Account Aggregator (AA) ecosystem is a digital platform that enables easy sharing & consumption of the user’s financial data from various entities with explicit user consent. It helps businesses and individuals share data in a secure, controlled manner and acts as a common platform for capturing all financial details in one place.
The financial service regulators, namely RBI, SEBI, IRDAI, and PFRDA, collaborated to make a well-defined and secure approach to financial data sharing — the AA Framework. The architecture of AA is based on the Data Empowerment and Protection Architecture (DEPA) framework.
An AA acts as a conduit between FIUs and FIPs and does not process the data. The data that flows through an AA is encrypted and can be processed only by the FIU intended for the data. Also, an AA does not store any user’s data – thus, the potential for leakage and misuse of the user’s data is prevented.
The Reserve Bank of India (RBI) has published the Master Direction for the non-banking financial companies (NBFC) undertaking the business of Account Aggregator (AA). The business of an account aggregator means the business of providing the service of retrieving or collecting financial information under a contract.
ReBIT has published technical and security controls in the NBFC-AA API specifications. The technical controls must be evaluated periodically to ensure compliance with ReBIT specifications, hence the need for Auditors.
DigiSahamati Foundation (Sahamati) is a collective of the Account Aggregator ecosystem set up as a non-Government, private limited company. It helps to set and achieve goals for India’s Data Empowerment and Protection Architecture and the Account Aggregator network and establishes audit guidelines and Central Registry to ensure interoperability.
The Account Aggregator ecosystem is the next big fintech wave in India. Suma Soft holds AA Certification and hence is one of the credible partners to help you conduct business and process data securely.
Sahamati has mandated the three modules, FIP, AA, and FIU, to be adopted by the entities for undergoing a AA certification process and ensure the APIs used by each entity are as per the schema, functional, and security specifications of ReBIT.
As per Sahamati, the only certified FIP/AA/FIU entities shall be included in the Central Registry and seamlessly connect with a network of AAs.
Start uncovering and addressing the vulnerabilities that can cause no end of expense and litigation to your organization.
Input your search keywords and press Enter.