Securities and Exchange Board of India (SEBI) has released a consultation paper on the Account Aggregator Framework in securities markets. The paper aims to define use cases of Financial Information Users (FIUs) and invites public comments on potential use cases, safeguards, and data security measures.
Analysis: The Account Aggregator Framework, conceptualized by the Financial Stability and Development Council (FSDC) in 2014-2015, allows individuals to access and share their financial information across various institutions securely and digitally. Account Aggregators, regulated entities with an NBFC-AA license, play a crucial role in transmitting customer data based on their consent. SEBI’s circular empowers Depositories and AMCs to function as Financial Information Providers (FIPs) in the securities markets.
The consultation paper highlights various categories of financial information under the AA framework, including bank deposits, government securities, equity shares, mutual fund units, insurance policies, and more. It seeks to explore potential use cases for SEBI-regulated entities, such as Registered Investment Advisers, Registered Portfolio Managers, and intermediaries verifying bank accounts during client onboarding.
However, the paper raises concerns about data security and misuse of financial information. It calls for suggestions on additional safeguards to protect customers’ interests and curb frauds, misappropriation, mis-selling, or unsolicited cross-sell/upsell practices.
Questions for Public Comments:
1. Do any class or type of intermediaries in the Indian Securities market require exclusion from functioning as FIUs? If so, please provide the rationale.
2. What are the potential use cases for the AA framework for SEBI-regulated entities?
3. Are there additional categories of financial information that may be included under the AA framework? If so, please provide the use case/s and rationale.
4. Are there safeguards required in the AA Framework to protect customers’ interests and prevent potential misuse of financial information?
5. Are there any measures needed to address concerns of customers, financial information providers, account aggregators, or financial information users? If so, please provide the rationale.
Conclusion: SEBI’s consultation paper seeks to enhance the Account Aggregator Framework by exploring various use cases and implementing robust data security measures. Stakeholders, including market intermediaries, participants, investors, and academicians, are encouraged to provide their insights and suggestions to shape the future of the AA framework in the securities markets. To participate, individuals can submit their comments as per the specified format to SEBI by August 31, 2023, and contribute to the evolution of a safer and efficient financial ecosystem.
*****
Securities and Exchange Board of India
Aug 01, 2023 | Reports : Reports for Public Comments
Consultation Paper on collating and defining use cases of Financial Information Users in the Account Aggregator Framework in Securities Markets
Page Contents
Chapter 1: Introduction
1.1 The account aggregation framework was conceptualized by the Financial Stability and Development Council (FSDC), in its meetings in 2014 – 20151. Subsequently, the Reserve Bank of India (RBI) announced that it will put in place a regulatory framework to allow a new kind of Non-Banking Finance Company (NBFC), which could act as an Account Aggregator (AA) to enable a person to see all their accounts across financial institutions in a common format.2
1.2 Such Account Aggregators would facilitate collecting and providing information of customers’ financial assets in a consolidated, organized and retrievable manner to the customer or any other person based on consent of the customer.
1.3 On September 2, 2016, RBI notified the Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 20163 pursuant to seeking public comments on the Draft Regulatory Framework for Account Aggregator Companies4.
1.4 Initially, only financial assets whose records are stored electronically and which are under the regulation of the financial sector regulators, RBI, SEBI, IRDAI, and PFRDA would be under the purview of the account aggregation framework. Further, no financial asset related customer information transmitted through the account aggregator from the financial service providers would be visible to or reside with the account aggregator.
Chapter 2: Account Aggregator Framework
2.1 Accessing the financial system is a challenging affair for many consumers involving the following issues:
- Extensive paperwork: furnishing physical signed and/or scanned copies of bank statements
- Authentication of documents: attestation, notarizing or stamping of documents
- Multiplicity of documents: documents have to be fetched from across various financial institutions
- Lengthy processing time: Time taken to acquire such documents and further submit them is a time consuming process
2.2 The Account Aggregator network replaces all these with a simplified, secure digital data access and sharing process based upon used consent. The framework harbors great potential opportunities for various new kinds of services.
2.3 An Account Aggregator5 is a type of RBI regulated entity (with an NBFC-AA license) that helps an individual securely and digitally access and share information from one financial institution they have an account with to any other regulated financial institution in the AA network. Data cannot be shared without the consent of the individual.
2.4 Account Aggregator provides granular, step by step permission and control for each use of customer data.
2.5 Account Aggregators aggregate a customer’s information across various financial information providers. Account Aggregators cannot see or store customer data (since the data processed through them is encrypted); they merely transmit it from one financial institution to another based on a customer’s direction and consent. The end to end encryption makes the process secure.
2.6 The AA framework is envisaged to make all financial data available for sharing including tax data, pensions data, securities markets data, and insurance data.
2.7 To ensure that movement of data among different financial entities, which are spread across financial sector regulators and adopt different IT systems and interfaces, is secured, duly authorized, smooth and seamless, a set of core technical specifications for the participants of the AA ecosystem have been framed by Reserve Bank Information Technology Private Limited (ReBIT).
2.8 Through the SEBI circular6 titled “Participation as Financial Information Providers in Account Aggregator framework”, Depositories and AMCs (through their RTAs) haven been enabled to function as Financial Information Providers (FIPs) in the securities markets. Further, the circular also directed the Financial Information Users (FIUs) to adopt the technical specifications published by ReBIT.
Chapter 3: Financial Information Users in the securities markets
3.1 The RBI Master Direction – NBFC – Account Aggregator (Reserve Bank) Directions, 2016 (Updated as on December 29, 2022) envisages that any entity registered with and regulated by a financial sector regulator can be a Financial Information User.
