87 Amendments of Frances FITZGERALD related to 2023/0205(COD)
Amendment 158 #
Proposal for a regulation
Recital 3
Recital 3
(3) The Union has a stated policy interest in enabling access of customers of financial institutions to their financial data. The Commission confirmed in its communication on a digital finance strategy and Communication on a capital markets union adopted in 2021 an intention to put in place a framework for financial data access to reap the benefits for customers of data sharing in the financial sector. Such benefits include the development and provision of data-driven financial products and financial services, made possible by the sharing of customer data. In order to actualise these benefits, financial institutions should have the possibility of developing and providing tailor-made and data-driven financial products and services for customers based on the sharing of customer data with their consent.
Amendment 161 #
Proposal for a regulation
Recital 4 a (new)
Recital 4 a (new)
(4 a) This Regulation should only apply to financial data falling outside of the scope of the ‘open banking’ provisions under the Regulation (EU) [XXXX/XXXX] of the European Parliament and of the Council (PSR/PSD3).
Amendment 163 #
Proposal for a regulation
Recital 6
Recital 6
(6) The Union’s financial data economy therefore remains fragmented, characterised by uneven data sharing, barriers, and high stakeholder reluctance to engage in data sharing beyond payments accounts. Customers accordingly do not benefit from individualised, data-driven products and services that may fit their specific needs. The absence of personalised financial products limits the possibility to innovate, by offering more choice and financial products and services for interested consumers who could otherwise benefit from data-driven tools that can support them to make informed choices, compare offerings in a user-friendly manner, and switch to more advantageous products that match their preferences based on their data. The existing barriers to business data sharing are preventing firms, in particular SMEs, tofrom benefitting from better, convenient and automated financial services.
Amendment 164 #
Proposal for a regulation
Recital 6 a (new)
Recital 6 a (new)
(6 a) The sharing of data should seek to enhance innovation, benefit customers, and to provide innovative personalised financial products or services based, where appropriate, on clear use cases. Examples may include: improving the mortgage credit market for consumers by ensuring choices that better suit the consumer's needs or personal circumstances; facilitating the provision of high-quality financial advice to customers; utilising energy efficiency, energy consumption and climate data to provide new financial services to consumers; developing vehicle data sharing frameworks so that insurers, among other stakeholders, can offer innovative products, reduce damages, help improve road safety and eco-friendly mobility, and stimulate future technological developments.
Amendment 165 #
Proposal for a regulation
Recital 7
Recital 7
(7) Making data available by way of high-quality technical interfaces like application programming interfaces is essential to facilitate seamless and effective access to data. Beyond the area of payment accounts, however, only a minority of financial institutions that are data holders indicate that they make data available through technical interfaces like application programming interfaces. As incentives to develop such innovative services are absent, market demand for data access remains limited. To foster efficient data sharing, data holders and data users should make use of existing application programming interfaces infrastructures and common standards as mandated under Directive (EU) 2015/2366 and Commission Delegated Regulation (EU) 2018/389.
Amendment 168 #
Proposal for a regulation
Recital 9
Recital 9
(9) The data included in the scope of this Regulation should demonstrate high value added for financial innovation as well as low financial exclusion risk for consumers. This Regulation should therefore not cover data related to the sickness and health insurance of a consumer in accordance with Directive 2009/138/EC of the European Parliament and of the Council10 as well as data on life insurance products of a consumer in accordance with Directive 2009/138/EC other than life insurance contracts covered by insurance-based investment products. This Regulation should also not cover data collected as part of a creditworthiness assessment of a consumer. The sharing of customer data in the scope of this Regulation should respect the protection of confidential business data and trade secrets. of both the customer and the data holder. Data that is required to be shared shall not include trade secrets within the meaning of Directive (EU) 2016/943, including but not limited to methodological approaches. _________________ 10 Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (recast) (OJ L 335, 17.12.2009, p. 1).
Amendment 175 #
Proposal for a regulation
Recital 10 a (new)
Recital 10 a (new)
(10 a) The sharing of customer data, based on the consent of the customer, would empower in particular the customer to have access to a wider range of financial services goods and services. It would provide the possibility for consumers to benefit from the opening of the Single Market to increased access of retail financial services products from other Member States. This in turn should lead to the availability of more competitive, consumer-focused and cheaper financial services and products.
Amendment 176 #
Proposal for a regulation
Recital 10 b (new)
Recital 10 b (new)
(10 b) This regulation should be implemented according to the standards of existing and future EU law in the area of privacy and data protection, as well as the values of the Single Market. Therefore, undertakings designated as gatekeepers under Regulation (EU) 2022/1925 of the European Parliament and of the Council should not be ineligible data users under this Regulation.
