Account Aggregator: The RBI Consent Pipe Behind Instant Loans

You apply for a personal loan or a buy-now-pay-later limit, tap a button that says something like "Approve via Account Aggregator", pick your bank, enter an OTP — and seconds later the app already knows your salary, your balances and your spending pattern. No PDF statement uploaded, no net-banking password handed over. Most Indians have now done this at least once without ever asking what just happened.

What happened is the Account Aggregator (AA) framework quietly at work — arguably the most important piece of India's financial plumbing that almost nobody can name. It is RBI-regulated, consent-first, and built to replace the old, leaky habit of emailing your bank statements to a loan agent. Here is what it actually is, why it matters, and how to use it without getting careless.

What an Account Aggregator actually is

An Account Aggregator is not an app that stores your money or your data. It is a licensed, neutral "pipe" — an RBI-regulated NBFC-AA — whose only job is to move your financial information from one institution to another, but only when you say yes.

The framework has three roles, and it helps to learn the jargon once:

• FIP (Financial Information Provider): the institution that holds your data — your bank, NBFC, mutual fund registrar, insurer or pension fund.
• FIU (Financial Information User): the institution that wants your data for a regulated purpose — a lender checking your income, a wealth app building a portfolio view.
• AA (Account Aggregator): the consent broker in the middle that carries the data from FIP to FIU.

The crucial design choice is that the AA is data-blind. The information passing through it is end-to-end encrypted, so the aggregator itself cannot read your statements — it only manages the consent and the transfer. That single property is what separates this from screen-scraping apps that ask for your net-banking login.

Why this beats the old way of sharing statements

Before AA, sharing financial data meant one of two ugly options: downloading PDF bank statements and emailing them around, or handing a fintech your net-banking credentials so it could "scrape" your account. Both are security nightmares — passwords get reused, PDFs get forwarded, and you have no idea who keeps a copy.

The AA model fixes the core problems at once:

1. You never share passwords. Authentication happens inside the FIP's own secure flow.
2. You control the scope. You decide which accounts, what date range and what type of data goes out.
3. It is time-bound and revocable. Consent has an expiry, and you can pull the plug whenever you want.
4. Everything is logged. Each consent and data pull leaves an auditable trail you can inspect.

The payoff for ordinary users is speed. A loan that once took days of document collection can be underwritten in minutes, because the lender receives clean, verified, machine-readable data straight from the source rather than a forwarded PDF that could have been edited.

How big this has already become

The framework went live commercially in September 2021 after years of pilots, and the scale-up since has been quiet but enormous. By the end of 2025, well over 2.6 billion financial accounts had been enabled for data sharing through the system, with hundreds of millions of users having linked at least one account.

More than a hundred institutions now operate as both providers and users of data, with many more plugged in as providers only. Around 17 RBI-licensed Account Aggregators are live in production today — names you may have seen on consent screens include Finvu, OneMoney, CAMSFinServ, Setu, Anumati and NADL. Coordinating the whole ecosystem is Sahamati, the industry body that the RBI has formally recognised as the Self-Regulatory Organisation (SRO) for the AA network.

That last detail matters more than it sounds. An RBI-blessed SRO means there is now a single accountable body setting common rules, handling grievances and policing bad behaviour — the difference between a wild-west fintech feature and regulated public infrastructure.

What to check before you tap 'Approve'

The AA system is only as safe as the attention you give the consent screen. Because it is so smooth, the real danger is consent fatigue — approving an over-broad request without reading it. Before you confirm, slow down and look for four things:

• Purpose: It should name a specific use, such as "loan eligibility check". Be wary of vague or sweeping purposes.
• Data requested: A salary loan needs your bank transaction data; it does not need your mutual fund or insurance details. If the ask is wider than the service, question it.
• Duration / validity: A one-time loan check should be a one-time pull, not open-ended access for months or years. Long-running consents make sense only for ongoing services like account monitoring — and only if you want that.
• Fetch frequency: "One-time" versus "recurring" is the difference between a single snapshot and a tap that keeps refreshing your data on a schedule.

If any of those four looks bigger than the job in front of you, decline. A genuine lender asking for a single loan only needs a narrow, short-lived consent.

How to revoke access you no longer want

The most underused feature of the whole system is the revoke button. Once a loan is sanctioned or a service ends, there is usually no reason for anyone to keep pulling your data. To take control:

1. Open the AA app you registered with (the handle you chose, like Finvu or OneMoney).
2. Go to the consents or "manage consents" section, which lists every active permission and who holds it.
3. Select the one you no longer need and revoke it.

After revocation, that institution can no longer fetch fresh data through the AA. One honest caveat: revoking stops future pulls, but data the FIU already received earlier sits on its own servers under its own retention and privacy policy — the AA cannot reach in and delete it. So the time to be careful is before you grant, not only after.

The catch, and where this is heading

For all its elegance, the framework is not magic. The biggest weak point is human: a polished consent screen lowers your guard, and fraudsters know it. Treat an AA flow with the same caution as any OTP — never approve a data-share you did not initiate, and never act on a "please re-authorise your account" message that arrives out of the blue. Stick to apps you opened yourself, and remember that no legitimate AA will ever phone you asking for an OTP.

The direction of travel is clear: more data types are joining the network, with mutual funds, insurance and pension data increasingly flowing alongside bank accounts, and tax and GST data being woven in to help small businesses borrow against their real cash flows rather than collateral. India's coming data-protection regime is expected to sit on top of all this, hard-wiring the same consent-and-purpose discipline into law.

The quiet revolution of the Account Aggregator is that it flips the default of Indian finance. For decades, your financial life was scattered across institutions that each guarded their own slice and made you do the fetching. Now you carry a portable, consent-controlled key to your own data — and the only thing standing between convenience and carelessness is whether you read the screen before you tap yes.