Consultation Paper on collating and defining use cases of Financial Information Users in the Account Aggregator Framework in Securities Markets

Consultation Paper on collating and defining use cases of Financial Information Users in the Account Aggregator Framework in Securities Markets

August 1, 2023

Chapter 1: Introduction

1.1 The account aggregation framework was conceptualized by the Financial Stability and Development Council (FSDC), in its meetings in 2014 – 2015^[1]. Subsequently, the Reserve Bank of India (RBI) announced that it will put in place a regulatory framework to allow a new kind of Non-Banking Finance Company (NBFC), which could act as an Account Aggregator (AA) to enable a person to see all their accounts across financial institutions in a common format.^[2]

1.2 Such Account Aggregators would facilitate collecting and providing information of customers’ financial assets in a consolidated, organized and retrievable manner to the customer or any other person based on consent of the customer.

1.3 On September 2, 2016, RBI notified the Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016^[3] pursuant to seeking public comments on the Draft Regulatory Framework for Account Aggregator Companies^[4].

1.4 Initially, only financial assets whose records are stored electronically and which are under the regulation of the financial sector regulators, RBI, SEBI, IRDAI, and PFRDA would be under the purview of the account aggregation framework. Further, no financial asset related customer information transmitted through the account aggregator from the financial service providers would be visible to or reside with the account aggregator.

Chapter 2: Account Aggregator Framework

2.1 Accessing the financial system is a challenging affair for many consumers involving the following issues:

Extensive paperwork: furnishing physical signed and/or scanned copies of bank statements
Authentication of documents: attestation, notarizing or stamping of documents
Multiplicity of documents: documents have to be fetched from across various financial institutions
Lengthy processing time: Time taken to acquire such documents and further submit them is a time consuming process

2.2 The Account Aggregator network replaces all these with a simplified, secure digital data access and sharing process based upon used consent. The framework harbors great potential opportunities for various new kinds of services.

2.3 An Account Aggregator is a type of RBI regulated entity (with an NBFC-AA license) that helps an individual securely and digitally access and share information from one financial institution they have an account with to any other regulated financial institution in the AA network. Data cannot be shared without the consent of the individual.

2.4 Account Aggregator provides granular, step by step permission and control for each use of customer data.

2.5 Account Aggregators aggregate a customer’s information across various financial information providers. Account Aggregators cannot see or store customer data (since the data processed through them is encrypted); they merely transmit it from one financial institution to another based on a customer’s direction and consent. The end to end encryption makes the process secure.

2.6 The AA framework is envisaged to make all financial data available for sharing including tax data, pensions data, securities markets data, and insurance data.

2.7 To ensure that movement of data among different financial entities, which are spread across financial sector regulators and adopt different IT systems and interfaces, is secured, duly authorized, smooth and seamless, a set of core technical specifications for the participants of the AA ecosystem have been framed by Reserve Bank Information Technology Private Limited (ReBIT).

2.8 Through the SEBI circular titled “Participation as Financial Information Providers in Account Aggregator framework”, Depositories and AMCs (through their RTAs) haven been enabled to function as Financial Information Providers (FIPs) in the securities markets. Further, the circular also directed the Financial Information Users (FIUs) to adopt the technical specifications published by ReBIT.

Chapter 3: Financial Information Users in the securities markets

3.1 The RBI Master Direction – NBFC – Account Aggregator (Reserve Bank) Directions, 2016 (Updated as on December 29, 2022) envisages that any entity registered with and regulated by a financial sector regulator can be a Financial Information User.

