Information Risk Management Blog

ROI | Account Aggregator Ecosystem

Written by Akshay Mathur | Oct 28, 2021

Banks, insurance, and financial service firms are undergoing massive shifts through digital transformation. The focus on delivering exceptional digital experiences has resulted in these firms amassing digital data of unimaginable proportions. With new incumbents such as the fintech players, data security and privacy are increasingly getting harder as data is multiplying and is shared more widely than ever before. A data-rich Indian economy is transforming into a data-driven economy of the future. However, privacy regulations are a must. The human right to privacy is essential and digital players in the financial sector must adopt design thinking principles to keep the customers at the heart of business and not their respective products.

Financial service regulators such as SEBI, IRDAI, PFRDA, and RBI collaborated and it was 2016 when RBI came up with Master Directions on Account Aggregator (AA). The intent was to create a precise and secure approach for financial data transfer. In July 2019, came another milestone in the Indian financial industry when Mr. Nandan Nilekani launched “Sahamati”, a non-profit organization that became an industry alliance for AA. The sole mission of Sahamati is to drive adoption, innovation and compliance to regulatory standards amongst industry participants, with the ultimate goal of driving benefits to citizens through the Account Aggregator (AA) ecosystem.
In fact, the Personal Data Protection Bill has also been tabled in 2019 to define people’s right to personal data and the regulations for entities accessing user data. The same has been referred to JPC and efforts are on to get the bill passed soon and brought into law.

The AA model ensures consensual data flow and enables customers to share their data in a digital format, avoiding paper documents. The user’s encrypted data is not stored. AAs are data blind. They are authorized only to extract, aggregate, and transfer the data, ensuring total transparency.

Financial Institutions can join this framework to share and obtain financial data with user consent. This is the next big fintech revolution India is bound to experience. It offers tremendous opportunities for Banks, Insurance companies, Mutual Fund Houses, Wealth Management & Lending firms, and Personal Finance providers. As of date, RBI has awarded “Account Aggregator” operating licenses to four entities and in-principle licenses to three more.

The participating entities include Financial Information Providers - FIPs (Banks, Mutual Fund Houses, Insurance Providers, etc), Financial Information Users - FIUs (Lending firms, personal finance, wealth management firms, etc.), and Account Aggregators - AAs (Intermediaries who transfer data from FIP to FIU based on user consent.)

The power of AA Ecosystem ensures credit is accessible to people who are not a part of the credit ecosystem and make them a part of the formal economy. Even if companies and individuals are not a part of the economy, they can use their income to get a loan. This is financial inclusion at its best, where you don’t need assets to get a loan—the biggest incentive of joining the ecosystem is that It ensures access to credit at an affordable price. The platform is here to democratize data and humanize transactions.

How FIPs, FIUs, & AAs can benefit from AA Ecosystem

FIPs such as banking entities are the stewards of user data. They are financial institutions having customer’s financial information and are responsible for facilitating customers' sharing their information, on the basis of their consent presented through an AA. In return, they too would benefit from the ecosystem by gaining access to user data from industry peers. More importantly, they are getting a powerful platform to launch personalized services for their users. The AA ecosystem brings multiple use cases and a huge business potential for the financial institutions. FIUs can leverage the AA framework to get users’ data with explicit consent to provide personalized services. For instance, they can get verified data from bank statements, etc., before giving credit to users. They can attract small businesses by offering faster credit, eliminate time to physically examine user data, streamline the lending process, and onboard users faster. In the spirit of reciprocity, FIUs have to be FIPs as well.

Coming to AA or Account Aggregator, Every time a consensual transaction happens, they have the potential to earn money in terms of fee. Let’s see how it works – When the user data moves from a FIP to FIU, the AA gets the payment from FIU for generating consent to facilitate the data flow. While the fee is not fixed, AAs must strive towards making data access costs cheaper and easier for lenders. With the expectation of millions of data requests from lenders every month on the AA ecosystem, it's not an exaggeration to state that AAs have a very bright future.

The AA ecosystem can also help FIUs de-risk their loan book and reduce their non-performing assets. This can enable FIUs to offer their customers custom loan products and monitor loan accounts after disbursement to ensure lower loan loss provision. FIUs can actually reduce the risk of false document submissions. New cash flow-based loan products can be designed to provide credit based on income and behavior and not on assets. Lenders will be able to anticipate defaulters, monitor cash flows, and improve asset quality. Robo advisory services can also be reimagined. Through real-time access to user’s financial data, Robo advisory apps can give informed decisions.

Hence, the AA Ecosystem intends to reduce turnaround times to minutes for various financial processes and make it easier for people and MSMEs to apply for loans or financial products without using paper documents. It reduces the friction and cost of data gathering for underwriting reducing loan decision time drastically.

Sahamati Certification Framework for entities operating on AA Ecosystem

To embed trust and confidence along the business benefits, the Sahamati Certification framework also requires FIPs, FIUs, & AAs to adhere to the technical guidelines of Reserve Bank Information Technology Private Limited (ReBIT). The scope of this certification is to check API & functional flow adherence, along with the security specification compliance for API access authorization, encryption algorithms, cryptographic signatures, etc. This framework covers tests that check the integration of AA Ecosystem entities’ systems with a central registry, a common technical service provided by Sahamati to all ecosystem partners for enabling seamless interoperability and scalability.

Aujas is one of the earliest partners empanelled by Sahamati to certify the participating entities in the ecosystem.

With the strict parameters and certification in place, individuals need not worry because data is shared in encrypted form, and no one can see user data. The Account Aggregator is just a pipeline to transfer data with user consent. Users can revoke permission any time they want. The FIUs assess user data and then decide on whether the service should be rendered or not. Account Aggregators delete the data once the FIU successfully receives the data. Fears of people on financial data safety and privacy can be laid to rest.

Finally, on the very lines of UPI, The AA ecosystem Is a beginning of a new dawn, a significant opportunity for financial institutions to increase the velocity of services such as lending, and finance management by ensuring faster data access and nimble processing of applications. The ecosystem is here to bring financial empowerment for individuals through personalized financial management tools and help them achieve their financial goals. It will enable technology-based tools to promote affordable wealth management at scale across income levels. Let’s embrace this.


To know how Aujas can help your organization in getting certified, do get in touch with our experts at contact@aujas.com.