Sahamati is a Nandan Nilekani-backed collective of Account Aggregator firms (referred to AAs) who have been classified as a new kind of NBFC by RBI in 2016. It is envisioned to usher a new kind of digital data model wherein AAs will act as data intermediaries between users/entities who are the primary owners of data; and banks, FIs, NBFCs who maintain & manage it. In this case, users/entities will be classified as financial data owners and banks, MFCs, Insurance Service Providers, Tax/GST platform will be financial data providers.
With Sahamati and the AA model, Nilekani is trying to reduce friction in accessing data and financial services across platforms and organizations. In its most nascent form, it opens up the Indian ecosystem to the concept of true open banking that has already achieved significant popularity and regulatory backing in Europe and US under the PSD2 and GDPR guidelines.
AAs will use a consent-based data capture and sharing framework in which AAs will first ask for consent from Financial Data Owners (FDOs) and then fetch the financial data from the Financial Data Provider (FDP), say, a bank. The same can then be shared with a partner firm or fintech requests the same from a user.
From a use case perspective, if you signed up with one of the AAs, you can now see a consolidated bank statement across different banks in which you maintain accounts as the AAs will take your consent and access the banking data from the respective banks. Wealth Management services will be a significant beneficiary of such a model.
Another perspective can be achieved when it comes to lending. Instead of uploading/sharing multiple bank statements or ITR forms for verification and assessment, one can now directly share the same with a lender via an AA intermediary. This would not only reduce friction in accessing services but also lead to quicker assessment and underwriting.
Recurring credit line or flow-based credit line can also be achieved through AA model. Using the AA model, consolidated cash-flow statements can be maintained across different banks which can be used by lenders to assess the possibility of modifying the credit line as required. Real-time data visibility also increases transparency in the system and can help detect fraud and act as proactive fraud prevention measures.
What kind of use cases can be achieved through the AA model?
The AA ecosystem is based on the concept of Data Empowerment and Protection Architecture (DEPA). Core to this concept is the electronic consent-based data capture and use. The DEPA framework makes it incumbent upon AAs to capture and share data of customer with explicit consent from the end-user. It also ensures complete safety, security and privacy of user by making the AA conduit “data-blind” to the data being shared as the data that flows through the AA network is completely encrypted and can be processed/consumed only by the user for whom the data is intended.
Electric consent is captured in the form of a Consent Artifact. A consent artifact is a machine-readable electronic document that specifies the parameters and scope of data share that a user consents to in any data sharing transaction. In this framework, consent must be digitally signed, either by the user (using the services of a signature service provider) or by the consent collector or both. Thus, it is essential that a digital signature be included in every consent artifact that is then used to facilitate data sharing.
Below is a high level structure of the consent artifact:-
- Identifier Section – Specifies all the entities involved in the transaction – the data provider providing the data, the data consumer accessing the data, the consent collector and the user.
- Data Section – This specifies the actual data component that is being shared/accessed. These include the data being shared, the date range for which data is requested, duration of storage as requested by data consumer, frequency of access and data permission type – VIEW access, in which case data cannot be stored or propagated for future use and COPY access, in which case data can be stored for a predetermined time and format as per consent. All data must be encrypted for transmission.
- Purpose of Data Access – Depending upon the purpose of the data usage, say, financial info, lending etc. an application domain code/attribute may be appended to the artifact.
- Logging of consent flows – The artifact includes identifiers for entities which collect and store logs. This will be increasingly important to identify and maintain audit trails for banking transactions and will be a core component to identify and prevent fraudulent data transactions/misuse.
- Signature – The digital signature included in the consent artifact contains a signature block which provides info such as signature provider’s ID, signature creation time stamp and user certificate to verify the signature.
Where do Fintechs and FSPs (Financial Service Providers) fit in the AA model?
With the AA model come both threat and opportunities in the financial ecosystem in India. We have already discussed some of the opportunities in terms of frictionless servicing, quick/verifiable assessment for loan underwriting and fraud-free transactions in the use cases explained above. While these are important steps towards achieving the full potential of the Digital India stack, it is also important to keep in mind that first movers in this ecosystem will be primed to take full advantage of this tech stack. Already, 5 major banks have partnered with the AAs to share consent-based data –
- State Bank of India (SBI)
- Axis Bank
- ICICI Bank
- Kotak Mahindra Bank
- IDFC First Bank.
Seven Account Aggregators have also received in-principle approval from RBI to move ahead.
- Aditya Birla Trustee Company Pvt Ltd
- CAMS Finserv Financial Services
- Cookiejar Technologies Pvt Ltd. (Product titled Finvu)
- FinSec AA Solutions Private Limited (Product titled OneMoney)
- Jio Information Solutions Limited
- NESL Asset Data Limited
- Yodlee Finsoft Pvt Limited
Having the ability to quickly integrate and access the AA data will be a critical component to leverage the use cases and opportunities as explained above. The AAs can also impact niche services such as retail-backed small credit line or buy now pay later credit terms since AAs can launch their own product suites for vendors and merchants to access real-time banking data of customers allowing vendors to directly negotiate terms of credit with customers.
How can Decimal help?
At Decimal, we are building the one-stop data aggregation platform where a user/entity’s entire financial lifecycle can be readily accessed via consent-based methodology employed by AA. We are partnering with the leading AAs in the country to launch the first full-stack financial aggregator service in the country. To know more, get in touch.