Introduction to AA
🌌

Introduction to AA

➡️
This guide aims to provide people interested in fintech with a small deep dive into leveraging account aggregators (AAs) to enable various use cases.
image

Introduction

Account aggregators are a relatively new concept in the fintech industry. Still, they have quickly gained popularity due to their ability to securely and seamlessly aggregate financial data from multiple sources. By integrating AAs into their apps, fintech companies can offer their customers a paperless onboarding, a holistic view of their financial data, and better financial services. Account aggregators will democratise financial services, and will be a critical tool in increasing penetration of financial services in India.

Account Aggregator use has been growing exponentially since inception, the numbers below show the growth in the number of accounts linked and the number of consents served. Just to put it in context, in May 2022, only 5 lakh accounts were linked on AA, in May 2023, the number was 50 lakhs, and in May 2024 reached 7 crores. This will continue to grow as more data types, account types are supported, new FIPs join the ecosystem and new FIUs integrate Account Aggregators to better serve their users.

Number of accounts linked on account aggregators
Number of accounts linked on account aggregators
Number of consents for which data has been delivered by account aggregators.
Number of consents for which data has been delivered by account aggregators.

Participants in the AA ecosystem

It is essential to discuss the participants in the AA Ecosystem. The initiative requires coordination between regulated entities that operate in silos. When working in AA, you should know the following terms:

Term
Explanation
Account Aggregator [AA]
These are companies licensed by RBI to provide account aggregation services and enable communication of financial information between FIUs and FIPs. Read more here Eg. Finvu, OneMoney, CAMSFinserv, Perfios
Financial Information User [FIU]
Organizations that consume financial data to provide financial services. Read more here. Eg. banks, brokers, NBFCs, insurance companies, AMCs, etc.
Financial Information Provider [FIP]
Organisations that hold your financial data. Read more here. Eg banks, insurance companies, mutual funds, pension funds, etc.
Sahamati
Think of it as a self-regulatory body for the AA ecosystem. It is a not-for-profit organization that promotes innovation, interoperability, and data security in the AA ecosystem. Read more here. As we understand, Sahamati intends to submit an application as a Self Regulatory Organisation for the AA ecosystem under the recently notified SRO Framework for RBI.
Technology Service Providers [TSP]
Organisations that work with FIUs and FIPs to integrate AA ecosystem. They offer different tech services that may be required by a FIU during different stages. Read more here.

What is an AA?

  • An account aggregator is a platform that enables customers to view and manage their financial accounts, such as bank accounts, insurance policies, and investment portfolios, from different financial institutions through a single, secure online portal.
  • AAs are consent managers who help in easy + secure data transactions between Financial Information Providers (FIPs) [example - banks with savings accounts] and Financial Information Users (FIUs) [example - NBFC lenders or insurers].
  • AAs are regulated as NBFCs by the RBI and are regulated under the Master Direction - NBFC (AA) Directions, 2016. Yes, you read that right the legal framework was created in 2016. However, good things, especially ones that require coordination between regulators and regulated entities operating in silos can take time to build.

What should I know about AAs?

List of all live AAs. Do note the segregation is only for convenience of reference.
List of all live AAs. Do note the segregation is only for convenience of reference.
  • Account Aggregators (”AAs”) are regulated by the Reserve Bank of India and are classified as NBFC-AA, so are a type of NBFC.
  • There are a lot of AAs: There are a total of fourteen live account aggregators in India, and four with in-principal approvals, see list here. The huge number of AAs may surprise some naive BFSI folks and there are already some issues caused discussed by the Mint.
  • Not all AAs are Equal: Even though there are 14 Account Aggregators they are at different stages of integration with banks. After an AA goes live, it has to integrate with each Bank separately; thus, while some AAs (Finvu, OneMoney, Perfios, CAMS) have already integrated with most live FIPs, the remaining have just received their licenses and have just started to integrate. You can track the status of each AA’s FIP integration here.

‼️
This is important because you want to ensure all FIPs required for your use case are available with the AA. For eg. SBI is not live on all AAs, similarly AMCs serviced by CAMS RTA are not available on all AAs. This is very relevant from a product and business perspective to ensure that you pick the right AA.

