Introduction:
In recent years, the proliferation of digital technologies has catalyzed significant transformations across various sectors, including finance. One such innovation that has garnered attention is the emergence of account aggregators in India. These entities play a pivotal role in facilitating seamless access and sharing of financial data, thereby empowering individuals and businesses to manage their finances more efficiently. Recognizing their potential and the need for regulatory oversight, the Reserve Bank of India (RBI) introduced a comprehensive regulatory framework for account aggregators in 2015. This regulatory intervention aimed to ensure the integrity, security, and consumer protection within the burgeoning landscape of financial data sharing.
Understanding Account Aggregators:
Account aggregators serve as intermediaries that enable individuals and businesses to aggregate their financial information from various sources, including banks, mutual funds, insurance companies, and other financial institutions. Through a secure and standardized platform, users can consolidate their financial data, gaining a comprehensive view of their financial position and transactions. This consolidated data can then be shared with authorized third parties, such as lenders, wealth managers, and financial advisors, to avail of personalized financial products and services.
Why Regulatory Framework for Account Aggregators?
The introduction of account aggregators brought forth several benefits, including enhanced financial inclusion, improved credit assessment processes, and greater transparency in financial transactions. However, the rapid proliferation of these entities also raised concerns regarding data privacy, security, and the potential misuse of sensitive financial information. Recognizing these challenges, the RBI deemed it imperative to establish a robust regulatory framework to govern the operations of account aggregators effectively.
Key Objectives of RBI’s Regulatory Framework:
The regulatory framework introduced by the RBI in 2015 aimed to achieve the following key objectives:
i. Consumer Protection: Safeguarding the interests of consumers by ensuring the secure and responsible handling of their financial data.
ii. Data Privacy and Security: Establishing stringent protocols and standards to protect the confidentiality and integrity of financial information shared through account aggregators.
iii. Standardization and Interoperability: Promoting interoperability and standardization across different account aggregator platforms to facilitate seamless data exchange.
iv. Regulatory Compliance: Enforcing compliance with regulatory requirements and standards to mitigate risks associated with financial data sharing.
v. Promoting Innovation: Fostering an environment conducive to innovation and technological advancements in the domain of financial services, while maintaining regulatory compliance.
Implementation and Evolution of Regulatory Framework:
Following the issuance of guidelines in 2015, the RBI worked closely with stakeholders to implement the regulatory framework effectively. This involved setting eligibility criteria for entities seeking to operate as account aggregators, defining operational guidelines, and establishing mechanisms for monitoring and supervision. Over time, the regulatory framework has evolved to address emerging challenges and incorporate feedback from industry participants, thereby ensuring its relevance and efficacy in a dynamic financial landscape.
The business model of Account Aggregators:
Registered Entity: Account aggregators are entities licensed and regulated by the Reserve Bank of India (RBI). These entities operate as intermediaries between Financial Information User and financial information Providers.
Financial Information User (FIU): These are the entities regulated by institutions like SEBI, IRDAI and RBI. These entities could be other insurance companies, NBFCs, banks, etc.
Financial Information Provider (FIP): This entity offers financial services and gives details about the customers.
What information is consolidated as the financial information?
· Details of bank deposits of customers like savings deposits, fixed deposits, current account details, recurring deposits, etc.
· Structured Investment Products (SIP), Commercial Paper (CP), deposits with NBFCs, Certificates of Deposit (CD), Tradable Government Securities, Bonds, Equity shares, Debentures, Mutual funds units, Collective investment Schemes units, Exchange-traded funds, Alternative Investment funds units, Balances under the National Pension Systems, Units of real estate investments, infrastructure investment details, and any other investment detail.
Technology Platform: Account aggregators operate on technology platforms that facilitate the secure collection, aggregation, and transmission of financial data between data providers and data users. These platforms adhere to strict security standards and protocols to ensure the confidentiality and integrity of the data exchanged.
Consent Management System: Account aggregators typically employ consent management systems that enable data providers to grant and revoke consent for sharing their financial data with specific data users. These systems ensure that data sharing occurs only with explicit consent from the data provider and in accordance with regulatory requirements.
Revenue Model: Account aggregators generate revenue through various channels, including subscription fees charged to data users for accessing aggregated financial data, transaction fees for facilitating data sharing transactions, and licensing fees for providing access to their technology platforms.
Compliance and Governance: Account aggregators are subject to regulatory oversight by the RBI, which mandates compliance with regulatory guidelines and standards pertaining to data privacy, security, transparency, and consumer protection. These entities are required to implement robust governance frameworks and risk management practices to ensure regulatory compliance and mitigate operational risks.
Overall, the business model and structure of account aggregators in India revolve around facilitating secure and efficient access to financial data while adhering to regulatory requirements and safeguarding the interests of both data providers and data users.