3.2 Further, the aforesaid Master Direction provide for the following as meaning ‘financial information’:

bank deposits including fixed deposit accounts, savings deposit accounts, recurring deposit accounts and current deposit accounts,
Deposits with NBFCs
Structured Investment Product (SIP)
Commercial Paper (CP)
Certificates of Deposit (CD)
Government Securities (Tradable)
Equity Shares
Bonds
Debentures
Mutual Fund Units
Exchange Traded Funds
Indian Depository Receipts
CIS (Collective Investment Schemes) units
Alternate Investment Funds (AIF) units
Insurance Policies
Balances under the National Pension System (NPS)
Units of Infrastructure Investment Trusts
Units of Real Estate Investment Trusts
Goods and Services Tax (GST) Returns, viz. Form GSTR-1 and Form GSTR-3B
Any other information as may be specified by the Bank for the purposes of these directions, from time to time;

3.3 In view of the categories of ‘financial information’ (given in the preceding paragraph), as an illustration, a few hypothetical use cases for securities markets intermediaries/ regulated entities could be:

a Registered Investment Adviser seeking information on financial assets of the client/investor via the AA framework in order to devise a financial plan for the client
a Registered Portfolio Manager seeking information on the portfolio/ financial assets of the client/investor via the AA framework with reference to managing the portfolio of the client
Verification of bank account wherever required when a client is on-boarded by an intermediary
Regulators accessing financial data submitted by regulated entity (as per regulations) via the AA framework

3.4 A technological framework (including its security protocols) is bound to be a reflection of the humans operating it. It is notable that though there are various safeguards in place and consistent communication advising caution, consumers sometimes adopt unsafe practices of: sharing confidential information such as user IDs, passwords, OTPs, account numbers with third parties; authorizing / empowering third parties to operate their accounts; or providing access to their financial information to third parties etc. Such unsafe practices lead to frauds being perpetrated or funds and securities being misappropriated or financial products/services being mis-sold or customers being subjected to unsolicited cross-sell or upsell. It is in this context that comments are sought in improving the safeguards within the AA framework especially to curb misuse of the financial information in frauds, misappropriation, mis-selling or unsolicited cross-sell/upsell, etc.

Questions

Do any class or type of intermediaries in the Indian Securities market (List of categories of securities market intermediary is provided at Annexure A) require being excluded from functioning as FIUs? If so, please provide the rationale.
What are the potential use cases for the AA framework for SEBI regulated entities?
Are there any additional categories of financial information which may be included under the ambit of the AA framework? If so, please provide the use case/s and rationale.
Are there safeguards required in the AA Framework in order to protect the interests of customers in terms of additional data security, or to curb potential misuse of the financial information in frauds, misappropriation, mis-selling or unsolicited crosssell/upsell, etc.?
Are there safeguards or measures required in the AA Framework in order to address concerns of customers, financial information providers, account aggregators or financial information users? If so, please provide the rationale.

Annexure A

Registered Alternative Investment Funds
Registered Stock Brokers
Banker to an Issue
Credit Rating Agency – CRA
Registered Custodians
Debentures Trustee
Designated Depository Participants
Qualified Depository Participants
Registered Depository Participants
FPIs / Deemed FPIs
Registered Foreign Venture Capital Investors
Investment Adviser
Registered Infrastructure Investment Trusts
Registered KYC (Know Your Client) Registration Agency
Merchant Bankers
Registered Mutual Funds
Registered Portfolio Managers
Registrars to an issue and share Transfer Agents
Research Analyst
Self-Certified Syndicate Banks
Registered Venture Capital Funds
Real Estate Investment Trust
Registered Vault Managers

Public Comments

Public comments are invited for the proposal on collating and defining use cases of Financial Information Users in the Account Aggregator framework in securities markets. The comments/ suggestions may be provided as per the format given below:

Name of the person/ entity proposing comments:

Name of the organization (if applicable):

Contact details:

Category: whether market intermediary/ participant (mention type/ category) or public (investor, academician etc.)

Sr No.	Extract from consultation paper	Issues (with page/para nos., if applicable)	Proposals / Suggestions	Rationale

Kindly mention the subject of the communication as, “Comments on collating and defining use cases of Financial Information Users in the Account Aggregator framework in securities markets”.

Comments as per aforesaid format may be sent to the following, latest by August 31, 2023 (within 30 days from date of publication of this consultation paper on SEBI website) through the following modes: