In response to the evolving landscape of user-consented data sharing within the Account Aggregator (AA) ecosystem, the need for a more scalable, transparent, and community-driven approach towards data collection and usage has become increasingly apparent. In view of the DPDP Act, 2023, and the increasing usage of AA across sectors, AA market participants collectively sought harmonization of industry standards and practices for participation in the AA framework for the various use cases it enables. Based on such feedback, Sahamati introduced the AA Consent Template Library as a community asset to harmonize consent attributes, setting upper-bound reference parameters for various use cases across sectors.

Establishing the Consent Template Library represents a transformative step towards promoting fair usage of AA by fostering greater trust, transparency, and efficiency within the AA ecosystem. At its core, the Consent Template Library serves as a comprehensive repository of standardized consent templates, meticulously crafted by the Use Case Councils to align with the diverse needs and use cases of Financial Information Users (FIUs) while ensuring they meet the business requirements, and enhance customer privacy and are aligned with the principles of the DPDP Act,  acting as guardrails against misuse of AA framework.

What is a Consent Template?

A Consent Template refers to the outer bounds for mandatory attributes (as defined by the ReBIT specs) of consent artefact that can be employed for a specific use case. While few attributes, such as purpose code, consent type, fetch type, etc. are described in absolute terms, attributes that carry a value and unit are described as upper bounds.

Who created the Consent Template Library?

The formation of the Consent Templates Library involved a collaborative effort by active Financial Information Users (FIUs) within the Account Aggregator (AA) Ecosystem, through the individual User Councils, which was further reviewed and approved by the Fair Use Committee and Governing Council of Sahamati. These templates, designed as “Best Practice Consents Templates,” were meticulously crafted through collaborative efforts and rigorous deliberations led by leading industry practitioners. Key considerations during the design process included safeguarding end-customer interests, ensuring alignment with the principles of the Digital Personal Data Protection (DPDP) Act, adhering to RBI master guidelines for AA, and addressing the specific requirements of various use cases.

Usage of Consent Template Library

The templates were developed to serve as benchmarks for data-collection practices within the AA ecosystem, providing a standardized framework that promotes transparency, fairness, and alignment with regulatory and statutory principles. Expectations are set for Financial Information Users (FIUs) and Account Aggregators (AAs) to revise their consent templates within the parameters of those in the Consent Template Library, ensuring consistency and adherence to established parameters.

For instance, FIUs offering Spend and Investment Analytics use case will, as per the consent template library, be expected to declare the frequency of their data pulls at 45 or less than 45 data pulls, with a consent validity of one year or less.

Consent Template Library

The table below summarises the templates discussed or finalized by the Use Case Councils.

Consent Template IDUse Case CategoryStatusPurpose Text (to customers)License types considered
CT001 Loan UnderwritingActiveTo process borrower’s loan applicationBank, NBFC, HFC
CT003 Account Monitoring (subject to loan activation)

ActiveTo monitor borrower’s account to verify loan repayment capability, subject to loan activationBank, NBFC, HFC
CT006Income Verification

ActiveTo verify the income as or on behalf of the insurer selected by the customer while underwriting a Life insurance policyInsurance broker (Life), Insurer (Life), Agent (Life)
CT008 Personal Finance Management (PFM)ActiveTo generate insights into your income and expenses, networth to provide spend and investment analytics and help you manage your finances betterBank, Registered Investment Advisor
CT035 Account Monitoring (subject to loans where Installment/EMI/payable amount is due more than one day from the due date)ActiveTo monitor a borrower’s accounts for loan collection, applicable only in case of loans where Installment/EMI/payable amount is due more than one day from the due dateBank, NBFC, HFC
Last published31st May 2024

Please note that the parameters of the individual consent templates in the Consent Template Library represent upper bounds for the respective use cases, as decided in the relevant User Councils. The parameters in the consent templates should be treated by participant(s) as outer limit(s) and not be construed as legal advice in any manner. Participants are encouraged to review their use case(s) and ensure compliance with applicable laws, including the RBI Master Directions on NBFC-AA and the DPDP Act.

Sahamati will publish additional consent templates as the AA ecosystem evolves based on discussions in the relevant Use Case Councils and the Fair Use Committee. Existing consent templates may also be revised based on statutory and regulatory guidance, including the DPDP Act and the Rules issued thereunder.