🔗
Account Aggregator (AA) Framework
India's consent-based financial data sharing revolution — enabling instant loan approvals, seamless KYC, and personalised financial products through secure data flows.
RBI RegulatedConsent-BasedOpen FinanceSahamati
What is an Account Aggregator?
An Account Aggregator (AA) is a new class of RBI-regulated NBFC (Non-Banking Financial Company) that acts as a consent manager for financial data. It enables customers to securely and digitally share their financial information — bank statements, insurance policies, tax data, investments — with third parties (lenders, advisors) with full control and explicit consent.
The AA framework is part of India's broader Data Empowerment and Protection Architecture (DEPA). It operates as a data pipeline — the AA itself cannot view, store, or use the data it transmits. It only facilitates the transfer with the customer's consent.
🔒Account Aggregators are data-blind intermediaries. They transmit encrypted financial data between parties but cannot read or use it. Your bank (FIP) encrypts data that only the requesting institution (FIU) can decrypt — not the AA itself.
Key Participants in the AA Ecosystem
👤
Customer
Central participant. Controls all data sharing via a mobile app. Can grant, pause, or revoke consent at any time.
🏦
FIP — Financial Information Provider
Banks, NBFCs, mutual funds, insurance companies, GSTN — entities that hold the customer's financial data.
🏢
FIU — Financial Information User
Lenders, wealth managers, fintechs — entities that request and use the shared data for credit assessment, advice, etc.
🔗
AA — Account Aggregator
NBFC-AA licensed by RBI. Acts as the secure consent manager and data transmission pipe between FIP and FIU.
🌐
Sahamati
Industry alliance that sets technical standards, manages the AA network, and coordinates among participants.
🏛️
RBI / Regulators
RBI licenses and regulates NBFC-AAs. SEBI, IRDAI, PFRDA regulate respective FIPs in their domains.
How Account Aggregator Works — Step by Step
Step 1: Customer Initiates
Customer visits a lender (FIU) app/website and agrees to share financial data via AA for faster loan processing.
Step 2: AA App Consent Screen
The AA app (e.g., Finvu, OneMoney, CAMS Finserv) shows a consent request: which data, for what purpose, how long, with whom. The customer reviews and approves or rejects.
Step 3: Data Fetch from FIP
The AA sends a signed consent artefact to the FIP (e.g., customer's bank). The FIP verifies the consent, packages the requested data (e.g., 12 months bank statements), and encrypts it.
Step 4: Secure Transmission
The encrypted data package flows through the AA to the FIU (lender). The AA cannot read the data. The FIU decrypts and analyses it for credit decisioning.
⚡What used to take 3–7 days (physical bank statements + manual underwriting) now takes minutes via AA. Lenders can assess creditworthiness in real-time, enabling instant loan approvals.
Licensed Account Aggregators in India
📱
Finvu (Cookiejar)
One of the first operational AAs. Backed by major banks. Consumer app available.
💼
OneMoney
NBFC-AA with partnerships across multiple banks and financial institutions.
🏦
CAMS Finserv
Backed by CAMS — India's leading mutual fund registrar. Strong in MF data.
📊
Perfios Account Aggregation
Part of Perfios — a leading financial data analytics company.
🔐
Anumati (Yodlee)
Global financial data company operating as NBFC-AA in India.
🌐
Saafe
Focused on secure AA services for the BFSI sector.
Benefits of the AA Framework
For Borrowers: Faster loan approvals (minutes vs weeks), no need to submit physical bank statements or salary slips, better loan offers based on complete financial picture, and complete control over data sharing.
For Lenders: Real-time, tamper-proof financial data from source (directly from the bank's API), reduced fraud risk, lower cost of underwriting, ability to serve thin-file customers (those with limited credit history).
For the Ecosystem: Drives financial inclusion by enabling formal credit for India's vast underserved population — MSME owners, gig workers, first-time borrowers — who lack traditional proof documents.
Frequently Asked Questions
Q: Is sharing data via AA safe?
A: Yes. The AA framework uses encryption, digital signatures, and a consent-based architecture. The AA itself cannot view the data. All AAs are licensed by RBI and must comply with strict data security standards.
Q: Can I revoke consent after granting it?
A: Yes. Customers can pause, revoke, or modify consent at any time through the AA app. Once revoked, the FIU cannot request further data fetch, though data already shared may have been processed.
Q: Which banks are FIPs in the AA network?
A: All major public and private sector banks are onboarded or in the process — SBI, HDFC, ICICI, Axis, Kotak, Bank of Baroda, Canara Bank, and many others. Check the Sahamati website for the latest list.
Q: Does AA share my data with government agencies?
A: No. The AA only facilitates data sharing with entities you explicitly consent to. Government access to financial data has separate legal mechanisms outside the AA framework.