Remember how UPI completely changed how people send money? No more awkwardly splitting restaurant bills, or digging for exact change to pay off that friend who's been bugging you for months.
Account Aggregators (AAs) are about to do that for all other types of financial transactions in India!
Imagine sending your bank statements in a single click, rather than having to print and deliver them. Or small businesses being able to share their financial data and get a loan in minutes, not months. Or sharing valid financial documents without having to sign them 100 times and show 10 forms of ID.
Whether you're a fintech startup or a financial giant, it's imperative to learn the ins and outs of AAs before they transform the fintech industry.
Looking for a primer on what an Account Aggregator is? Or how your fintech company can use it? Or where it should fit into your fintech product? Or what DEPA, OCEN, and the rest of the AA jargon actually means?
Keep reading for an explanation of all Account Aggregator concepts in layman's terms, a clear understanding of the changing fintech landscape, and how to prepare your product infrastructure and internal capabilities to adapt to AAs.
Account Aggregators share data securely between FIPs and FIUs.
An Account Aggregator will facilitate the process of consent, much like how a UPI app facilitates the transfer of funds from one bank account to another. AAs will be used to transfer financial data rather than funds.
Let's go through an example. Suppose you need to send your bank statements to your insurance agency.
Today, you have to go to your bank branch or online banking, download your bank statements, attest them, and deliver or send them to the insurance agency. But with Account Aggregators, everything will happen digitally.
An AA app is like Dunzo, picking up something for you and delivering it to another place.
You will open your AA app and link your bank account. This lets the AA, aka your Dunzo driver, access and fetch your banking data.
For a Dunzo delivery, since all orders and communication happen within the app, everyone involved knows that your Dunzo driver is legit. Similarly, since the entire data transaction happens with the AA protocol, the bank will know that your request is valid.
Next, the AA app will fetch your account information from the bank in an encrypted form.
Just like Dunzo can't look inside a package you send, an AA will be data-blind. It will know the details of your transaction, but it will not see any of the data that you are sending.
Next, the AA will deliver your data to the insurance agency.
There's no need to follow up or send clarifications about your data. The insurance agency will be given all the information it needs — the consent to access your bank statements, how long the consent lasts for, how many months of statements you've shared, whether all your statements are available, etc.
Just like for a Dunzo delivery, once your bank statements have been delivered safely, both you and your bank will receive a notification.
And, much like Dunzo, the AA app will maintain logs of all your transactions, or in the AA world, all consents given and fulfilled.
The Account Aggregator framework was introduced to make sharing financial data easier, quicker and more secure.
This idea first showed up in government policy in 2016, when the Reserve Bank of India issued a Master Directive to introduce how AAs would work and be regulated.
This framework was created by an inter-regulatory alphabet soup of government agencies: the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Insurance Regulatory and Development Authority (IRDAI), and Pension Fund Regulatory and Development Authority (PFRDA) through the Financial Stability and Development Council (FSDC).
AAs are the final layer (called the "Consent Layer") of India Stack, a set of APIs to improve digital services for Indians. The other layers of India Stack include Aadhar, eKYC, UPI, DigiLocker and eSign.
In the last year, AAs have quickly moved from idea to an imminent reality, thanks to OCEN and DEPA.
In July 2020, the Open Credit Enablement Network (OCEN) was launched to help small businesses get credit easily. OCEN is a common language to help financial lenders and marketplaces communicate and create massive financial credit products.
"The Unified Payments Interface (UPI) was a protocol for payments, OCEN allows you to connect lenders to marketplaces."
– Nandan Nilekani
Account Aggregators are the biggest implementation of data sharing that can happen through OCEN. They will help lenders lend money to small businesses and less data-savvy people in minutes, not months.
In addition, the Data Empowerment and Protection Architecture (DEPA) will be launched in 2020. It has been drafted by the NITI Aayog and is currently under discussion by both government and private stakeholders.
DEPA is a framework that will help users safely, privately share their digital data.
Its technology architecture allows for the creation of Consent Managers — data-blind tools that will safely share, but never see, encrypted data. All data sharing requires a user's full consent and knowledge. In the financial sector, Consent Managers are called Account Aggregators.