Eligibility Norms for NBFC Account Aggregator Licence:
The eligibility norms for obtaining an account aggregator license in India are set by the Reserve Bank of India (RBI). While specific details may evolve over time, the general eligibility criteria typically include the following:
i. Legal Entity: The applicant must be a company incorporated under the Companies Act, 2013.
ii. Capital Requirements: The RBI mandates a minimum NOF requirement for entities seeking to obtain an account aggregator license. The specific amount may vary and is subject to RBI’s discretion.
iii. Fit and Proper Criteria: The promoters, directors, and key managerial personnel of the applicant entity must meet the RBI’s fit and proper criteria, which assess their integrity, competency, and past track record in financial services or related sectors.
iv. Technology Infrastructure: The applicant must demonstrate the capability to develop and maintain robust technology infrastructure, including secure data storage, encryption, and transmission mechanisms, to ensure the confidentiality and integrity of financial data shared through the account aggregator platform.
v. Business Plan: The applicant must submit a comprehensive business plan outlining the objectives, operations, revenue model, risk management framework, and compliance mechanisms of the proposed account aggregator business.
vi. Compliance with Regulatory Requirements: The applicant must demonstrate a clear understanding of and willingness to comply with regulatory guidelines issued by the RBI regarding account aggregator operations, data privacy, security standards, consumer protection, and other relevant regulations.
vii. Experience and Expertise: While not explicitly mandated, having prior experience or expertise in financial services, technology, data management, or related domains can strengthen the applicant’s case and improve the likelihood of obtaining an account aggregator license.
viii. Other Regulatory Approvals: The applicant must obtain any other regulatory approvals or clearances required by relevant authorities in India for operating as an account aggregator, including compliance with provisions of the Information Technology Act, 2000, and other applicable laws.
Checklist of documents required for registering as a Non-Banking Financial Company – Account Aggregator (NBFC-AA).
i. Identity Proofs of promoters/directors
ii. Aadhar Card/Voter ID Card/Passport or Driving License of promoters/directors
iii. Copy of PAN Card of promoters/directors
iv. Passport Size Photos of promoters
v. Certified Copy of Certificate of Registration of the Company
vi. Copy of Fixed Deposit receipt and bankers’ certificate of lien indicating balances in support of Net Owned Funds (2cr.)
vii. Bankers Report for Applicant Company/group companies.
viii. Bankers Report for promoters/directors
ix. Certified copy of an extract of the main object clause in the MOA (Memorandum of Association).
x. Certified Copy of certain board resolutions.
xi. CIBIL reports of all shareholders (more than 10% share in Company) and directors.
xii. Education qualification certificates & Experience proof of directors.
xiii. Net worth certificates of shareholders.
Procedure for Registering as NBFC Account Aggregator:
The registration process for a NBFC-AA with the Reserve Bank of India (RBI) involves several steps and compliance requirements. Here’s a detailed procedure for registering as an NBFC-Account Aggregator:
1. Pre-Application Stage:
a) Eligibility Check: Ensure that the proposed entity meets the eligibility criteria set by the RBI for NBFC-AA registration. This includes requirements related to NOF, fit and proper criteria for promoters and directors, and other regulatory norms.
b) Incorporation of Company: Incorporate the NBFC-AA as a company under the Companies Act, 2013.
2. Application Satge:
a) Documentation: Prepare a comprehensive application for registration as an NBFC-AA, including all required documentation and information as per the RBI’s guidelines and instructions. This may include:
· Memorandum and Articles of Association of the company.
· Board resolution authorizing the application for NBFC-AA registration.
· Business plan outlining the proposed operations, revenue model, risk management framework, and compliance mechanisms.
· Information about the promoters, directors, and key managerial personnel, along with their fit and proper declarations.
· Details of the proposed technology infrastructure and data security measures.
· Any other documents as prescribed by the RBI from time to time.
· The company must get the necessary infrastructure to offer services of customers data sharing and data protection.
b) Submission of Documents: Submit the application form along with all required documents to the RBI.
3. Review and Due Diligence:
c) Processing of Application: The RBI will review the application and conduct due diligence on the proposed NBFC-AA. This may involve scrutiny of the application, verification of documents, and assessment of the entity’s compliance with regulatory requirements.
· The character or image of the management must be good and should not be contradictory to the public interest.
· The company must have the minimum net owned fund of Rs. 2 crores
· The Board of the company must be fit and proper as per the master directions of RBI.
· The IT infrastructure should be advanced enough to ensure safe data transfer and data protection of the customer.
d) Grant of Registration: Upon satisfactory review and compliance with all regulatory requirements, the RBI may grant registration to the NBFC-AA.
e) Registration Certificate: The RBI will issue in-principal approval detailing the conditions and terms subject to which the NBFC-AA registration certificate will be issued.