We recently did an episode on the Account Aggregator framework with BG Mahesh, Co-founder, and CEO of Sahamati, Collective of the Account Aggregator Ecosystem. While recording it, we realized that the topic is so interesting, and at some places so intricate that it made sense to explore it a bit more in detail. If you have landed here without hearing the podcast, you can listen to it here.
Before we dive into the world of Account Aggregators, let’s do a flashback of the regulatory history behind this framework. Account aggregator as a concept was introduced by the RBI in its Master Directions on a new category of NBFC (Non-Banking Financial Company) called NBFC-Account Aggregator. These directions were issued in Sep 2016, and then updated several times from 2017-191.
But why do we need this new breed of NBFC, called NBFC Account Aggregator?
If you have recently applied for a loan in India, say a home loan, in addition to the Proof of Identity (PoI) and Proof of Address (PoA) you will be asked to submit your bank statements from which the data will be read using OCR (Optical Character Recognition) or you will be asked to share your net banking user ID and password, which is worse, so that it can be used to read your account information. Once this information is with the lender the customer has no control over why, where, and till when the data is used by the lender. In addition to being a data security and privacy risk, it also increases the cost of giving a home loan. This is the problem that the Account Aggregator intends to solve.
Ok got it, smarty pants, can you explain how it will do it?
So here let’s bring a nice graphic that may help us explain:
There are four main actors in the Account Aggregator world:
- Financial Information Provider (FIP) – Entities such as the bank, insurer, or mutual fund company that has the financial information of a customer
- Financial Information User (FIU) – Entity that the customer has approached for a financial service for which the FIU wants access to the financial information of the customer that the FIP holds
- Individual or customer – The customer who wants to buy a financial product such as a loan from the FIU for which he wants to share his limited financial data for a specific purpose and limited duration with the FIU
- NBFC Account Aggregator – The connector that will connect all the parties involved to make sure that the data from FIP for the customer reaches FIU with customer consent
Now that you have met all the actors of the play lets see how this works:
- The customer C wants a home loan and hence goes to a lender (FIU)
- To lend to C, the lender wants access to the bank account information of C which is with her bank (FIU)
- The customer C has registers herself on the mobile application of NBFC Account Aggregator called NBFCAA and creates a handle c@nbfcaa
- The lender (FIU) and the bank (FIP) are both part of the account aggregator ecosystem and are connected to NBFCAA using the standard account aggregator API specifications
- Now the customer shares her handle c@nbfcaa with the lender (FIU). Lender (FIU) raises an account information request using the handle specifying the information required, purpose of information, and duration for which it will be used
- The customer receives a notification on her NBFCAA mobile app with the information request which she can modify as well before providing her consent
- On consent the bank (FIP) passes on the information requested to the lender (FIU) through NBFCAA. The lender (FIU) can now use this information for assessing the credit worthiness of C for the home loan
Aren’t we providing too much information to the account aggregator, what if one goes rogue?
That issue won’t arise because the account aggregators will be completely “data blind” and will only transfer the data from the FIP to the FIU. They will not be able to:
- Read data
- Resell data
- Run analytics on the data
- Store data
- Or undertake any other business
Then why will someone become an account aggregator? What is in it for them?
The key revenue model that we see for the account aggregator is for it to charge the FIUs for each information request (API call). The revenue of the account aggregator in this case, will be directly proportional to the number of customers that register themselves with them. Hence it will be key to differentiate, and the account aggregator can do so based on providing superior customer experience and reliability to its customers.
Great, so how many account aggregators are there today?
The account aggregator licensing process is a two-step process, first you get the in-principle license and then the operating license. As on 24 Nov 2020, there are four companies with Operating license and three with in-principle license.
Sounds interesting, where can I get more information on Account Aggregator?
Sahamati, collective of account aggregator ecosystem which is working hard to grow this ecosystem has aggregated all necessary information on its website here.