What is Account Aggregator? All You Need to Know About AA framework

Why In News?

As the account aggregator ecosystem went live on September 2 following the Reserve Bank of India (RBI) framework,  experts said a viable commercial model needs to evolve for the system to become sustainable.

• The Finance Ministry last week unveiled the Account Aggregator (AA) network in banking with eight of India’s largest banks. It has been dubbed by the ministry as a financial data-sharing system that could revolutionize investment and credit, giving millions of consumers greater access and control over their financial records and expanding the potential pool of customers for lenders and fintech companies. 

Today, four apps are available for download (Finvu, OneMoney, CAMS Finserv, and NADL) with operational licenses to be AAs. 

• Three more have received in-principle approval from RBI (PhonePe, Yodlee, and Perfios) and may be launching apps soon.

Eight major banks join the account aggregator network

• Eight major banks have joined the account aggregator network that will enable customers to easily access and share their financial data.

• These lenders include State Bank of India, ICICI Bank, Axis Bank, IDFC First Bank, Kotak Mahindra Bank, HDFC Bank, IndusInd Bank, and Federal Bank

What is an Account Aggregator?

According to the Reserve Bank of India, an Account Aggregator is a non-banking financial company engaged in the business of providing, under a contract, the service of retrieving or collecting financial information pertaining to its customer. It is also engaged in consolidating, organizing and presenting such information to the customer or any other financial information user as may be specified by the bank

Framework of Account Aggregator (AA)

• The AA framework was created through an inter-regulatory decision by RBI and other regulators including Securities and Exchange Board of India, Insurance Regulatory and Development Authority, and Pension Fund Regulatory and Development Authority (PFRDA) through and initiative of the Financial Stability and Development Council (FSDC). The license for AAs is issued by the RBI, and the financial sector will have many AAs.

• As are licensed entities by the RBI to enable the flow of data between Financial Information Providers (FIPs) and Financial Information Users (FIUs). FIPs are institutions which hold customer data and FIUs are entities which consume data to offer better service, underwrite loans, etc. Here, going forward FIPs can be FIUs too.

Key Info About Account Aggregator

• An AA is a framework that simply facilitates sharing of financial information in a real-time and data-blind manner (Data flow through AA are encrypted) between regulated entities (Banks and NBFCs).

• AAs are licensed entities by the RBI to enable the flow of data between Financial Information Providers (FIPs) and Financial Information Users (FIUs).

• FIPs are institutions which hold customer data and FIUs are entities which consume data to offer better service, underwrite loans, etc. Here, going forward FIPs can be FIUs too.

• The RBI (Reserve Bank of India) in 2016 approved AA as a new class of NBFC (Non Banking Financial Companies), whose primary responsibility is to facilitate the transfer of user’s financial data with their explicit consent.

• The architecture of AA is based on the Data Empowerment and Protection Architecture (DEPA) framework.

• DEPA is an architecture that lets users securely access their data and share the same with third parties.

Data Empowerment and Protection Architecture (DEPA) Framework

• Data Empowerment and Protection Architecture (DEPA) is a new approach, a paradigm shift in personal data management and processing that transforms the current organization centric system to human-centric system.

• By giving people the power to decide how their data can be used, DEPA enables the collection and use of personal data in ways that empower people to access better financial, healthcare, and other socio-economically important services in real-time while preserving the safety, security and privacy of the user.

What is the Need of Account Aggregator?

• Currently, an individual’s data is spread across silos and islands in banks, telcos, healthcare institutions with no framework in place for them to share with their benefactors. This data is essential to help build better products for the individual/entity.

• An individual/entity has to collect, collate and share data themselves either physically or electronically. This is slow, and an expensive exercise.

• There is no framework available to integrate and aggregate them that can provide a full view of an individual/entity’s data.

• Also, there is no framework available that can let an entity access users’ data even with users’ permissions.

• As a result, there is still friction in accessing data and a large amount of data is not effectively leveraged.

