The Account Aggregator Framework: A Multidisciplinary Dialogue
September 18th, 2021
Earlier this month, the Account Aggregator ('AA') Network went live with 8 banks and hundreds of Fin-Tech companies joining it. Simply put, an AA is a digital platform that seeks to facilitate a consent-based mechanism for the free flow of financial data from and to different entities (banks, mutual fund companies, insurance providers and tax/GST platforms, etc.) which are part of the network. This initiative, part of the wider Data Empowerment and Protection Architecture ('DEPA'), is an entirely indigenous innovation and can have a transformative impact on the digital economy in India. Hence, it becomes necessary to engage in a holistic discussion on the network, keeping in mind the multi-faceted aspects of the same.
To that end, the Law and Technology Society, NLSIU, Bengaluru along with the Indian Journal of Law and Technology is delighted to bring to you a panel discussion on ‘The Account Aggregator Framework: A Multidisciplinary Dialogue’.
Mr. Rahul Matthan
Mr. Matthan is a Founding Partner at Trilegal and heads its TMT Practice. He has written extensively on privacy and data protection, including his book titled Privacy 3.0- Unlocking our Data-Driven Future. He also runs a weekly column and podcast on Technology Law and Policy on his Substack called 'Ex Machina'.
Mr. BG Mahesh
Mr. Mahesh is the Co-Founder of DigiSahamati, a collective of Account Aggregators. He was one of the early technology entrepreneurs in India and has also founded Oneindia, a news portal that caters to 18 million people, besides running digital media campaigns. He has worked and is an expert in the technical development, functioning and regulatory aspects of the AAs.
Mr. Vinay Kesari
Mr. Kesari is a General Counsel and the founding Team Lead of Policy and Legal at Setu, a Fin-Tech startup working, inter alia, on AAs. He is an expert in the business and regulatory aspects of AAs.
Ms. Anubhutie Singh
Ms. Singh is a Policy Analyst at Dvara Research, a policy research institution focussing on finance. She has co-authored a working paper on AAs, analysing the role of RBI in regulating the flow of financial information through AAs. She is an expert in the policy, data governance, and Fin-Tech aspects of AAs.
Prof. Sidddarth Shetty
Mr. Shetty is a Volunteer at iSpirit Foundation, a non-profit think tank focussing on building public goods for Indian product startups to thrive and grow. He has led the DEPA initiative in iSpirit and is an expert in the technical development and the functioning aspects of the AAs. is a Volunteer at iSpirit Foundation, a non-profit think tank focussing on building public goods for Indian product startups to thrive and grow. He has led the DEPA initiative in iSpirit and is an expert in the technical development and the functioning aspects of the AAs.
(Click here to view the full conference report)
The Account Aggregator Framework (AAF) is a recent development and takes the form of an NBFC that gives individuals and businesses control of their financial data. It’s a financial instantiation of the Data Empowerment and Protection Architecture (DEPA) Framework. DEPA represents an evolution of ‘Privacy by Design’ from being passive to active.
The AAF is built on open standards, works as a consent manager and ensures high levels of privacy. The data is decentralized, federated and maintains accountability. It also has strong immediate cross-sectoral viability. Digitization has been a strong mandate for the Indian government. As such, the AAF is seeing requisite support from the government, technology and regulatory ends. The AA must be interoperable and non-discriminatory. Uniformity in legal compliance enables this interoperability.
Perspectives and approaches to AAF can differ greatly. While the technologist may look at it as a techno-legal framework, the lawyer must look at it as a smart regulation. For the consumer, it is an aggregated view of their financial life.
There has been a global shift from data protection to data empowerment. A corresponding shift has been from a legal approach to a techno-legal approach that facilitates said empowerment. The third shift is towards a coordinated global approach of technology protocols. The AAF is a structure that can account for and accommodate these shifts.
Currently eight banks are ready to implement this system with five of them having gone live. This brings approximately 300 million bank accounts under the AAF. As such, the Indian effort is the largest implementation of an account aggregator system. The unique benefit of rolling out AA in the banking sector first is the scale of the sector. This makes problem detection and feedback accumulation easier and can be applied to other sectors later, perhaps even at a lower cost and greater convenience.
Increasing amount of data is being generated and users are unable to keep up with it. The rights-based legal framework to regulate this data still requires users to make informed decisions about consent. Thus, such laws aren’t very useful in taking control of data. AAF is a unique technology centric legal approach and has the potential to be beneficial outside of data protection as well.
The first innovation is the consent artefact, which can be used to record consent in an unalterable way and allows revocation of consent. This allows legal rights to be enforceable in a real way. The second innovation is the AA itself. The system of a specific entity created to regulate the interactions between the consent artefact and the consent aggregator is unique. It balances the incentives of various parties and serves the user’s interests. The third innovation is interoperability, where FIPs and FIUs communicate through a common registry. The requirement of mandatory interoperability increases the scope for innovation and prevents monopolistic tendencies from harming the user. The India Stack (a paperless, contactless and cashless architecture) has three layers – digital identity, payment slips and the consent layer.
AAF being a technological solution precludes widespread access in a country like India. A strong gender gap continues to exist on access to phones and computers. Smartphone and computer penetration are relatively low with internet infrastructure still being developed. The AAF space may entrench these existing disparities and needs further innovation to be more inclusive.
Applying initially uneven technological solutions may provide significant trickle down and over-time benefits that justify such application. This may happen through feedback loops that identify gaps in the market. Technological solutions grow and accelerate, initially uneven application and low uptake can be remedied. Such innovation in the AA space will also be supplemented by the rapid growth that takes place in technology like smartphones and computers as well as the lower transaction costs financial services providers will now incur. Examples include the UPI system and E-government marketplace during the COVID pandemic. It is thus essential to maintain a long-term view that builds the architecture for solutions rather than the solutions themselves. AA will also allow the underprivileged to gain better access and advice, ultimately leading to increased informational and financial parity.
The Indian problem is unique and needs India specific solutions. Foreign solutions are unable to cater to our unique problems and instead it is the Indian framework that is inspiring solutions overseas. India needs solutions at a large scale and the problems of interoperability that arise from it.
Taking the long-term view and creating infrastructure requires cooperation between competing players. These collectives can address gaps in the market and that’s where Self Regulating Organizations (SRO) come into the picture. These organizations can facilitate conversation with policymakers and bind multiple players. This institutional backing is essential to ensure appropriate outcomes. An SRO like Sahamati comes up with operational norms and guidelines which facilitates compliance with the regulator and an optimal end-user experience.