SEBI/HO/MRD/DCAP/P/CIR/2022/110 August 19, 2022
All Asset Management Companies
Sub: Participation as Financial Information Providers in Account Aggregator framework
1. An Account Aggregator (AA), is a Reserve Bank of India (RBI) regulated NonBanking Finance Company (NBFC) that facilitates retrieval or collection of financial information, pertaining to a customer, from Financial Information Providers (“FIP”) on the basis of explicit consent of the customer. The financial information shared through the Account Aggregator is not stored by the AA and it shall not be the property of the AA. This information is not to be used in any other manner except for the purpose of providing it to the customer or consented Financial Information User (FIU). Thus, Account Aggregator facilitates consolidation, organization, presentation of the financial information to the customer or FIU based on the explicit consent of the customer.
2. RBI has issued Non-Banking Financial Company –Account Aggregator Master Directions DNBR.PD.009/03.10.119/2016-17 dated September 02, 2016 for compliance by every Non-Banking Financial Company (NBFC-Account Aggregator) undertaking the business of AA.
3. Out of the list of entities mentioned as Financial Information Providers (FIPs) under the Clause 3 (xi) of the Master Directions, the Asset Management Companies (AMCs) through their Registrar and Transfer Agents (RTAs) and the Depositories are inter-alia specified as Financial Information Providers (FIPs) for the purpose of sharing of information. Thus, hereinafter the Depositories and AMCs (through their RTAs) are referred as FIPs in the securities markets.
4. The FIPs in the securities market will provide the “Financial Information”, as specified in Clause 3(ix) of the RBI Master Directions, to the customers and FIUs who furnish the consent artefact (electronic consent as defined in RBI Master Guidelines) through any of the Account Aggregators registered with RBI. Further, FIPs in securities market shall enter into a contractual framework with the AAs, and the same shall distinctly specify the following:
a. Rights and obligations of each party
b. Modalities of Dispute Resolution mechanism
5. The FIPs in the securities markets shall share the “Financial Information” pertaining to securities markets, through the AA only on receipt of a valid consent artefact from the customer through the Account Aggregator. The consent architecture is detailed under Clause 6 of the RBI Master Directions. Further, the FIPs in the securities markets shall also verify, through appropriate means, the following in the consent artefact:
a. validity of consent
b. specified dates and usage; and
c. the credentials of the AA
6. Upon due verification of the consent artefact, the FIPs in the securities markets shall digitally sign the financial information and securely transmit the same to the AA in accordance with the terms contained in the consent artefact.
7. All responses of the FIPs in the securities markets shall be in real time.
8. To enable these data flows, the FIPs in the securities markets shall:
a. implement interfaces that will allow an Account Aggregator to submit consent artefacts, and authenticate each other, and would enable secure flow of financial information to the AA;
b. adopt means to verify the consent including digital signatures, if any, contained in the consent artefact;
c. implement means to digitally sign the financial information that is shared by them about the customers;
d. maintain a log of all information sharing requests and the actions performed by them pursuant to such requests.
9. The FIPs in the securities markets are expected to adopt the technical specifications published by ReBIT, as updated from time to time and adopt required Information Technology (IT) framework and interfaces to ensure secure data flows to AA. The technology should also be scalable to cover any other AA as may be specified by Reserve Bank of India in future.
10. There shall be adequate safeguards built in IT systems of FIPs in the securities markets to ensure that it is protected against unauthorized access, alteration, destruction, disclosure or dissemination of records and data.
11. The FIPs in the securities markets shall also abide by the code of conduct as specified in the SEBI regulations applicable to them, including redressal of grievances of the customers.
12. The FIPs in the securities markets shall continue to comply with all the regulatory provisions under the SEBI Act, 1992, Depositories Act, 1996 and the regulations framed thereunder.
13. The provisions of this circular shall come into force with immediate effect.
14. The participation of depositories as FIPs in the AA ecosystem shall not impact the existing mechanism as per circular CIR/MRD/DP31/2014 dated November 12, 2014 of issuances of Consolidated Account Statement to the investors by depositories or AMCs/MF-RTAs providing consolidated information of the mutual fund investments and holdings of investors in demat accounts.
15. The Financial Information Providers (FIPs) in securities market must disclose prominently on their websites the names of the Account Aggregators through which the FIP shares the information about assets held with respect to securities markets with the customers and Financial Information Users (FIUs).
16. This circular is issued in exercise of powers conferred under Section 11 (1) of the Securities and Exchange Board of India Act, 1992, to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.
17. The circular is available on SEBI website at sebi.gov.in at “Legal Framework->Circulars”.
Market Regulation Department
Email: [email protected]