Four major financial regulators have come together to set up a non-profit organisation that will make it easier for users to apply for loans by helping share their data with different agencies.
Sahmati — announced by the Reserve Bank of India (RBI), the Securities and Exchanges Board of India (Sebi), the Insurance Regulatory and Development Authority of India (Irdai) and the Provident Fund Regulatory and Development Authority (PFRDA) — will allow regulated entities under the four regulators to share data with a user’s consent.
For example, if you approach a bank for a loan, the loan officer would need details on your credit history, income and tax payments to process your application. Instead of running from pillar to post to arrange these documents, all you have to do is give consent to a request generated by the loan provider, and the account aggregator will access your data from entities concerned and provide to the loan provider.
The genesis of Sahmati is an RBI circular from 2016 which asked for implementation of “explicit consent” to be taken by account aggregators — non-banking financial companies (NBFCs) — and the suggestions made by the Srikrishna Committee report. A consent framework called Data Protection & Empowerment Architecture (DEPA) has been developed and conceptualised by policy think-tank iSpirt.
Sahmati has been set up as a Section 8 non-profit. This pilot organisation will work to accelerate the adoption of DEPA, which works with the aim of maintaining privacy and using the data for good.
The understanding is that if this works, DEPA could become the default privacy framework for fintech transactions and loan processing and so on, with NBFCs or other specified account aggregators being allowed to charge a fee for fetching user data from different databases without having the power to carry out any transactions. This could eventually be rolled out to other industries such as healthcare and telecom in the near future.
Role of account aggregators
“The AA is a huge step forward because it places the user at the centre of the data ecosystem and gives her meaningful control over her data. With this, India will become a world leader in enabling consented data flows,” said Arundhati Bhattacharya, former chairman and managing director of SBI.
“I would urge financial service providers to embrace the AA model at the earliest because it will enable them to become extremely efficient in processing large data sets, provide better customer service and enable financial inclusion by lowering transaction costs and reducing the possibility of fraud. Like UPI, the AA system can be another huge innovation to emerge out of India,” she said.
Account aggregators will be able to fetch but not see data from, let’s say, your bank when you apply for a loan, and charge a fee for fetching and providing this information to the parties concerned (loan provider and banks whose account statements are to be fetched). The process will be fully encrypted so the account aggregators will not be able to access any data they fetch or provide.
If Sahmati works, the need for people to physically visit multiple branches for their data, share their confidential login ID details, or log-in to multiple sites themselves to download and collate the information before sharing it with lenders, financial planners and other service providers will be eliminated.
Six account aggregators have so far received in-principle approval from the RBI to move ahead. These are — NESL Asset Data, CAMS Finserv Financial Services, Cookiejar Technologies (product called Finvu), FinSec AA Solutions (Product titled OneMoney), Yodlee Finsoft, and Jio Information Solutions.
The account aggregator will also enable users to revoke consent to share data, and also share individual items of data without sharing a full history. This is almost impossible to do when full bank statements, mutual fund statements etc. are shared in paper form or downloaded and sent to service providers.