Account aggregators are a relatively new concept in the fintech industry. Still, they have quickly gained popularity due to their ability to securely and seamlessly aggregate financial data from multiple sources. By integrating AAs into their apps, fintech companies can offer their customers a paperless onboarding, a holistic view of their financial data, and better financial services.
March was a big month for the AA ecosystem, as the AA ecosystem crossed more than 5 million consent requests being fulfilled through AA, and 4.53 million accounts have been connected to the AA framework.
What is an AA?
- An account aggregator is a platform that enables customers to view and manage their financial accounts, such as bank accounts, insurance policies, and investment portfolios, from different financial institutions through a single, secure online portal.
- AAs are consent managers who help in easy + secure data transactions between Financial Information Providers (FIPs) [example - banks with savings accounts] and Financial Information Users (FIUs) [example - NBFC lenders].
- AAs can help customers save time and effort by providing a convenient way to view, manage and share their financial information.
- There are nine live account aggregators in India, and eight with in-principal approvals, see list here. However, they are at different stages of integration with banks. After an AA goes live, it has to integrate with each Bank separately; thus, while some AAs (Finvu, OneMoney, Perfios, CAMS) have already integrated with most banks, the remaining have just received their licenses and have just started to integrate. You can track the status of each AA’s FIP integration here.
- Account Aggregators (”AAs”) are regulated by the Reserve Bank of India and are classified as NBFC-AA by the RBI. Under the RBI Regulations, the application process for obtaining an Account Aggregator License is split into two phases.
Participants in the AA ecosystem
It is essential to discuss the participants in the AA Ecosystem. The initiative requires coordination between regulated entities that operate in silos. When working in AA, you should know the following terms:
Account Aggregator [AA]
These are companies licensed by RBI to provide account aggregation services and enable communication of financial information between FIUs and FIPs. Read more here Eg. Finvu, OneMoney, CAMSFinserv, Perfios
Financial Information User [FIU]
Organizations that consume financial data to provide consumer services. Read more here. Eg. banks, lending agencies, insurance companies, personal wealth management companies, etc.
Financial Information Provider [FIP]
Organisations that hold your financial data. Read more here. Eg banks, insurance companies, mutual funds, pension funds, etc.
Think of it as a self-regulatory body for the AA ecosystem. It is a not-for-profit organization that promotes innovation, interoperability, and data security in the AA ecosystem. Read more here.
Technology Service Provider [TSP]
Organisations that work with FIUs and FIPs to integrate AA ecosystem. Read more here.
What data is available through AA?
There are two aspects to this question, one is what is permitted under law to be shared, and the second is what data is available on AA APIs. You can refer to the documentation by Setu (a TSP with an in-principle AA license), on the exact data that will be shared in each type of financial information. Note that these specifications of data that are available have been developed by ReBIT, and require amendment from ReBIT to add/remove any data fields.
Permitted Data Types and Providers
- The AA ecosystem is regulated by the Master Direction Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016.
- Financial Information (FI): This includes all major types of financial information such as accounts and deposits with banks/NBFCs, SIPs, CPs, CDs, securities, shares, bonds, mutual fund units, ETFs, IDRs, AIF/CIS/REIT/InvIT units, NPS balances, Insurance policies, GST returns, etc.
- Financial Information Providers (FIP): The list includes all major financial institutions as FIPs, these would include sources of all major data such as bank accounts, investments (mutual funds, demat), tax data, etc., the list includes banks, NBFCs, Asset management companies, depository & depository participant, Insurance companies & insurance repositories, pension funds and the Goods and Services Tax Network (GSTN).
- As of date, only banks have gone live on the AA ecosystem. Not all banks are live, although the biggest banks are already live. You can check the list of live banks and supported AAs here.
- Note that only singly held accounts are available on AA. Joint Accounts, Current Accounts, Fixed Deposits, and Recurring Deposits are not live and will take some time before they go live on AA. Check the status of data available from banks here.
- Additionally, there are several known issues and bugs in implementing AA by FIUs. Therefore, don’t take the status on Sahamati’s site at face value, as there may be some major bugs that prevent actual effective use.
Insurance Funds 🟡
- IRDAI, through a circular, has asked Insurance Companies and Insurance Repositories to join the AA framework and start sharing data.
- Some Insurers, such as HDFC Life, Tata AIA Life, and ICICI Prudential Life Insurance, are already live, and many are in the process of Integration.
- Investment-related data such as mutual funds and stocks are not live on AA. SEBI, through a circular, has asked Asset Management Companies (AMCs) through their Registrar and Transfer Agents (RTAs) and Depositories (NSDL and CSDL) to join the AA framework and start sharing data.
- Both depositories (NSDL and CDSL) have gone live and most AMCs have also started sharing their data on the AA network.
Pension Funds 🟢
- Pension Fund-related data is not live on AA. PFRDA, through a circular, has asked Central Record Keeping Agencies (CRAs), which maintain a record of pension fund data of each user who subscribes to an NPS scheme, to join the AA framework and start sharing data.
- Most CRAs have already gone live on the AA network.
- Goods and Services Tax Network was added on November 23, 2022, as a FIP by amending the Master Directions to enable cash-flow-based financing for MSMEs. GST data also went live with some Account Aggregators in July, 2023.
Who can access data through AA, or who can become a FIU?
- As per the Master Directions, only entities regulated by IRDAI, PFRDA, RBI, SEBI, and Department of Revenue, Ministry of Finance can become FIUs and request data from AAs.