What data is available through AA

There are two aspects to this question, one is what is permitted under law to be shared, and the second is what data is available on AA APIs. You can refer to the documentation by Setu (a TSP with an in-principle AA license), on the exact data that will be shared in each type of financial information. Note that these specifications of data that are available have been developed by ReBIT, and require amendment from ReBIT to add/remove any data fields.

Permitted Data Types

  • Financial Information (FI): This includes all major types of financial information such as accounts and deposits with banks/NBFCs, SIPs, CPs, CDs, securities, shares, bonds, mutual fund units, ETFs, IDRs, AIF/CIS/REIT/InvIT units, NPS balances, Insurance policies, GST returns, etc.
  • Financial Information Providers (FIP): The list includes all major financial institutions as FIPs, these would include sources of all major data such as bank accounts, investments (mutual funds, securities, bonds, debentures etc.), GST, etc., the list includes banks, NBFCs, asset management companies, depository & depository participant, Insurance companies & insurance repositories, pension funds and the Goods and Services Tax Network (GSTN).
    • Goods and Services Tax Network was added on November 23, 2022, as a FIP by amending the Master Directions to enable cash-flow-based financing for MSMEs.
    • Similarly, via another amendment on February 22, 2024, Clearing Corporation of India was added as a FIP. Clearing Corporation of India will provide details of retail gilt accounts and government securities held by a user.
  • Interoperability & Incentivising FIP Adoption: There was a concern raised in the industry wherein some big FIPs were utilising data as a FIU to lend and provide other services, but were not sharing data of their own customers with other FIUs. RBI via circular in October, 2023 had mandated RBI regulated joining the AA framework as a FIP have to also share data as a FIU. This plugged a gap in the regulations and indicates that RBI is watching the development of AA space closely and is more responsive with regulations.

Banking Data

  • As of date, only banks have gone live on the AA ecosystem. Not all banks are live, although the biggest banks are already live. You can check the list of live banks and supported AAs here.
  • Note that only indiviudal accounts are available on AA. Joint accounts, current accounts, fixed deposits, and recurring deposits are not live and will take some time before they go live on AA. As a general rule for all FI types jointly held accounts are not available on AA.
  • Check the status of account types supported here.

Pension Funds (NPS)

  • All KRA are live on AA and all NPS related data is available via the AA network.

GST

  • Goods and Services Tax Network was added on November 23, 2022, as a FIP by amending the Master Directions to enable cash-flow-based financing for MSMEs. GST data also went live with some Account Aggregators in July, 2023.

Government Securities

  • Clearing Corporation of India has recently been recognised as a FIP. The data via Clearing Corporation of India should go live soon.

Investment Data

  • Investment-related data such as mutual funds, stocks, ETFs, InVITs, REITs are now live on AA.
  • Both depositories (NSDL and CDSL) and RTAs (CAMS and KFintech) have gone live and data from all brokerages and AMCs is now available on the AA network.
  • However, there are some practical issues which we will discuss below.

Insurance

  • IRDAI, through a circular, has asked Insurance Companies and Insurance Repositories to join the AA framework and start sharing data.
  • Some Insurers, such as HDFC Life, Tata AIA Life, and ICICI Prudential Life Insurance, are already live, and many are in the process of Integration.
  • It is pertinent to note, that the NBFC AA 2.0 specifications published by REBIT, updates the FI Data Scheme for Insurance data.
  • There are other operational issue with insurance data as most policies are held in offline and may not be demateralised. However, with the mandate by IRDAI for eInsurance accounts and process for dematerialising existing policies. We expect insurance data to become widely available on AA in the next 12-24 months. We also expect insurance underwriting to start utilising AA data before insurance policy data is made available on AA.

Who can access data through AA?

