NBFC Account Aggregator Compliances

NBFC Account Aggregator Compliances

The Reserve Bank of India in 2016 had issued Directions on Registration and Operations of NBFC - Account Aggregators (AA) under section 45-IA of the RBI Act, 1934. Hence every NBFC undertaking the business of AA must comply with these directions. We at Enterslice have professionals who are expert in providing consultancy on AA compliances.

Package inclusions:
  • Consultancy on NBFC Account Aggregator compliances;
  • Complete assistance to be compliant with regulatory compliances;
  • Regular updates on compliance norms.
NBFC Account Aggregator Compliances

A Brief Overview of NBFC Account Aggregator Compliances

The concept of account aggregator was conceptualised by the Reserve Bank, and in furtherance of which a framework for the registration & operation of Account Aggregator in India was notified by the RBI. Account aggregators have a slew of compliances that they need to meet in order to operate smoothly. NBFC Account aggregator compliances range from ensuring data security to having a board approved policy, among others.

Who are Account Aggregators and what do they do?

An account aggregator is regulated by the Reserve Bank of India that helps a person to access and share information securely and digitally from one financial institution they have an account with to other regulated financial institution in the Account Aggregator network. One of the things to note here is that the data cannot be shared without the consent of the individual. There would be various Account Aggregators an individual can choose from. With the onset of Account aggregators, it replaces the terms and conditions form of ‘blank cheque’ acceptance with a step-by-step permission and control for each use of an individuals’ data.

What are the various NBFC Account Aggregator Compliances?

NBFC Account Aggregator Compliances range from ensuring data security to having a board approved policy and setting up committees, among various other compliances.

Compliances after obtaining in-principle approval

The bank shall grant an in-principle approval which will be valid for 12 months, within which the company should set up a technology platform, enter into legal documentation needed to be ready for operations and report compliance position to the bank. If the bank is satisfied that the company can commence operations now, it will grant a certificate of registration as NBFC account aggregator.

The account aggregator needs to ensure that the company maintains accounts, publishes and discloses its financial position as per the legal requirements or direction or order from the bank. Further, it should also submit or offer for inspection of its books of account or other documents when it's demanded.

Data Security

  1. With respect to data security, the account aggregator business must be IT driven.
  2. The technology must be scalable to cover any other financial assets or financial service provider.
  3. Adequate safeguards should be put in place in its IT systems in order to ensure that it’s protected from any unauthorised access, alteration, destruction, disclosure etc.
  4. There should be appropriate measures in place for Disaster Risk Management and Business Continuity.
  5. Information system audit of the internal system and processes shall be conducted at least once every two years' time by external auditors. The external auditor's report has to be submitted to the regional office, Department of Non-Banking supervision of the bank within a month of submission of the report by the external auditor.

Board Approved Policy

  • Customer grievance

An account aggregator should have a board approved policy in order to handle/dispose customer grievance. The customer grievance should be handled/disposed of within such time, and manner as specified under its board approved policy. However, it should not take more than a month.

The account aggregator needs to display- name and contact details of the grievance redressal officer on the website and at the place(s) of the business.

  • Pricing

The Account Aggregator should also have a Board approved policy for pricing of services. Pricing of services should strictly conform to the internal guidelines adopted by the Account Aggregator, which must be transparent and available in public domain.

Corporate Governance

The account aggregator must put in place an internal mechanism to review, monitor and evaluate its controls, systems, procedures etc. the IT systems' integrity should be ensured at all times, and precautions should be taken so that the records are not destroyed, lost or tampered with.

Set up Committees

  • Audit Committee and Nomination Committee

An audit committee needs to be constituted of not less than 3 board of directors members.

A nomination committee needs to be formed of not less than 3 members of its board of directors.

  • Risk Management Committee

To control the integrated risk, Account Aggregator needs to form a Risk Management Committee. It shall consist of not less than 3 members of its Board of Directors.

The account aggregator must establish a well-documented risk management framework which should include a sound and robust technology risk management framework, strong authentication to protect access to customer data and system, system security, reliability, resiliency etc.

Fit and Proper Criteria

An Account Aggregator is required to ensure that a policy is in place with the Board of Directors’ approval to ascertain fit and proper criteria of the directors/managing director/CEO at the time of appointment, and on a continuing basis.

Further, the account aggregator also needs to obtain a declaration and undertaking from directors/managing director/CEO providing additional information on directors/managing director/CEO.

The account aggregator should obtain a Deed of Covenant signed by the directors/managing director/CEO.  They also need to furnish to the Bank an annual statement on change of directors/ managing director/ CEO, which needs to be duly certified by Statutory Auditors that fit and proper criteria in the selection of the directors has been followed.

The account aggregator platform runs on technological platform and involves the transmission of sensitive financial data between Financial Information Providers and Financial Information Users hence the AA Platform setup in India should comply with the account aggregator compliances as specified by the RBI.

Frequently Asked Questions

When the Department of Non-Banking is satisfied with the company’s application, it shall grant In-Principle approval to set up Account Aggregator for a period of 12 months.

The AAs need to form Audit Committee, Nomination Committee and Risk Management Committee.

No company can commence or carry on a business as an Account Aggregator without obtaining a CoR.

Related Articles

Related Articles
01 Sep, 2022
Labour Compliance

Procedure of Inquiry under POSH: An Overview

Sexual Harassment at workplaces is a predominant concern in India, and such harassment is not only a sheer violation of the fundamental rights of women but...

Read More
13 Aug, 2022
Compliances

Compliance under POSH for Early-Stage Businesses

Sexual harassment of women has always been a matter of concern for India, especially at the workplace. It is extremely saddening that most women are hesita...

Read More
12 Aug, 2022
Labour Compliance

Key Components of a Company’s POSH Policy

It is mandatory for a company to draft and disseminate an organisational POSH Policy to be in consonance with the Compliance under POSH Act[1]. However, it...

Read More
09 Aug, 2022
Compliances

Labour Compliance Management Challenges That Businesses Face

Operating a business is a huge responsibility. India's regulatory environment is extremely challenging to explore with multiple state and central laws; it...

Read More

Why Enterslice?

Top 100 Most Innovative Companies in Asia

Top 100 Most Innovative Companies in Asia - Red Herring

Forbes 30 Under 30 in American business

Forbes 30 Under 30 in American business and industry figures Lists.

Services delivered by 300+ Qualified CA and CS

Services delivered by 300+ Qualified CA and CS

Top 100 Most Innovative Companies in Asia - Red Herring

Top 100 Most Innovative Companies in Asia - Red Herring

Trusted Partner