Account aggregators putting the customer in charge

An overview of the account aggregator ecosystem

One of the greatest benefits of the interconnectedness of digital technologies is the potential ability to bring together data from myriad sources in one place for its effective use. In the world of financial services, cutting-edge technologies and the disruption introduced by on-demand aggregators and marketplaces has brought about a shift in consumer expectations of speed, safety, security and convenience. These changing customer expectations have led to the emergence of the concept of account aggregation.

In the financial services domain, account aggregation or financial data aggregation is a technique that involves the collection, assembly and synthesis of information from multiple accounts, such as loan/credit accounts, savings and current accounts, credit cards and investment accounts (including mutual funds, demat accounts, brokerage accounts); government accounts such as public provident fund and income tax returns data; and supplementary business or consumer accounts such as those of e-commerce, food or mobility aggregators in a single place. The data collection, collation and sharing are enabled through open application programming interface (API) connections.

Data from various financial information providers can be pivotal for financial inclusion and to build better products and services for users, such as credit scoring and underwriting. Moving beyond the traditional, assets-based approach of credit rating agencies, account aggregation incorporates cash flow-based inputs such as income from various sources, expenses, invoices, receipts and tax returns. Further, typically, data collection, collation and sharing are done by screen scraping¹ through the user’s credentials or the user physically or electronically shares the data. The process is time-intensive, expensive, prone to data breaches and leakages, and has high potential for privacy compromises.

The evolving account aggregation ecosystem

An individual’s or entity’s data is usually fragmented and spread across silos in data warehouses of financial institutions, government bodies and various other business entities. There are no frameworks for seamless, safe and swift data sharing between financial information providers (FIPs) and financial information users (FIUs) with the permission of the user whose data is being shared. At the same time, there is a lack of solutions and services to aggregate and integrate user data for a seamless, wide-ranging view of data in real time. Consequently, there is still resistance to accessing and sharing of data and a vast amount of fragmented information is not effectively optimised to provide comprehensive service delivery to users.

European regulators tried to address this need for a framework that allows efficient and secure navigation and usage of customer’s financial data by mandating the implementation of Open API frameworks within financial institution’s user applications. However, this approach had limitations in terms of the type of financial data which could be shared and the framework for managing user consent for data sharing. Indian regulators have envisioned a similar ecosystem of account aggregators (AAs) to broaden the scope of financial data sharing and make it more secure and user friendly.

The stakeholders in the account aggregation ecosystem are defined as below:

Any supervised financial sector institution that offers financial services and products such as banking, lending, asset management and insurance is classified as a financial information provider (FIP).
An institution that is registered and supervised by any of the financial sector regulator (across banking, lending, financial planning and investments, insurance and pension— the Reserve Bank of India (RBI), Securities Exchange Board of India (SEBI), Insurance Regulatory and Development Authority of India (IRDAI), Pension Fund Regulatory and Development Authority (PFRDA) is considered a financial information user (FIU). FIUs can solicit consent from a user by providing details of the data to be captured through an account aggregator identifier.
Account aggregators (AAs) are entities that facilitate structured financial data sharing from FIPs to FIUs while retaining a record of the consent provided and offering the functionality to manage and rescind consent.

The types of financial data are specified in the master directions notified by the RBI’s Department of Non-Banking Regulation (DNBR).²

Case in point:

A user wants to apply for a personal loan and wants financial planning advice. The user will be asked by the FIU to provide documents such as bank statements, income tax returns and salary slips. Similarly, for financial planning advice, the user will be required to provide his bank details, investments in various assets, funds details and insurance purchased, etc.

The account aggregator applications will source data from multiple FIPs and relayed via a consent-based mechanism to FIUs. With the account aggregation solutions, the user doesn’t have to physically provide hard copies of documents from various entities (FIPs), share confidential login details or visit multiple sites and download and gather information required by financial service providers such as lenders and financial planners.

Figure 1: Data flow among FIPs, FIUs, users and account aggregators via open APIs³

AAs as consent custodians

While there exist numerous modus operandi for aggregation services, the most predominant one today is still screen scraping.⁴ With screen scraping, it is essential for the user to disclose the authentication credentials (such as username and passwords) of the FIPs to the aggregator for access.⁵ Screen scraping may deliver an incomplete or inaccurate picture of a customer’s financial records as frequency and regularity of data updates by different websites may vary. Thus, it is difficult for FIUs to provide timely, inclusive and accurate service and advice based upon it.

