Thousands sign up to share financial info with RBI-enabled Account Aggregators

In less than two months of it going live, thousands of Indians have signed up for, and are using, the country's apex bank-regulated account aggregator (AA) platform that enables users to have a single view of their consolidated financial information like savings, fixed deposits, mutual funds, equity investments and insurance, and voluntarily share the same with financial institutions to avail loans and get better and quicker deals on other financial products. 

Industry experts estimate that over 7000 accounts have been linked so far, and nearly 6000 citizens have successfully used AA to share data.  

The aggregated data also helps businesses by allowing them to use the information to take quicker decisions on granting loans, monitor the investments of customers and loan payments, etc. 

An Account Aggregator, according to an RBI September 2, 2016, note, means "a non-banking financial company...that undertakes the business of an account aggregator, for a fee or otherwise..." 

The AA platform was created through an inter-regulatory decision by RBI, Securities and Exchange Board of India (SEBI), Insurance Regulatory and Development Authority (IRDAI), and the Pension Fund Regulatory and Development Authority (PFRDA) through the Financial Stability and Development Council (FSDC). 

RBI issues licenses to AAs. There are seven AAs that have already got the RBI license, or an in-principle nod, to operate as a non-banking financial company (NBFC) AA. The names include CAMS Financial Information Services, PhonePe, Finvu, OneMoney, Yodlee, and NESL Asset Data Limited (NADL)--a wholly owned subsidiary of NeSL.  

Four banks are already part of the AA platform: HDFC Bank, ICICI Bank, IndusInd Bank, and Axis Bank, having begun operations this July. Four more banks are expected to go live soon -- the State Bank of India (SBI), Federal Bank, IDFC First, and Kotak Mahindra Bank. 

On Monday, for instance, PhonePe said it got in-principle approval from RBI to operate as an AA which will permit it "to launch its account aggregator platform, allowing the free and instant exchange of financial data between the financial information users (FIUs) and financial information providers (FIPs) with consent from customers in a safe and secure manner".  

FIP could mean a bank, NBFC, asset management company, depository, insurance company, insurance repository or a pension fund while FIU covers an entity registered with, and regulated by, any financial sector regulator. 

"It's early days for us. The ecosystem went live only about 45 days back. But we already have a couple of thousand transactions such as data requests for financial information. Currently, we have over 2,500 users," said Munish Bhatia, co-founder of Finvu, a brand of Cookiejar Technologies. 

Enabling data privacy

The AA platform, which can be likened to the United Payment Interface (UPI) platform, was designed by the Reserve Bank Information Technology Pvt Ltd (ReBIT)--a wholly-owned subsidiary of RBI that takes care of the IT requirements, including the cyber security needs of the apex bank and its regulated entities. It is based on the Data Empowerment and Protection Architecture (DEPA) frame, which empowers every Indian with control over their data. DEPA is also known as the ‘Consent Layer of India Stack’. 

The IndiaStack is a set of application programming interfaces (APIs) that allows governments, businesses, startups and developers to use a digital infrastructure to enable a presence-less, paperless, and cashless service delivery such as India's Aadhaar and UPI platforms. The Open API team at iSPIRT has been a "pro-bono partner in the development, evolution, and evangelisation of these APIs and systems", according to the IndiaStack website. 

There are many benefits to users even as the DEPA framework protects their privacy. For instance, Indian citizens typically have to provide a statement of their bank account when applying for a personal, auto or home loan. These are usually shared as paper records with the bank's stamp, but the data can be misused for other purposes.  

Account Aggregators operate on a fee-for-transaction business model and are legally prohibited from storing or selling data. Further, the data is encrypted, implying that AAs cannot read your financial information when sharing the same to a financial institution -- they only have access to your customer profile with which you signed in. 

Entities under SEBI, PFRDA and IRDAI are soon expected to join the AA ecosystem, note industry experts. "Many institutions are approaching us and we hope to scale up in the next 6-8 months," concluded Bhatia.