Open Banking: The Operation of Account Aggregators in India

With the arrival of the digital revolution, sharing of data has become easier as well as necessary. This requires the data generated to be apportioned to all who might need it for various purposes. This is where fintech (an amalgamation of the terms finance and technology) firms come in. The data generated by Financial Institutions including banks are shared with fintech firms through the means of application programming interface (APIs), which acts as the bridge between the two entities. Thus, APIs facilitate data sharing in the banking sector, which brings about the concept of open banking.

This has led to FIs offering consumer-centric and personalized services.

Open BankingOpen Banking can be defined as a mechanism where data is shared freely with the consent of the consumer, in order to generate the required analytics and provide financial and other services. Since consent is an essential ingredient of the concept of open banking, it is popularly regarded that open banking promotes the customers’ control over the data they generate.

Since the awareness regarding the sanctity of one’s data is gaining salience, this, so to say, ‘advantage’ of open banking is what makes it prominent among both banks and consumers alike. The essential principle of user consent is embodied in the Information Technology Act, 2000 as well as the forthcoming Personal Data Protection Bill, 2019.

THE INDIAN MODEL

In 2016, Account Aggregators (or ‘AAs’) have been developed by the Reserve Bank of India through a Master Direction to facilitate the open banking regime. Ordinarily, the data was shared between the providers and the users of information (for the sake of simplicity, otherwise known as FIPs and FIUs, respectively) directly, which rendered the process opaque and deprived customer control. Being impartial third-party operators, AAs are based on a strict consensual model, operating on authorization agreements between the customer, the bank, and themselves. They are merely channels through which data will pass based on consent and are not allowed to access, store, or utilize the data handled by them. The directions also provide for an IT framework including the consent architecture and operational mechanism for the AAs.

Think of the AAs as a broker for customers’ financial information. Once the customer grants consent that their specific data may be shared with particular FIs seeking it (FIUs) for the mentioned purpose for a certain period, the AAs procure the same from the FI holding the data (by virtue of them serving the customer, the FIPs) and deliver it to the FIUs. On the basis of the data so received the latter may offer new financial services to the consumer. Meanwhile, the AAs are regulated by the RBI and its directions. The customers also have the option of revoking their consent in respect of the time period, the FIU, and the particular data shared.

The Master Direction also specifies that an AA may be registered as an NBFC, granting the RBI the power to govern them, and also be registered with a bank. Further, a company performing the function of an AA may not carry any other business. As of yet, seven AAs have been granted approval to operate as AAs, three of which have only an in-principle approval. The framework went live recently, on September 2, 2021, with prominent banks joining in.

For addressing concerns relating to the functioning of the three different kinds of entities and difficulties that may arise in coordination, the DigiSahamati Foundation was established as a member collective. The organization works towards ensuring that the members adhere to the technical standards as well as to manage the competing interests.

On the other hand, the US open banking framework is industry-driven, for the lack of any government regulation as of yet. Even the US is envisaging a possible regulatory mechanism. However, what makes the Indian approach different is that the intermediary, or the AA, is directly regulated under the Directions of the RBI. The model is very similar to that in the UK where the regime of open banking is government-regulated through the Open Banking Standard, as a part of the Open Banking Implementation Entity, wherein a data sharing or API framework is prescribed and enforced by independent parties, to tackle the competitive concerns.

CONCERNS IN OPEN BANKING

Even though data sharing is the widely accepted way forward, expected to overhaul the financial and other related sectors, the concept is only in its nascent stage, having been operationalized by the European Union in 2018. Issues of security and privacy are rife in the emerging field of open banking. The concerns have been predicted and provided for, to some extent, in the RBI Directives through the measures for Data Security, granting customer rights including a record of consent and disability of the AA to use the data for any purpose other than that authorized by them, as well as the requirement of a grievance redressal mechanism for the customers.

However, considering that AAs would also be large companies, working closely with FIPs and FIUs, the possibility of abuse of market power, as well as imbalance of power with respect to the data principal or the user, cannot be completely disregarded. There is also the issue of low digital literacy and lack of access to smartphones, especially among the poor. As is the case with every digitization move, AAs also fall under the bridging or deepening the ‘digital divide’ debate. Further, click consent, though a quick and easy way to achieve the mandate of open banking, may leave customers vulnerable to misuse of data as they may not understand where or how their information is being used.

CONCLUSION

While it may be possible to predict some issues that may arise, the recent rollout will be indispensable in teaching lessons to better the existing system. As an initiative, it was a much-needed one, with India being one of the forerunner participants in the movement. Nevertheless, open banking is a fairly new operation, whose real-life implications are yet to be seen.

Author: Pranika Goel – a student of  National Law University (Delhi), in case of any queries please contact/write back to us at Khurana & Khurana, Advocates and IP Attorneys.

Leave a Reply

Archives

  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • September 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010