in all likelihood exceed that of PSD2. It is not only already possible for affected institutions to classify this, but it is also a decisive basis for further steps.
3. The clock is ticking from the moment FIDA is adopted. The implementation deadlines may seem long at first, but 18 months for the formation of market-driven “data exchange schemes” for the first product groups is a tight deadline. And only six months after that, the data interfaces will have to go live according to the current draft.
4. It opens up considerable opportunities – both financially and strategically. Whether the potential outweighs the costs associated with implementation ultimately depends on the assessment of each individual institution. In particular, the potential to optimize existing offers and develop new, valuable products based on large volumes of highly relevant and standardized customer data is enormous. However, it is crucial to recognize this potential at an early stage: Only then can banks, insurance companies and other data owners position themselves as active data users and effectively shape the design of corresponding schemes.
5. It will change the competition. FIDA will generate a greater wave of innovation than PSD2 due to its significantly broader scope, the implementation of lessons learned from open banking and improvements in the area of AI. Both established competitors and non-financial institutions will use the opportunity to differentiate themselves or enter the market with new, data-driven products. Even a defensive strategy must take these aspects into account and should be developed at an early stage.

How banks and insurers can prepare themselves now

Payment service providers should use the time until the political agreement and adoption of FIDA as directly applicable law to carry out important preparatory work, in particular

• Create a fundamental awareness of FIDA and its significance. On the one hand, this must be done at management level in order to ensure the strategic classification, but also the correct technical and sufficiently broad positioning within the company. On the other hand, in addition to compliance, IT and operations, potentially affected product teams in particular should be brought on board at an early stage to ensure that not only the implications of data provision, but also possible use cases are considered at an early stage.
• Clarify the strategic direction. Should FIDA only be treated as a compliance implementation, or do you also want to include the benefits side in order to examine possible process improvements and product innovations? The regulatory provision could also be the reason to fundamentally rethink your own data strategy. To what extent do you also want to help shape the relevant scheme(s) in order to influence the rules of data exchange in cooperation with other market participants? Fundamental make-or-buy options for technical FIDA implementation should also be considered.
• Define an internal set-up for FIDA implementation. This should include all relevant internal stakeholders and at the same time consider coordination and participation at industry level. The framework for external support in the conception and implementation phase should also be defined.
• Make an initial assessment of the change impact. While the final version of the regulation will only emerge in the coming weeks and months, the impact on products, IT systems, data management, processes and organization can already be estimated on the basis of well-founded assumptions. Even if dynamic adjustments should be factored in, this provides a solid basis for planning implementation activities in 2026.

The aim of this first phase of activity is to enable the financial institution concerned to initiate and implement further strategic, conceptual and implementation decisions on FIDA in a well-informed and targeted manner, taking into account the relevant factors.

With our tried-and-tested “3I” workshop series, consisting of three short, well-structured inspirational workshops, we offer our clients an effective way to classify the most important issues and develop a good starting point for the launch of a structured program tailored to the specific requirements of the company.

1st inspiration workshop

The first step is to categorize FIDA as a whole and, in addition to compliance aspects, to understand the opportunities and business potential of use cases – as well as the risks. The current market situation is classified and the company’s position is discussed in an open dialog.

2nd information workshop

Based on this, the second workshop goes into more depth. Specific regulatory requirements are discussed and an initial mapping of affected organizational units, systems, products and data is created together with the workshop participants. This forms the starting point for the subsequent impact analysis

3rd positioning and initiation workshop

The third workshop serves to concretize strategic considerations regarding FIDA, define the stakeholder setup, determine follow-up steps and take the momentum generated into the professional and technical implementation phase.

Our experts will be happy to help you categorize FIDA in a discussion according to your company’s individual starting situation – contact us at any time.