by Sneha Shukla

The Reserve Bank of India is at the forefront of a digital transformation in India’s financial realm through its innovative Account Aggregator framework. This framework serves as a conduit, simplifying access to an individual’s financial data across various institutions. By adhering to consent-based data sharing, it empowers individuals to wield control over their financial information. Users seamlessly retrieve their financial data with a unified dashboard, alleviating the inconvenience of juggling multiple logins and conserving valuable time. This approach empowers users to determine which institutions can access their data, amplifying transparency and safeguarding privacy. The framework’s inherent value extends to providing users with a comprehensive overview of their financial portfolio. With this insight, users can make judicious financial decisions aligning with their goals. The framework’s foundation is fortified by a secure architecture, ensuring that data remains impervious to unauthorized access. As India propels toward a digitally evolved landscape, this framework embodies enhanced accessibility, inclusive financial participation, and heightened resilience against fraudulent activities. Aligned with rbi account aggregator guidelines, the AA framework introduces licensed Account Aggregators and involves Financial Information Providers and FIUs. This stride towards digitalization embraces enhanced accessibility, financial inclusivity, and robust fraud prevention.

Rbi Account Aggregator Guidelines Are Discussed Hereunder – 

1. Obtaining Clearly Stated Permission from Customers 

 The Reserve Bank of India has introduced stringent rbi account aggregator guidelines requiring (AAs) to secure explicit customer consent before sharing financial data. This measure aims to empower customers with control over their data and ensure privacy. Per the RBI’s AA guidelines, consent must be obtained in written or electronic form, clearly specifying the data-sharing purpose. Customers also retain the right to revoke consent at anytime. AAs must maintain consent records, accessible upon customer request, fostering transparency. 

        Benefits of these guidelines:

  • Customer Control: Customers decide on data sharing and can revoke consent.
  • Transparency: Customers are informed about shared data and build trust with AAs.
  • Security: Guidelines mandate robust security measures, protecting against fraud.

2. Fostering Data Security and Accountability 

 The regulation states that an Account Aggregator cannot enlist third-party service providers to conduct their core account aggregation operations. AA collects and presents financial data from various sources in one interface. This rbi account aggregator guideline mandates that AA handle these aggregation functions internally without involving external parties. This measure aims to uphold customer data’s security, integrity, and accountability. By disallowing third-party involvement, regulators seek to ensure that AA retains direct responsibility for its services, safeguarding the privacy and security of sensitive financial information.

3. Anchoring Focus 

Account Aggregators are directed to engage exclusively in the account aggregation business and are prohibited from pursuing other business activities. This stipulation ensures AAs maintain their core focus on securely consolidating and presenting customer financial data. Moreover, AAs are granted the authority to invest surplus funds. However, these investments must involve financial instruments not intended for trading. This allowance empowers AAs to optimize their financial resources without straying from their primary role of facilitating account aggregation services. The rationale behind these directives is twofold. 

  1.  Firstly, by confining AAs to their core business, regulatory authorities aim to prevent potential conflicts of interest and maintain the integrity of account aggregation services. 
  2. Secondly, enabling AAs to invest surplus funds in non-trading instruments promotes prudent financial management without compromising their primary objective of providing customers with secure and reliable account aggregation.

4. Data Accuracy Assurance: Resolving Inconsistencies

 When the financial details in the Account Aggregator’s generated statement differ from the records held by the Financial Information Provider, the data within the Financial Information Provider’s records will prevail as accurate and conclusive. This signifies that when conflicting financial information contradicts the Account Aggregator’s portrayal, the Financial Information Provider’s data will take precedence. This rbi account aggregator guideline guarantees the precision and trustworthiness of financial data accessible to customers, averts potential confusion, and hinders errors arising from discrepant data representations. The basis for this rule rests on recognizing the Financial Information Provider’s records as the chief repository of financial data. This provision is pivotal in shielding customer welfare.

5. Customer Empowerment and Data Protection

 Account aggregators are mandated to allow customers to access and download a comprehensive log of the consents they have granted. This log includes details about financial information users (FIUs) with authorized customer data access. This transparency ensures that customers are consistently informed about sharing their information. Furthermore, these rbi account aggregator guidelines firmly prohibit AAs from using or accessing customer information beyond the purposes explicitly approved and defined by the customer. This measure underscores that customer data solely serves the specific functions aligned with the AA role, as explicitly requested by the customer. These provisions are established to strengthen customer privacy and to guarantee that their data is solely utilized for the purposes to which they have explicitly given consent. This reiterates the principle of informed consent, granting customers authority over the utilization of their financial data.

6. Citizen’s Charter for Data Protection – 

AAs must formulate a Citizen’s Charter, which explicitly outlines the commitment to safeguarding customer rights. This charter is a transparent and formal assurance of prioritizing customer welfare and protecting financial information. In addition, AAs are firmly restricted from sharing any data they come into possession of, whether acquired from or on behalf of a customer. This prohibition remains in effect unless the customer provides explicit consent for sharing such information. These rbi account aggregator guidelines are established to uphold customer privacy and data confidentiality. The Citizen’s Charter acts as a pledge of responsibility towards customers, while the prohibition on sharing information without consent ensures that customers retain control over the sharing of their sensitive financial data. This empowers customers to make informed choices about how their data is utilized.             



Anumati stands as a secure financial data-sharing platform, empowering individuals to share their financial data with authorized financial institutions in a safe manner. Operated by Perfios Account Aggregation Services Pvt Ltd, an accredited Non-Banking Financial Company-Account Aggregator (NBFC-AA) under the regulation of the Reserve Bank of India, Anumati places paramount importance on safeguarding data privacy and security. The platform maintains a stringent practice of not accessing or retaining user data, assuring the confidentiality and security of personal information. This characteristic holds particular significance for users who prioritize maintaining the privacy of their financial data.

Related Posts

Leave a Comment