Account Aggregator (AA) ecosystem is a digital platform that enables easy sharing & consumption of the user’s financial data from various entities with explicit user consent. It helps businesses and individuals share data in a secure, controlled manner and acts as a common platform for capturing all financial details in one place.
The financial service regulators, namely RBI, SEBI, IRDAI, PFRDA collaborated to make a well-defined and secure approach to financial data sharing — the AA Framework. The architecture of AA is based on the Data Empowerment and Protection Architecture (DEPA) framework.
An AA acts as a conduit between FIUs and FIPs and does not process the data. The data that flows through an AA is encrypted and can be processed only by the FIU for whom the data is intended. Also, an AA does not and cannot store any user’s data – thus, the potential for leakage and misuse of user’s data is prevented.
The Reserve Bank of India (RBI) has published the Master Direction for the non-banking financial companies (NBFC) undertaking the business of Account Aggregator (AA). The business of an account aggregator means the business of providing under a contract, the service of, retrieving or collecting financial information pertaining to its customer.
ReBIT has published technical and security controls in the NBFC-AA API specifications. The technical controls must be evaluated periodically to ensure compliance with ReBIT specification. And hence the the need of Auditors.
DigiSahamati Foundation (Sahamati) is a Collective of the Account Aggregator ecosystem being set up as a non-Government, private limited company. It helps to set and achieve goals for India’s Data Empowerment and Protection Architecture and the Account Aggregator network and establishes audit guidelines and Central Registry to ensure interoperability.
Account Aggregator ecosystem is the next big fintech wave in India.
Sahamati has mandated the three modules, FIP, AA, and FIU, to be adopted by the entities for undergoing a certification process and ensure the APIs used by each entity are as per the schema, functional, and security specifications of ReBIT.
As per Sahamati, only certified FIP/AA/FIU entities shall be included in the Central Registry and be able to seamlessly connect with a network of AAs.
Start uncovering and addressing the vulnerabilities that can cause no end of expense and litigation to your organization.
Input your search keywords and press Enter.