Amendment 179 #
Proposal for a regulation
Recital 12
Recital 12
(12) Customer data on balance, conditions or transaction details related to mortgages, loans and savings can enable customers to gain a better overview of their deposits and better meet their savings needs based on credit data. This Regulation should cover customer data beyond payment accounts defined in Directive (EU) 2015/2366. Credit accounts covered by a credit line which cannot be used for the execution of payment transactions to third parties should be within the scope of t11 . This Regulation. It should therefore be understood that this Regulation covers thenot cover access to thedata on balances, conditions or transaction details related to mortgage credit agreements, loans, and savings accounts as well as the types of accounts not falling withing the scope of the Directive (EU) 2015/236611 .of payment accounts as defined under Directive (EU) / Regulation (EU) [XXXX/XXXX] of the European Parliament of the Council (PSR/PSD3). _________________ 11 Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337 23.12.2015, p. 35).
Amendment 181 #
Proposal for a regulation
Recital 13
Recital 13
(13) The customer data included in the scope of this Regulation should include sustainability-related information that should enable customers to more easily access financial services that are aligned with their sustainability preferences and sustainable finance needs, in line with the Commission’s strategy for financing the transition to a sustainable economy12 . Access to data relating to sustainability which may be contained in balance or transaction details related to a mortgage, credit, loan and savings account, as well as access to customer data relating to sustainability held by investment firms, can contribute to facilitating access to data needed to access sustainable finance or make investments into the green transition. Moreover, customer data in the scope of this Regulation should include data which forms part of a creditworthiness assessment related to firms, including small and medium sized enterprises, and which can provide greater insight into the sustainability objectives of small firms. The inclusion of data used for the creditworthiness assessment related to firms should improve access to financing and streamline the application for loans. Such data should be limited to data on firms and should not infringe intellectual property rights. _________________ 12 Communication From the Commission to the European Parliament, the Council, the European Economic And Social Committee and the Committee of the Regions, Strategy for Financing the Transition to a Sustainable Economy, COM/2021/390 final
Amendment 185 #
Proposal for a regulation
Recital 16
Recital 16
Amendment 188 #
Proposal for a regulation
Recital 16 a (new)
Recital 16 a (new)
(16 a) Data required to conduct Know- Your-Customer (KYC) processes by financial firms, including small and medium enterprises, can be valuable when onboarding new customers. Therefore, the sharing of such data should significantly contribute to lowering barriers to switching providers and therefore result in increased competition and innovation for financial products and services to the benefit of customers.
Amendment 189 #
Proposal for a regulation
Recital 17
Recital 17
(17) As this Regulation is meant to oblige financial institutions to provide access to defined categories of data at the request of the customer when acting as data holders, and allow the sharing of data based on customer permission when financial institutions act as data users, it should provide a list of the financial institutions that may act as either a data holder, a data user or both. Financial institutions should therefore be understood to mean those entities that provide financial products and financial services or offer relevant information services to customers in the financial sector. Data acquired from a third party where the data holder is not the original data holder should not be in the scope of this regulation.
Amendment 192 #
Proposal for a regulation
Recital 22
Recital 22
(22) The permission dashboard should display the permissions given by a customer, including when personal data are shared based on consent or are necessary for the performance of a contract. The permission dashboard should warn a customer in a standard way of the risk of possible contractual consequences of the withdrawal of a permission, but the customer should remain responsible for managing such risk. The permission dashboard should be used to manage existing permissions. Data holders should inform data users in real-timemmediately of any withdrawal of a permission. The permission dashboard should include a record of permissions that have been withdrawn or have expired for a period of up to two years to allow the customer to keep track of their permissions in an informed and impartial manner. Data users should inform data holders in real-timemmediately of new and re-established permissions granted by customers, including the duration of validity of the permission and a short summary of the purpose of the permission. The information provided on the permission dashboard is without prejudice to the information requirements under Regulation (EU) 2016/679. The permission dashboard may be combined with the permission dashboard established under the Payment Services Regulation.