- Thus, if your corporate entity is regulated by one of the regulators mentioned above, see the list here, you can become an FIU and fetch data through AA. Today, most FIUs are Banks, NBFCs and Registered Investment Advisers (regulated by SEBI) .
- Important to note that as of date, there is no restriction on: (i) What information can be requested by which regulated entity or (ii) the frequency of data refresh and other consent specifications, therefore, as long as you are a ‘regulated entity’ you can use AA. However, in the future, Sahamati likely imposes restrictions on FI Types and consent metrics basis the license, on the basis of what may be required to avoid abuse. For eg. a stock broker may be restricted from requesting insurance information for its user.
- Please do take appropriate advice to ensure you are not in breach of any data and privacy laws, and obligations, especially with regard to data storage, intra-group data sharing, and other compliances required by law.
Use cases for AAs in fintech.
Below we have discussed two live use cases of AA. There are several additional use cases, which may come as adoption increases.
Often times a lender relies on credit scores and bank statements provided by a customer. While credit reports can be obtained electronically, bank statements are collected physically, which poses two problems:
- Authenticity: The statements taken in print or a .pdf can be manipulated, and lenders do not have fraud-proof tools to verify authenticity. This increases operations for lenders, as they have to devote resources to verify authenticity, and also increases the risk of fraud (0.5-4% fraud rates) . AA solves this as the FIP provides the financial information to the FIU; this ensures that data is authentic and exhaustive.
- Friction: Providing bank statements requires a user to download their bank statement, take a print, and are also required to be authenticated/ attested. This creates friction in the lending process and increases user drop-offs in the lending journey. Combined with CKYC, Aadhar E-sign, and other innovations, lending has now become paperless. See sample lending flow here and here.
Personal Finance Management/Wealth Management
AAs will also permit new-age personal finance management tools, AA can aggregate different bank accounts, demat accounts, etc., into one app to provide a single view where they can access all their financial data. Consumer fintech apps, such as Fi Money, Jupiter, and IndMoney, have integrated ‘Net Worth’ features and provide insights and allow you to track balances in all bank accounts relying on AA.
What are the steps to integrate AA?
We would suggest deep diving into a few more AA documents before integrating AA into your application.
- First, review the Sahamati Community Guidelines, these provide granular guidance on what exactly is permitted within the AA ecosystem and how AA can be implemented in your app in terms of UX/UI and technical requirements.
- AA Login: Login to your AA partner, and set up your user’s AA account and AA ID .
- Account Discovery: Discover and link user’s bank accounts to their AA ID via OTP verification (similar to first time setting up UPI for a bank account).
- Consent: FIU creates a consent requirement against user’s AA ID, which a user can approve from their AA.
- Data Fetch: FIU requests FIP to share data as per the consent given by a user.
- Second, identify what data you require and discuss with TSPs and AAs. Most FIUs and FIPs use TSP services for plug-n-play AA integration, where TSP will handle encryption/decryption of FI and integration with the AA. TSP services can also include add-on services such as generating credit scores, or reports specific to your use case, and designing and coding entire user journeys. You can see a list of TSPs here.
- Third, get into the details with the TSPs, these include data pull frequency, commercials, certification, compliance, and testing their services. Upon confirming a TSP and an AA partner, you will execute detailed agreements with the TSP and AA. These are complex documents that will require the involvement of lawyers.
- Fourth, become part of Sahamati and go live. Once you enter into an agreement with a TSP/AA, they should facilitate your onboarding to Sahamati. This will entail signing the Sahamati Participation Terms, onboarding onto the Sahamati Central Registry, and auditing by approved certifiers that your integration complies with the law.
The AA process can be broken down into 4 stages:
Note that the first two steps are only required for first-time users of AA. If a user already has an AA id with linked bank accounts, you can fetch the details through their mobile number and directly raise a consent request in Step 3.
What are the biggest challenges with using AA?
The biggest challenge with AAs is the performance issues in FIP-AA integrations, which create several bugs when an FIU uses AA to fetch data, and leads to drop-offs for end-users. Note that just because a bank is marked live on Sahamati does not mean data from the FIP is reliably available.
Unfortunately, you can face different issues at stages 2-4, predominantly in the last step, impacting the functionality you want to build. We have given some examples of possible issues below.
- Account Discovery: Potential issues include downtime in Bank APIs, unable to detect a valid bank account, as the FIP is unable to detect an account due to issues at their end.
- Consent: Potential issues include OTP verification error when linking a bank account with the AA handle, as FIP is unable to authenticate a request due to issues at their end.
- Data Fetch: Potential issues include: (a) failed data request on weekends, (b) incomplete data being provided and information such as time and transaction ID,(c) outdated data is shared (older than 1-2 days).
Thus, you may want to build redundancies and create exceptions and plan for these issues so UX can be made as smooth as possible. However, it is pertinent to note that Sahamati has created a grievance redressal portal, where FIUs can submit complaints and work with FIPs, AAs, and TSPs to report and resolve bugs. Additionally, Sahamati will soon launch API based portal for FIUs to open-source performance data for FIPs, in a manner similar to done by NPCI for UPI.
Disclaimer: This guide is for educational purposes only and should not be considered legal or financial advice. Please conduct your own research and due diligence before making any decisions. We do not take responsibility for any errors or omissions or for any losses or damages incurred as a result of using this information.