Account Aggregators To Seek Customer Consent Before Sharing Data With Financial Services Firms

RBI grants in-principle approvals to six account aggregators to manage flow of financial data.

A traffic signal stands illuminated next to the Bombay Stock Exchange (BSE) building in Mumbai, India. (Photographer: Dhiraj Singh/Bloomberg)
A traffic signal stands illuminated next to the Bombay Stock Exchange (BSE) building in Mumbai, India. (Photographer: Dhiraj Singh/Bloomberg)

The Reserve Bank of India has given in-principle approval to six account aggregators to start work on creating a framework that will enable customers to have control over who gets access to their financial data.

The six account aggregators include NSEL Asset Data Ltd., CAMS Finserve Financial Services Ltd., Cookiejar Technologies Pvt Ltd., Finsec AA Solutions Pvt Ltd., Yodlee Finsoft Pvt. Ltd. and Jio Information Solutions Ltd.

Account aggregators are a category of non-bank financial services companies, which was created after four financial sector regulators, including RBI, Securities and Exchange Board of India, Insurance Regulatory and Development Authority and Pension Fund Regulatory Authority came together to create a framework for secured sharing of data.

The account aggregators will work as intermediaries between companies seeking financial data of customers and entities that provide them like banks, insurance companies, mutual funds and even the goods and services tax network. They will allow sharing of such data after receiving consent of the customer. The aggregators will also allow customers to get their own financial data through digital means.

If a customer, for instance, wants to apply for a loan, he/she can get their bank account information and other details, on a real-time basis, to share with a lending institution. Similarly, lending institutions can do their own checks using the account aggregator framework, after the customer has consented to sharing this information. This is likely to help individual customers and small businesses access financial services.

The data would be fully encrypted and even the account aggregators will not be able to read any private information that a customer has agreed to share. Customers will also be allowed to revoke their consent at any time, which would allow customers to share specific data points, without sharing the entire history.

The framework titled Data Empower and Protection Architecture, was developed by IndiaStack, which is a set of application programme interfaces under the think tank iSPIRT. In a statement, IndiaStack said that to support the ecosystem to promote adoption of DEPA, a new collection of account of aggregators would be created as a non-profit, called Sahmati.

Presently, State Bank of India, Axis Bank Ltd., ICICI Bank Ltd., Kotak Mahindra Bank Ltd. and IDFC First Bank Ltd. have signed up for this framework. Once the RBI grants final approval to account aggregators, lenders can start working on a full-fledged launch of the framework.