Managing user or business data efficiently and securely has been a challenge that has remained unsolved for a long time. Most of the data is spread across silos within banks, telcos, and healthcare institutions, having no secure framework in place to aggregate and share this data with their benefactors. Also, no framework existed which could let an entity access users’ data even with users’ permissions. As a result, there was friction in accessing data, and a large amount of data was not getting leveraged effectively.
Moreover, the process of collecting data from different locations has been expensive and was prone to data leaks and breaches in data privacy. It is the need of the hour that this fragmented and unsafe data must be managed through an effective and secure platform.
Account Aggregator (AA) ecosystem is a digital platform to enable easy sharing & consumption of the user’s financial data from various entities with explicit user consent. It helps businesses and individuals share data in a secure, controlled manner and acts as a common platform for capturing all your financial details in one place.
Initially, it will be used purely in the financial sector. Later, the platform can also get deployed for use in telecom, healthcare, and other sectors as well.
The AA ecosystem helps in seamless, real-time sharing of user’s data between Financial Information Provider (FIP) (Eg. Banks, Mutual Fund investment, Insurance portfolio, etc.) and Financial Information User (FIU) (Eg. Lending firms, wealth managers, personal finance management apps, robo advisors, etc.) with the consent of the user. The data shared is useful for creating better financial products and services.
As per Reserve Bank of India guidelines, AA’s are not to access, store, or sell user data. AA’s can only collect and transfer it to FIUs, and users also have the option of choosing the period for sharing the data with FIUs. The ecosystem is a digital platform and has stringent security requirements to protect data against unauthorized access.
Sahamati - India’s only collective of Account Aggregator ecosystems has impaneled Aujas as the authorized body to conduct mandatory certification audits for participating entities of the AA ecosystem.
Sahamati is an umbrella body or collective of the Account Aggregator ecosystem set up as a non-government, private limited company.
Sahamati has mandated the three modules, FIP, AA, and FIU, to be adopted by the entities for undergoing a certification process and ensure the APIs used by each entity are as per the schema, interoperability, and security specifications of ReBIT.
The Mandate Includes:
Aujas has adopted the security framework developed by Sahamati and has developed a self-assessment kit and certification program for the participating entities-FIPs, AAs, and FIUs.
The self-assessment kit helps the entities test their ability to meet API specifications, establish functional flows, and collect evidence of policy controls.
The kit must be run periodically by entities to generate a report that provide the results on how each entity has been able to meet the API adherence guidelines. The report also showcase the policy control evidences and must be submitted to the certifying auditor and Sahamati.
The certification program defines the way how the certification needs should be carried out, and the policy controls that should be implemented and sustained by entities.
Aujas is also one of the valued auditing partners for Sahamati.
The Account Aggregator Ecosystem is revolutionizing the Indian financial technology space. Financial entities can become a part of this collective for faster business turnarounds, ensure cost efficiencies, lower infrastructure costs/credit costs, and provide better products and solutions for users.
If you are a bank, insurance provider, or a financial entity eager to be a part of this ecosystem, please do write to us at firstname.lastname@example.org
To know more about “AA Technical and Policy Resources” click here.