How RBI's Account Aggregator System Moves Your Bank Data Without Ever Storing It
Picture this: you're applying for a personal loan, and instead of hunting down six months of PDF bank statements to email a stranger, you tap 'Approve' once on your phone. Behind that one tap sits an entire RBI-built machinery designed so your money data moves — but nobody, not even the middleman, gets to keep a copy.
- RBI created a new licensed entity type — NBFC-Account Aggregator — through the Master Direction – Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016, dated September 2, 2016
- The public Account Aggregator (AA) network went live on September 2, 2021, five years after the Master Direction — for the current list of participating banks, check RBI's official Account Aggregator network page
- Every data-sharing request is captured as a digital "consent artefact" that must state the purpose, exact data types, date range, and an expiry date — open-ended or blanket consent is not allowed
- Sahamati, a non-profit industry alliance, maintains the technical and policy rulebook that all licensed Account Aggregators must follow
- An Account Aggregator is legally barred from storing, reading, or reselling the data it moves between a Financial Information Provider (FIP) and a Financial Information User (FIU)
- RBI's AA framework runs on the Master Direction dated September 2, 2016, and went live for public use on September 2, 2021
- Every data share needs a specific, time-bound "consent artefact" — no blanket or forever consent is allowed
- You can revoke consent anytime through your AA app; unrevoked consents expire on their own stated date
- AAs legally cannot store, read, or resell your financial data — they only move it between FIP and FIU
- Sahamati sets the shared technical rulebook that keeps every licensed AA behaving the same way
What exactly is an Account Aggregator?
An Account Aggregator, or AA, is a company licensed by RBI to do exactly one job: move your financial data from where it lives (your bank, mutual fund, insurer) to whoever wants to see it (a lender, a wealth app, a new bank) — but only after you say yes.
Think of the AA as a courier, not a warehouse. It carries the parcel from A to B, never opens it, never keeps a copy, and can't hand it to anyone you didn't approve. Before AAs existed, sharing financial history usually meant emailing PDFs or handing over a net-banking password to an app that would silently "scrape" your account. RBI built this framework to end that.
Who are the players in every AA transaction?
Four parties show up in every data-sharing event:
- FIP (Financial Information Provider) — the institution holding your data, like your bank, NBFC, mutual fund house, or insurer.
- FIU (Financial Information User) — the institution that wants your data, usually a lender assessing a loan or a fintech building a financial dashboard.
- AA (Account Aggregator) — the licensed NBFC-AA that carries the data from FIP to FIU, strictly on your instruction.
- You — the customer, who owns the data and must actively approve every transfer.
This structure mirrors how other regulated rails work in India — for instance, BBPS separates bill collection from bill payment, keeping each layer accountable for only its own piece of the chain.
How does the consent actually work, step by step?
Here is the sequence, stripped of jargon:
- You log in to an app (say, a lending app) and choose to link your bank account.
- The app (FIU) sends a request to an AA, naming exactly what it wants — for example, "12 months of savings account statements, for loan underwriting."
- The AA shows you this request as a consent screen: purpose, data types, date range, and how long the access stays valid.
- You approve on your AA app, usually with an OTP or PIN.
- The AA fetches encrypted data from your bank (FIP) and passes it straight to the FIU — without reading or storing it.
This entire record — what was asked, what was approved, for how long — is the consent artefact: a timestamped, auditable document, not a verbal or implied okay.
What data can be shared — and what can't?
The framework covers financial information: bank statements, deposit details, mutual fund holdings, insurance policies, and similar records held by regulated entities. It does not cover Aadhaar biometrics or other identity data — that sits under separate rules, including the RBI Master Direction on KYC, a different exercise from AA-based data sharing.
Consent is also scoped tightly. If a lender is approved to see only your last 12 months of statements for a loan decision, the AA cannot legally hand over your 5-year history or your mutual fund portfolio without separate approval.
Can you revoke consent, and what happens then?
Yes. Consent isn't a one-time gate that locks forever. You can open your AA app anytime and revoke an active consent — the FIU immediately loses the right to pull any new data, though it may retain what was already shared during the approved period, subject to its own retention rules.
Every consent artefact also carries a built-in expiry, so an unrevoked consent still dies on its own once its validity period ends.
🔭 The unseen angle: the AA doesn't see your balance, but it can still map your financial rhythm
Most explainers stop at "the AA can't read your data." True for the content of your statements. But the AA does see metadata — which FIPs you're linked to, how often FIUs request your data, and the pattern of your consents over time. Someone with five active consents to lending apps in one month is telling a story, even if no AA ever sees a rupee figure. That metadata trail isn't data theft, but it's a real privacy surface worth asking about: how long does the AA app you use retain consent logs, not just data content?
How is this different from apps that ask for your net-banking password?
Screen-scraping apps ask for your login credentials directly and impersonate you on the bank's website to pull data — a practice RBI has consistently discouraged because it exposes your password and leaves no clean consent trail. The AA model replaces passwords with consent artefacts, impersonation with an authorised data pipe, and vague permissions with a document that names exactly what, why, and for how long.
Questions people ask
It's a licensed NBFC category (NBFC-AA) whose only business is moving your financial data, with your consent, from institutions that hold it to institutions that request it. It cannot store or read that data itself.
It's the digital record of exactly what data you approved to share, for what purpose, for how long, and with whom. It's created for every single data-sharing request under the AA framework.
It's built to be safer than sharing your net-banking password with an app, because the AA never sees or stores your actual financial data — it only routes it based on your explicit, revocable consent.
Yes. You can revoke an active consent anytime from your AA app. The requesting institution immediately loses access to pull any new data after revocation.
Sahamati is a non-profit alliance that maintains the shared technical standards and operating rules that all licensed Account Aggregators and participating institutions follow, so the ecosystem behaves consistently.
Screen-scraping apps typically need your bank login credentials and pull data by impersonating you online. An Account Aggregator never asks for your password — it uses a consent artefact to fetch data through an authorised, auditable channel instead.