Direct Tax
Consulting
ESG Advisory
Indirect Tax
Growth Advisory
Internal Audit
BFSI Audit
Industry Audit
Valuation
RBI Services
SEBI Services
IRDA Registration
AML Advisory
IBC Services
NBFC Compliance
IRDA Compliance
Finance & Accounts
Payroll Compliance Services
HR Outsourcing
LPO
Fractional CFO
General Legal
Corporate Law
Debt Recovery
Select Your Location
Account Aggregators (AA) are a new category of financial intermediaries that enable customers to share their financial data across various financial institutions. They are licensed and regulated by the Reserve Bank of India (RBI) under the Non-Banking Financial Company – Account Aggregator (NBFC-AA) framework. The AA framework was launched in 2016, and the first AA entity was licensed in 2020. The primary objective of the AA framework is to provide customers with better control over their financial data, enable data-driven decision-making, and enhance the efficiency of the financial ecosystem. In this blog, we will discuss the sphere of regulatory compliance for Account Aggregators.
The first and foremost regulatory compliance for Account Aggregators is to obtain a license from the RBI. The RBI has prescribed a set of eligibility criteria, including minimum net worth, fit and proper criteria for directors and senior management personnel, and compliance with various regulatory and statutory requirements, to obtain a license. Once the AA has obtained the license, it must ensure compliance with various ongoing regulatory and statutory requirements, such as filing of periodic reports, maintenance of minimum net worth, etc.
AAs enable customers to share their financial data across various financial institutions. However, such sharing of data can be done only with the customer’s explicit consent. The customer must be informed about the purpose and scope of data sharing, the types of data that will be shared, the financial institutions with whom the data will be shared, and the duration for which the data will be shared. The customer must also have the right to revoke the consent at any time. The AA must ensure that it obtains the customer’s consent in a clear and unambiguous manner and maintains records of the consent obtained.
AAs must comply with various other regulatory and statutory requirements, such as the Prevention of Money Laundering Act (PMLA)[1], Foreign Exchange Management Act (FEMA), Income Tax Act, etc. The AA must ensure that it collects and shares customer data only with the financial institutions that are compliant with these requirements. The AA must also maintain records of the transactions carried out through its platform and provide such records to the relevant regulatory authorities upon request.
An Account Aggregator (AA) is required to comply with various other regulatory and statutory requirements in addition to the guidelines set by the Reserve Bank of India (RBI). These requirements include but are not limited to:
One of the primary objectives of the AA framework is to provide customers with better control over their financial data. Hence, it is crucial for AAs to comply with data privacy and security requirements. The RBI has prescribed various guidelines and standards for data privacy and security, such as the Personal Data Protection Bill (PDPB) and the RBI’s Master Direction on Data Sharing and Privacy. The AA must ensure that it collects and uses customer data only for the purposes specified in the customer consent, and takes adequate measures to secure and protect the data from unauthorized access or misuse. Some of the key measures that an AA must take to ensure data privacy and security include:
This is one of the most important Regulatory Compliance for Account Aggregators. AAs must have robust cybersecurity and IT infrastructure to ensure the security and integrity of customer data. The RBI has prescribed various guidelines and standards for cybersecurity and IT infrastructure, such as the Cyber Security Framework for Banks and the Master Direction on Digital Payment Security Controls. The AA must ensure that its IT infrastructure is secure and protected from cyber threats, and that it has adequate backup and recovery mechanisms in place. The AA must also conduct periodic cybersecurity audits and tests to identify and mitigate any vulnerabilities or risks.
AAs must have a robust compliance monitoring and reporting mechanism to ensure that they comply with various regulatory and statutory requirements. The AA must have a designated compliance officer who is responsible for monitoring and reporting compliance. The compliance officer must ensure that the AA complies with various requirements, such as customer consent, data privacy and security, KYC norms, etc. The compliance officer must also prepare periodic compliance reports and submit them to the RBI.
