Finance Business

Presenting Account Aggregators as Consent Custodians!

With the constant evolution of Customer expectations, there has been a continuous effort being made in the world of financial services. One of those is to bring together data from countless sources in one place. This concept is called Account Aggregation. In the domain of financial services, account aggregation involves collection of information from varied accounts in a single place. Account aggregators are entities that allow individuals to share/access data from one financial institution to another.

Need for Account Aggregators

Considering the amount of data being generated every minute, there is an urgent need to ensure that the financial data is secured, channelized and used for financial management. There was no proper framework for seamless and swift data sharing. Moreover due to lack of solutions to aggregate and integrate user data, the information which is fragmented is not optimised effectively to ensure expected service delivery to customers. Hence these reasons necessitate the need for AAs.

Stakeholders in the Account Aggregator Ecosystem

There are four major players in this: Financial Information Providers, Financial Information Users, End Users and Account Aggregators.

• Financial Information Providers

As the name itself suggests, financial information providers are the providers of information to financial entities. Some of the examples of Financial Information Providers can be entities such as banks, NBFCs, AMCs, insurance companies and such other entities.

• Financial Information Users

Financial information users seek information from financial information providers in order to extend financial services. FIUs can be FIPs themselves, such as banks, AMCs etc.

• Account Aggregator

Account Aggregators are entities with NBFC License regulated by the RBI^[1]. Account aggregators are consent managers. They ensure structured financial data sharing from FIPs to FIUs. While doing so, they retain a record of the consent provided and offer a functionality to manage and rescind consent.

• End user

The end user or the customer enters into a legal arrangement with the AA.

Account Aggregators Utility

The data obtained from various financial information providers can play a crucial role in effectuating financial inclusion and help in building better products or services for users. Going ahead of traditional approach of credit rating agencies, account aggregation involves cash flow based inputs like income from different sources, expenses, receipts and tax returns.

Account Aggregators as Consent Custodians

There are various modes for aggregation services, but one of the common mode is called screen scraping. Screen scraping refers to the act of copying an information that shows on a digital display so that it can be used for another purpose. In case of screen scraping, the user needs to disclose the authentication credentials of the FIPs to the aggregator. The frequency of data updates by different websites may vary hence screen scraping may not provide an accurate picture of the customer’s financial records. Therefore it becomes tough for financial information users to provide service in a timely manner.

You may have heard of the term DEPA (Data Empowerment and Protection Architecture), DEPA offers users access to improve financial services by giving users the control over how their data shall be used and ensuring privacy and security.

You may be aware that AA platforms are built on the DEPA, which provides the authority to users over how their data will be used. AAs are not allowed to access, store or sell the data, but they can only collect and transmit. The user who registers with account aggregators can provide or retract consent for sharing data with an FIP. The user can also control the extent to which the data can be shared. Moreover, the user can limit the period for which his data can be shared with FIU.

Hence every aspect of the AA network is driven by consent. Upon receiving the request with consent and after the verification of the consent is completed, the financial information provider will sign the financial information digitally and transmit it to the Account Aggregator in a secure manner in real-time. The user will also be able to view a dashboard and a list of consents given and revoked to track the information shared with financial institutions. For this, the user needs to register with an AA application which displays all consents provided, consent revoked and a record of data requests made by the FIU. In this application, users need to link with their FIPs in order to share the data from FIP to a FIU. In order to link, the user needs to punch a unique identifier through which FIP can discover account.

The AAs can charge the FIU whom they are assisting to provide better services or can also charge the end customer for facilitating the transfer of information digitally and in a secure manner. It provides a huge growth potential for AAs.

Data Security

Here the data that is transmitted through AA is encrypted by the sender and can only be decrypted by the recipient. AA will not be able to see the data, as said earlier. They can only collect it and transmit it to another based on the individual consent. AAs are not permitted to store or sell customer data and AAs are not expected to aggregate customer data and make profiles however an AA application will have the access to your account balances.

Additionally, to provide greater information security and protection, the account aggregators are not allowed to access user credentials and they cannot keep the financial information of the customer and indulge in activities like supporting transactions by customers or take up businesses other than the account aggregator business.  

The AA business framework is IT driven, and AAs need to comply with IT framework and interfaces. This will ensure a secure data flow from the financial information providers to their own systems and to the financial information users. They also need to put in place security practices in order to ensure that IT system is protected against unauthorised access, alteration, disclosure or dissemination of records and data. The AAs would also be subjected to information system audit once in 2 years, and the report should be submitted to the Reserve Bank.

Conclusion

The account aggregators’ framework has been aimed at consolidating the financial information for users and give them entire control over its information/data being shared through the ecosystem and to digitalize the financial information sharing with financial institutions, thereby ensuring real time information sharing and quicker provision of financial services.

Read our Article:Centralized KYC Registry: What is it and how does it work?