Amendment 198 #
Proposal for a regulation
Recital 24
Recital 24
(24) This Regulation introduces a new legal obligation on financial institutions, when members of a financial data access scheme are acting as data holders, to share defined categories of data at request of the customerprovide data users with access to defined categories of data which are available digitally. The obligation on data holders to shareprovide access to data at the expressed request of the customer should be specified by making available generally recognised EU-wide interoperable standards to also ensure that the data sharaccessed is of a sufficiently high quality. The European Supervisory Authorities should be mandated to issue guidelines to ensure EU-wide interoperable data standards. The data holder should make customer data available continuously for the purposes and under the conditions for which the customer has explicitly granted permission to a data user for a specific service which is clearly identified by the customer, where relevant and technically feasible, on a continuous basis. Continuous access could consist of multiple requests to make customer data available to fulfil the service agreed with the customer. It could also consist of a once- off access to customer data. While the data holder is responsible for the interface to be available and for the interface to be of adequate quality, the interface may be provided not only by the data holder but also by another financial institution, an external IT provider, an industry association or a group of financial institutions, or by a public body in a member state. For institutions for occupational retirement provisions, the interface can be integrated into pension dashboards or existing pension tracking services that cover a broader range of information, as long as it complies with the requirements of this Regulation.
Amendment 201 #
Proposal for a regulation
Recital 25
Recital 25
(25) In order to enable the contractual and technical interaction necessary for implementing data access between multiple financial institutions, data holders and data users should be required to be part of financial data sharingaccess schemes. These schemes should develop data and EU-wide interoperable interface standards, joint standardised contractual frameworks governing access to specific datasets, and governance rules related to data sharingaccess and re-use. In order to ensure that schemes function effectively across the EU Single Market, it is necessary to establish general principles for the governance of these schemes, including rules on inclusive governance and participation of data holders, data users and customers (to ensure balanced representation in schemes), transparency requirements, and a well-functioning appeal and review procedure (notably around the decision- making of schemes). Financial data sharingaccess schemes must comply with Union rules in the area of consumer protection and data protection, privacy, and competition. The participants in such schemes are also encouraged to draw up codes of conduct similar to those prepared by controllers and processors underin accordance with Article 40 of Regulation (EU) 2016/679. While such schemes may build upon existing market initiatives, the requirements set out in this Regulation should be specific to financial data sharingaccess schemes or parts thereof which market participants use to fulfil their obligations under this Regulation after the data of application of these obligations. These schemes should not be required to replace or duplication existing data access schemes, including those established by way of the Directive (EU) 2015/2366, [insert reference – PSD], Regulation (EU) 2022/2554 and [insert reference – AMLR].
Amendment 210 #
Proposal for a regulation
Recital 31
Recital 31
(31) To promote consumer protection, enhance customer trust and ensure a level playing field, it is necessary to lay down rules on who is eligible to access customers’ data. Such rules should ensure that all data users are authorised and supervised by competent authorities. This would ensure that data can be accessed only by regulated financial institutions or by firms subject to a dedicated authorisation as financial information service providers’ (‘FISPs’) which is subject to this Regulation. Eligibility rules on FISPs, are needed to safeguard financial stability, market integrity and consumer protection, as FISPs would provide financial products andinformation services to customers in the Union and would access data held by financial institutions and the integrity of which is essential to preserve the financial institutions’ ability to continue providing financial services in a safe, sound, and soundecure manner. Such rules are also required to guarantee the proper supervision of FISPs by competent authorities in line with their mandate to safeguard financial stability and integrity in the Union, which would allow FISPs to provide throughout the Union the financial information services for which they are authorised.
Amendment 224 #
Proposal for a regulation
Recital 48
Recital 48
(48) Regulation (EU) 2016/679 applies when personal data are processed. It provides for the rights of a data subject, including the right of access and right to port personal data. This Regulation is without prejudice to the rights of a data subject provided under Regulation (EU) 2016/679, including the right of access and right to data portability. This Regulation creates a legal obligation to share customer personal and non-personal data upon customer’s request and mandates the technical feasibility of access and sharing for all types of data within the scope of this Regulation. The granting of permission by a customer is without prejudice to the obligations of data users under Article 6 of Regulation (EU) 2016/679. Permission under this Regulation should not be inferred as ‘consent’ or ‘explicit consent’ or ‘necessity for the performance of a contract’ as defined in Regulation (EU) 2016/679 and should be in alignment with the Directive (EU) 2015/2366 and the Commission Delegated Regulation (EU) 2018/389. Personal data that are made available and shared with a data user should only be processed for services provided by a data user where there is a valid legal basis under Article 6(1) of Regulation (EU) 2016/679 and, when applicable, where the requirements of Article 9 of that Regulation on the processing of special categories of data are met.