• Hence, the transition of ‘data rich society’ to an ‘economic rich society’ is still not happening.

What does an Account Aggregator do?

• It reduces the need for individuals to wait in long bank queues, use Internet banking portals, share their passwords, or seek out physical notarization to access and share their financial documents. An Account Aggregator is a financial utility for secure flow of data controlled by the individual.

• India’s financial system today involves many hassles for consumers – sharing physical signed and scanned copies of bank statements, running around to get documents notarized or stamped, or having to share personal username and password to give a financial history to a third party. 

• The account aggregator network will replace all this with a simple mobile-based and secure digital data access and sharing process. This will create opportunities for new types of services, such as new types of loans.

Image Source: PwC India

How does it work?

• It has a three-tier structure: Account Aggregator, FIP (Financial Information Provider) and FIU (Financial Information User).

• An FIP is the data fiduciary, which holds customers’ data. It can be a bank, NBFC, mutual fund, insurance repository or pension fund repository. An FIU consumes the data from an FIP to provide various services to the consumer. An FIU is a lending bank that wants access to the borrower’s data to determine if the borrower qualifies for a loan. Banks play a dual role – as an FIP and as an FIU.

• An AA should not support transactions by customers but should ensure appropriate mechanisms for proper customer identification. An AA should share information only with the customer to whom it relates or any other financial information user as authorized by the customer.

What data can be shared?

• An Account Aggregator allows a customer to transfer his financial information pertaining to various accounts such as banks deposits, equity, mutual fund and pension funds to any entity requiring access to such information. 

• There are 19 categories of information that fall under ‘financial information’, besides various other categories relating to banking and investments.

• For sharing of such information, the FIU is required to initiate a request for consent by way of any platform/app run by the AA. 

• Such a request is received by the individual customer through the AA, and the information is shared by the AA, after consent is obtained.

• Gradually, the AA framework will make all financial data available for sharing, including tax data, pension data, securities data (mutual funds and brokerages), and insurance data available to consumers. 

• It will also expand beyond the financial sector to make healthcare and telecommunications data accessible to the individual through AA.

Can an AA see or store data?

• Data transmitted through the AA is encrypted. AAs are not allowed to store, process and sell the customer’s data. 

• Account aggregators cannot see the data; they merely take it from one financial institution to another based on an individual’s direction and consent.

• AA’s are not like technology companies that collect someone’s data and build a detailed profile of someone.

• The data AA’s share is encrypted by the sender and can only be decrypted by the recipient. The end to end encryption and use of technology like the ‘digital signature’ makes the process much more secure than sharing paper documents. 

Benefits of AA Framework

For Consumers:

• The AA framework allows customers to avail various financial services from a host of providers on a single portal based on a consent method, under which the consumers can choose what financial data to share and with which entity.

• It permits users to control who gets access to their data, track and log its movement and reduce the potential risk of leakage in transit.

No paperwork or KYC 

• The procedure of sharing data becomes simple once your bank or institution provider is registered, as the institution is connected to the AA system via APIs. 

• You don't need to submit any paperwork for KYC if you need a new loan, want to acquire an insurance policy, or want to invest in a mutual fund, for example. 

• All you have to do is give AA your permission to share your data with banks and organizations. 

• The AA will digitally extract the information from your bank and send it to the bank or organization where you are asking for a new loan or investment.

For Banks:

• As an addition to India’s digital infrastructure, it will allow banks to access consented data flows and verified data. This will help banks reduce transaction costs, which will enable them to offer lower ticket size loans and more tailored products and services to their customers.

Reduce Frauds:

• AA reduces the fraud associated with physical data by introducing secure digital signatures and end-to-end encryption for data sharing.

Misuse of Data:

• An AA is ‘data-blind’ as the data that flows through an AA is encrypted. Also, an AA does not and cannot store any user’s data – thus, the potential for leakage and misuse of user’s data is prevented.

Reference Article: AIR, IE