Account Aggregator System: India’s Open Banking Revolution

Account Aggregator System: India’s Open Banking

Until a few years ago, financial data was kept in the closed systems of various banks and financial institutions. A closed system like this creates a data advantage for the banks (that can use this to give loans) but significantly hinders financial innovation. This realization led the world to the notion of Open Banking - a system that allows fluid access of financial data to trusted entities using Application Programming Interfaces (APIs). The Account Aggregator (AA) system is India’s version of Open Banking coupled with various innovations to ensure user data privacy and to keep the locus of control in the hands of end users.

What is the Account Aggregator System?

Account Aggregator is a framework introduced by the Reserve Bank of India (RBI) to facilitate the seamless sharing of financial information among various participants of the account aggregator network. The consent-based system allows users to securely and digitally share their financial data across multiple accounts and institutions. The system operates on the principle of providing individuals complete control over their data and enabling them to leverage it for various financial purposes. The consent for any financial information shared is parameterized by variables like:

• The Date range for financial information.
• Data life: how long the information receiver can store the information.
• Data frequency: number of times information can be pulled in a given period.
• Consent period: the duration of the consent validity.

Types of Participants in the AA System:

• Financial Information User (FIU): Entity that has requested the financial information. Eg. Fintech companies like Kniru.‍
• Financial Information Provider (FIP): Entities that are providing the financial information. Eg. Banks, Mutual Funds, NPS-CRA, etc.‍
• Technology Service Provider (TSP): Providers of the foundation modules that connect FIPs and FIUs to the AA system. They are generally the first point of contact for FIUs to request information from AA. Eg. Finfactor, MoneyOne, Setu, Perfios, etc.‍
• Account Aggregators (AA): Middle parties that manage consent and connect FIUs to FIPs after receiving proper and authenticated consent. TSPs often act as gateways to the Account Aggregators.
  ‍

‍

How to become part of the Account Aggregator (AA) Network?

Any registered entity regulated by one or more of the following four financial regulators can apply to become part of the AA network:

• Reserve Bank of India (RBI)
• Securities and Exchange Board of India (SEBI)
• Pension Fund Regulatory Development Authority (PFRDA)
• Insurance Regulatory and Development Authority (IRDA)

After obtaining an appropriate license from one or more of the above regulators, the entity needs to:

• Sign the participation terms with Sahamati. 
• Integrate with Sahamati Technical Services.
• Test the Technical Implementations in UAT environments.
• Undergo the certification process.
  

Sahamati: Custodian of the AA system

The Account Aggregator ecosystem is developed and run by Sahamati, a self-organized non-profit organization. Sahamati is an alliance of various people and organizations from different backgrounds like finance, law, and technology on a mission to develop and promote the account aggregator system in India. Sahamati also maintains the AA central registry. All participants in the AA ecosystem must be listed in the central registry along with some public information like IP addresses and public keys before they can start accessing the AA network. Sahamati has created various technical utilities and certificates for the account aggregator system and continues to promote the development in an Open Source manner.

How does the Account Aggregator System work?

The account aggregator flow starts with a FIU requesting financial information from FIPs. The first step of the process involves authenticating the end user with the AA using their phone number and OTP. Then the user selects their financial accounts which starts the account discovery process followed by account linking process. A consent screen is displayed to the user that mentions all the consent parameters and user has the option to accept or reject the consent. Upon successful acceptance of the consent, the FIU receives a secret token (called the consent handle) that is used to fetch financial information in accordance with constraints of the consent.

Benefits of the Account Aggregator System:

• Simplified Loan Application Process: The system simplifies the loan application process by streamlining the verification of financial information. With consent, lenders can directly access an individual's financial data through the AA, eliminating the need for manual document submission. This leads to faster loan processing and improved access to credit for individuals.
• Data Security and Privacy: The Account Aggregator System operates under a robust data security framework. AAs must comply with strict security and privacy standards, protecting individuals' financial information. The system also ensures that data is shared only with explicit consent, giving individuals complete control over their information.
• Improved Credit Assessment: Lenders can access a comprehensive view of an individual's financial health, leading to better credit assessment and customized lending solutions.
• Streamlined Investment Decisions: Investors can consolidate their investment portfolios and receive holistic advice based on accurate and up-to-date data, promoting informed decision-making.

Limitations of the Account Aggregator System:

• The current account aggregator flow requires too many OTPs and can be annoying for the end user. The end user has to authenticate each FIP separately. If the user has to connect 3 HDFC accounts, 2 ICICI accounts, and 1 SBI account, they must go through 3 OTPs in the account linking process.
• Given the technical specifications of the account aggregator system, it seems infeasible to support webhooks, which means fintechs can’t obtain a real-time view of the finances. With the current design and restrictions, there will be ~4 hours lag in the worst case between when a transaction happens and when it is incorporated into the AA system.
• The system today supports single bank accounts but there is still a long way to go to achieve the full potential of the ReBIT specification which will involve almost all pieces of financial data for a user including Credit Card, Mutual fund, EPF, PPF, and various other financial data.

Can you trust an Account Aggregator?

The account aggregator system is designed with utmost considerations to security and privacy. The end user holds complete control over their financial data with the help of consent. The end user can decide precisely what data, for what accounts, for what time range, and for how long can be visible to a financial information user. Since the data is fully-encrypted in transit, account aggregators can’t see any user data. Account Aggregators are mere consent managers that move data from one institution to another based on the consent without the ability to look at that data.

Resources: 

• Sahamati
• Eligible licenses to become part of the AA system‍
• Sahamati Certification Process‍
• ReBIT API
• Sahamati Github
  

Conclusion : 

The account aggregator system is on track to completely revolutionize how financial services operate in India. Financial data will flow smoothly between the entities that need access to it and end users will have complete control over that level of access. Access to credit, financial advice, investment advice, and retirement planning will become available at the touch of a button. Instead of getting loans after weeks of paperwork and drudgery, loans will be underwritten in seconds and disbursed in minutes. And the stage for a new era of India will be set!

‍