Last week, the Account Aggregator (AA) network went live. The Reserve Bank of India (RBI) has been discussing the AA framework since 2016 and it has also been tested for a while. Financial experts say opening the network to all customers, as has now been done, is the first step towards bringing open banking in India and empowering millions of customers to digitally access and share their financial data across institutions in a secure and efficient manner.
What are Account Aggregators?
Account Aggregators are licensed non-banking finance companies (NBFC) which enable instant exchange of financial data between financial information providers (FIPs) and financial information users (FIUs) with the explicit consent of customers. They (AAs) are responsible for providing services that include the transfer — but not storing — of a customer’s data.
What are FIPs and FIUs?
FIPs are entities that possess the financial information of a customer. These are banks, mutual funds, pension funds, etc, which represent the “source” of personal or business data that FIUs can access via requests through an AA. And, FIUs are entities that want to use this data to offer financial products and services to their customers. FIUs have to be registered and regulated by at least one of the regulators — RBI, Insurance Regulatory and Development Authority of India (Irdai), Securities and Exchange Board of India (Sebi), or Pension Fund Regulatory and Development Authority (PRDA). FIUs can be banks, any lending entities, insurance companies, asset management companies, etc. To sustain the ecosystem, an FIU also has to be an FIP.
Who are the players in the ecosystem?
Currently, four AAs — Finvu, OneMoney, CAMS Finserv, and NADL — have got operational approval to start business and these have been working with FIPs and FIUs. Perfios Account Aggregation Services, PhonePe Technology Services and Yodlee Finsoft have received in-principle approval from the RBI.
Eight banks — State Bank of India, HDFC Bank, ICICI Bank, Axis Bank, Kotak Mahindra Bank, IndusInd Bank, Federal Bank, and IDFC First Bank — have joined the AA ecosystem as FIPs. Four of these eight banks have gone live, while the others are in the process of doing so. Further, the Goods and Services Tax Network (or GSTN) is expected to go live on AA soon. Industry sources say talks are on to get telecom data, too, on the AA network. The view is that with eight large banks being live on AA, others will also come on board soon.
Can AA “view” or “process” a customer’s data?
No. AA merely acts as a conduit or a channel between FIUs and FIPs. AA is “data-blind”, according to Sahamati, an industry alliance for the account aggregator ecosystem. The data that flows through it is encrypted and can be decrypted and processed only by the FIU for whom the information is intended. Also, according to RBI’s AA Master Directions, an AA cannot store any user’s data — thus, the potential for leakage and misuse of user data is prevented. This also ensures privacy is maintained. What adds confidence to the AA ecosystem is that it has been created by way of an inter-regulatory decision by the RBI, IRDAI, SEBI and PFRDA through the Financial Stability and Development Council (FSDC).
What does the AA ecosystem do?
The AA ecosystem is aiming to create open banking, which would ensure democratisation of credit as consumers would be able to digitally access and share their financial data across financial entities in a secure and efficient manner. iSpirit, a think tank for the Indian software products industry, says AA will reduce the need for individuals to wait in long bank queues, use complicated internet banking portals, share their passwords or seek physical notarisation to access and share their financial documents securely.
RBI Deputy Governor M Rajeshwar Rao is of the opinion that AAs can bolster the lending ecosystem in the country, make India data-rich and boost digital economy.
For instance, if a small and medium-sized enterprise has a digital footprint of the payments made to its vendors, purchases made by consumers, and of the invoices and taxes it has paid, a lender can use that information to make a decision about giving that entity a working capital loan. Used properly, this digital footprint can ensure huge amounts of credit to small businesses and lead to the democratisation of credit.
Anjani Rathor, chief digital officer, HDFC Bank, says this will help banks reduce transaction costs, which will enable them to offer lower ticket size loans and tailored products and services to customers. It will also help reduce frauds and aid compliance with upcoming privacy laws.
AAs will not be limited to the financial services sector; they can be applied to any sector. For instance, there is a discussion on how the AA framework can be applied to the health care sector so that people have access to their health data to access financial services and better health care.
How does AA work for individuals?
First, a user has to create an account with an AA. Just like with a UPI, the user will need to connect his/her bank account with the payment player, and also register the mobile number for OTP-based verification. The user account is authenticated by his/her financial institution directly. AA can then be used for various financial matters.
Here’s an example: Say, you want to invest in mutual funds but are unaware of how to go about it, how much money to invest and which fund house to select. And say, you want to use the Zerodha platform for transacting or creating your MF account. You also want an advisor to look at your investments, which have so far been in fixed deposits. Assuming you have a savings account and FD with Axis Bank. So you link your Axis Bank savings account and FD in your AA app. Zerodha will then send in a consent request to your AA to access your savings and FD investments. Once you give your consent to the AA, the account aggregator will fetch the necessary data from Axis. This data will be shared on a real-time basis with Zerodha, which will be able to guide you on your investment plans.
Today, the same details are sent by the consumer to a financial advisor in email as PDF files. These files are then scanned and extracted so that they become machine readable; and only then does work begin. With AA, all of this gets automated with no paper trail.
How secure is the process?
According to the RBI, the AA business will be entirely information technology (IT) driven. So AAs should have adequate safeguards built in their IT system to ensure it is protected against unauthorised access, alteration, destruction, disclosure or dissemination of records and data.
An industry insider says FIUs and FIPs, which are the end points in the ecosystem, are regulated entities and so are AAs. These entities already have strong data governance practices as mandated by their respective regulators. Also, the AA framework has been designed in such a way that it is secure as the data that flows is completely encrypted — the AAs cannot see the data.
What is the business model of AAs?
The RBI has said AAs would require board approved policy for the pricing of these services. And the pricing so adopted has to be transparent and must be available in the public domain. It is up to the AA who they want to charge — they may charge the FIUs and/or the customer.