What is an AA?

• An account aggregator is a platform that enables customers to view and manage their financial accounts, such as bank accounts, insurance policies, and investment portfolios, from different financial institutions through a single, secure online portal.
• AAs are consent managers who help in easy + secure data transactions between Financial Information Providers (FIPs) [example - banks with savings accounts] and Financial Information Users (FIUs) [example - NBFC lenders].
• AAs can help customers save time and effort by providing a convenient way to view, manage and share their financial information.
• There are nine live account aggregators in India, and eight with in-principal approvals, see list here. However, they are at different stages of integration with banks. After an AA goes live, it has to integrate with each Bank separately; thus, while some AAs (Finvu, OneMoney, Perfios, CAMS) have already integrated with most banks, the remaining have just received their licenses and have just started to integrate. You can track the status of each AA’s FIP integration here.
• Account Aggregators (”AAs”) are regulated by the Reserve Bank of India and are classified as NBFC-AA by the RBI. Under the RBI Regulations, the application process for obtaining an Account Aggregator License is split into two phases.

Participants in the AA ecosystem

What data is available through AA?

Permitted Data Types and Providers

• The AA ecosystem is regulated by the Master Direction Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016.
• Financial Information (FI): This includes all major types of financial information such as accounts and deposits with banks/NBFCs, SIPs, CPs, CDs, securities, shares, bonds, mutual fund units, ETFs, IDRs, AIF/CIS/REIT/InvIT units, NPS balances, Insurance policies, GST returns, etc.
• Financial Information Providers (FIP): The list includes all major financial institutions as FIPs, these would include sources of all major data such as bank accounts, investments (mutual funds, demat), tax data, etc., the list includes banks, NBFCs, Asset management companies, depository & depository participant, Insurance companies & insurance repositories, pension funds and the Goods and Services Tax Network (GSTN).
📰
Goods and Services Tax Network was added on November 23, 2022, as a FIP by amending the Master Directions to enable cash-flow-based financing for MSMEs.

Banks 🟢

• As of date, only banks have gone live on the AA ecosystem. Not all banks are live, although the biggest banks are already live. You can check the list of live banks and supported AAs here.
• Note that only singly held accounts are available on AA. Joint Accounts, Current Accounts, Fixed Deposits, and Recurring Deposits are not live and will take some time before they go live on AA. Check the status of data available from banks here.
• Additionally, there are several known issues and bugs in implementing AA by FIUs. Therefore, don’t take the status on Sahamati’s site at face value, as there may be some major bugs that prevent actual effective use.

Insurance Funds 🟡

• IRDAI, through a circular, has asked Insurance Companies and Insurance Repositories to join the AA framework and start sharing data.
• Some Insurers, such as HDFC Life, Tata AIA Life, and ICICI Prudential Life Insurance, are already live, and many are in the process of Integration.

Investments 🟢

• Investment-related data such as mutual funds and stocks are not live on AA. SEBI, through a circular, has asked Asset Management Companies (AMCs) through their Registrar and Transfer Agents (RTAs) and Depositories (NSDL and CSDL) to join the AA framework and start sharing data.
• Both depositories (NSDL and CDSL) have gone live and most AMCs have also started sharing their data on the AA network.

Pension Funds 🟢

• Pension Fund-related data is not live on AA. PFRDA, through a circular, has asked Central Record Keeping Agencies (CRAs), which maintain a record of pension fund data of each user who subscribes to an NPS scheme, to join the AA framework and start sharing data.
• Most CRAs have already gone live on the AA network.

GST 🟢

• Goods and Services Tax Network was added on November 23, 2022, as a FIP by amending the Master Directions to enable cash-flow-based financing for MSMEs. GST data also went live with some Account Aggregators in July, 2023.

Who can access data through AA, or who can become a FIU?

• As per the Master Directions, only entities regulated by IRDAI, PFRDA, RBI, SEBI, and Department of Revenue, Ministry of Finance can become FIUs and request data from AAs.
• Thus, if your corporate entity is regulated by one of the regulators mentioned above, see the list here, you can become an FIU and fetch data through AA. Today, most FIUs are Banks, NBFCs and Registered Investment Advisers (regulated by SEBI) .
• Important to note that as of date, there is no restriction on: (i) What information can be requested by which regulated entity or (ii) the frequency of data refresh and other consent specifications, therefore, as long as you are a ‘regulated entity’ you can use AA. However, in the future, Sahamati likely imposes restrictions on FI Types and consent metrics basis the license, on the basis of what may be required to avoid abuse. For eg. a stock broker may be restricted from requesting insurance information for its user.
• Please do take appropriate advice to ensure you are not in breach of any data and privacy laws, and obligations, especially with regard to data storage, intra-group data sharing, and other compliances required by law.

Use cases for AAs in fintech.

Lending

1. Authenticity: The statements taken in print or a .pdf can be manipulated, and lenders do not have fraud-proof tools to verify authenticity. This increases operations for lenders, as they have to devote resources to verify authenticity, and also increases the risk of fraud (0.5-4% fraud rates) . AA solves this as the FIP provides the financial information to the FIU; this ensures that data is authentic and exhaustive.
2. Friction: Providing bank statements requires a user to download their bank statement, take a print, and are also required to be authenticated/ attested. This creates friction in the lending process and increases user drop-offs in the lending journey. Combined with CKYC, Aadhar E-sign, and other innovations, lending has now become paperless. See sample lending flow here and here.

Personal Finance Management/Wealth Management

What are the steps to integrate AA?

• First, review the Sahamati Community Guidelines, these provide granular guidance on what exactly is permitted within the AA ecosystem and how AA can be implemented in your app in terms of UX/UI and technical requirements.

The AA process can be broken down into 4 stages:

1. AA Login: Login to your AA partner, and set up your user’s AA account and AA ID .
2. Account Discovery: Discover and link user’s bank accounts to their AA ID via OTP verification (similar to first time setting up UPI for a bank account).
3. Consent: FIU creates a consent requirement against user’s AA ID, which a user can approve from their AA.
4. Data Fetch: FIU requests FIP to share data as per the consent given by a user.

Note that the first two steps are only required for first-time users of AA. If a user already has an AA id with linked bank accounts, you can fetch the details through their mobile number and directly raise a consent request in Step 3.

• Second, identify what data you require and discuss with TSPs and AAs. Most FIUs and FIPs use TSP services for plug-n-play AA integration, where TSP will handle encryption/decryption of FI and integration with the AA. TSP services can also include add-on services such as generating credit scores, or reports specific to your use case, and designing and coding entire user journeys. You can see a list of TSPs here.
• Third, get into the details with the TSPs, these include data pull frequency, commercials, certification, compliance, and testing their services. Upon confirming a TSP and an AA partner, you will execute detailed agreements with the TSP and AA. These are complex documents that will require the involvement of lawyers.
• Fourth, become part of Sahamati and go live. Once you enter into an agreement with a TSP/AA, they should facilitate your onboarding to Sahamati. This will entail signing the Sahamati Participation Terms, onboarding onto the Sahamati Central Registry, and auditing by approved certifiers that your integration complies with the law.

What are the biggest challenges with using AA?

1. Account Discovery: Potential issues include downtime in Bank APIs, unable to detect a valid bank account, as the FIP is unable to detect an account due to issues at their end.
2. Consent: Potential issues include OTP verification error when linking a bank account with the AA handle, as FIP is unable to authenticate a request due to issues at their end.
3. Data Fetch: Potential issues include: (a) failed data request on weekends, (b) incomplete data being provided and information such as time and transaction ID,(c) outdated data is shared (older than 1-2 days).