As per iSPIRT, a think tank for the Indian software products industry, Data Empowerment and Protection Architecture (DEPA) is a ‘new approach, a paradigm shift in personal data management and processing that transforms the current organization centric system to a human-centric system’.⁶ By giving users control over how their data is used and enabling seamless accumulation and consumption of personal data while ensuring privacy and security, DEPA offers users access to better financial services. The new-age vision for AA services is based on DEPA.

AAs are not allowed to access, store, or sell the data, only collect and transfer it. Additionally, user will be able to choose the period for which the data can be shared with the FIU

The core principle of AA platforms built on DEPA is to give users complete authority over how their data will be used. AAs are not permitted to see, stock or sell the data ‒ only to collect and transmit it. A user registering with an AAs will be able to provide or retract consent for sharing data in any of her/his accounts with an FIP. The user will retain control to designate the extent to which data can be shared. For instance, if the user has three banks and investment accounts, he or she has the option can to provide access to data from two or only one. Additionally, the user will be able to limit the period for which the data can be shared with the FIU.

A user may register with an AA desktop or mobile application. This AA application displays all the consent provided, rescinded consent and a record of all data requests made by the FIU. In the AA application, users are required to link (open APIs) with their FIPs (accounts with banks, the government or other business entities) to share the data from that FIP to a FIU. The linking procedure requires users to punch a unique identifier by which the FIP can discover the account (e.g. an AA ID). The AAs in this ecosystem have huge potential of profitable growth as they can either charge the FIU whom they are enabling to provide better services or, in some models, they can also charge the end customer for facilitating the information transfer in a digital and secure manner, thus reducing the customer’s efforts for availing financial services.

This ecosystem will achieve maximum success if all financial services providers as well as government entities such as Income Tax and GST and other business entities are on the platform. Presently, it is not compulsory for every institution to participate. However, it is mandatory for an entity that wants to become an FIU and provide more personalised services to its customer base to become an FIP as well ‒ that is, it should be willing to share its customer’s data (with customer consent) with other FIUs.

An AA can charge the FIU or the end consumer for the data requested. An AA may not charge the FIP for the data as this may create growth hurdles in the ecosystem.

Case in point

Users don’t have to collect information by visiting the websites of the deemed FIPs of a financial services provider and downloading it. With the assistance of the AA, a consumer can get credit approvals seamlessly based on her/his underlying financial, government and socioeconomic data.
AAs will be especially beneficial to financial advisors who need a 360^--degree view of a user’s finances.

Synergy between AAs and the UPI framework

Since, Unified Payments Interface (UPI) was launched in April 2016, it has taken the Indian payment ecosystem by storm. IndiaStack, the public digital infrastructure behind UPI, has introduced AAs, to further the objective of making financial products and services accessible to the next billion.

UPI made payments accessible and ubiquitous. New-age technology-driven payment service providers have allowed users to send/receive payments on several banking accounts held by them through a single application, using a bank-agnostic payments identifier (i.e. virtual payment address, e.g. abc123@mybank) as their payments gateway identity. Similarly, an AA entity will enable a user to transfer her/his data held in various accounts (savings account, term deposits, mutual fund, pension fund etc.) to an entity (FIU) seeking access to that data. An FIU will be able to initiate a consent request to the user along with particulars of the information requested through the AA identifier (e.g. user123@accountaggregator). The AA will share the requested data through the UPI application after authorisation has been obtained from the user.

Regulatory environment

In 2016, the central bank had accredited a new category of non-banking financial companies to act as AAs.⁷ These aggregators are intended to provide services (collecting, consolidating, and sharing information of an individual user or business and delivering it to an FIU) based on unequivocal consent from users.

An AA⁸ builds on the framework discussed above, providing a digital platform for convenient sharing and consumption of data among multiple entities with an emphasis on user consent. An AA is a data access fiduciary of financial data created through an inter-regulatory decision by RBI, SEBI, IRDAI, and PFRDA through the Financial Stability and Development Council (FSDC). The RBI has accorded licences to AAs. Currently, only asset-based data such as bank savings bank, fixed deposits and investment account details like mutual funds, insurance policies and pension funds is accessible. Other types of data are expected to be added over time.

Figure 2: AA journey so far and milestones ahead⁹

Sahamati¹⁰ is a collective of AAs set up by a private limited company (under the new Companies Act of India, not-for-profit companies are governed under Section 8). Sahamati will be integrated with multiple FIPs, including banks, insurance providers, mutual fund distributors and the Income Tax Department to create awareness about the AA concept and promote the roll-out of the platform.

