In early September 2021, eight major Indian banks went live on the Account Aggregator Network,[1] marking the launch of the Reserve Bank of India’s (“RBI”) Account Aggregator System. Previously in 2016, the RBI had issued the Non-Banking Financial Company – Account Aggregator Master Directions 2016,[2] (“RBI Master Directions”) to establish a framework for the registration and operation of account aggregators in India (“Account Aggregator Framework”).

The Account Aggregator Framework seeks to revolutionize lending and money management by digitizing the process of data sharing in a tamper-proof and secure manner that is time and cost-efficient.[3] In this article, we identify the various participants of the Account Aggregator System, highlight the key features of the RBI Master Directions, and briefly examine its use-cases.

A: PARTICIPANTS OF THE ACCOUNT AGGREGATOR SYSTEM 

The RBI introduced the Account Aggregator Framework with the primary objective of enabling accessibility to financial information through an intermediary (the “Account Aggregator”). Entities who require access to financial information of individuals (for instance, lenders, personal finance managers, insurers, wealth managers) can register as Financial Information Users (“FIUs”). And the entities who hold such financial information of individuals or with whom the individuals have an account (for instance, banks, non-banking financial companies (“NBFCs”), insurance companies, mutual fund companies) can register as Financial Information Providers (“FIPs”).[4]

The interaction between the various participants and the individual whose financial information is shared, can be summarized as below:

1. An individual who wants to avail the services of an Account Aggregator can register with the Account Aggregator.
2. The individual can choose which accounts held with FIPs should be linked with the Account Aggregator.
3. The individual can share information from their accounts for a specific purpose with FIUs by giving “consent” through their Account Aggregator. The individual can also later revoke their consent or modify the period for which the consent is valid.
4. After obtaining consent from the individual, the Account Aggregator fetches such information from the FIPs who hold it and share it with the relevant FIUs.
5. The information shared by the FIPs through the Account Aggregators to the FIUs is end-to-end encrypted and can only be decrypted by the respective FIU. Therefore, the Account Aggregators cannot access the information but merely facilitates its transfer from one financial entity to another financial entity based on the individual’s consent and instructions.[5]

The following figure illustrates the process of information sharing from the FIPs to the FIUs through the Account Aggregator after the relevant individual has consented to it.

Figure 1: Interactions among the participants in the Account Aggregator Ecosystem[6].

Currently, 94 financial institutions have been onboarded as FIUs and 26 financial institutions have been onboarded as FIPs on the Account Aggregator System.[7] Notable inclusions in the recent past include the GST Network in November 2022 and 12 Public Sector Banks in July 2022 as FIPs.[8]

B: KEY FEATURES OF THE RBI MASTER DIRECTIONS

1. Financial Information that is accessible through the Account Aggregator Framework
   Following the latest update in November 2022, the financial information that can be shared through the Account Aggregator Framework includes the following: bank deposits, deposits with NBFCs, SIPs, commercial paper, certificates of deposit, government securities, equity shares, bonds, debentures, mutual fund units, exchange-traded funds, Indian deposit receipts, collective investment schemes units, alternative investment funds units, insurance policies, balances under the National Pension System, units of infrastructure investment trusts, units of real estate investment trusts, and GST Returns (viz. Form GSTR-1 and Form GSTR-3B).[9]
2. Regulatory Authority
   The regulators under the Master Directions are the RBI, Securities and Exchange Board of India, Insurance Regulatory and Development Authority, Pension Fund Regulatory and Development Authority and Department of Revenue, Ministry of Finance.[10]
3. Registration of Account Aggregators
   Paragraph 4.2 of the RBI Master Directions lays down the process of registration and the documents required for application. If the conditions laid under Paragraph 4.2.2 of the RBI Master Directions are fulfilled, then the RBI may grant in-principle approval for registration as an Account Aggregator under Paragraph 4.2.3. The in-principle approval is valid for 12 months[11] from its issuance and within this period, the entity must prepare its platform for the commencement of operations as an Account Aggregator. After the RBI is satisfied that the entity is prepared to commence operations as per the requirements, it may grant such entity a certificate of registration as an NBFC- Account Aggregator with any conditions it deems fit to impose.[12]As on October 1, 2022, six companies operate with an Account Aggregator License (NBFC -AA License) granted by the RBI.[13] Further, as per reports, at least five fintech organisations including, Razorpay, Stripe, Pine Labs, PhonePe and Cygnet, have received in-principle approval from the RBI,[14] but as per the RBI website (as on October 1, 2022), they are yet to commence operations.[15]
4. Informed Consent
   Without express consent from the individual, the Account Aggregator cannot retrieve, share or transfer any data that belongs to such individual. The Account Aggregator is responsible for obtaining and managing the consent wherever required. While obtaining consent the individual should be informed about, among other things, the nature of the information requested, the purpose of collection, the identity of recipients and the validity of such consent. Additionally, the individual should be allowed to revoke their consent for all or certain parts of the information.
5. Data Security
   The Account Aggregator must adopt the required IT framework to ensure secure data flows from the FIPs to its system and further to the FIUs. Account Aggregators are forbidden from requesting or storing individual’s credentials required for authentication purposes such as passwords, PINs and private keys. Further, the Account Aggregators shall put in place adequate safeguards to prevent authorized access, alteration, destruction, disclosure or dissemination of information; for disaster risk management and business continuity.[16]
6. Rights of Individuals
   Individuals have the right to access the record of consent given by them and the FIUs with whom the financial information was shared. Further, Account Aggregators are prohibited from using or accessing information for any purposes other than for the purpose for which the individual has granted consent[17].

