Increased proliferation of data in the financial sector could be seen after technology-driven interoperability – basic banking mode has been adopted by financial entities. The greater synergy of data sharing was deemed very critical for innovating new user-friendly products/services. Keeping customer data in silos served no purpose other than its limited use by the entity itself.
Greater data mining for multiple purposes may be possible if such a mass of information can be shared for mutual benefit with the explicit consent of the client. The organized method of sharing data between regulated entities under the standards set by the RBI was necessary in line with global practices that are rapidly moving towards open banking.
Realizing the merits of these evolving trends and the benefits of customer-demand data sharing, RBI has begun licensing Non-Banking Financial Companies (NBFCs) willing to undertake the business as an Account Aggregator (AA ) to share data authorized by customers as a separate entity. activity area.
The concept of creating “NBFC – AA” thus came into effect in September 2016 when RBI notified these entities under subparagraph (iii) of subparagraph (f) of Article 45-I of the Act. , which undertakes the business of an aggregator account, whether for remuneration or otherwise, as defined in subparagraph (iv) of subsection 1 of Article 3 of the RBI Act.
1. Scope of NBFC-AA
Thus, NBFC – AA are authorized by RBI to act as a bridge or as mediators, to collect data from Financial Information Providers (FIPs) like banks that hold customers’ personal financial data. They are allowed to share the data with Financial Information Users (FIUs) such as credit agencies or wealth management companies that provide financial services to their clients for a fee.
In this context, the wide range of FIP – information custodians could include a banking company, a non-banking financial company, an asset management company, a custodian, a participating custodian, an insurance company, a repository insurance company, pension fund and any other entity that may be identified from time to time. CRF – recipients of the information could include an entity registered with and regulated by any financial sector regulatory body – RBI, Securities and Exchange Board of India (SEBI), Insurance Regulatory and Development Authority (IRDAI) and Pension Fund Regulatory and Development Authority (PFRDA) .
In essence, the activity of an NBFC-AA means the activity of providing, under contract, the service, retrieval or collection of financial information relating to its client, as may be specified by FIPs from time to time; and consolidate, organize and present information to FIUs as may be specified by FIPs with the express consent of clients. But financial information relating to the customer is not the property of NBFC-AA and cannot be used in any other way.
NBFC-AA can retrieve, consolidate, aggregate data from FIPs and present it to CRFs. They can extract, aggregate and transfer, but not read or store, encrypted user data.
2. The NBFC – AA – How it works:
The NBFC-AA framework emerged from the NITI Aayog Data Empowerment and Protection Architecture to enable every Indian to have seamless and secure access to their data and to enable portability of trusted data between providers services for the common good.
As NPCI’s Unified Payment Interface (UPI) did for payments, the NBFC-AA framework can revolutionize financial services by simplifying data sharing with customer consent between regulated entities to prevent its misuse. . There are four main stakeholders in the framework – consumers, FIPs, FIUs and regulators who provide the digital ecosystem to ensure data sharing.
NBFC-AAs have recently been a buzzword in banking and tech circles for making data work for the mutual benefit of all stakeholders. It is well positioned to revolutionize the financial services industry in the same way UPI has done for online payments.
3. Confidentiality of information:
NBFC-AA’s business model has been to enable the sharing and aggregation of financial data in a secure, transparent and efficient manner by setting up an intermediary who will also be responsible for customers" consent management. These intermediaries are duly registered and licensed NBFC-AA and well regulated by RBI. They retrieve or collect information relating to a client’s financial assets from the holders of that information – FIPs and aggregate, consolidate and present it to specified clients or users – CRFs. Confidentiality is at the heart of its operating model. Even the NBFC – AA can’t read the data, they just have to mediate the sharing.
At the same time, the transfer of this information is based on an explicit consent of the customer and the response is supposed to happen in real time. The data may not be stored by the aggregator or used by the aggregator for any other purpose and should only be shared with regulated financial entities. The instructions require that data security and the mechanism for resolving customer complaints be institutionalized.
It must have proper consent architecture and audit trails must be available. The guidance requires FIPs to implement interfaces that will allow an account aggregator to submit consent artifacts and authenticate each other, to enable a secure flow of financial information to the account aggregator.
The NBFC – AA framework can therefore assist in the decision making required for the provision of various financial services i.e. lending, loan tracking, wealth management, personal finance management, etc. by eliminating traces written. These entities can facilitate access to financial services and credit to previously underserved and unserved segments by reducing information asymmetry.
4. Business model:
The business model of each entity must be viable, sustainable and self-sufficient in its growth and survival. RBI is set to review the business model of NBFC-AA after some cases of fraud with clients surfaced due to alleged unauthorized sharing of financial information. Faced with the increase in fraud, the central bank ordered them to report their activities, including sharing customer details.
They allow e-commerce sites and merchants to accept payment instruments from customers for the fulfillment of their payment obligations without requiring merchants to create their own separate payment integration system. RBI has imposed a minimum net worth of Rs.15 crores until March 2021 which is expected to be raised to Rs. 25 crores by March 31, 2023 and then to be maintained at that level.
After the apex bank removed the Merchant Discount Rate (MDR) on the Unified Payment Interface (UPI) and RuPay transactions two years ago, NBFC – AAs are facing a huge challenge to generate income. Previously, they generated revenue by making payments for vendors. Having invested heavily in the development of their payment infrastructure, their income has been impacted as their only source of income has stopped. Reviewing the business model can lead to greater product diversification and the creation of revenue streams to make NBFC-AAs thrive for the benefit of the financial sector. With the rapid emergence of AI, machine learning, deep learning and robotic tools and 5G technology, NBFC-AA will have broader scope and growth prospects.
The opinions expressed above are those of the author.
END OF ARTICLE