Consolidation and sharing of financial information based on consent
Earlier this month, India unveiled the Account Aggregator (AA) network with eight of India’s largest banks participating in the network, marking the first step towards establishing an open bank in India.
AA service is available for individuals and businesses and any financial institution registered with RBI, SEBI, IRDA and PFRDA can be FIP or FIU
The resulting status of this ecosystem will depend on several factors such as the participation of all stakeholders, the security of financial data, the functioning of the customer consent architecture, the different aspects of the technology at the end of the aggregators of accounts, etc.
At present, we all deal with a number of financial service providers, each of which provides one or more services, which certainly makes it difficult for users to keep track of their finances as not all information can be provided in one place and there is no framework for consolidating all of this financial information. In order to resolve this inconvenience, in 2016, the Reserve Bank of India proposed to set up a framework for account aggregators. These account aggregators are supposed to fill this gap by collecting data from Financial Information Providers (FIPs) that hold your personal financial data like banks and providing the information about clients’ financial assets in a consolidated, organized and retrievable way. to the client or to any other financial information users (FIUs) such as loan agencies, etc. Earlier this month, India unveiled the Account Aggregator (AA) network with eight of India’s largest banks participating in the network, marking the first step towards opening the bank in India.
Participants And Creation Of The Central Information Register
AA service is available for individuals and businesses and any financial institution registered with RBI, SEBI, IRDA and PFRDA can be FIP or FIU. The network also has Technical Service Providers (TSPs) participating in the ecosystem who collaborate with other participants to provide a wide range of fintech products and services.
Sahamati is a collective ecosystem of self-organized account aggregators that facilitates the ecosystem and prescribes standards, promotes interoperability and prevents participants from engaging in anti-competitive behavior, and serves as a source of information for the AA ecosystem. The AA ecosystem is designed in such a way that each FIP and CRF is able to work with each AA in the ecosystem network, rather than just those with whom they have a bilateral agreement. Once an FIP / FIU is certified and added to the central registry, any approved AA can connect with it. Subscription to the AA network is not compulsory for all participants and the network allows full, unmasked information unlike other central registers.
Collection and sharing of financial information
Financial information refers to information about all kinds of financial services available to the user, including all kinds of bank / NBFC deposits, mutual funds, stocks, insurance policies, etc. However, currently only asset-based data is available and other types of data need to be added. overtime.
Every aspect of the AA network will be guided by consent. The consent architecture includes a consent artifact to allow the AA to obtain information from the FIP and another artifact allows the FIU / client to request aggregated information from the AA. Customers should also have the ability to revoke their consent to obtain information made accessible by a consent artifact, including the ability to revoke their consent to obtain portions of that information.
Upon receipt of the request with consent and only after verification of consent, the financial information provider will digitally sign the financial information and transmit it to the account aggregator in a secure manner in real time. Customers will also be able to view a dashboard and a list of given and revoked consents in the app to track information shared with financial institutions.
Data security aspects
Data transmitted through AA is encrypted by the sender and can only be decrypted by the recipient and AA cannot see the data, it simply transfers it from one financial institution to another based on instructions and consent. of an individual. Additionally, AA is not permitted to store, process, and sell customer data. This is designed to ensure that AA does not have a conflict of interest when designing processes for obtaining consent for access to user data. AA is not supposed to aggregate customer data and create detailed profiles. However, an AA application, and not the AA itself, will have access to your account balances. The decryption of this happens on the end customer’s device and very basic scans can be performed on the user’s app / device.
In addition, in order to ensure greater security and protection of information, account aggregators are prohibited from accessing user credentials, retaining or “residing” with themselves customer financial information. to which he accesses and to engage in activities such as taking charge of transactions by clients or undertaking any activity other than that of account aggregator. It also seems to suggest that account aggregators have no role in verifying or reconciling the accuracy of financial information retrieved and shared.
The AA network is mainly based on the DEPA (Data Empowerment and Protection Architecture) framework which is based on the principle that users have control over their data, which can be used for their empowerment. The business framework of an Account Aggregator is designed to be fully Information Technology (IT) driven and AAs are required to adhere to the IT framework and interfaces to ensure secure data flows from vendors. financial information to their own systems and then to financial information. users. Computer systems must also have adequate safeguards to ensure that they are protected against unauthorized access, alteration, destruction, disclosure or dissemination of records and data. AAs must be subject to an information system audit at least once every two years and a report must be submitted to the RBI.
Role in the lending space
The launch of the AA network has received a positive and welcome response among financial service providers, especially credit institutions, and it is long overdue to bring about a revolution in the nature and form of financial information sought and the way in which it is sought. they were shared with the lenders for the processing of a loan request. An applicant will now be able to share all of their financial and transactional information required by a lending institution transparently through the AA, which will provide the lender with granular information and allow them to make a faster and more informed decision. Being a fully technology-driven network, it will reduce the time it takes for FIUs to access, verify and analyze financial information. However, one problem is that in order to understand a customer’s credit behavior, a lender is expected to have all the required information and, since the customer here has control and the ability to choose what information they want. share, the client may avoid sharing particular crucial financial information that would impact the lender’s decision or they may have to resort to traditional submission again.
To conclude, at the framework and programmatic level, the account aggregator system is ready to achieve its dual objective, first to consolidate the financial information of users and give them full control over its information / data which is shared by customers. of the ecosystem. and second, digitizing the way financial information is shared with financial institutions, thereby facilitating real-time information sharing and faster delivery of financial services. The resulting status of this ecosystem will depend on several factors such as the participation of all stakeholders, the security of financial data, the functioning of the customer consent architecture, the different aspects of the technology at the end of the aggregators of accounts, etc.