NBFC Account Aggregator Compliances
In 2016, the Reserve Bank of India issued Directions on Registration and Operations of NBFC - Account Aggregators (AA) under section 45-IA of the RBI Act, 1934, making compliance with these directions mandatory for all NBFCs conducting AA business. At Enterslice, our team of professionals specializes in providing consultancy on AA compliances, assisting businesses in meeting regulatory requirements for NBFC Account Aggregator operations.
Package Inclusions
- Consultancy on NBFC Account Aggregator compliances
- Complete assistance in meeting regulatory requirements
- Regular updates on compliance norms
A Brief Overview of NBFC Account Aggregator Compliances
The concept of account aggregators was introduced by the Reserve Bank to facilitate secure and digital information sharing between financial institutions. To operate smoothly, NBFC Account Aggregators must comply with a range of regulatory requirements, including data security measures and the establishment of board-approved policies. Here, we provide a comprehensive overview of these compliances.
Who are Account Aggregators and what do they do?
Account Aggregators, regulated by the Reserve Bank of India, enable individuals to securely access and share financial information from one institution to another within the Account Aggregator network. Importantly, data sharing cannot occur without the individual's consent. Multiple Account Aggregators are available, offering individuals a choice in selecting their preferred platform. The introduction of Account Aggregators replaces the outdated practice of accepting 'blank cheque' terms, ensuring step-by-step permission and control over the use of individuals' data.
NBFC Account Aggregator Compliances: Ensuring Smooth Operations
Compliance with NBFC Account Aggregator regulations involves various measures, including data security, board-approved policies, and the establishment of committees to manage operations effectively.
Data Security: Safeguarding Confidential Financial Information
To ensure data security, Account Aggregator businesses must have robust IT infrastructure that is scalable to accommodate various financial assets and service providers. Adequate safeguards are necessary to protect against unauthorized access, alteration, destruction, and disclosure of data. Additionally, disaster risk management measures and business continuity plans should be in place. Regular internal and external information system audits are mandatory to maintain data security standards.
Board Approved Policy: Handling Customer Grievances and Transparent Pricing
Account aggregators must have a board-approved policy for addressing customer grievances promptly, within a specified timeframe not exceeding one month. The grievance redressal officer's details should be prominently displayed on the business website. Pricing of services must adhere to transparent internal guidelines accessible to the public.
Corporate Governance: Assessing Controls, Systems, and Procedures
Account Aggregators need to establish internal mechanisms to review, monitor, and evaluate the effectiveness of controls, systems, and procedures. Ensuring the integrity of information technology systems is crucial at all times. Precautions must be taken to protect records from destruction, loss, or tampering.
Committee Formation: Streamlining Operations and Risk Management
Account Aggregators are required to set up various committees, including an Audit Committee, a Nomination Committee, and a Risk Management Committee.
- Audit Committee: Consisting of a minimum of three board members, this committee oversees financial audits and compliance matters.
- Nomination Committee: Comprising at least three board members, this committee handles matters related to director appointments.
- Risk Management Committee: This committee, with at least three board members, is responsible for managing integrated risks, establishing comprehensive risk management frameworks, and ensuring technology risk management.
Fit and Proper Criteria: Ensuring Qualified Leadership
Account Aggregators must establish a fit and proper criteria policy approved by the Board of Directors. This policy ensures that directors, managing directors, and CEOs have the necessary qualifications for their roles. A declaration and undertaking must be obtained from these individuals, providing additional information. Furthermore, the appointment and changes in directors must be duly certified by statutory auditors, demonstrating adherence to the fit and proper criteria.
Regulatory Compliance and Approval Process
After obtaining in-principle approval from the bank, the company has 12 months to set up a technology platform, complete legal documentation, and ensure compliance with regulatory requirements. Upon successful completion, the bank will grant a Certificate of Registration, allowing the company to commence operations as an NBFC Account Aggregator. The account aggregator must maintain proper accounts, disclose financial information as required, and provide access to books of accounts and documents as requested.
FAQ
NBFC AAs need to adhere to various compliances such as information and data security, KYC/AML guidelines, privacy laws, audit and reporting requirements.
: NBFC AAs follow KYC/AML guidelines to verify customer identities, monitor transactions, and report any suspicious activities to regulatory authorities.
NBFC AAs ensure the privacy and confidentiality of customer data by complying with data privacy laws, implementing appropriate security controls, and establishing data protection policies and procedures.
NBFC AAs implement various security controls such as data encryption, secure data storage, access controls, and multi-layered authentication mechanisms.
NBFC AAs are required to report any data breaches or security incidents to regulatory authorities, customers, and other relevant stakeholders as per the reporting guidelines.
NBFC AAs conduct third-party vendor risk assessments by evaluating their security protocols, privacy policies, compliance with applicable laws, and assessing their financial stability and credibility.
NBFC AAs ensure compliance with financial regulations and RBI guidelines by adhering to regulatory frameworks, reporting obligations, and other mandatory requirements specified by the authorities.
NBFC AAs need to comply with financial reporting obligations such as submitting audited financial statements and filing reports on their assets, liabilities, and investments, among others.