Amendment 229 #
Proposal for a regulation
Article 2 – paragraph 1 – point a
Article 2 – paragraph 1 – point a
(a) mortgage credit agreements, loans an as defined in Directive (EU) 2021/2167, loans with installments provided by the data holder, and accounts, including credit card accounts, except payment accounts as defined in the Payment Services Directive (EU) 2015/2366 and technical accounts, including data on balance, conditions and transactions;
Amendment 235 #
Proposal for a regulation
Article 2 – paragraph 1 – point b
Article 2 – paragraph 1 – point b
(b) savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets as well as the economic benefits derived from such assets; including data collected for the purposes of carrying out an ass comprising term deposits, structured deposits, and savings accounts, investments in financial instruments in accordance with Section C of Annex I of Directive (EU) 2014/65 and excluding derivative transactions used for risk management purposes, insurance-based invesstment of suitability and appropriateness in accordance with Article 25 of Directive 2014/65/EU of the European Parliament and of the Council32 ; _________________ 32 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (recast) (OJ L 173, 12.6.2014, p. 349).products, crypto-assets as defined in Article 3(1)(5) of Regulation (EU) 2023/1114, and other related financial assets as well as the economic benefits derived from such assets;
Amendment 250 #
Proposal for a regulation
Article 2 – paragraph 1 – point f
Article 2 – paragraph 1 – point f
Amendment 256 #
Proposal for a regulation
Article 2 – paragraph 1 – point f a (new)
Article 2 – paragraph 1 – point f a (new)
(f a) non-sensitive categories of data used by data holders to meet Know-Your- Customer (KYC) requirements for business customers.
Amendment 259 #
Proposal for a regulation
Article 2 – paragraph 2 – point b
Article 2 – paragraph 2 – point b
(b) payment institutions, including account information service providers and payment institutions exempted pursuant to Directive (EU) 2015/2366;
Amendment 263 #
Proposal for a regulation
Article 2 – paragraph 2 – point k
Article 2 – paragraph 2 – point k
(k) institutions for occupational retirement provision (IORP), excluding small IORP as referred to in Article 5 of Directive (EU) 2016/2341;
Amendment 267 #
Proposal for a regulation
Article 2 – paragraph 2 – point l
Article 2 – paragraph 2 – point l
Amendment 268 #
Proposal for a regulation
Article 2 – paragraph 2 – point m
Article 2 – paragraph 2 – point m
(m) crowdfunding service providers, which are not microenterprises or small or medium sized enterprises;
Amendment 269 #
Proposal for a regulation
Article 2 – paragraph 2 – point o
Article 2 – paragraph 2 – point o
(o) financial information service providers;
Amendment 270 #
Proposal for a regulation
Article 2 – paragraph 2 – point o a (new)
Article 2 – paragraph 2 – point o a (new)
(o a) operators of payment schemes
Amendment 274 #
Proposal for a regulation
Article 2 – paragraph 3
Article 2 – paragraph 3
3. This Regulation shall not apply to the entities referred to in Article 2(3), points (a) to (e), of Regulation (EU) 2022/2554 and to Article 2(5) points (4) to (23), [insert reference to CRD VI once published to the Official Journal of the European Union].
Amendment 288 #
Proposal for a regulation
Article 2 – paragraph 4 a (new)
Article 2 – paragraph 4 a (new)
4 a. With reference to other provisions on data access, responsible data use and permission dashboards and financial data sharing schemes, the European Commission may consider, where appropriate, the development of sector- specific use cases by way of delegated or implementing acts.
Amendment 293 #
Proposal for a regulation
Article 2 – paragraph 4 b (new)
Article 2 – paragraph 4 b (new)
4 b. The development of new or amended use cases shall take place in line with Article 30 of this Regulation.
Amendment 298 #
Proposal for a regulation
Article 3 – paragraph 1 – point 2
Article 3 – paragraph 1 – point 2
(2) ‘customer’ means a natural or a legal person who makesperson or a micro, small, or medium enterprise that is party to an agreement for the use of financial products and services;
Amendment 304 #
Proposal for a regulation
Article 3 – paragraph 1 – point 3
Article 3 – paragraph 1 – point 3
(3) ‘customer data’ means personal and non-personal data that is collected, stored and otherwise processed by a financial institution as part of their normal course of business wiin line with Regulation (EU) 2016/679 that is collected and stored by a financial institution in connection with an existing agreement between the customers which covers both data provided by a customer and data generated as a result of customer interaction with the financial institution and the financial institution as the primary data holder for the provision of such services; this shall not include data that is generated by a financial institution by way of enriching or modifying data provided directly by the customer;
Amendment 315 #
Proposal for a regulation
Article 3 – paragraph 1 – point 5
Article 3 – paragraph 1 – point 5
(5) ‘data holder’ means a financial institution other than an account information service provider that collects, stores and otherwise process and stores the data listed in Article 2(1) ;
Amendment 319 #
Proposal for a regulation
Article 3 – paragraph 1 – point 6 a (new)
Article 3 – paragraph 1 – point 6 a (new)
(6 a) 'financial information service' means the online service of collecting, consolidating, and enabling the comparison of customer data held by one or several data holders;
Amendment 324 #
Proposal for a regulation
Article 3 – paragraph 1 – point 7
Article 3 – paragraph 1 – point 7
(7) ‘financial information service provider’ means a data user or a data holder that is authorised under Article 14 to access the customer data listed in Article 2(1) for the provision of financial informationurposes of providing financial products or services;
Amendment 336 #
Proposal for a regulation
Article 3 – paragraph 1 – point 27
Article 3 – paragraph 1 – point 27
Amendment 342 #
Proposal for a regulation
Article 4 – paragraph 1
Article 4 – paragraph 1
The data holder shall, upon request from a customer submitted by electronic meansthrough a dedicated customer interface, make the data listed in Article 2(1) available to the customer without undue delay, free of charge, continuously, and in real-timethe state that it is held by the data holder at the time that access is requested by a customer.