Operational guidelines are a set of guidelines and standards that an Account Aggregator (AA) must follow in order to operate in compliance with regulatory requirements and ensure the security and privacy of customer data. The operational guidelines cover various aspects of the AA’s operations, including data privacy and security, technical standards, customer onboarding, and dispute resolution. Below are some of the key operational guidelines that an AA must follow:
As per the RBI guidelines, Account Aggregators (AAs) must maintain accurate and complete financial records and prepare financial reports as per the RBI’s prescribed format. The purpose of financial reporting is to provide a transparent and accurate picture of the financial health and performance of the AA to its stakeholders, including the regulator, customers, investors, and other interested parties.
To ensure the accuracy and completeness of the financial records, AAs must undergo periodic financial audits by a qualified auditor. The financial audit report must be submitted to the RBI along with the annual financial statements. The auditor must verify the accuracy and completeness of the financial records and provide an opinion on the financial statements prepared by the AA.
The financial statements must comply with the Generally Accepted Accounting Principles (GAAP) and the RBI’s prescribed format. The financial statements must provide a true and fair view of the financial position, performance, and cash flows of the AA. The financial statements must include a balance sheet, profit and loss account, and cash flow statement, along with other relevant disclosures.
The financial reporting and audit requirements are essential to ensure the financial stability and sustainability of the AA. By maintaining accurate financial records and preparing financial statements as per the RBI’s guidelines, AAs can ensure the trust and confidence of their stakeholders, including the customers, investors, and the regulator. The financial reporting and audit requirements also provide a mechanism for the regulator to monitor and regulate the activities of the AA and ensure compliance with the regulatory requirements.
The Account Aggregator framework is designed to provide customers with greater control over their financial data. However, there may be instances where customers may have grievances or disputes with the AA or the Financial Information Providers (FIPs) whose data is being aggregated. To address such grievances and disputes, AAs must have a robust dispute resolution mechanism in place.
The RBI has prescribed guidelines for the dispute resolution mechanism, and AAs must ensure that they comply with these guidelines. AAs must have a designated grievance redressal officer who is responsible for resolving customer grievances and disputes. The grievance redressal officer must have the necessary skills and knowledge to resolve customer grievances effectively.
AAs must also have a clear escalation process for disputes that cannot be resolved at the grievance redressal level. The escalation process must be transparent and well-defined to ensure that customers understand the process and their rights.
AAs must maintain records of all customer grievances and disputes, including the nature of the grievance, the action taken to resolve the grievance, and the time taken to resolve the grievance. AAs must also report customer grievances and disputes to the RBI on a regular basis.
By having a robust dispute resolution mechanism in place, AAs can ensure that customer grievances and disputes are resolved promptly and effectively. This can help build trust and confidence among customers and can also prevent legal and regulatory penalties for non-compliance with the dispute resolution guidelines.
The sphere of regulatory compliances for Account Aggregators is quite comprehensive and covers various aspects such as registration and licensing, data privacy and security, customer consent, compliance with other regulatory and statutory requirements, cybersecurity and IT infrastructure, compliance monitoring and reporting, operational guidelines, financial reporting and audit, and dispute resolution. The AA must ensure that it complies with these requirements to ensure the efficient and secure functioning of its platform. The RBI has prescribed various guidelines and standards for each of these aspects, and the AA must ensure that it complies with them to avoid any regulatory or legal penalties. Overall, the AA framework is a welcome step towards providing customers with better control over their financial data, and it is essential that AAs comply with the regulatory requirements to ensure the success of the framework.
Also Read: How NBFC – Account Aggregators Ease Financial Processes And Protect Privacy?All you need to know about Account Aggregator System in IndiaEligibility Requirements and Procedure of obtaining NBFC AA License
Significant withdrawals from the banking industry in recent months have been brought on by the...
Nowadays, the purpose of the corporate existence is not only limited to making profits but also...
Maintaining a robust auditing process in the ever-evolving business world is crucial for thorou...
The end of the fiscal year is crucial for finance teams. Finance professionals spend much time...
The centre redesigned the AIF scheme to cover the FPOs (Farmer Producer Organizations) to stren...
Are you human?: 4 + 6 =
Easy Payment Options Available No Spam. No Sharing. 100% Confidentiality
In India, the SEBI and the Reserve Bank of India[1] both regulate NBFCs. They are essential to the financial indust...
15 May, 2023
Fintech Based business model is the future of NBFC – a Scalable Business model The Indian economy has been very p...
02 Jan, 2021