  • As per the Master Directions, only entities regulated by IRDAI, PFRDA, RBI, SEBI, and Department of Revenue, Ministry of Finance can become FIUs and request data from AAs.
  • Thus, if your corporate entity is regulated by one of the regulators mentioned above, see the list here, you can become an FIU and fetch data through AA. Today, most FIUs are Banks, NBFCs and Registered Investment Advisers (regulated by SEBI). You can check the list of all live FIPs and FIUs here.
  • Important to note that there are also restrictions on: (i) what information can be requested by which regulated entity or (ii) the frequency of data refresh and other consent specifications, therefore, as long as you are a ‘regulated entity’ you can use AA. However, there exist now restrictions on FI Types and consent metrics basis the license, on the basis of what may be required to avoid abuse. For eg. a stock broker may be restricted from requesting insurance information for its user.
  • To make this process easier, and to standardise consents, a comprehensive repository of standardized consent templates, have been crafted by the Use Case Councils to allow FIUs to fulfill their use business requirements, and also balance customer privacy to prevent misuse of AA framework. You can check out the list of consent templates library here. We have reproduced below a comparison of Lending and PFM templates to illustrate. Please do take appropriate advice to ensure you are not in breach of any data and privacy laws, and obligations, especially with regard to data storage, intra-group data sharing, and other compliances required by law.
  • Do note that data taken via AA can only be utilised for the purpose it has been taking. You cannot use data taken for one purpose for the other.
  • Illustration: If a user is a PFM user of a bank, and wants to take a loan, the bank can’t use the data taken on PFM consent to underwrite the loan. The bank here has to take a fresh consent from the user to underwrite the loan.

    Attributes
    PFM
    Lending
    Consent Template ID
    CT008
    CT001
    Use Case Category
    Personal Finance Management
    Underwriting Risk
    Use case
    Spend and investment analytics using 360 degree view of your finances
    Underwriting a loan application
    License types considered
    Bank, RIAs
    Bank or NBFC
    Purpose Text (for customers)
    To generate insights into your income and expenses networth to provide spend and investment analytics and help you manage your finances better
    To process your loan application
    Purpose Text
    Customer spending patterns budget or other reportings
    Aggregated Statement
    Purpose Code
    102
    103
    Purpose Code Category Name
    Personal Finance
    Financial Reporting
    FI Types
    All FI Types
    All RBI, SEBI, GSTN FI Types (*note it excludes insurance)
    Consent Types
    Profile, Summary & Transactions
    Profile, Summary & Transactions
    Fetch-type
    Periodic
    One-Time (*note it is a one time consent)
    Maximum Frequency
    45 times per month
    One-Time
    Maximum FI Data Range
    10 years for SEBI FI Types, 13 Months for other FI Types
    14 months
    Maximum Consent expiry
    1 year
    1 month
    Maximum Data Life
    1 month
    1 month

Use cases for AAs in fintech.

Below we have discussed three live use cases of AA. There are several additional use cases, which may come as adoption increases.

Lending

Often times a lender relies on credit scores and bank statements provided by a customer. While credit reports can be obtained electronically, bank statements are collected physically, which poses two problems:

  1. Authenticity: The statements taken in print or a .pdf can be manipulated, and lenders do not have fraud-proof tools to verify authenticity. This increases operations for lenders, as they have to devote resources to verify authenticity, and also increases the risk of fraud (0.5-4% fraud rates) . AA solves this as the FIP provides the financial information to the FIU; this ensures that data is authentic and exhaustive.
  2. Friction: Providing bank statements requires a user to download their bank statement, take a print, and are also required to be authenticated/ attested. This creates friction in the lending process and increases user drop-offs in the lending journey. Combined with CKYC, Aadhar E-sign, and other innovations, lending has now become paperless. See sample lending flow here and here.

Several lenders such as Bank of Baroda, Axis Bank and Navi, have already integrated AAs to offer a digital lending process.

Personal Finance Management/ Wealth Management

AAs will also permit new-age personal finance management tools, AA can aggregate different bank accounts, demat accounts, etc., into one app to provide a single view where they can access all their financial data. Consumer fintech apps, such as Fi Money, Jupiter, and IndMoney, were the first to adopt and have integrated ‘Net Worth’ features and provide insights and allow you to track balances in all bank accounts relying on AA.

However, as on date, many banks (Axis Bank, ICICI Bank, IDFC First Bank etc.) established financial services companies (Aditya Birla, JioFinance) have also adopted AA to offer some sort of a PFM feature to their users. For some, it is limited to tracking balances, while some may also help in analysing expenditures. As the ecosystem matures, the tools will get more powerful and useful.

User Onboarding Journeys

Many financial services providers are utilising Account Aggregator in their user onboarding journeys and fulfilling other compliance purpose. For eg, some brokerages are using account aggregator to verify the bank account details of a user instead of penny drop. Similarly, some brokerages that offer F&O Services are relying on Account Aggregators to ensure that their users meet the SEBI prescribed net worth and ensuring compliance with other risk related obligations they may have. Similarly, Research Analysts are utilising AA framework to obtain a list of shares owned by a person to provide research and analysis on investments held by a user.

