Account Aggregators are designed to move financial information with consent, not to become owners of the customer’s money or unrestricted readers of every financial record.
RBI-regulated NBFC-AA
Consent-based data flow
Data blind intermediary
Purpose and duration
The Account Aggregator framework enables financial information to move from a Financial Information Provider to a Financial Information User based on an electronic consent artefact. The AA manages the consent and secure flow; it is not meant to read or store the customer’s financial information in plain form.
A consent request should identify the data, purpose, recipient, frequency and duration. Broad, long-lived requests can expose more information than a one-time loan assessment requires. Users should reject or narrow requests that do not match the service.
For lenders and fintechs, AA data can improve speed and reduce document tampering, but automated analysis still requires fair underwriting, data minimisation, security and a route to correct errors.
| Stage | What happens | Control |
|---|---|---|
| Request | A service asks for specified financial data. | Check purpose, period, frequency and recipient. |
| Consent | The customer approves through the AA interface. | Keep the consent receipt. |
| Transfer | Encrypted data moves from provider to user. | The AA facilitates rather than lends. |
| Revocation | The customer can manage consent within the framework. | Revocation does not erase lawful prior processing automatically. |
Start with the exact decision being made. A payment choice, credit facility, investment, policy, remittance or compliance step should not be judged only by convenience or headline return. For Account Aggregators: Sharing Financial Data with Control, the four useful lenses are licence: RBI-regulated NBFC-AA; core object: Consent-based data flow; aa role: Data blind intermediary; user control: Purpose and duration.
Next, identify the downside before considering the expected benefit. Ask how much money can be lost or delayed, which obligation becomes fixed, who controls the data or asset, what happens when the provider fails, and which official complaint or appeal route remains available. This converts a marketing claim into a testable decision.
Finally, define the review trigger. A rule change, missed payment, benefit revision, sharp market move, data incident, unresolved reconciliation or change in personal cash flow should reopen the decision. Evidence should be collected when the transaction occurs, not reconstructed after a dispute.
| Participant | Primary responsibility | Failure to avoid |
|---|---|---|
| User or customer | Read the terms, authorise deliberately, preserve records and act within personal cash-flow or risk limits. | Sharing banking passwords outside the AA flow. |
| Provider or intermediary | Make accurate disclosures, operate the agreed process, protect data or assets and maintain a usable grievance route. | A consent request with no clear purpose. |
| Adviser or finance team | Apply the current rule to the actual facts, separate assumptions from evidence and explain material downside clearly. | Continuous access for a one-time service. |
Regulation can allocate duties, but it cannot remove commercial or market risk. The safest operating approach is to know which participant owns each step and to escalate an exception before money, data or legal rights become difficult to recover.