September 27, 2019

Who can access my data?: DEPA, Sahamati and Account Aggregators (AA)

Nisha Sanghavi

Founder, Fynomics and Co-founder, Promore Fintech Private Limited

Who can access my data?: DEPA, Sahamati and Account Aggregators (AA)

Digitization and wide availability of affordable internet has turned India into a data-rich country before it can become an economically rich country. This forces us to think about and have in place a Data Empowerment & Protection Architecture [DEPA].

Data lying locked up within the possession of banks, telecos, regulators and other such entities whose job is to protect this data will be available to individuals and small businesses as a result of the developments in the field of DEPA and the AA (Account Aggregator). The idea of account aggregation is being made possible by the coming together of the Securities and Exchange Board of India (SEBI), the Insurance Regulatory and Development Authority of India (IRDAI) and the Pension Fund Regulatory and Development Authority (PFRDA) under the leadership of the Reserve Bank of India(RBI).

Sahamati is a Collective of Account Aggregators ecosystem being set up as a non-Government, private limited company (With the new Companies Act of India, not for profit companies are governed under Section 8)  led by tech entrepreneur B.G. Mahesh, and working with both the users and providers of data. Sahamati sees itself as an eventual self-regulatory organization (SRO) that will self-regulate the aggregators.

Who will be the Account Aggregators (AA)?

• This platform will be supported by the new breed of non-banking financial institutions created by the RBI under the account aggregator (NBFC-AA) model.
• These are entities that function as an account aggregator, and will provide information on various accounts held by a customer with different financial intermediaries.
• So far, six account aggregators have received in-principle approval from the RBI for the data-sharing framework. These are CAMS FinServ, Cookiejar Technologies (Product named Finvu), FinSec AA Solutions Private (OneMoney), Jio Information Solutions, NSEL Asset Data Ltd and Yodlee Finsoft.
• These entities are currently awaiting final approval from the RBI to roll out their services.

The Problem

In today’s day, individuals or enterprises’ data is spread across banks, telecos, healthcare institutions with no framework to share this information with the benefactors which would help in building up future products.

Further, today the data has to be collected, collated and then shared physically or electronically which takes up loads of time and sometimes is expensive. Data is also shared by screen scraping or by using the credentials shared by the users.

However, most of this data resides in islands and silos and there is no framework available to integrate and aggregate them that can provide a full view of an individual/entity’s data.

Also, there is no framework available that can let an entity access users’ data even with users’ permissions. As a result, there is still friction in accessing data and a large amount of data is not effectively leveraged. Hence, the transition of ‘data-rich society’ to an ‘economic rich society’ is still not happening.

How will the framework be?

• An individual seeking a home loan will be able to quickly share her bank statements and other details required by lending institutions digitally through her preferred account aggregator.
• An investor seeking financial planning advice will be able to share her mutual fund, insurance, pension plans, equity, and banking details digitally through her account aggregator mobile application. An individual, after selecting an account aggregator of her choice, can seamlessly obtain data from multiple service providers called financial information providers in the account aggregator system. No financial information of the user is retrieved, shared or transferred by the Account Aggregator without the explicit consent of the user.
• Financial information providers include banks, mutual fund houses, insurance providers, the income-tax department and the goods and services tax (GST) platform. They deliver consent-based data to financial information users (those who would serve you, after using your data, such as banks, wealth managers and Robo-advisors).
• The cost involved will be borne by financial information users since they get to use the data. The costs will be decided between account aggregators and financial information users as it goes live. Financial information users may pass this cost to investors or borrowers.
• The framework, in a nutshell, is in the image form –

Pic Credit – https://sahamati.org.in

• An AA merely acts as a conduit between Financial Information Users (FIUs) and Financial Information Providers (FIPs) and does not process the data.
• An AA is ‘data-blind’ as the data that flows through an AA is encrypted and can be processed only by the FIU for whom the data is intended. Also, an AA does not and cannot store any user’s data – thus, the potential for leakage and misuse of user’s data is prevented.
• The role of AA is not limited to financial data alone. AA framework will be extended to handle data from other domains also – very soon healthcare and telecom related data too will be available thru AAs.