BharatNotes What is Account Aggregator Framework?
The Account Aggregator (AA) Framework is a consent-based system that lets a person or business share their financial data — bank balances, deposits, mutual fund holdings, insurance, pension records and more — between financial institutions in a secure, machine-readable form. The data flows through a licensed intermediary, an NBFC-Account Aggregator, which acts purely as a "consent broker" and data pipe: it cannot see, store or monetise the data passing through it.
The Reserve Bank of India created this category through its Master Direction on NBFC-Account Aggregators, issued on 2 September 2016. The live ecosystem, with major banks onboarded, was formally launched on 2 September 2021. It is the financial-sector implementation of the Data Empowerment and Protection Architecture (DEPA), conceptualised by NITI Aayog (draft released August 2020), and is widely regarded as part of India Stack and the country's Digital Public Infrastructure (DPI).
Key Participants and How It Works
The framework rests on three roles, all regulated by one of four financial-sector regulators — RBI, SEBI, IRDAI and PFRDA.
| Role | Who they are | Function |
|---|---|---|
| FIP (Financial Information Provider) | Banks, NBFCs, mutual funds, insurers, pension funds | Hold customer data; release it on consent |
| FIU (Financial Information User) | Lenders, wealth managers, fintech firms | Use shared data for credit appraisal, planning |
| NBFC-AA | RBI-licensed intermediary | Carries data based on user consent; cannot read or store it |
The user grants a granular, time-bound, purpose-specific and revocable consent through the AA app. The AA then moves encrypted data from FIP to FIU. Crucially, the framework is built on a "data blind" design — the AA never accesses the content it transmits.
Significance
- Financial inclusion and credit access — flow-based lending using verified data helps MSMEs and thin-file borrowers who lack collateral or formal credit history.
- User empowerment — individuals own and control their data, replacing insecure practices like sharing passwords, PDFs or screenshots.
- Lower friction — faster loan approvals and digital onboarding, reducing fraud and document forgery.
- DPI building block — it complements Aadhaar, UPI and DigiLocker as a reusable public rail.
Current Status
Adoption has scaled rapidly. According to the Press Information Bureau, over 2.6 billion financial accounts are enabled for consent-based sharing and 252.9 million users had linked their accounts as on 31 December 2025. Coverage now spans banking, securities, insurance and pension sectors. The system works alongside the Digital Personal Data Protection Act, 2023, which provides the statutory privacy backbone for consent-based data sharing.
UPSC Angle
Frame the AA Framework as a case study in balancing data empowerment with data protection. For Mains GS3, connect it to MSME credit, fintech regulation and DPI; note that it predates and now complements the DPDP Act, 2023. For Prelims, remember: AAs are RBI-licensed NBFCs, the framework stems from a 2016 Master Direction with a 2021 live launch, and FIPs/FIUs are regulated by RBI, SEBI, IRDAI or PFRDA.
