FiDA Regulation: Impact on Insurers and the Future of Open Insurance
The European Union's Financial Data Access (FiDA) regulation, slated for adoption in 2025, represents one of the most profound regulatory shifts for the insurance sector in recent years. Currently in trilogue negotiations, FiDA is the EU's response to the rapid digitalization of finance, aiming to foster a modern data economy. It promises to boost competition, enable new business models, and give consumers greater control over their financial data. For insurers, this marks the critical transition from Open Banking to Open Insurance. But will FiDA be a catalyst for innovation or merely a massive compliance burden? André Prossner and Christian Pilgrim from the consulting firm Forvis Mazars outline the key implications.
Advertisement
FiDA's Core Mandate: Expanding Data Access Beyond Payments
FiDA's goal is to extend and simplify access to financial data beyond payment services (PSD2) to include insurance, pensions, credit, and investments across Europe. It mandates insurance companies to provide customer data upon request via standardized Application Programming Interfaces (APIs). While data from statutory pensions, health insurance, and life insurance is exempt, a vast number of products—potentially up to 400 million contracts according to the GDV (German Insurance Association)—fall under its scope.
For consumers, this means enhanced data sovereignty. For insurers, it signifies a deep structural transformation requiring significant adaptation.
The Implementation Challenge: Technical and Organizational Overhaul
Insurers face a multi-faceted implementation challenge. They must:
- Adapt technical processes for data, API, consent, and permission management.
- Comply with stringent data protection (GDPR) and ICT security (DORA) requirements.
- Establish secure APIs to provide contract, claims, and other relevant data in high quality (available, complete, consistent), free of charge, in real-time, and in a structured format to both customers and authorized third parties like brokers, comparison portals, or InsurTechs.
This often necessitates modernizing legacy IT infrastructure and data management processes, including the harmonization and cleansing of existing data silos to ensure data quality.
Key Requirements: Dashboards, Documentation, and Data Governance
FiDA introduces specific operational mandates:
| Requirement | Description | Impact on Insurers |
|---|---|---|
| Financial Data Permission Dashboards | Consumers must be provided with dashboards to monitor and manage data access permissions. | Development of new customer-facing digital tools and interfaces. |
| Consent & Purpose Limitation | Explicit GDPR consent is required before data sharing. Consumers must be able to easily revoke access. | Robust consent management systems integrated into customer journeys. |
| Process Documentation | All processes—from consent to data transfer—must be documented and available for supervisory audits. | Enhanced internal governance, audit trails, and compliance reporting. |
| FISP Authorization | Third-party data access is restricted to authorized Financial Information Service Providers (FISPs), who must also comply with DORA. | Need to verify FISP authorization and ensure secure data exchange channels. |
The regulation also maintains the full force of GDPR and the Digital Operational Resilience Act (DORA), requiring insurers to implement strong authentication, encryption, monitoring, and incident management protocols.
Risks and Penalties: A High-Stakes Compliance Landscape
Non-compliance carries significant risks. Penalties for violating FiDA can reach up to €50,000 per infringement, up to €500,000 per year, or 2% of annual global turnover—similar to GDPR fines. Beyond financial penalties, reputational damage from data breaches or poor implementation could be severe.
The Opportunity: Turning Regulatory Change into Competitive Advantage
Despite the challenges, FiDA presents substantial opportunities for forward-thinking insurers:
- Improved Data Foundation: The push for high-quality, centralized data enables more precise risk assessment, pricing, and personalized product development.
- New Business Models: Open data access fosters partnerships with InsurTechs, other financial institutions, and even non-financial partners (e.g., automakers, energy providers), creating new, monetizable data-driven services.
- Enhanced Customer Centricity: By enabling tailored services and products, insurers can improve customer loyalty and competitiveness.
- Fuel for AI Initiatives: A robust, clean data ecosystem is the essential fuel for advanced analytics and artificial intelligence projects.
A primary concern among skeptics is that Big Tech companies (like Amazon, Apple) could become the main beneficiaries of open financial data. Insurers must proactively innovate to capture value themselves.
The Path Forward: A Holistic Compliance and Innovation Strategy
Success under FiDA requires a holistic approach that integrates data governance with IT security. Insurers should:
- Conduct early gap assessments to identify implementation needs.
- Collaborate with industry bodies to develop common standards.
- View compliance not as a cost center but as an investment in digital infrastructure that enables future growth.
- Prepare for a cultural shift towards greater data transparency and customer empowerment.
Time is of the essence. After the final EU agreement, a 24-month implementation window will begin. The insurers who start planning now, viewing FiDA as a strategic springboard into the era of Open Insurance, will be best positioned to transform this regulatory mandate into a sustainable competitive edge. The future will reveal whether the industry can successfully balance compliance with economic value creation and whether customers will embrace sharing their data for innovation.
Advertisement
Insurers and brokers are struggling with backlogs in claims management, rising claim frequencies, a shortage of skilled workers, and growing customer expectations. Manual processes are expensive and slow.