Amendment 347 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
1. The data holder shall, upon request from a customer to do so submitted by electronic meansthrough a dedicated customer interface, make available to a data user the customer data listed in Article 2(1) only for the purposes for which the customer has granted permission to the data user. The customer data shall be made available to the data user without undue delay, continuously and in real-timethe state that it is held by the data holder at the time that access is requested by a data user. In the absence of a scheme, data sharing may occur on the basis of a contractual agreement between the data holder and the data user.
Amendment 359 #
Proposal for a regulation
Article 5 – paragraph 2
Article 5 – paragraph 2
2. A data holder may claim compensation from a data user for making customer data available pursuant to paragraph 1 only if the customer data is made available to a data user in accordance with the rules and modalities of a financial data sharing scheme, as provided in Articles 9 and 10, or if it is made available pursuant to Article 11. This is without prejudice to accessing, sharing and using data on a purely contractual basis without making use of the data-access obligations established by this Regulation.
Amendment 369 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1 a. Consumers shall not be prevented from accessing a financial product by a data user solely because they did not give permission for their data to be accessed in the manner set out under Article 5(1). For the purposes of the implementation of this paragraph, the burden shall be on the data user to show that permission was given.
Amendment 372 #
Proposal for a regulation
Article 6 – paragraph 2
Article 6 – paragraph 2
2. A data user shall only access customer data made available under Article 5(1) for the purposes and under the conditions for which the customer has granted its permission. A data user shall delete this customer data, including all backups, without undue delay when it is no longer necessary for the purposes for which the permission has been granted by a customer.
Amendment 388 #
Proposal for a regulation
Article 6 – paragraph 4 a (new)
Article 6 – paragraph 4 a (new)
4 a. The obligations contained in this Article apply to the initial receipt of data by a data user. Once the data user collects, stores and processes data as per the definition in Article 3(5), it should be considered a data holder and therefore subject to the corresponding obligations on data holders in Article 5.
Amendment 392 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. The processing of customer data referred to in Article 2(1) of this Regulation that constitutes personal data shall be limited to what is necessary in relation to the purposes for which they are processed. Customers that refuse to grant permission to share sets of their data shall not be refused access to financial products for this reason.
Amendment 395 #
Proposal for a regulation
Article 7 – paragraph 2
Article 7 – paragraph 2
2. In accordance with Article 16 of Regulation (EU) No 1093/2010, the European Banking Authority (EBA) shall develop guidelines on the implementation of paragraph 1 of this Article for products and services related to the credit score of the consumer, mortgage credit agreements, accounts including credit card accounts, and investment products. The EBA shall submit the draft guidelines referred to in the first subparagraph to the Commission by ... [XX].
Amendment 398 #
Proposal for a regulation
Article 7 – paragraph 3
Article 7 – paragraph 3
3. In accordance with Article 16 of Regulation (EU) No 1094/2010, the European Insurance and Occupational Pensions Authority (EIOPA) shall develop guidelines on the implementation of paragraph 1 of this Article for products and services related to risk assessment and pricing of a consumer in the case of life, health, motor, home, and sickness insurance products. These guidelines shall include provisions on how data may be used to avoid excessive granularity that undermines the risk sharing principle of insurance. EIOPA shall submit the draft guidelines referred to in the first subparagraph to the Commission by ... [XX].
Amendment 411 #
Proposal for a regulation
Article 7 – paragraph 4 a (new)
Article 7 – paragraph 4 a (new)
4 a. The European Supervisory Authorities (ESAs) shall develop guidelines on the processing of customer data referred to in Article 2(1)(fa) of this Regulation that constitutes non-sensitive data.
