SEBI, vide its circular dated 19th August, 2022 joined Account aggregator framework. An Account Aggregator (AA), is a Reserve Bank of India (RBI) regulated Non-Banking Finance Company (NBFC) that facilitates retrieval or collection of financial information, pertaining to a customer, from Financial Information Providers (“FIP”) on the basis of explicit consent of the customer. The financial information shared through the Account Aggregator is not stored by the AA and it shall not be the property of the AA. This information is not to be used in any other manner except for the purpose of providing it to the customer or consented Financial Information User (FIU).
Under the purview of RBI Master Directions | It is to be noted that RBI has issued Non-Banking Financial Company –Account Aggregator Master Directions dated 02nd September, 2016 for compliance by every Non-Banking Financial Company (NBFC-Account Aggregator) undertaking the business of AA. |
List of entities mentioned as Financial Information Providers (FIPs) | Out of the list of entities mentioned as Financial Information Providers (FIPs) under the Clause 3 (xi) of the Master Directions, the Asset Management Companies (AMCs) through their Registrar and Transfer Agents (RTAs) and the Depositories are inter-alia specified as Financial Information Providers (FIPs) for the purpose of sharing of information. |
“Financial Information”, as specified in Clause 3(ix) of the RBI Master Directions | The FIPs in the securities market will provide the “Financial Information”, as specified in Clause 3(ix) of the RBI Master Directions, to the customers and FIUs who furnish the consent artefact (electronic consent as defined in RBI Master Guidelines) through any of the Account Aggregators registered with RBI. The FIPs in the securities markets shall share the “Financial Information” pertaining to securities markets, through the AA only on receipt of a valid consent artefact from the customer through the Account Aggregator. The consent architecture is detailed under Clause 6 of the RBI Master Directions. Further, the FIPs in the securities markets shall also verify, through appropriate means, the following in the consent artefact: a. validity of consent b. specified dates and usage; and c. the credentials of the AA. |
Transmission of information to AA | Upon due verification of the consent artefact, the FIPs in the securities markets shall digitally sign the financial information and securely transmit the same to the AA in accordance with the terms contained in the consent artefact. All responses of the FIPs in the securities markets shall be in real time. |
Enabling these data flows of FIPs in the securities markets : | To enable these data flows, the FIPs in the securities markets shall: a. implement interfaces that will allow an Account Aggregator to submit consent artefacts, and authenticate each other, and would enable secure flow of financial information to the AA; b. adopt means to verify the consent including digital signatures, if any, contained in the consent artefact; c. implement means to digitally sign the financial information that is shared by them about the customers; d. maintain a log of all information sharing requests and the actions performed by them pursuant to such requests. The FIPs in the securities markets are expected to adopt the technical specifications published by ReBIT, as updated from time to time and adopt required Information Technology (IT) framework and interfaces to ensure secure data flows to AA. The technology should also be scalable to cover any other AA as may be specified by Reserve Bank of India in future. There shall be adequate safeguards built in IT systems of FIPs in the securities markets to ensure that it is protected against unauthorized access, alteration, destruction, disclosure or dissemination of records and data. |
Redressal of grievances of the customers. | The FIPs in the securities markets shall also abide by the code of conduct as specified in the SEBI regulations applicable to them, including redressal of grievances of the customers. |
The Financial Information Providers (FIPs) in securities market must disclose prominently on their websites the names of the Account Aggregators through which the FIP shares the information about assets held with respect to securities markets with the customers and Financial Information Users (FIUs).
The provisions of this circular shall come into force with immediate effect and are applicable to all Depositories and Asset Management Companies.