The fintech ecosystem is about to change dramatically as more and more fintech players join the Account Aggregator framework, DEPA and OCEN are implemented, and the RBI's Master Directive comes into effect.
So far, seven AA clients have been approved by the RBI and are in the works.
This is certainly just the start of how Account Aggregators will transform financial products. These new frameworks and policy measures will change the way the fintech industry functions in India, and potentially even set examples for the global fintech industry as well.
"Today only 8% of Indian small businesses get credit from the banking system. Due to combination of factors like public sector banks having high NPAs, NBFCs having asset liability mismatch, the whole thing is gridlocked."
– Nandan Nilekani
Today, most small businesses find it difficult to get credit. They either lack the right data, or they don't have time to collect all the data they need.
Now, using the AA architecture, banks and lending agencies will be able to give credit based on verified data such as GST invoices, bank statements, securities information, etc.
No need for repeated checks or physical examination of the data. Since the data will be coming in from the source itself, there are fewer chances of tampering with the data, and the access to this data will be quite easy.
Easy sharing of verified data will truly digitise the lending process. It will make lending simpler for banks and businesses alike, and it will help banks give credit faster and more securely.
Worried about whether Account Aggregators are safe? Check out our blog with 8 common myths about AAs.
As Account Aggregators become more common, the fintech landscape will change drastically.
As the AA architecture is implemented, it will help standardise financial information across the fintech players. After all, data can't be easily shared if different organisations store it in different formats.
Sharing and storing information in the same structure will make it quicker to transfer information and easier to create underwriting algorithms or other monitoring mechanisms.
The Account Aggregator framework has strong rules around data privacy, protection and access. Any organisation participating in AAs will have to follow these policies for trustworthy data sharing.
As a result, AAs will encourage organisations to follow standardised security and privacy best practices — e.g. data masking, encryption at source, and most importantly, explicit consent from a user before their data is shared or accessed.
Similarly, AA policies will mean no more ad-hoc ways of storing, maintaining and sharing data.
Organisations will have to follow stricter security and privacy rules to share their data through AAs. And, most importantly, AAs will remove the risk of leaking financial information by printing it and sharing at branch offices, or downloading it as PDFs and sharing it on emails, etc.
As Account Aggregators becomes common, organisations will start to explore how to integrate the AA architecture and make their systems compliant.
For example, if you're a lending institution, you could look at how to incorporate transaction-based lending, since AAs will make it easy to receive a user's transaction data. How might your underwriting algorithms change? How can you better monitor and track whether a lendee will pay you back?
With AAs, it will be super quick to receive and verify someone's official bank statements. This makes it easier to onboard a new customer and verify their financial information without much time or resources.
This will lead to the growth of new players in fintech sub-sectors — e.g. lending, wealth management, personal finance management, robo-advisory (automated financial advice), and even accounting.
Implementing Account Aggregators will help fintech organisations build more trust with their customers.
First, by making consent explicit, customers will be able to quickly check what information about them an organisation has or doesn't have.
Second, given the security and privacy policies implemented because of AA, there will be a higher degree of trust when sharing financial information.
AA will also reduce the pain of sharing information — finding financial information, collating it, logging it multiple times in various applications, and then sharing it securely with an FIU.
For example, just for a loan, a customer has to separately collect six months of bank statements, income tax information, identification proofs, and more, all on paper.
However, once AA is implemented, all information sharing can happen online, people won't need lots of identification proofs, and it won't take weeks to process an application because of the sheer amount of paperwork and verification. This means not just more privacy and security, but also better customer experience.
The biggest upside with Account Aggregators is that consumers will always have the logs of all their data transactions. And, more importantly, they can revoke access whenever they want.
It's not like handing over your documents to an organisation forever. Customers can revoke access and take their documents back without visiting a single office.
These are interesting times for the finance industry, not just in India, but across the world.
Successful implementation of the DEPA framework and AA architecture will be instrumental for setting gold standards of protecting data, building consent into data transactions, and making data interoperability a reality.