Guideline No. | UR001 |
Purpose | To clarify the roles that an unregulated entity can play in the AA ecosystem |
Description | Entities that are not “registered and regulated” by one of the four financial sector regulators CANNOT be FIUs (as per RBI Master Directions) themselves.
Such an entity however, can provide one or more of the following services to AA network participants (FIUs, FIPs, AAs):
|
Stage | Finalised |
Guideline No. | UR002 |
Purpose | To clarify if unregulated entities can access the raw data of citizens, in any of the roles mentioned and guard rails thereof |
Description | Technology Service providers that offer data gateway and/or data processing services to FIUs are expected to get access to the raw data that citizens share with the FIUs.
FIUs are expected to take explicit, informed consent from citizens for them to share raw data with such data processors. This is in addition to the consent that the citizen gives to the FIU, via an AA, and is expected to be taken by the FIU separately.Further, FIUs are expected to ensure all such outsourcing arrangements are in line with extant regulatory norms they are subject to. Also, FIUs are expected to ensure that their data processors are legally bound to:
Should a TSP offering just data gateway services (and not data processing) also be named by the FIU to the citizen and explicit, informed consent taken? |
Stage | Under deliberation |
Guideline No. | UR003 |
Purpose | To clarify if a lead generator’s brand name can be displayed along with the FIU’s name, to provide context to the citizen on consent artefacts |
Description | A citizen may engage with an unregulated entity – such as a marketplace for financial services or a parent company’s app – for a financial service. During the course of the interaction, the citizen may provide consent to an FIU – that the unregulated entity serves.
In such a situation, it would be useful for the citizen to see both the name of the FIU (to whom the consent is provided) and the unregulated entity (through whom the consent has been provided) on the AA’s interface. The current version of the specifications do not provide for a separate field, other than FIU. This has to be discussed within the community as to how to be resolved. |
Stage | Under Deliberation |