Select Your Location
Account Aggregators (AA) are a new category of financial intermediaries that enable customers to share their financial data across various financial institutions. They are licensed and regulated by the Reserve Bank of India (RBI) under the Non-Banking Financial Company – Account Aggregator (NBFC-AA) framework. The AA framework was launched in 2016, and the first AA entity was licensed in 2020. The primary objective of the AA framework is to provide customers with better control over their financial data, enable data-driven decision-making, and enhance the efficiency of the financial ecosystem. In this blog, we will discuss the sphere of regulatory compliance for Account Aggregators.
Table of Contents
The first and foremost regulatory compliance for Account Aggregators is to obtain a license from the RBI. The RBI has prescribed a set of eligibility criteria, including minimum net worth, fit and proper criteria for directors and senior management personnel, and compliance with various regulatory and statutory requirements, to obtain a license. Once the AA has obtained the license, it must ensure compliance with various ongoing regulatory and statutory requirements, such as filing of periodic reports, maintenance of minimum net worth, etc.
AAs enable customers to share their financial data across various financial institutions. However, such sharing of data can be done only with the customer’s explicit consent. The customer must be informed about the purpose and scope of data sharing, the types of data that will be shared, the financial institutions with whom the data will be shared, and the duration for which the data will be shared. The customer must also have the right to revoke the consent at any time. The AA must ensure that it obtains the customer’s consent in a clear and unambiguous manner and maintains records of the consent obtained.
AAs must comply with various other regulatory and statutory requirements, such as the Prevention of Money Laundering Act (PMLA), Foreign Exchange Management Act (FEMA), Income Tax Act, etc. The AA must ensure that it collects and shares customer data only with the financial institutions that are compliant with these requirements. The AA must also maintain records of the transactions carried out through its platform and provide such records to the relevant regulatory authorities upon request.
An Account Aggregator (AA) is required to comply with various other regulatory and statutory requirements in addition to the guidelines set by the Reserve Bank of India (RBI). These requirements include but are not limited to:
One of the primary objectives of the AA framework is to provide customers with better control over their financial data. Hence, it is crucial for AAs to comply with data privacy and security requirements. The RBI has prescribed various guidelines and standards for data privacy and security, such as the Personal Data Protection Bill (PDPB) and the RBI’s Master Direction on Data Sharing and Privacy. The AA must ensure that it collects and uses customer data only for the purposes specified in the customer consent, and takes adequate measures to secure and protect the data from unauthorized access or misuse. Some of the key measures that an AA must take to ensure data privacy and security include:
This is one of the most important Regulatory Compliance for Account Aggregators. AAs must have robust cybersecurity and IT infrastructure to ensure the security and integrity of customer data. The RBI has prescribed various guidelines and standards for cybersecurity and IT infrastructure, such as the Cyber Security Framework for Banks and the Master Direction on Digital Payment Security Controls. The AA must ensure that its IT infrastructure is secure and protected from cyber threats, and that it has adequate backup and recovery mechanisms in place. The AA must also conduct periodic cybersecurity audits and tests to identify and mitigate any vulnerabilities or risks.
AAs must have a robust compliance monitoring and reporting mechanism to ensure that they comply with various regulatory and statutory requirements. The AA must have a designated compliance officer who is responsible for monitoring and reporting compliance. The compliance officer must ensure that the AA complies with various requirements, such as customer consent, data privacy and security, KYC norms, etc. The compliance officer must also prepare periodic compliance reports and submit them to the RBI.
Operational guidelines are a set of guidelines and standards that an Account Aggregator (AA) must follow in order to operate in compliance with regulatory requirements and ensure the security and privacy of customer data. The operational guidelines cover various aspects of the AA’s operations, including data privacy and security, technical standards, customer onboarding, and dispute resolution. Below are some of the key operational guidelines that an AA must follow:
As per the RBI guidelines, Account Aggregators (AAs) must maintain accurate and complete financial records and prepare financial reports as per the RBI’s prescribed format. The purpose of financial reporting is to provide a transparent and accurate picture of the financial health and performance of the AA to its stakeholders, including the regulator, customers, investors, and other interested parties.
To ensure the accuracy and completeness of the financial records, AAs must undergo periodic financial audits by a qualified auditor. The financial audit report must be submitted to the RBI along with the annual financial statements. The auditor must verify the accuracy and completeness of the financial records and provide an opinion on the financial statements prepared by the AA.
The financial statements must comply with the Generally Accepted Accounting Principles (GAAP) and the RBI’s prescribed format. The financial statements must provide a true and fair view of the financial position, performance, and cash flows of the AA. The financial statements must include a balance sheet, profit and loss account, and cash flow statement, along with other relevant disclosures.
