Open Banking Initiatives in India
Globally, open banking regulatory frameworks are structured to enable third party access to customer-permissioned data, requiring licencing or authorisation of third parties, and implementing data privacy and disclosure and consent requirements. Some frameworks may also contain provisions related to whether third parties can share and/or resell data onward to “fourth parties”, use the data for purposes beyond the customer’s original consent and to whether banks or third parties could be remunerated for sharing data. Open banking frameworks may also contain expectations or requirements on data storage and security.
India has kickstarted its approach to Open Banking by enabling an intermediary which will be responsible for the customers’ consent management. These intermediaries are licensed as Non-Banking Financial Companies. In September 2016, RBI announced creation of a new licensed entity called Account Aggregator (AA) and allowed them to consolidate financial information of a customer held with different financial entities, spread across financial sector regulators. In India, AA acts as an intermediary between Financial Information Provider (FIP) such as bank, banking company, non-banking financial company, asset management company, depository, depository participant, insurance company, insurance repository, pension fund etc., and Financial Information User (FIU) which are entities registered with and regulated by any financial sector regulator. The flow of information takes place through appropriate Application Programming Interfaces (APIs).
The transfer of such information is based on an explicit consent of the customer and with appropriate agreements/ authorisations between the AA, the customer, and the financial information providers. Data cannot be stored by the aggregator or used by it for any other purpose. Explicit and robust data security and customer grievance redressal mechanisms have been prescribed and the Account Aggregators are not permitted to undertake any other activity, primarily to protect the customers’ interest.