FINLAND Law and Practice Contributed by: Olli Kiuru, Jere Lehtimäki and Essi Hietaoja, Waselius
11. Open Banking 11.1 Regulation of Open Banking
• forgery and counterfeiting – creating fake docu - ments, signatures or financial instruments to deceive others and gain access to funds or assets; and • phishing and spoofing – employing deceptive tactics, such as fraudulent emails, websites or communications, to trick individuals into disclosing sensitive financial information. 12.2 Areas of Regulatory Focus In the past, the FIN-FSA’s supervisory priority has been the security of mobile and online banking, as well as addressing abuses in payment services and the corresponding compensation processes. Howev - er, the FIN-FSA has not specifically indicated a focus on fraud through its supervisory actions for 2025. Nevertheless, phishing (including smishing and vish - ing) fraud has caused the largest losses in the Finnish financial sector in recent years. Investment scams, such as those involving cryptocurrency exchange ser - vices, are also prevalent. The number of managing director scams has also been on the rise. 12.3 Responsibility for Losses The allocation of liability between the service provid - er and the customer is assessed on a case-by-case basis. For example, according to the PSA, the pay - ment service user’s liability for unauthorised payment transactions is generally limited to EUR50, unless they have acted intentionally or with gross negligence. Gross negligence refers to extremely serious care - lessness that clearly demonstrates a reckless attitude towards the security risks associated with the man - agement and use of payment instruments. In such cases, the conduct of the payment instrument holder must clearly and significantly deviate from the stand - ard of care expected. In many cases where the service provider has been held liable for an unauthorised payment transaction, the information provided in the text message (eg, concerning payment confirmation or an activation code) sent to the customer by the service provider prior to the incident has been deemed insufficient. Furthermore, recent court decisions have shifted more responsibility for implementing preventative measures against payment fraud onto the service providers. These measures include, for example, taking addi - tional actions to suspend abnormal payments.
PSD2 requires account servicing payment service pro - viders (ASPSPs) to allow payment users to make use of payment initiation service providers and payment account information service providers to obtain pay - ment services. In Finland, the open banking require - ments have been transposed into the PSA. Commis - sion Delegated Regulation (EU) 2018/389 sets more specific rules for dedicated interfaces. ASPSPs have been required to remove any obstacles identified within the shortest possible time and with - out undue delay (EBA/OP/2020/10). The European Data Protection Board (EDPB) has released guidelines regarding certain challenges in respect of the need for data subjects to remain in full control of their per - sonal data (Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR). 11.2 Concerns Raised by Open Banking The EDPB has set specific guidelines related to the payment user’s consent, the processing of a silent party’s data, the processing of special categories of personal data under PSD2 and data minimisation. For instance, pursuant to the EDPB’s Guidelines 06/2020, explicit consent in line with the GDPR is needed for the processing of personal data under PSD2. It is understood that banks and the authorities are still working on possible solutions to comply with the EDPB’s guidelines, such as “consent dashboards”. 12. Fraud 12.1 Elements of Fraud While specific details may vary, common elements of fraud in this sector include: • false representation – providing inaccurate informa - tion or misrepresenting facts to deceive individuals or entities involved in financial transactions; • identity theft – illegally using someone else’s identity, personal information or financial details for fraudulent purposes, often to gain unauthorised access to accounts or to conduct transactions;
283 CHAMBERS.COM
Powered by FlippingBook