Direct Tax
Consulting
ESG Advisory
Indirect Tax
Growth Advisory
Internal Audit
BFSI Audit
Industry Audit
Valuation
RBI Services
SEBI Services
IRDA Registration
AML Advisory
IBC Services
Recovery of Shares
NBFC Compliance
IRDA Compliance
Finance & Accounts
Payroll Compliance Services
HR Outsourcing
LPO
Fractional CFO
General Legal
Corporate Law
Debt Recovery
Select Your Location
In recent years, RBI disclosed and displayed publically that the NBFC AA (Account Aggregator) network is a financial data-sharing system that has revolutionized investing and credit, giving to millions of consumers with greater potential in terms of keeping financial records and expanding potential among customers for lenders including the fintech companies. However, the RBI itself determines the concept of an account aggregator, and thus, a framework for its registration and business operation was further notified. The RBI compliance on NBFC AA starts initially from ensuring data security to having a board-approved policy among others. An account aggregator allows a person to access data securely and share such information digitally in the network from the end of one financial institution where customer have their account to the other financial institution existing in the network of an account aggregator. Such account aggregators are prohibited from sharing such data without obtaining the consent of the customer.
The Reserve Bank of India, exercising its conferred power specified under Section 45 JA of the RBI Act, 1935, issued a Master ‘’Direction DNBR.PD.009/03.10.119/2016-17’’ dated 2nd September 2016 and such direction in terms of registration and operation of AA, need to be complied by all non-banking financial companies operating the business of Account Aggregator.
The Reserve Bank of India, in its master direction of NBFC AA, has laid down some definitions for better understanding the direction-
Account Aggregator or NBFC AA refers to non-banking financial companies operating in an account aggregator’s business for a fee or defined within the Master direction section 3 (1)(iv).
Bank refers to those banking companies such as a newly incorporated bank, the State Bank of India, a subsidiary bank, or any other type of bank that requires further notification to comply with such directions or maybe a cooperative bank specified under section 5 (CCI) r.w. Section 56 of the Banking Regulation Act, 1949.
Business of an Account Aggregator refers to that business duly performed under a contract or for the service to either retrieve or collect financial information of the customers specified by the bank from time to time, and further, the same data could be consolidated or organized in such a way to present information either to the customers or any other financial institution as when required by the bank to do so. The financial information being collected from the customers is not held to be the property of such an account aggregator to use in a way for making profits.
Company refers to those entities registered under the Companies Act 2013/1956.
Accordingly, this RBI master direction refers to a person who engaged in a contract with the NBFC AA in order to benefit from the services duly provided by an account aggregator.
It refers to those companies under section 12 (1A) of the Securities and Exchange Board Act, 1992, and given a certificate of registration. A Depository Participant is a person duly registered through the Securities and Exchange Board Act of 1992.
The term financial information includes information related to the financial world, such as bank deposits with fixed deposit accounts, savings, recurring deposits, and current deposit accounts. It also includes deposits under NBFCs, Structured Investment Products (SIP), Commercial Paper (CP), certificates of Deposit (CD), Government securities, Mutual funds, Equity shares, Insurance Policies, and many more, along with any other information if specified by the bank from time to time, etc.
Under this master direction, it refers to all those regulatory bodies that are making rules and regulations to govern the financial sector, such as RBI, SEBI, IRDAI, and PFRDA.
It includes all those entities that act like a bank, such as non-banking companies, asset Management Companies, insurance repositories, pension funds, and many more, along with some other entity if specified by the bank from the time being, etc.
It refers to the outside liabilities with excluded borrowings and loans from the group of entities to owned funds.
It refers to an individual, undivided Hindu family, company, and firm, an association of individuals instead of its incorporation or not, and includes every judicial person falling from the preceding sub-clauses.
Under this RBI Master direction, all companies desirous of an approval certificate to operate as an NBFC AA must make an application in the name of the Department of Non-banking Regulation, Mumbai, in accordance with the specified format Annex-1 duly for the same purpose.
The Concerned authority will consider the application for registration as an NBFC AA after being satisfied with the following conditions-
It is specifically suggested by the RBI that either a single piece of information or data be obtained and shared by NBFC AA without the consent of customers. However, NBFC AA will perform their business operation in such a manner to obtain, submit, and further manage their customer consent as per the RBI Master direction.
It is necessary to ensure that the consent obtained from the customers must be acquired through a standardized consent form by the NBFC AA in such below specified manner-
Consent can be taken using the electronic form, and the NBFC AA must inform about all the ingredients of the consent form and the customer’s rights to raise any complaints related to any future dispute with the concerned authorities for the time being if their dispute is solved.
NBFC AA must support their customers with a facility to revoke or cancel their consent if they find it or can revoke it for some specific parts. NBFC AA will offer a newly made agreement with the financial information service provider in case of consent cancellation requests.
NBFC AA platform is completely based upon technology, thus requiring ensuring that the data collected or submitted from the end of the customers is secured as required under clause 8 of this master direction. The NBFC AA must comply with the Information Technology, Act 2000 along with the Information Technology (Reasonable Security practices and Sensitive Personal Data) Rules, 2011.
NBFC AA platforms are required to make sure that they are complying with the given RBI directions below-
NBFC AA (account aggregator) is required to have its own board approval policy based on pricing services. In order to commence pricing services, NBFC AA must comply with transparent guidelines (as per board policy) for pricing offerings that must be in the public domain.
NBFC AA platforms are required to adopt a suitable internal mechanism to review, monitor, control, and evaluate their internal system, procedures, and safeguards. Their internal system should be maintained and checked in a regular manner and follow suitable measures to ensure that collected customers’ information may not be lost, destroyed, or tampered with.
NBFC AA platforms are bound to establish an audit committee compromising its 3 members (especially from the board of directors). Such an Audit committee must be constituted according to section 177 of the Companies Act 2013 and hold the same power, functions, and duties accordingly.
NBFC AA (account aggregator) platforms must constitute a Nomination committee within their organization consisting of its 3 members from their board of directors under section 178 of the Companies Act, 2013 so as to check out the fit and proper status of their existing directors.
It is the responsibility of the concerned bank under whose jurisdiction NBFC AA comes and will communicate about the returns timely to such NBFC AA.
The concerned bank is free and capable of initiating an inspection on NBFC AA by assigning tasks to their officers, employees, or any other NBFC AA when required.
Although the NBFC AA (account aggregators) platform completely depends on technology, it would be better to call it technology-driven. It becomes very crucial for them to take appropriate measures to secure their customer’s financial information. Moreover, the Reserve Bank of India has laid down this Master’s direction to comply with all NBFC AA. It must operate their business operations accordingly to make customer’s life convenient on a daily basis.
On January 16, 2025, the Reserve Bank of India (RBI) released the list of Non-Banking Financial...
Over the decades, the Oil and Natural Gas Corporation (ONGC) has been a key pillar in the portf...
The Reserve Bank of India, on April 11, 2025, posted a Press Release No. 2025-2026/96 on their...
Hong Kong is widely recognized as a leading global business hub, known for its free-market econ...
With India’s growing economy, Non-Banking Financial Companies (NBFCs) have expanded significa...
Are you human?: 9 + 1 =
Easy Payment Options Available No Spam. No Sharing. 100% Confidentiality
The proposal to ease share buyback norms for NBFC is expected to be presented at the regulator’s board meet. The...
06 Sep, 2022
The Reserve Bank of India (RBI) has issued the regulation on Fair Practices Code for Non-Banking Finance Companies...
13 Jun, 2023