The Account Aggregator (AA) framework’s fair use templates and guardrails are not regulatory compliance tools, but community governance standards designed to protect the ecosystem’s integrity. This framework, which includes 15 distinct templates, sets the “upper bounds” for data collection across various use cases to ensure that data access remains proportional to the service offered.
On 23rd March 2026, Sahamati hosted a webinar titled “Fair Use Explained: Understanding PFM and Wealth Management Templates” to detail how these standards apply to SEBI-regulated entities. While these templates provide a roadmap for responsible data usage, they are dynamic. Think of these templates as the ‘upper limits’ for data sharing, not a one-size-fits-all rulebook. While Sahamati sets the maximum boundaries, FIUs decide exactly what data they need within those limits. Meanwhile, Account Aggregators (AAs) keep the system honest by double-checking that every data request actually matches the user’s consent.
Defining the Templates: PFM vs. Wealth Management
The webinar focused on two primary templates— CT008 for Personal Finance Management (PFM) and CT004 for Wealth Management Services (WMS). These templates define the scope of data access based on the nature of the customer relationship.
- Personal Finance Management (CT008): The Fair Use framework restricts data fetches to an upper bound (e.g., 10 years for SEBI FI Types). Within these boundaries, the specific data requested is at the FIU’s discretion. FIUs are required to take prudence in the data they collect, limiting it only to what is necessary for their use case.
- Wealth Management Services (CT004): Designed for manufacturers and advisors who hold a fiduciary responsibility to the client, allowing a wider historical look-back to assess long-term performance. This template restricts 31 data pulls per month and a 1-year data validity, but allows for up to 20 years of historical data from SEBI FI Types and 13 months of other FI Types to capture long-term performance and asset allocation across market cycles.
What the Webinar Covered
The session moved beyond technical connectivity to focus on the “how” of implementation. Key areas of discussion included:
- Framework Overview: Understanding how fair use templates act as community-governance standards rather than a substitute for regulatory compliance.
- Implementation Do’s and Don’ts: Practical guidance on structuring consents and managing the lifecycle of recurring data fetches.
- Governance Roles: Defining the responsibilities of FIUs as the implementers and AAs as the first-level validators of consent requests.
Key Guardrails Discussed
To maintain network health and consumer privacy, the webinar highlighted several binding operational guardrails:
- One Purpose, One Consent (CC026): The data journey must align strictly with the customer’s intent. Data collected for a budgeting dashboard (PFM) cannot be repurposed for credit underwriting or other product journeys without a separate, explicit consent. FIUs must obtain separate, explicit consent for every new purpose.
- Data Minimization (CC030): FIUs are encouraged to fetch only incremental data after the initial pull. Repeatedly fetching the entire historical record is considered inefficient and puts unnecessary strain on the ecosystem.
- Inactive User Protocol: Privacy is not passive. FIUs are encouraged to implement a mechanism to identify inactive users and cease background data collection if a customer stops engaging with the service.
- Purpose Text Integrity: The “Why” of consent or data collection shown to the customer on the consent screen (e.g., “To analyze your monthly expenses for budgeting”) must be specific and easily understood. An entity cannot use the data for anything else by hiding broader permissions in its general internal privacy policies, overriding its responsibilities under the consent.
- Success-Based Rate Limiting (CC020): If a data pull is successful for SEBI FI Types on a given calendar day, FIUs must not make the same request to the FIP within the same calendar day. For SEBI-regulated data, the information remains consistent throughout the day as it reflects the last settled data; therefore, multiple pulls provide no additional value
This session of the Fair Use Explained series, Sahamati engaged with the FIUs to help translate the guardrails and templates into real-world PFM and Wealth Management use cases.
Missed the Webinar?
Watch the full session to gain a deeper understanding of how ecosystem participants can better comprehend how Fair Use is designed, implemented, and enforced within the AA framework.
For any questions or to explore how your organisation can participate in the AA ecosystem, write to us at https://sahamati.org.in/contact/. There is a dedicated field for fair use questions.