Account Aggregators: new framework to access, share financial data - The Indian Express
On September 2 eight of India’s major banks — State Bank of India, ICICI Bank, Axis Bank, IDFC First Bank, Kotak Mahindra Bank, HDFC Bank, IndusInd Bank and Federal Bank — joined the Account Aggregator (AA) network that will enable customers to easily access and share their financial data. The framework, which has been under discussion since 2016 and in the testing phase for some time, will now be open to all customers.
What is an AA?
According to the Reserve Bank of India, an Account Aggregator is a non-banking financial company engaged in the business of providing, under a contract, the service of retrieving or collecting financial information pertaining to its customer. It is also engaged in consolidating, organising and presenting such information to the customer or any other financial information user as may be specified by the bank.
The AA framework was created through an inter-regulatory decision by RBI and other regulators including Securities and Exchange Board of India, Insurance Regulatory and Development Authority, and Pension Fund Regulatory and Development Authority (PFRDA) through and initiative of the Financial Stability and Development Council (FSDC). The licence for AAs is issued by the RBI, and the financial sector will have many AAs.
The AA framework allows customers to avail various financial services from a host of providers on a single portal based on a consent method, under which the consumers can choose what financial data to share and with which entity.
What does an AA do?
It reduces the need for individuals to wait in long bank queues, use Internet banking portals, share their passwords, or seek out physical notarisation to access and share their financial documents. An Account Aggregator is a financial utility for secure flow of data controlled by the individual.
“Account Aggregators are an exciting addition to India’s digital infrastructure as it will allow banks to access consented data flows and verified data. This will help banks reduce transaction costs, which will enable us to offer lower ticket size loans and more tailored products and services to our customers. It will also help us reduce frauds and comply with upcoming privacy laws,” said Anjani Rathor, Chief Digital Officer, HDFC Bank.
Sumit Gwalani, cofounder of the financial app Fi (Epifi), said, “We know that users have multiple bank accounts, so when they leverage a feature like Ask.Fi, and ask for example how much they’ve spent, or how much they’ve saved, Fi can now give them an answer that scans all their accounts, in milliseconds. This is a big step towards a connected financial ecosystem.”
AAs with an operating licence include CAMSFinServ, Cookiejar Technologies (FinVu), FinSec AA Solutions (OneMoney) and NESL Asset Data Limited. AAs with in-principle approval include Perfios Account Aggregation Services, PhonePe Technology Services and Yodlee Finsoft.
How does it work?
It has a three-tier structure: Account Aggregator, FIP (Financial Information Provider) and FIU (Financial Information User).
An FIP is the data fiduciary, which holds customers’ data. It can be a bank, NBFC, mutual fund, insurance repository or pension fund repository. An FIU consumes the data from an FIP to provide various services to the consumer. An FIU is a lending bank that wants access to the borrower’s data to determine if the borrower qualifies for a loan. Banks play a dual role – as an FIP and as an FIU.
An AA should not support transactions by customers but should ensure appropriate mechanisms for proper customer identification. An AA should share information only with the customer to whom it relates or any other financial information user as authorised by the customer. 📣 Express Explained is now on Telegram. Click here to join our channel (@ieexplained) and stay updated with the latest
“AAs enable secure, consented data flows while protecting user privacy. In conjunction with other platforms like the UPI, Account Aggregator creates in India the most cutting edge digital financial infrastructure in the world,” said M Rajeshwar Rao, Deputy Governor, Reserve Bank of India.
What purpose does it serve?
According to iSpirt, a think tank for the Indian software products industry, an AA creates secure, digital access to personal data at a time when Covid-19 has led to restrictions on physical interaction. It reduces the fraud associated with physical data by introducing secure digital signatures and end-to-end encryption for data sharing.
These capabilities in turn open up many possibilities. For instance, whereasphysical collateral is usually required for an MSME loan, with secure data sharing via AA, ‘information collateral’ (or data on future MSME income) can be used to access a small formal loan. HDFC Bank andAxisBank have been using AA for auto loans, LendingKart for MSME loans, and IndusInd Bank for personal finance management.
What data can be shared?
An Account Aggregator allows a customer to transfer his financial information pertaining to various accounts such as banks deposits, equity, mutual fund and pension funds to any entity requiring access to such information. There are 19 categories of information that fall under ‘financial information’, besides various other categories relating to banking and investments. For sharing of such information, the FIU is required to initiate a request for consent by way of any platform/app run by the AA. Such a request is received by the individual customer through the AA, and the information is shared by the AA, after consent is obtained.
“The AA framework is an excellent initiative that will compile all the digital footprints of the customer at one place and make it easy for lenders like us to access it. It will enable us to provide very quick turnarounds to our customers,” said Manoj Viswanathan, MD CEO of HomeFirst Finance.
Can an AA see or store data?
Data transmitted through the AA is encrypted. AAs are not allowed to store, process and sell the customer’s data. No financial information accessed by the AA from an FIP should reside with the AA. It should not use the services of a third-party service provider for undertaking the business of account aggregation. User authentication credentials of customers relating to accounts with various FIPs shall not be accessed by the AA, the RBI says.