3.2 Further, the aforesaid Master Direction provide for the following as meaning ‘financial information’:
a. bank deposits including fixed deposit accounts, savings deposit accounts, recurring deposit accounts and current deposit accounts,
b. Deposits with NBFCs
c. Structured Investment Product (SIP)
d. Commercial Paper (CP)
e. Certificates of Deposit (CD)
f. Government Securities (Tradable)
g. Equity Shares
h. Bonds
i. Debentures
j. Mutual Fund Units
k. Exchange Traded Funds
l. Indian Depository Receipts
m. CIS (Collective Investment Schemes) units
n. Alternate Investment Funds (AIF) units
o. Insurance Policies
p. Balances under the National Pension System (NPS)
q. Units of Infrastructure Investment Trusts
r. Units of Real Estate Investment Trusts
s. Goods and Services Tax (GST) Returns, viz. Form GSTR-1 and Form GSTR-3B
t. Any other information as may be specified by the Bank for the purposes of these directions, from time to time;
3.3 In view of the categories of ‘financial information’ (given in the preceding paragraph), as an illustration, a few hypothetical use cases for securities markets intermediaries/ regulated entities could be:
a. a Registered Investment Adviser seeking information on financial assets of the client/investor via the AA framework in order to devise a financial plan for the client
b. a Registered Portfolio Manager seeking information on the portfolio/ financial assets of the client/investor via the AA framework with reference to managing the portfolio of the client
c. Verification of bank account wherever required when a client is on-boarded by an intermediary
d. Regulators accessing financial data submitted by regulated entity (as per regulations) via the AA framework
3.4 A technological framework (including its security protocols) is bound to be a reflection of the humans operating it. It is notable that though there are various safeguards in place and consistent communication advising caution, consumers sometimes adopt unsafe practices of: sharing confidential information such as user IDs, passwords, OTPs, account numbers with third parties; authorizing / empowering third parties to operate their accounts; or providing access to their financial information to third parties etc. Such unsafe practices lead to frauds being perpetrated or funds and securities being misappropriated or financial products/services being mis-sold or customers being subjected to unsolicited cross-sell or upsell. It is in this context that comments are sought in improving the safeguards within the AA framework especially to curb misuse of the financial information in frauds, misappropriation, mis-selling or unsolicited cross-sell/upsell, etc.
Questions
A. Do any class or type of intermediaries in the Indian Securities market (List of categories of securities market intermediary is provided at Annexure A) require being excluded from functioning as FIUs? If so, please provide the rationale.
B. What are the potential use cases for the AA framework for SEBI regulated entities?
C. Are there any additional categories of financial information which may be included under the ambit of the AA framework? If so, please provide the use case/s and rationale.
D. Are there safeguards required in the AA Framework in order to protect the interests of customers in terms of additional data security, or to curb potential misuse of the financial information in frauds, misappropriation, mis-selling or unsolicited cross-sell/upsell, etc.?
E. Are there safeguards or measures required in the AA Framework in order to address concerns of customers, financial information providers, account aggregators or financial information users? If so, please provide the rationale.
Annexure A
1 Registered Alternative Investment Funds
2 Registered Stock Brokers
3 Banker to an Issue
4 Credit Rating Agency – CRA
5 Registered Custodians
6 Debentures Trustee
7 Designated Depository Participants
8 Qualified Depository Participants
9 Registered Depository Participants
10 FPIs / Deemed FPIs
11 Registered Foreign Venture Capital Investors
12 Investment Adviser
13 Registered Infrastructure Investment Trusts
14 Registered KYC (Know Your Client) Registration Agency
15 Merchant Bankers
16 Registered Mutual Funds
17 Registered Portfolio Managers
18 Registrars to an issue and share Transfer Agents
19 Research Analyst
20 Self-Certified Syndicate Banks
21 Registered Venture Capital Funds
22 Real Estate Investment Trust
23 Registered Vault Managers
Public Comments
Public comments are invited for the proposal on collating and defining use cases of Financial Information Users in the Account Aggregator framework in securities markets. The comments/ suggestions may be provided as per the format given below:
| Name of the person/ entity proposing comments: |
| Name of the organization (if applicable): |
| Contact details: |
| Category: whether market intermediary/ participant (mention type/ category) or public (investor, academician etc.) |
–
| Sr No. | Extract from consultation paper | Issues (with page/para nos., if applicable) | Proposals / Suggestions | Rationale |
Kindly mention the subject of the communication as, “Comments on collating and defining use cases of Financial Information Users in the Account Aggregator framework in securities markets”.
Comments as per aforesaid format may be sent to the following, latest by August 31, 2023 (within 30 days from date of publication of this consultation paper on SEBI website) through the following modes:
a. By email to; ia_ho@sebi.gov.in or
b. By post to the following address:
Mr. Manjesh Roy, G.M. / Mr. Rohan Singh Meena, A.G.M.
Office of Investor Assistance and Education
Securities and Exchange Board of India, SEBI Bhavan II, C-7, G-Block,
Bandra Kurla Complex, Bandra (East), Mumbai – 400 051.
Notes:
1 Press Releases for the 10th and 12th meetings of the FSDC: https://dea.gov.in/fsdc
2 RBI Press Release dated July 2, 2015:
https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=34345
3 RBI Master Directions – NBFC – Account Aggregator https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10598
4 RBI Press Release dated March 3, 2016:
https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=36394
5 MoF press release dated September 10, 2021: https://pib.gov.in/PressReleasePage.aspx?PRID=1753713
6 Circular No. SEBI/HO/MRD/DCAP/P/CIR/2022/110 dated August 19, 2022: https://www.sebi.gov.in/legal/circulars/aug-2022/participation-as-financial-information-providers-in-account-aggregator-framework_62157.html
