Managing user or business data efficiently and securely has been a challenge that has remained unsolved for a long time. Most of the data is spread across silos within banks, telcos, and healthcare institutions, having no secure framework in place to aggregate and share this data with their benefactors. Also, no framework existed which could let an entity access users’ data even with users’ permissions. As a result, there was friction in accessing data, and a large amount of data was not getting leveraged effectively.

Moreover, the process of collecting data from different locations has been expensive and was prone to data leaks and breaches in data privacy. It is the need of the hour that this fragmented and unsafe data must be managed through an effective and secure platform.

User Data Management through Account Aggregator Ecosystem

Account Aggregator (AA) ecosystem is a digital platform to enable easy sharing & consumption of the user’s financial data from various entities with explicit user consent. It helps businesses and individuals share data in a secure, controlled manner and acts as a common platform for capturing all your financial details in one place.

Initially, it will be used purely in the financial sector. Later, the platform can also get deployed for use in telecom, healthcare, and other sectors as well.

The AA ecosystem helps in seamless, real-time sharing of user’s data between Financial Information Provider (FIP) (Eg. Banks, Mutual Fund investment, Insurance portfolio, etc.) and Financial Information User (FIU) (Eg. Lending firms, wealth managers, personal finance management apps, robo advisors, etc.) with the consent of the user. The data shared is useful for creating better financial products and services.

Account Aggregator Entities

As per Reserve Bank of India guidelines, AA’s are not to access, store, or sell user data. AA’s can only collect and transfer it to FIUs, and users also have the option of choosing the period for sharing the data with FIUs. The ecosystem is a digital platform and has stringent security requirements to protect data against unauthorized access.

Protecting India’s Largest Collective of Account Aggregator Ecosystems

Sahamati - India’s only collective of Account Aggregator ecosystems has impaneled Aujas as the authorized body to conduct mandatory certification audits for participating entities of the AA ecosystem.

Sahamati is an umbrella body or collective of the Account Aggregator ecosystem set up as a non-government, private limited company.

Sahamati has mandated the three modules, FIP, AA, and FIU, to be adopted by the entities for undergoing a certification process and ensure the APIs used by each entity are as per the schema, interoperability, and security specifications of ReBIT.

The Mandate Includes:

  • Robust security framework for secure data flows from FIP to FIU.
  • Protection of IT systems from unauthorized access.
  • Disaster risk management and business continuity plan to sustain operational efficiencies.
  • Information security audits of systems and processes.
  • Consent management approach to secure user data.
  • Establish processes for exception and error handling.
  • Ensure security of APIs.

Role of Aujas as a Security Partner

Aujas has adopted the security framework developed by Sahamati and has developed a self-assessment kit and certification program for the participating entities-FIPs, AAs, and FIUs.

The self-assessment kit helps the entities test their ability to meet API specifications, establish functional flows, and collect evidence of policy controls.

The kit must be run periodically by entities to generate a report that provide the results on how each entity has been able to meet the API adherence guidelines. The report also showcase the policy control evidences and must be submitted to the certifying auditor and Sahamati.

The certification program defines the way how the certification needs should be carried out, and the policy controls that should be implemented and sustained by entities.

Aujas is also one of the valued auditing partners for Sahamati.

Self-Assessment and Certification Process Flow

Sahamati Assessment & Certification Process

 

Benefits of Becoming a Part of the Account Aggregator Ecosystem

  • Ensure data privacy, drives consensual data sharing, and revoke consent anytime.
  • Allows individuals and small businesses to share financial data in digital form with third parties in an encrypted manner.
  • AA’s can only collect and transfer data through APIs and not authorized to see, store, or sell data.
  • Financial companies can use this data to provide better financial products and services.
  • Enable a large section of the population to become a part of the credit ecosystem and drive financial inclusion.
  • Ensures faster processing of loans, mutual funds, or insurance policies in minutes.
  • Reduces paper trail and faster turnaround of deals for financial firms.

 

The Account Aggregator Ecosystem is revolutionizing the Indian financial technology space. Financial entities can become a part of this collective for faster business turnarounds, ensure cost efficiencies, lower infrastructure costs/credit costs, and provide better products and solutions for users.

If you are a bank, insurance provider, or a financial entity eager to be a part of this ecosystem, please do write to us at contact@aujas.com

To know more about “AA Technical and Policy Resources” click here.