What are the steps to integrate AA?

We would suggest deep diving into a few more AA documents before integrating AA into your application.

  • First, review the Sahamati Community Guidelines or Code of Conduct z, these provide granular guidance on what exactly is permitted within the AA ecosystem and how AA can be implemented in your app in terms of UX/UI and technical requirements.
    1. The AA process can be broken down into 4 stages:

    2. AA Login: Login to your AA partner, and set up your user’s AA account and AA ID .
    3. Account Discovery: Discover and link user’s bank accounts to their AA ID via OTP verification (similar to first time setting up UPI for a bank account).
    4. Consent: FIU creates a consent requirement against user’s AA ID, which a user can approve from their AA.
    5. Data Fetch: FIU requests FIP to share data as per the consent given by a user.
    6. Note that the first two steps are only required for first-time users of AA. If a user already has an AA id with linked bank accounts, you can fetch the details through their mobile number and directly raise a consent request in Step 3.

  • Second, identify what data you require and discuss with TSPs and AAs. Most FIUs and FIPs use TSP services for plug-n-play AA integration, where TSP will handle encryption/decryption of FI and integration with the AA. TSP services can also include add-on services such as generating credit scores, or reports specific to your use case, and designing and coding entire user journeys. You can see a list of TSPs here.
  • Third, get into the details with the TSPs, these include data pull frequency, commercials, certification, compliance, and testing their services. Upon confirming a TSP and an AA partner, you will execute detailed agreements with the TSP and AA. These are complex documents that may require the involvement of lawyers.
  • Fourth, become part of Sahamati and go live. Once you enter into an agreement with a TSP/AA, they should facilitate your onboarding to Sahamati. This will entail signing the Sahamati Participation Terms, onboarding onto the Sahamati Central Registry, and auditing by approved certifiers that your integration complies with the law.

What are the biggest challenges with using AA?

  • The biggest challenge with AAs is the performance issues in FIP-AA integrations, which create several bugs when an FIU uses AA to fetch data, and leads to drop-offs for end-users. Note that just because a bank or FIP is marked live here does not mean data from the FIP is reliably available.
  • Unfortunately, you can face different issues at stages 2-4, predominantly in the last step, impacting the functionality you want to build. We have given some examples of possible issues below.
    1. Account Discovery: Potential issues include downtime in APIs, unable to detect a valid bank account, as the FIP is unable to detect an account due to issues at their end.
    2. Consent: Potential issues include OTP verification error when linking a bank account with the AA handle, as FIP is unable to authenticate a request due to issues at their end.
    3. Data Fetch: Potential issues include: (a) failed data request on weekends, (b) incomplete data being provided and information such as time and transaction ID,(c) outdated data is shared (older than 1-2 days).
  • Thus, you may want to build redundancies and create exceptions and plan for these issues so UX can be made as smooth as possible. However, it is pertinent to note that Sahamati has created a grievance redressal portal, where FIUs can submit complaints and work with FIPs, AAs, and TSPs to report and resolve bugs.
  • Additionally, Sahamati has made available the SaanS dashboard which provides real time data on API performance of each FIP. This has a lot of data that allows FIUs to build better products and avoid drop-offs.
  • We have also written about some other issues and challenges here.

So what’s next?

We at Fold are proud to be working on account aggregators, but we understand that success requires cooperation between financial information providers, regulators, and, most importantly, the people who rely on AAs. If you have any further questions or want us to write to us. Together, we can forge a path that not only puts India ahead of the game but sets a new global standard. Let's make the promise of AA a reality for every citizen of India.

To read more, you can check out Pragati, Sahamati’s monthly newsletter with updates on the account aggregator ecosystem. Sahamati has also collated a lot of resources, for quick reference here.

About Fold

At Fold we are building a personal finance management tool to help you manage your finances. We are also relying on account aggregator framework to obtain data of our users in a secure, consent based manner. To test out our implementation of account aggregator, please download Fold (iOS/Android).

image
image
image
image

Disclaimer: This guide is for educational purposes only and should not be considered legal or financial advice. Please conduct your own research and due diligence before making any decisions. We do not take responsibility for any errors or omissions or for any losses or damages incurred as a result of using this information.