Amendment 413 #
Proposal for a regulation
Article 8 – paragraph 1
Article 8 – paragraph 1
1. A data holder shall provide the customer with a permission dashboard, in line with the specifications required for data permission dashboards as foreseen under Regulation (EU) [XXXX/XXXX] of the European Parliament of the Council (PSR/PSD3), to monitor and manage the permissions a customer has provided to data users.
Amendment 416 #
Proposal for a regulation
Article 8 – paragraph 2 – point a – introductory part
Article 8 – paragraph 2 – point a – introductory part
(a) provide the customer with an overview of each ongoing permission given to data users, to the extent that is provided by the data user, including:
Amendment 431 #
Proposal for a regulation
Article 8 – paragraph 3 a (new)
Article 8 – paragraph 3 a (new)
3 a. The data holder shall ensure that the permission dashboard is designed to be user-friendly, with information presented in a neutral way and not in a way that would encourage or unduly influence the customer to grant or withdraw permissions.
Amendment 433 #
Proposal for a regulation
Article 8 – paragraph 4 – introductory part
Article 8 – paragraph 4 – introductory part
4. The data holder and the data user for which permission has been granted by a customer shall cooperate to make information available to the customer via the dashboard in real-timemmediately. To fulfil the obligations in paragraph 2 points (a), (b), (c) and (d) of this Article:
Amendment 435 #
Proposal for a regulation
Article 8 – paragraph 4 – point a
Article 8 – paragraph 4 – point a
(a) The data holder shall inform the data user of changes made to a permission, including withdrawal, concerning that data user made by a customer via the dashboard.
Amendment 439 #
Proposal for a regulation
Article 8 – paragraph 4 – point b a (new)
Article 8 – paragraph 4 – point b a (new)
(b a) The data user shall be responsible for the accuracy of the data provided to the data holder.
Amendment 449 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. Within 18 months from the entry into force of this Regulation, dData holders and data users shall become members of a financial data sharing scheme governing access to the customer data in compliance with Article 10 according to the timeline set out in Article 9(1a)-(1c).
Amendment 452 #
Proposal for a regulation
Article 9 – paragraph 1 a (new)
Article 9 – paragraph 1 a (new)
1 a. Within 36 months from the entry into force of this Regulation data holders and data users of the following categories of customer data shall become members of a scheme: accounts, including credit card accounts, except payment accounts as defined in the Payment Services Directive (EU) 2015/2366 and technical accounts, savings, represented by term deposits, and savings accounts.
Amendment 453 #
Proposal for a regulation
Article 9 – paragraph 1 b (new)
Article 9 – paragraph 1 b (new)
1 b. Within 48 months from the entry into force of this Regulation data holders and data users of the following categories of customer data shall become members of a scheme: mortgage credit agreements as defined in Directive (EU)2014/17, and data relating to loans with instalments provided by the data holder;
Amendment 454 #
Proposal for a regulation
Article 9 – paragraph 1 c (new)
Article 9 – paragraph 1 c (new)
1 c. Within 60 months from the entry into force of this Regulation data holders and data users of the following categories of customer data shall become members of a scheme: investments in financial instruments, in accordance with Section C of Annex I of Directive (EU) 2014/65 and excluding derivative transactions used for risk management purposes, insurance based investment products, other related financial assets, structured deposits, and crypto assets as defined under Article 3(1)(5) of Regulation (EU) 2023/1114, non- life insurance products, occupational pension schemes, pan- European private pension schemes, and remaining categories also covered by Article 2(1);
Amendment 458 #
Proposal for a regulation
Article 9 – paragraph 2 a (new)
Article 9 – paragraph 2 a (new)
2 a. This Regulation shall be without prejudice to any data exchange that may occur based on contractual agreements outside the scope of this Regulation.
Amendment 461 #
Proposal for a regulation
Article 10 – paragraph 1 – subparagraph 1 – point a – point i
Article 10 – paragraph 1 – subparagraph 1 – point a – point i
(i) data holders and data users representing a significant proportion of the market of the product or service concerned, with each side having fair and equal representation in the internal decision- making processes of the scheme as well as equal weight in any voting procedures; where a member is both a data holder and data user, its membership shall be counted equally towards both sides;
Amendment 462 #
Proposal for a regulation
Article 10 – paragraph 1 – subparagraph 1 – point a – point ii
Article 10 – paragraph 1 – subparagraph 1 – point a – point ii
(ii) customer organisations and consumer associations with expertise in financial services, in an observer role.
