India’s Account Aggregator Network Makes Financial Data More Accessible, Allows Individual Consent
On September 2, 2021, the Reserve Bank of India (RBI) launched the account aggregator framework, a financial data sharing system to ease the accessibility of financial data, and which will empower individuals with control over their personal financial data.
This latest addition to India’s financial digital infrastructure is expected to expand the pool of potential customers for lenders and fintech companies by democratizing access to data. And, while underwriters will have access to a richer set of data, borrowers will be presented with more attractive borrowing options.
Under the new framework, several fintech entities have been granted the license to operate as account aggregators. Eight major Indian banks have also agreed to share financial data about their customers with account aggregators. Out of them, four banks – HDFC, ICICI, Axis, and IndusInd – are currently live on the account aggregator network while the remaining four – State Bank of India, IDFC First Bank, Kotak Mahindra Bank, and Federal Bank are in the process of joining the framework.
What is an account aggregator?
An account aggregator is a non-banking financial company (NBFC), licensed by the RBI, which is involved in providing services like retrieving or collecting financial information pertaining to the financial assets of its customers.
The account aggregator performs these functions under a contract, in exchange for a fee.
The financial assets in question may comprise of bank deposits, including fixed deposits, saving deposits, recurring deposits, current deposits, deposits with NBFCs, SIPs, government securities, equity shares, bonds, debentures, ETFs, insurance policies, or balance under the National Pension System (NPS), etc.
The account aggregator is also engaged in consolidating, organizing, and presenting such information to the customer or any other financial information user, as may be specified by the bank.
The account aggregators are regulated by the RBI and have a fiduciary duty to their customers for sharing digitally signed and encrypted data. These aggregators cannot read or resell consumer data.
Why has the account aggregator network launched?
The account aggregator framework was created through an inter-regulatory decision by the RBI and other regulators, including the Securities and Exchange Board of India (SEBI), Insurance Regulatory and Development Authority (IRDA), and Pension Fund Regulatory and Development Authority (PFRDA) through the initiative of the Financial Stability and Development Council (FSDC).
The account aggregator framework was first announced by the RBI in 2016 on the basic premise that customer data is highly fragmented in India and exists in silos – in databases of banks, lenders, insurance companies, government bodies, and other entities. With the introduction of this new framework, such data can now be shared digitally with users in a seamless and time efficient manner.
According to iSpirt, a tech lobby group for the Indian software products industry, an account aggregator framework creates secure, digital access to personal data at a time when the COVID-19 pandemic has constrained physical interactions.
Additionally, this framework lessens the incidence of fraudulent activities associated with physical data by introducing secure digital signatures and end-to-end encryption for data sharing.
How does an account aggregator work?
The account aggregator serves as an interoperable data blind consent manager, which acts as an intermediary to collect and consolidate data from all financial information providers (FIP) that holds users’ personal financial data, such as banks, and shares that data with financial information users (FIU) like lending agencies or wealth management companies that provide financial services.
For example, a bank which is processing a loan application from a potential borrower may want to access a variety of financial data about the borrower. The lending bank can access details of the borrower’s savings, past loan repayment record, mutual fund holdings, and insurance holdings through an account aggregator. However, the borrower will have to give consent for sharing their personal data with the lending bank.
With the provision of these aggregation services, the user will no longer be required to physically share hard copies of various confidential documents or login details. The users will further be relieved from the tedious task of browsing through different sites for information required by financial service providers.
It must be noted that these account aggregators will have access to data from the users’ current and savings accounts, which distinguishes them from existing credit bureaus like the Credit Information Bureau India Limited (CIBIL) and Experian, which collect only lending products data or liability side data.
Recently, four account aggregators, including OneMoney, FinVu, CAMSFinServ, and NADL, launched their android apps to act as consent managers, as soon as the new framework was announced.
Companies like PhonePe, Yodlee Finsoft, and Perfios have already received RBI approval to launch their account aggregator platforms.
What kind of data can be shared?
Financial data, including tax data, pensions data, securities data (mutual funds and brokerage), and insurance data will be available to consumers. It is also expected to expand beyond the financial sector to allow healthcare and telecom data, as iSpirt is working on a consent manager architecture similar to the account aggregator network and UPI system for the healthcare sector to bring all patient records onto the same network.
There are 19 categories of information that fall under ‘financial information’, besides various other categories relating to banking and investments. To share such information, the FIU is required to initiate a request for consent by way of any platform/app run by the account aggregator. Such a request is received by the individual customer through the aggregator, and then this information is further shared by the aggregator, after consent is obtained.
What are the data storage provisions?
It must be noted that this data is encrypted and the account aggregators cannot read the data. They can only transfer it from one institution to another based on an individual’s direction and consent. The data is encrypted by the sender and can only be decrypted by the recipient.
The account aggregators are not allowed to store, process, or sell the customer’s data. Moreover, the account aggregator cannot outsource the services of a third-party service provider for undertaking the business of account aggregation.
What are the benefits of the account aggregator network?
The account aggregator framework will help in collating and consolidating all the scattered financial data, thereby simplifying the road to credit access for both individuals as well as enterprises. The consent of the party involved is the most important aspect of this framework.
The account aggregator network is expected to address the existing credit crunch in the Indian economy due to lack of organized data sharing mechanisms. The network can channelize formal lending, enabling increased consumption and investment.
Furthermore, it could help financial institutions assess the credit worthiness of the borrower more efficiently, make better lending decisions, and prevent bad loans and non-performing assets. It is also expected that this mechanism will also expand the borrower base of these financial institutions.
For users, the new framework is beneficial as it will simplify the otherwise cumbersome procedures while taking a loan. The users can also expect better tailor-made financial products once their personal financial data is available with these financial institutions.
How can MSMEs benefit from the account aggregator framework?
It is further expected that this new financial data sharing network will aid micro, small, and medium enterprises (MSMEs) in streamlining credit access by fast-tracking data sharing and broadening the scope of financial services for better products and services.
For instance, while physical collateral is usually required for an MSME loan, with secure data sharing via account aggregators, this information collateral, that is, the data on future MSME income, can be used to access a small formal loan.
According to a 2019 report by PwC and FICCI titled “Wider Circle”, out of 63.3 million MSMEs in India, only 10 percent have access to formal credit. This move has the potential to address the existing credit crunch faced by the MSMEs, who often approach informal lenders to secure credit due to lack of organized records of financial statements.
What are the concerns raised?
The biggest concern highlighted by stakeholders is that of financial data security, given the risk of data theft. Furthermore, while it is voluntary at the moment, financial institutions in the future might mandate access to data availability through account aggregators as a condition for individuals to receive loans and other services.
According to some, an individual’s permanent account number (PAN) may be a better way to access their financial data as it serves as a common link between multiple accounts maintained by an individual.
Additionally, the digital infrastructure is never hackproof and this makes millions of users susceptible to financial data fraud. Therefore, the success of the framework will rest on multiple factors, including establishing resilient systems, cybersecurity guarantees by the RBI, and consumer adoption.
India Briefing is produced by Dezan Shira & Associates. The firm assists foreign investors throughout Asia from offices across the world, including in Delhi and Mumbai. Readers may write to firstname.lastname@example.org for more support on doing business in in India.
We also maintain offices or have alliance partners assisting foreign investors in Indonesia, Singapore, Vietnam, Philippines, Malaysia, Thailand, Italy, Germany, and the United States, in addition to practices in Bangladesh and Russia.