Sahamati

Collective of Account Aggregator Ecosystem

Account Aggregator Technical Frequently Asked Questions

We have been receiving many queries about the Account Aggregator ecosystem. Many of the questions we have answered here are from the workshops we have conducted so far. We will continue to update this as and when required.

  1. Introduction to DEPA and AA
  2. The Account Aggregator Framework in India
  3. AA Data Flows
  4. The Account Aggregator App
  5. Providing Consent in AA Framework
  6. Sahamati AA, FIP, FIU Certification
  7. Revenue Model
  8. Legal
  9. Membership

Technical Support to Operationalise AA

Is any technical documentation related to being an AA available?

Please refer to our Resources section of the website. It has all the required technical and policy documents.

Please explain the technical steps for a FIP to connect with an AA.

Please see this document for the detailed steps.

Please explain the technical steps for an FIU to connect with an AA.

Please see this document for the detailed steps.

Our company is regulated by one of the four regulators mentioned above. We want to integrate with AA but we don’t have the technical expertise. How do we go about it?

Technical service providers in the AA ecosystem are providing various services to onboard institutions to use the AA framework. Please see the list of TSPs here.

Assuming the FIP has the data requested for, are they obligated to share it with the Account Aggregator? For e.g. FIU asks for 1 year of data, can FIP refuse to provide 1 year of data?

The FIP, if it has the requested data, is obligated to share the data.

How do you ensure that the FIU doesn’t use your data for other reasons than the reasons mentioned in the Consent Artefact?

The FIUs will have to adhere with the Data Governance guidelines to prevent misuse of data. The guidelines are being finalised together with ecosystem players and will be shared when complete.

How do you ensure that the FIU doesn’t use your data for other reasons than the reasons mentioned in the Consent Artefact?

The FIUs will have to adhere with the Data Governance guidelines to prevent misuse of data. The SriKrishna Report is the gold standard on Data Governance. Existing guidelines on security and privacy already exist for regulated entities by their sectoral regulators.

What is the unique identifier used by FIPs for discoverability? Is the unique identifier standardised across all Banks?

The identifier used for discovery is a verified Mobile Number, PAN, or a FIP Customer ID.