Amendment 469 #
Proposal for a regulation
Article 10 – paragraph 1 – subparagraph 1 – point g
Article 10 – paragraph 1 – subparagraph 1 – point g
(g) a financial data sharing scheme shall include the common standards for the data and the technical interfaces to allow customers to request data sharing in accordance with Article 5(1). The common standards for the data and technical interfaces that scheme members agree to use may be developed by scheme members or by other parties or bodies; The development of common standards for the data and technical interfaces shall draw on existing international or industry- recognised standards;
Amendment 486 #
Proposal for a regulation
Article 10 – paragraph 1 – subparagraph 1 – point h – point v
Article 10 – paragraph 1 – subparagraph 1 – point h – point v
(v) it should be devised to gear compensation towards the lowestr levels prevalent on the market; and
Amendment 487 #
Proposal for a regulation
Article 10 – paragraph 1 – subparagraph 1 – point h – point vi a (new)
Article 10 – paragraph 1 – subparagraph 1 – point h – point vi a (new)
(vi a) it should ensure that the remuneration to the data holder is not borne by the customer.
Amendment 489 #
Proposal for a regulation
Article 10 – paragraph 1 – subparagraph 1 – point h a (new)
Article 10 – paragraph 1 – subparagraph 1 – point h a (new)
(h a) Taking into account the level of compensation in the market, in particular regarding the developments in the calculation, the EBA in cooperation with ESMA and EIOPA shall publicly report to the Commission on a yearly basis on the evolution of compensation fees. The Commission shall, if necessary, adopt a delegated act in accordance with Article 30 to address market failures using proportionate and appropriate tools. The EBA, ESMA and EIOPA shall consult data holders and data users upon the drafting of these reports.
Amendment 504 #
Proposal for a regulation
Article 11 – paragraph 1 – introductory part
Article 11 – paragraph 1 – introductory part
In the event that a financial data sharing scheme is not finalised for one or more categories of customer data listed in Article 2(1), the European Commission shall consult with all stakeholders and submit a report to the European Parliament and the Council setting out any grounds for intervention by the European Commission.The report shall take account of any existing work towards a scheme already undertaken by the industry.The report shall lay down the modalities under which a data holder may make customer data available pursuant to Article 5(1) for that category of data: (a) common standards for the data and, where appropriate, the technical interfaces to allow customers to request data sharing under Article 5(1); (b) a model to determine the maximum compensation that a data holder is entitled to charge for making data available; (c) the liability of the entities involved in making the customer data available. In the event that a financial data sharing scheme is not developed for one or more categories of customer data listed in Article 2(1) and there is no realistic prospect of such a scheme being set up within a reasonable amount of time, the Commission is empowered, after consultation with all stakeholders, to adopt a delegated act in accordance with Article 30 to supplement this Regulation by specifying the following modalities under which a data holder shall make available customer data pursuant to Article 5(1) for that category of data:
Amendment 507 #
Proposal for a regulation
Article 12 – paragraph 1
Article 12 – paragraph 1
1. A financial information service provider shall be eligible to access customer data under Article 5(1) for the provision of financial information services if it is authorised by the competent authority of a Member State.
Amendment 510 #
Proposal for a regulation
Article 12 – paragraph 1 a (new)
Article 12 – paragraph 1 a (new)
1 a. A registered account information service provider as defined in Directive 2015/2366/EU may only access data under Article 5(1) if they have been authorised as a financial information service provider.
Amendment 511 #
Proposal for a regulation
Article 12 – paragraph 2 – subparagraph 1 – introductory part
Article 12 – paragraph 2 – subparagraph 1 – introductory part
A financial information service provider shall submit an application for authorisation to the competent authority of the Member State of establishment of its registered office, or, in the case of a legal person or other undertaking established in a third country, in the Member State where those legal persons have appointed their representative, together with the following:
Amendment 513 #
Proposal for a regulation
Article 12 – paragraph 2 – subparagraph 1 – point a
Article 12 – paragraph 2 – subparagraph 1 – point a
(a) a programme of operations setting out in particular the type of access to data envisaged and if the financial information service provider holds any customer data under Article 2(1);
Amendment 517 #
Proposal for a regulation
Article 12 – paragraph 3 – subparagraph 1 – introductory part
Article 12 – paragraph 3 – subparagraph 1 – introductory part
Financial information service providers shall hold a professional indemnity insurance covering the territories in which they access dataseek to provide financial products or services, or some other comparable guarantee, and shall ensure the following:
Amendment 519 #
Proposal for a regulation
Article 12 – paragraph 4 – subparagraph 1 – point a
Article 12 – paragraph 4 – subparagraph 1 – point a
(a) the information to be provided to the competent authority in the application for the authorisation of financial information service providers, including the requirements laid down in paragraph 12, points (a) to (lk);
Amendment 520 #
Proposal for a regulation
Article 12 – paragraph 4 – subparagraph 1 – point c
Article 12 – paragraph 4 – subparagraph 1 – point c
(c) what is a comparable guarantee, as referred in paragraph 23, which should be interchangeable with a professional indemnity insurance;
Amendment 521 #
Proposal for a regulation
Article 12 – paragraph 4 – subparagraph 1 – point d
Article 12 – paragraph 4 – subparagraph 1 – point d
(d) the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance or other comparable guarantee referred to in paragraph 23.
