The concept of AA came from the Financial Stability and Development Council (FSDC), the apex body for financial sector regulators, in 2015, and the Reserve Bank of India (RBI) took the lead initially. In September 2016, RBI announced master directions for a new class of non-banking finance companies called account aggregators (NBFC-AA). In 2016 itself, the four regulators— RBI, the Securities and Exchange Board of India (Sebi), the Insurance Regulatory and Development Authority of India (Irdai) and the Pension Fund Regulatory and Development Authority (PFRDA)— came together to allow regulated entities under their control to share data with user consent. The income tax and indirect taxes departments will also join the system, allowing the sharing of tax data as well, with your consent.
The on-ground rollout of this combined AA will be spearheaded by Sahamati, a collective of the Account Aggregator Ecosystem. Limited trials with specific groups of people are already happening. The AA architecture is aligned with the Personal Data Protection Bill, pending in Parliament, which is based on the Justice Srikrishna Committee Report on Data Protection.
What is AA?
Once it’s launched, you will be able to share financial data—related to your bank accounts, mutual funds, stocks, National Pension System and insurance policies—with a third party, say, a wealth manager through AA. The aggregator itself won’t store your information or view the information (which is encrypted).
Bank statements also include spending data which wealth managers can use to understand how much a customer can actually save, said Rohan Agarwal, chief executive officer and co-founder of Moneyjar, an online wealth management platform.
The AA can either charge from you, the customer, or the party requesting the data (called the financial information user or FIU) such as a wealth management firm or a bank. However, the exact modalities of payment are still being finalized, said B.G. Mahesh, co-founder of Sahamati.
The two most obvious applications of AAs are in lending (allowing a bank to gauge your credit-worthiness) and wealth management spaces, but there are other possibilities as well. If entities such as Amazon, Flipkart or Makemytrip, which are not regulated by any of the four financial regulators join, the AA system can be used in various innovative ways. For instance, a credit card issuer may scan your spending pattern on Amazon or Flipkart and suggest a card that fits that pattern, while a lender may look at your spending history to make a decision on eligibility and rates.
How does it work?
The FIU must be registered on the AA system to be able to use it. In order to do so, it must satisfy certain data protection standards. Sahamati will set data protection standards and enrol FIUs in the system.
For the process to be smooth, both the customer and the FIU must be registered with the same AA. Technically speaking, even if you and the FIU are registered with different AAs, information exchange is possible. However, in practice, without a commercial tie-up between AAs, this may not be possible. Mahesh is, however, confident that these things will get stitched up eventually. “We will set up a common legal framework for all FIUs to enter into commercial arrangements with all AAs. Interoperability between FIP-AAs (financial information provider and account aggregator) and FIU-AAs is mandatory. The AAs may have different pricing and offerings and it is up to the end customer and not the FIU to choose which AA the customer wants to use," he said.
The FIU sends a request to the AA asking for data. To do so, it only needs your virtual address specific to the AA system, similar to the Unified Payments Interface (UPI) IDs that are currently used. The request must then be approved by you online. You can specify the type of data to be shared and for how long. For example, you can choose to share your bank statements during the three-week period required by a bank to approve or reject the loan. You can also revoke consent, for instance, if you decide to take the loan from a different bank than the one which requested the information. The sharing is electronic, direct and does not need you to submit printed documents or electronic files.
The key advantage of data shared through AAs is that it comes directly from a trusted source—a regulated entity such as a bank, mutual fund or insurance company—and hence reduces the chances of fraud. If opaque and inefficient systems like land records, which are often falsified and not fully trusted, become part of the AA ecosystem, the benefits of transparency could be huge.
Also, banks may be able to save cost on processing loan applications and verifying data and, therefore, may be able to offer lower rates to customers.
The other big advantage, of course, is in the sphere of wealth management where the best financial plans can only be created if a full financial picture of the client is provided. “At present a lot of data sharing is dependent on the customer manually entering information. For example, assets like insurance policies, real estate records and bank account information. We pull some data like mutual funds from the Common Account Statement (CAS) which the customer has to upload with us. However, this too is not ideal since the customer has to manually request for CAS directly or through us," said Vijay Kuppa, co-founder, Oro Wealth, an online mutual fund investment platform. “Other use cases could be, for instance, identifying whether a customer has optimized his tax planning, if he shares income tax returns with us," he added.
There are three primary concerns about the system. First, although the FIU is a regulated entity (for example, a wealth manager will be regulated by Sebi as a registered investment adviser or a mutual fund distributor or a portfolio manager), the burden of ensuring that your data is not misused falls on the regulator in question. Each of the four regulators must come up with robust guidelines on data protection and storage so that it is not misused or sold to third parties.
Second, both the customer and the FIU need to be registered with the same AA. Alternatively, the FIU needs to have commercial arrangements with all AAs so it doesn’t matter which AA the customer chooses. This means that there is no automatic guarantee of interoperability like in the case of UPI.
Finally, there is some concern about the remuneration of AAs. If these entities are paid by FIUs rather than customers, there might be conflicts of interest. For instance, AAs may design terms and conditions that elicit more data from the customer than is required for the end use in question. Mahesh countered this by adding that the consent format will be standardized across the AA ecosystem. He said that the modalities of payment are being finalized and the final outcome might address concerns about conflicts of interest.
How the AA system finally turns out, only time will tell but there is little doubt about the potential it holds.