Account aggregators in India — an introduction

Srikanth Rajagopalan

Updated on Jun 16, 2021

THE PROBLEM 

Most new borrowers have no credit history or collateral to offer. Lenders need to assess alternate data — bank statements, cash flow, GST / direct tax returns, insurance, investments etc. — to assess and price the risk of lending to them. However, borrowers’ data are spread across silos in banks, insurers, telcos, healthcare providers and other institutions. Using these data is crucial in delivering relevant, affordable, and timely financial products. 

Today, there is no institutional framework for data owners to share their data with service providers. Most solutions involve significant user effort and friction. Data are usually shared with providers through physical statements — a time consuming process that introduces risks of information leakage and document tampering. 

THE NEED 

Empowering citizens to use their data safely, securely, and with their consent requires: 

• A data protection law (Justice SriKrishna Committee Report, expected to be enacted as law) 
• A transparent and auditable consent architecture that puts data owners in control of sharing their data 
• A standards-based, interoperable and scalable network of providers and users of data

THE SOLUTION 

The RBI approved a new class of NBFCs in 2016 to act as Account Aggregators (AAs) to provide data aggregation services based on data owners’ explicit consent. Account aggregators can extract, aggregate, and transfer — but not read or store — users’ encrypted data. RBI and other Financial Services Regulators (FSRs) are providing the required regulatory support and guidance for the rollout of AA. 

The following principles guide the functioning of AAs 

• AAs are data fiduciaries that manage customer consent 
• AAs fetch, consolidate, and aggregate data from Financial Information Providers (FIPs) 
• Basis customer consent, AAs present these data to Financial Information Users (FIUs) 
• AAs cannot read or store customer data 
• AAs can charge a fee for the service (commercial model WIP) 
• AAs cannot undertake any other business 

ACCOUNT AGGREGATION — A HIGH LEVEL VIEW 

Copyright © 2019 DigiSahamati Foundation 

GLOSSARY 

• FIP — Financial Information Provider: Bank, NBFC, AMC, depository, depository participant, insurance company, insurance repository, pension fund … 
• FIU — Financial information user: an entity registered with and regulated by any financial sector regulator 
• AA — Account Aggregator 
• FSR — Financial Sector regulator; RBI, SEBI, IRDAI, PFRDA 
• CR — Central Registry: A centrally hosted (under one of the FSRs) repository of Key/Certificate of FIU, FIP & AAs 

CONSENT 

• Consent is a digitally signed artefact collected by AA from a User (account holder) to be used to request the user’s financial information from their FIP 
• A user can query, pause, revoke consent at any time 
• Consent is generated and valid for only linked accounts at the FIP 
• AA acts as consent collector. The FIP maintains the most recent status of Consent, and verifies it before servicing FIU requests. 
• Consent is always associated with a recorded Purpose. The FIU is bound to use data thus fetched only for the stated Purpose. 

STATUS TODAY AND PLANS 

Eight banks and four non-banks are in various stages of rolling out services based on the account aggregator. The initial response from customers is encouraging. Lending and Personal Finance Management are the first use cases offered by FIUs, and work is on to expand this in the coming months 

WHAT NEEDS TO HAPPEN? 

• Financial Institutions need to prepare for their obligations once the Data Protection & Privacy Bill becomes law. Given the impact on their information security policies, risk management, operations, and technology, this is a good time to establish a consultative ecosystem of industry experts, regulators, and government bodies. 
• Kick-starting a two-sided network is always a challenge of who moves first, and why large incumbents should part with troves of data compiled over many years at significant cost. While these concerns are valid, experience — from credit bureaus and UPI — suggests that early movers gain long-term advantages of scale, efficiency, and differentiation. 
• Financial Institutions need to develop a framework that allows rapid execution, maximizes financial inclusion, while minimizing disruption to current operations. Many banks have created Innovation Centers and API gateways to accelerate experimentation and collaboration. However, mainstreaming successful experiments still needs significant risk, compliance, and IT effort to “integrate with the mothership”.

SUMMARY 

We are in the very early days of creating yet another India-first, disruptive and transformative ecosystem. What UPI did to the transfer of money, AA can do to the transfer of data. UPI, in 3 short years, has scaled to 1 billion transactions and 100 million users. Given the virtually unlimited addressable market, institutional support, and learnings from UPI, there’s every reason the AA ecosystem can scale to 10X what UPI has achieved in far lesser time.
 

The author is CEO, Perfios Account Aggregation Services Pvt. Ltd. Perfios AA is one of the eight entities awarded an in-principle approval by the RBI to offer Account Aggregation Services. Contact the author of this whitepaper: LinkedIn | email: srikanth@perfios-aa.com