C: USE-CASES FOR ACCOUNT AGGREGATORS 

 Sahamati, a non-profit collective of the Account Aggregator ecosystem has identified five major use cases of the Account Aggregator System:

1. Lending
   The manual process of submission and approval of loan documents can be replaced by digitally signed, tamper-proof financial information that is shared directly by FIPs such as banks to FIUs such as lenders. The upcoming Public Credit Agency can use the Account Aggregator System to access the cash flow of the business of MSMEs to enable greater access to formal credit for them.
2. Wealth Management
   Through the Account Aggregators System, wealth managers, as FIUs can access information from the FIPs on a recurring basis instead of requiring their customers to submit data periodically.
3. Personal Finance Management Apps
   The personal finance management apps currently access their customer’s bank account statements either by asking them to upload the relevant documents or by asking them to share their login credentials with the apps. The Account Aggregator System would eliminate the requirement to manually upload documents or share critical information by allowing personal finance management apps to have secure access to a wider database to generate reports for their customers.
4. Robo-Advisory
   Allowing robo-advisory apps to have real-time access to their customer’s financial information from FIPs such as banks, mutual fund depositories, and insurance policies would allow them to generate updated and more accurate reports.
5. Reconciliation of Accounts
   MSMEs use accounting packages where one has to enter details such as banking transactions and invoices to know about the cash they have in hand. By using the Account Aggregator system, the accounting package would download the bank statements in real-time with no errors. Thus, facilitating book reconciliation without any intervention.[18]

D: CONCLUSION 

 Account Aggregators are virtual gateways that request individual’s permission to access and share their financial information from FIPs to FIUs in a secure and encrypted manner. Collaborative access to individual’s financial data  paves way for a new generation of open banking that would transform India’s digital lending ecosystem.

 

[1] See https://www.thehindubusinessline.com/money-and-banking/eight-major-banks-join-the-account-aggregator-network/article36256274.ece.

[2] Master Direction- Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016, RBI/DNBR/2016-17/46 dated September 2, 2016 [Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10598 ].

[3] See https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1753713 and https://www.youtube.com/watch?v=LMviOKDc6rg.

[4] Master Direction- Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016, RBI/DNBR/2016-17/46 dated September 2, 2016 [Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10598 ].

[5] Know all about Account Aggregator Network- a financial data-sharing system, posted on: 10 SEP 2021 8:00AM by PIB Delhi [Available at: https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1753713].

[6] Ibid.

[7] 94 Financial Institutions onboarded on Account Aggregator (AA) platform as Financial Information User (FIU), posted on: 12 DEC 2022 6:12PM by PIB Delhi [Available at: https://pib.gov.in/PressReleseDetail.aspx?PRID=1882868]; The status of all financial institutions that are live or are in the process of going live as on December 19, 2022, is available on the Sahamati (a collective of the Account Aggregators ecosystem) website [Available at https://sahamati.org.in/fip-fiu-in-account-aggregators-ecosystem/].

[8] Inclusion of Goods and Service Tax Network (GSTN) as a Financial Information Provider under Account Aggregator Framework, RBI/2022-23/140 dated November 23, 2022 [Available at: https://rbi.org.in/Scripts/BS_NBFCNotificationView.aspx?Id=12412 ].; also see https://www.business-standard.com/article/finance/all-12-public-sector-banks-go-live-on-account-aggregator-network-122080301616_1.html.

[9] See definition (ix), “Financial Information”, Master Direction- Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016, RBI/DNBR/2016-17/46 dated September 2, 2016 [Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10598 ].

[10] See definition (x) “Financial Sector Regulator”, Master Direction- Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016, RBI/DNBR/2016-17/46 dated September 2, 2016 [Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10598 ].

[11] See Paragraph 4.2.4, Master Direction- Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016, RBI/DNBR/2016-17/46 dated September 2, 2016 [Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10598 ].

[12] See Section 4.2.5, Master Direction- Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016, RBI/DNBR/2016-17/46 dated September 2, 2016 [Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10598 ].

[13] See List of NBFCs registered with the RBI (As on October 01, 2022) [Available at https://rbi.org.in/Scripts/BS_NBFCList.aspx ].

[14] For Razorpay see https://www.thehindubusinessline.com/money-and-banking/razorpay-gets-in-principle-approval-from-rbi-for-payment-aggregator-license/article65626527.ece; For Stripe see https://www.medianama.com/2022/07/223-rbi-licenses-payment-aggregators-razorpay-stripe/; For Pine Labs see https://www.business-standard.com/article/finance/rbi-clears-payment-aggregator-licence-for-razorpay-pinelabs-stripe-122070800873_1.html ; For PhonePe see https://www.thehindubusinessline.com/money-and-banking/phonepe-gets-in-principle-approval-as-an-account-aggregator-from-rbi/article36116231.ece; For Cygnet see https://www.livemint.com/news/india/cygnet-gets-in-principle-approval-operate-as-nbfc-account-aggregator-11666123905297.html.

[15] See List of NBFCs registered with the RBI (As on October 01, 2022) [Available at https://rbi.org.in/Scripts/BS_NBFCList.aspx].As per this list, the companies mentioned above that have been granted in-principle approval have not been granted the certificate of registration to commence operations.

[16] See Section 8, Master Direction- Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016, RBI/DNBR/2016-17/46 dated September 2, 2016 [Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10598 ]. See also, Paragraph 5, Know all about Account Aggregator Network- a financial data-sharing system, posted on: 10 SEP 2021 8:00AM by PIB Delhi [Available at: https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1753713].

[17] See Section 10, Master Direction- Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016, RBI/DNBR/2016-17/46 dated September 2, 2016 [Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10598 ].

[18] See https://sahamati.org.in/blog/use-cases-for-account-aggregator-framework/.