Thus far, the RBI has confirmed in-principle approval to eight¹¹ account aggregators for building a data-sharing solution: CAMS FinServ, Cookiejar Technologies (product named Finvu), FinSec AA Solutions Private (OneMoney), Jio Information Solutions, National E-Governance Services Asset Data, Yodlee Finsoft, Perfios Account Aggregation Services and Aditya Birla Trustee Company.

Companies registered or regulated by any of the four regulators – the RBI, SEBI, IRDAI and PFRDA ‒ can be an FIP or FIU.

Opportunities and challenges

Initially, the objective of account aggregation product and services was to consolidate data and in a single location in order to generate useful reports – e.g. to provide the aggregate savings balance from multiple accounts. But as the technology – storage, computation, UI/UX ‒ continues to advance, FIUs such as financial advisors will be able to leverage account aggregation dashboards to go far beyond just providing a consolidated look at savings and current accounts, investment performance, incoming and outgoing cashflows etc. The focus will shift from just aggregating accounts to powering comprehensive automation in credit lending, investment advice, personal financial management, etc., and ultimately financial inclusion.

AAs can become agents of financial inclusion by shifting from asset-backed lending to cash-flow based lending. This can enable them to serve individuals and MSMEs, which were earlier unserved or underserved by financial services. In addition, by empowering users to control who accesses their data, type of data and duration of access, AA solutions can bring about a paradigm shift not just in credit assessment and lending but also in financial planning and wealth management.

Technologies like artificial intelligence, machine and cognitive learning, and advanced analytics can be used to build AA solutions that deliver meaningful inclusion and can potentially evolve to services such as wealth management and personal financial management that have, thus far, been availed of largely by the affluent strata. Additionally, the underlying architecture of account aggregation solutions is industry-agnostic, and, in due course, the same architecture may be applied in the telecom, health and education sectors.

The representation below depicts the stages in the evolution of AAs and their journey towards developing revolutionary products and services that offer financial institutions and customers a real-time, automated and highly enhanced ecosystem experience.

Figure 3: Evolution of account aggregation business models

Account aggregation solutions also pose challenges, which are being evaluated by FIUs and FIPs entities and monitored by users. Adoption rates by account aggregation services may be low because of apprehensions around security, privacy and accountability, signifying that most consumers are waiting for value-added of services from AAs and detailed guidelines and SOPs from regulatory bodies on protecting users’ financial data.

Data security is a major challenge. Hackers may obtain unauthorised access to an account aggregation site and steal and use confidential information to perform a transaction or engage in other fraudulent activities. The abundance of personal information, confidential data and access to financial accounts that aggregation applications offer make them a single point of failure and vulnerability.

Another challenge to be navigated pertains to the fact that the architecture of the AA ecosystem is principally based on consented data sharing over a technology platform. Aspects like technology and UI/UX design, privacy frameworks, API implementations, cyber security, audit and monitoring of licensees and data warehouses will require significant IT capabilities across the AA ecosystem entities. Furthermore, though IT capabilities will be paramount for robust design and implementation, powerful human-centric design and proficiency in design thinking will play a pivotal role in establishing user engagement and structuring an enormous amount of data for wide-ranging insights.

How can PwC help?

PwC has deep and proven capabilities across the regulatory and technical domain and has helped AAs, FIPs and FIUs leverage the shift in the data-sharing paradigm by reducing the costs of service and providing new and improved products and services.

PwC’s services for FIPs, FIUs and AAs

PwC is uniquely positioned to support and serve the ecosystem requirements. PwC’s offerings are differentiated by four key factors:

With inputs from Raghav Aggarwal, Ajit Shukla, Avneesh Singh Narang and Nitin Saxena.

Sources:

¹Screen Scraping

²Master Direction- Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016

³Sahamati – Collective of the Account Aggregator Ecosystem

⁴As defined by Raymond Graber, screen scraping ‘involves the simulation of user behavior to access the financial account website and to scrape account summary information from the site’. Aggregation and the Limits of Screen Scraping, AM. BANKER

⁵BITS RFI

⁶Announcing Data Empowerment And Protection Architecture (DEPA) Workshop On 18th May

⁷From bank account opening to buying mutual funds, how 'Sahamati' can help you

⁸Master Direction- Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016

⁹AA workshop for consultants and TSPs by Sahamati

¹⁰Sahamati – Collective of the Account Aggregator Ecosystem

¹¹AA workshop for consultants and TSP by Sahamati