Amendment 523 #
Proposal for a regulation
Article 12 – paragraph 4 – subparagraph 2 – point b
Article 12 – paragraph 4 – subparagraph 2 – point b
(b) whether the undertaking provides other types of services or is engaged in other business or is a data holder;
Amendment 527 #
Proposal for a regulation
Article 13 – paragraph 4
Article 13 – paragraph 4
4. Financial information service providers shall notify the name, address, the electronic mail address and telephone number of their legal representative to the competent authority in the Member State where that legal representative resides or is established. They shall ensure that that information is up to date on an ongoing basis.
Amendment 528 #
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
1. The competent authority shall grant an authorisation if the information and evidence accompanying the application complies with of the requirements laid down in Article 11(1) and 2(1), (2), and (3), and in the case of third country financial infromation service providers, Article 14(2). Before granting an authorisation, the competent authority may, where relevant, consult other relevant public authorities.
Amendment 532 #
Proposal for a regulation
Article 14 – paragraph 2 – point c
Article 14 – paragraph 2 – point c
(c) where the third country financial information service provider is subject to supervision, and the competent authority shall seek tos put in place an appropriate cooperation arrangement with the relevant competent authority of the third country where the financial information service provider is established, to ensure an efficient exchange of information;
Amendment 534 #
Proposal for a regulation
Article 14 – paragraph 5
Article 14 – paragraph 5
5. The competent authority shall grant an authorisation only if it is satisfied that any outsourcing arrangements willis not render the financial information service provider abeing carried out for the purposes of benefitting from a regulatory framework in a jurisdiction in which they have leitterbox entityle or no material operations or that they are not undertaken as a means to circumvent the provisions of this Regulation.
Amendment 538 #
Proposal for a regulation
Article 14 – paragraph 7 – subparagraph 2
Article 14 – paragraph 7 – subparagraph 2
The competent authority shall give reasons for any withdrawal of an authorisation and shall inform those concerned accordingly. The competent authority shall make public the withdrawal of an authorisation, in an anonymised version.
Amendment 541 #
Proposal for a regulation
Article 15 – paragraph 1 – point c a (new)
Article 15 – paragraph 1 – point c a (new)
(c a) The information listed in Article 28(2).
Amendment 542 #
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
Amendment 544 #
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
3. The register shall be publicly available on EBA’s website and shall allow for easy searching and accessing the information listed and should be machine readable.
Amendment 546 #
Proposal for a regulation
Article 15 – paragraph 5
Article 15 – paragraph 5
5. The competent authorities of Member States shall communicate without delay to EBA the information necessary to fulfil its tasks pursuant to paragraphs 1, 3, and 34. Competent authorities shall be responsible for the accuracy of the information specified in paragraphs 1 and 3 and for keeping that information up to date. They shall, where technically possible, transmit this information to EBA in an automated way.
Amendment 563 #
Proposal for a regulation
Article 30 – paragraph 3
Article 30 – paragraph 3
3. The delegation of powers referred to in Article 2(4a), Article 2(4b), and Article 11, may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.
Amendment 566 #
Proposal for a regulation
Article 30 – paragraph 6
Article 30 – paragraph 6
6. A delegated act adopted pursuant to Article 2(4a), Article 2(4b), and Article 11, shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of three months of notification of that act to the European Parliament and to the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by three months on the initiative of the European Parliament or of the Council.
Amendment 567 #
Proposal for a regulation
Article 30 – paragraph 6 a (new)
Article 30 – paragraph 6 a (new)
6 a. When applying Article 2(4a), Article 2(4b), and Article 11, the European Commission shall consult with all relevant stakeholders and the European Supervisory Authorities for the development and amendment of use cases.
Amendment 579 #
Proposal for a regulation
Article 36 – paragraph 2
Article 36 – paragraph 2
It shall apply from [OP please insert the date = 24 months after the date of entry into force of this Regulation]. However, Articles 9 to 13 shall apply from [OP please insert the date = 18 months after the date of entry into force of this Regulation]. The application of this Regulation shall be congruent with the application dates of Regulation (EU) … [XXX - PSR] and Directive (EU) … [XXX - PSD3] and no earlier.