अकाउंट एग्रीगेटर्स फ्रेमवर्क
Daily Current AffairsEnglish

Account Aggregators Framework

Syllabus

GS 3: Indian Economy

Context: 

India seeks to strengthen and expand its consent-based data-sharing framework through the DPDP Act, 2023 and Draft Rules, 2025, building upon the foundation laid by the Account Aggregator model.

Account Aggregator

  • According to the Reserve Bank of India, an Account Aggregator is a non-banking financial company engaged in the business of providing, under a contract, the service of retrieving or collecting financial information pertaining to its customer.
  • The AA framework enables customers to access multiple financial services through a single digital portal on a consent method, under which the consumers can choose what financial data to share and with which entity.
  • It is also engaged in consolidating, organising and presenting such information to the customer or any other financial information user as may be specified by the bank.
  • Account Aggregators are an exciting addition to India’s digital infrastructure as it will allow banks to access consented data flows and verified data. 
  • This will help banks reduce transaction costs, which will enable us to offer lower ticket size loans and more tailored products and services to our customers.
  • This promotes data privacy, customer control, and seamless financial service access.

Regulatory Framework:

The AA framework was created through an inter-regulatory decision involving:

  • Reserve Bank of India (RBI)
  • Securities and Exchange Board of India (SEBI)
  • Insurance Regulatory and Development Authority of India (IRDAI)
  • Pension Fund Regulatory and Development Authority (PFRDA)

• This initiative was launched under the Financial Stability and Development Council (FSDC).

• AAs require a licence from the RBI to operate.

How does it function

  • It has a three-tier structure: Account Aggregator, FIP (Financial Information Provider) and FIU (Financial Information User).
  • An FIP is the data fiduciary, which holds customers’ data. It can be a bank, NBFC, mutual fund, insurance repository or pension fund repository. 
  • An FIU consumes the data from an FIP to provide various services to the consumer. An FIU is a lending bank that wants access to the borrower’s data to determine if the borrower qualifies for a loan. Banks play a dual role – as an FIP and as an FIU.
  • An AA should not support transactions by customers but should ensure appropriate mechanisms for proper customer identification. An AA should share information only with the customer to whom it relates or any other financial information user as authorised by the customer.
  • An Account Aggregator allows a customer to transfer his financial information pertaining to various accounts such as banks deposits, equity, mutual fund and pension funds to any entity requiring access to such information. 
  • There are 19 categories of information that fall under ‘financial information’, besides various other categories relating to banking and investments. 
  • For sharing of such information, the FIU is required to initiate a request for consent by way of any platform/app run by the AA. Such a request is received by the individual customer through the AA, and the information is shared by the AA, after consent is obtained.

Consent Manager Regime under the DPDP Act, 2023

  • The Digital Personal Data Protection (DPDP) Act, 2023 introduces a consent-manager-led data governance framework.

• Consent managers serve as intermediaries allowing data principals (individuals) to:

  • Give, review, manage, and withdraw consent for data sharing.

• The architecture mirrors the Account Aggregator (AA) framework, emphasising explicit, informed consent.

Key Proposals of Draft DPDP Rules, 2025 

• Mandatory Registration with Data Protection Board (DPB): All consent managers must register with the DPB to ensure standardisation and accountability.

• Enable Sector-Specific Consent Managers: DPB should permit sector-specific consent managers (e.g. in health or finance) if they use interoperable APIs and technical standards.

Example:

  • Financial Health Records (FHR) by the National Health Authority (NHA) is a health-data AA-like system.
  • It should be allowed registration under the DPDP framework.

• Allow Commercial Arrangements: Consent managers should be allowed to have commercial agreements with data fiduciaries, provided:

  • User consent and data protection are not compromised.
  • The fiduciary duty toward data principals remains intact.
Shares: