On April 15, 2024, the Financial Market Commission ("CMF") published for consultation the draft of the general rule (the “Regulatory Proposal”) that will regulate the Open Finance System ("OFS") established by Law No. 21,521 ("Fintech Law").
The OFS aims to create an environment for the exchange of financial client information (who have expressly consented to it) among various financial service providers qualifying, according to the provisions of the Fintech Law, as participants in the OFS.
Content of the Regulatory Proposal
The Regulatory Proposal is divided into the following sections:
Section I: Scope of the OFS
Section II: Operation of the OFS
Section III: Security and Safeguards of the OFS
Section IV: Information of the OFS
Section V: Other Provisions
Section VI: Annexes
The most notable aspects of these sections are summarized as follows:
- Regarding the scope, the participating institutions of the OFS will be those that, according to the Fintech Law, qualify as (i) Information Providing Institutions ("IPI"), (ii) Account Providing Institutions ("IPC"), (iii) Information-Based Service Providers ("PSBI"), and (iv) Payment Initiation Service Providers ("PSIP" and, together with IPIs, IPCs, and PSBs, the "Participants").The Regulatory Proposal establishes that entities required to provide information or allow access to their accounts (i.e., IPI and IPC, respectively) must request their registration in "enabling lists," accrediting the minimum technical aspects established by the regulation. On the other hand, PSBI and PSIP must register in certain registries established by the Regulatory Proposal (Registry of Information-Based Service Providers and Registry of Payment Initiation Service Providers, respectively), meeting the requirements specified by the regulation.
- Regarding the system's operation, the Regulatory Proposal establishes that the main mechanism for data exchange within the system is Application Programming Interfaces or "APIs", defining the basic standards applicable to APIs, along with the availability levels and performance that these interfaces must meet, and the quality of the information to be exchanged within the system. The specifications, operational flows, and technical dictionaries associated with the implementation of the standards will be developed in Annex No. 3 "Technical Annex" of the Regulatory Proposal, whose text will be made available for public consultation by the CMF later on.Likewise, to facilitate interaction among different Participants, the CMF will manage a "Directory of Participants," allowing the search, consultation, and updating of entities enabled in the OFS, including their registration or authorization data, roles and profiles, certified digital API resources, among others.
- Concerning the security and safeguards of the SFA, the Regulatory Proposal establishes, among other things, requirements related to risk management and internal control of the Participants; cybersecurity and incident reporting; the mechanism for reporting operational incidents; and the elements that Participants must consider regarding business continuity, among others. Additionally, it considers the requirements and way in which client consent must be given as an essential condition for entities to access their financial information. Regarding this and in line with the spirit of the Fintech Law, the Regulatory Proposal allows such consent to be manifested through any means, physical, oral, digital, or electronic, as long as they offer sufficient certainty and meet other requirements established in the standard and establishes prohibitions and restrictions on Participants when obtaining it.
- Regarding the information of the OFS, the Regulatory Proposal establishes which data exchange is allowed to Participants and sets conditions, requirements, obligations, and responsibilities for Participants for this purpose. For these purposes, the Regulatory Proposal includes 2 annexes that regulate the taxonomies of variables and data to be provided and shared (Annex No. 1) and the coding that will allow distinguishing the different products reported in the system (Annex No. 2).
Implementation of the Regulatory Proposal
The implementation of the OFS will be gradual, considering the role played by each Participant:
- First Stage: This stage will last for 18 months as of the enactment of the Regulatory Proposal and includes the technological preparation and development of the tasks corresponding to the Participants and the CMF. Once this period is over, the Regulatory Proposal will come into effect.
- Second Stage: Once the Regulatory Proposal is in effect, gradual timelines are established, by type of participant and APIs, for these to be implemented within the OFS. These timelines range from 6 months (for the implementation of APIs on Customer Service Channels by banks, credit card issuers, and fund-providing payment card issuers) to 36 months, regarding APIs on commercial terms and product usage and history to be implemented by the entities indicated in the second paragraph, letters (a) to (h) of Article 18 of the Fintech Law.
The Regulatory Proposal can be commented on by the general public until May 15 of the current year, through the portal enabled by the CMF on its website.