The financial reporting and audit requirements are essential to ensure the financial stability and sustainability of the AA. By maintaining accurate financial records and preparing financial statements as per the RBI’s guidelines, AAs can ensure the trust and confidence of their stakeholders, including the customers, investors, and the regulator. The financial reporting and audit requirements also provide a mechanism for the regulator to monitor and regulate the activities of the AA and ensure compliance with the regulatory requirements.
The Account Aggregator framework is designed to provide customers with greater control over their financial data. However, there may be instances where customers may have grievances or disputes with the AA or the Financial Information Providers (FIPs) whose data is being aggregated. To address such grievances and disputes, AAs must have a robust dispute resolution mechanism in place.
The RBI has prescribed guidelines for the dispute resolution mechanism, and AAs must ensure that they comply with these guidelines. AAs must have a designated grievance redressal officer who is responsible for resolving customer grievances and disputes. The grievance redressal officer must have the necessary skills and knowledge to resolve customer grievances effectively.
AAs must also have a clear escalation process for disputes that cannot be resolved at the grievance redressal level. The escalation process must be transparent and well-defined to ensure that customers understand the process and their rights.
AAs must maintain records of all customer grievances and disputes, including the nature of the grievance, the action taken to resolve the grievance, and the time taken to resolve the grievance. AAs must also report customer grievances and disputes to the RBI on a regular basis.
By having a robust dispute resolution mechanism in place, AAs can ensure that customer grievances and disputes are resolved promptly and effectively. This can help build trust and confidence among customers and can also prevent legal and regulatory penalties for non-compliance with the dispute resolution guidelines.
The sphere of regulatory compliances for Account Aggregators is quite comprehensive and covers various aspects such as registration and licensing, data privacy and security, customer consent, compliance with other regulatory and statutory requirements, cybersecurity and IT infrastructure, compliance monitoring and reporting, operational guidelines, financial reporting and audit, and dispute resolution. The AA must ensure that it complies with these requirements to ensure the efficient and secure functioning of its platform. The RBI has prescribed various guidelines and standards for each of these aspects, and the AA must ensure that it complies with them to avoid any regulatory or legal penalties. Overall, the AA framework is a welcome step towards providing customers with better control over their financial data, and it is essential that AAs comply with the regulatory requirements to ensure the success of the framework.
Also Read: How NBFC – Account Aggregators Ease Financial Processes And Protect Privacy?All you need to know about Account Aggregator System in IndiaEligibility Requirements and Procedure of obtaining NBFC AA License
Kiran is a multi-talented individual currently pursuing her final year of BBALLB at Chandigarh University. In addition to her studies, Kiran is also a dedicated legal content writer and researcher. She has a keen interest in the legal writing and is committed to using her knowledge and skills to produce informative and insightful content.
The Financial Action Task Force, i.e. FATF (the Force), is the global money laundering and terr...
Advance tax refers to the payment of the tax liability before the end of the relevant financia...
On 11.12.15, the Hon’ble Delhi High Court (HC) pronounced a landmark judgement in the case ti...
Money laundering can be defined as the process of illegal concealment of the origin of money ob...
Every assessee in India is obligated to file an income tax return and make the timely payment o...
In the recent past, India has seen burgeoning demand for internet and smartphones. The rapid ri...
The Securities and Exchange Board of India (SEBI), the capital markets regulator, has recommend...
The objective of the enactment of the Prevention of Money-laundering Act, 2002, i.e. PMLA (the...
Tax planning is a continuing effort and a management strategy for ensuring the minimization of...
On 18th May 2023, the Securities Exchange Board of India (SEBI) released a Consultation Paper o...
Are you human?: 9 + 1 =
Easy Payment Options Available No Spam. No Sharing. 100% Confidentiality
The Reserve Bank of India issued a notification on 23rd March 2020 regarding the Priority Sector on-Lending by NBFC...
26 Mar, 2020
The NBFC (Non-Banking Finance Company) segment has grown up in size & complexity over the ages. The NBFC (Non-B...
04 Jan, 2018
Red Herring Top 100 Asia enlists outstanding entrepreneurs and promising companies. It selects the award winners from approximately 2000 privately financed companies each year in the Asia. Since 1996, Red Herring has kept tabs on these up-and-comers. Red Herring editors were among the first to recognize that companies such as Google, Facebook, Kakao, Alibaba, Twitter, Rakuten, Salesforce.com, Xiaomi and YouTube would change the way we live and work.
Researchers have found out that organization using new technologies in their accounting and tax have better productivity as compared to those using the traditional methods. Complying with the recent technological trends in the accounting industry, Enterslice was formed to focus on the emerging start up companies and bring innovation in their traditional Chartered Accountants & Legal profession services, disrupt traditional Chartered Accountants practice mechanism & Lawyers.
Stay updated with all the latest legal updates. Just enter your email address and subscribe for free!
Chat on Whatsapp
Hey I'm Suman. Let's Talk!