NBFC AAs must report statistical information on the number, volume, and types of transactions processed through their systems, providing insights into the functioning and performance of the system.
NBFC AAs must comply with API-based integration standards to ensure design and operational standards, data privacy, and security requirements are met while integrating with banking and financial institutions.
NBFC AAs maintain records and monitor customer consent by providing options for customers to grant or revoke their consent, adhering to data privacy laws, and ensuring records of customer consent are maintained and monitored.
NBFC AAs must provide access to customer information as per the RBI guidelines, seeking necessary approvals, and ensuring compliance with data privacy and security standards.
NBFC AAs ensure security during customer acquisition and onboarding by following KYC/AML guidelines, implementing background checks, verifying identity documents, and collecting necessary customer information.
NBFC AAs can share customer data with third-party service providers, provided they adhere to data privacy, security standards, and cyber risk management protocols.
NBFC AAs need to maintain a grievance redressal mechanism and report the number and types of customer grievances received, along with details of resolution and action taken to address those grievances.
NBFC AAs handle disputes related to customer data portability and consent by following the dispute resolution mechanism and other applicable legal provisions, ensuring compliance with data privacy laws.
NBFC AAs conduct regular system and data audits to ensure the security, reliability, and accuracy of their system and data. This helps in identifying vulnerabilities, improving security measures, and ensuring compliance with regulatory standards.
NBFC AAs submit compliance reports on a periodic basis, providing details of their adherence to various regulatory requirements such as KYC/AML guidelines, data privacy standards, and other applicable legal provisions.
Non-compliance with NBFC AA regulations can lead to penalties, suspension of operations, reputational damage, legal implications, and loss of customer trust. It is crucial for NBFC AAs to adhere to regulations to maintain the integrity and sustainability of their business.
Yes, NBFC AAs need to maintain records of their net worth and report detailed financial statements periodically to regulatory authorities.
Our Blog
PSARA LICENSE – Estabizz Fintech
AUTHORISED PERSONS (APs) FRAMEWORK – Estabizz Fintech
GST DUES ( VOID PROPERTY TRANSFER ) -Estabizz Fintech
GST ( INSTALLMENT & RECOVERY ) – Estabizz Fintech
SEBI ( Surveillance of Transaction Alerts) – Estabizz Fintech
RESERVE BANK OF INDIA (Rules for payment companies outsourcing core activities) -Estabizz Fintech
RESERVE BANK OF INDIA( Guidelines for Appointment of Statutory Auditors of Banks, NBFCs) -Estabizz Fintech
RESERVE BANK OF INDIA ( Deadline for Current Account Notification) – Estabizz Fintech
RESERVE BANK OF INDIA ( Treatment of Inactive Trading account) -Estabizz Fintech
SEBI revises financial info filing formats for entities having listed non-convertible securities
SEBI notifies certification requirements for distributors, staff of portfolio management services
SEBI extends relaxations for compliance with rights issues.
SEBI extends relaxations for compliance with rights issues
SEBI extends deadline for investment advisers to conduct annual compliance audit
SEBI board okays steps to make M&As easier
SEBI proposes to revise settlement rules
SEBI approves framework for creating Social Stock Exchange
Scope of ED’s power to freeze bank accounts under Prevention of Money Laundering Act, 2002
Framework for Supervision of Authorised Persons (APs) & Branches by Members
NBFC REGISTRATION PROCESS
WHAT IS CYBER SECURITY AUDIT AND HOW IT IS HELPFUL FOR YOUR BUSINESS?
Annual Compliance for Private Limited Company
LLP Annual Compliance
FSSAI License Renewal
SEBI’s Updated Regulations for Merchant Bankers: Key Changes and Implications
ITC Foods targets growth in north and west India amid shift to branded products
Smartphone market stays below pandemic levels, concerns remain
Algo Trading Coming Soon: A New Opportunity for Retail Investors
Addressing System Inefficiencies in Collateral Deposits: Insights from SEBI’s
100% FDI for Insurance Intermediaries: FDI Insurance Reforms
New RBI Governor Sanjay Malhotra: Biography
PAN 2.0 Project: The Future of India’s Tax Services
One Nation One Subscription: Facilitating Free Access to International Academic Journals
SEBI’s New Fund Offer Regulations: A Strategic Move for Investor Protection
PSARA LICENSE – Estabizz Fintech
AUTHORISED PERSONS (APs) FRAMEWORK – Estabizz Fintech
GST DUES ( VOID PROPERTY TRANSFER ) -Estabizz Fintech
GST ( INSTALLMENT & RECOVERY ) – Estabizz Fintech
SEBI ( Surveillance of Transaction Alerts) – Estabizz Fintech
RESERVE BANK OF INDIA (Rules for payment companies outsourcing core activities) -Estabizz Fintech
RESERVE BANK OF INDIA( Guidelines for Appointment of Statutory Auditors of Banks, NBFCs) -Estabizz Fintech
RESERVE BANK OF INDIA ( Deadline for Current Account Notification) – Estabizz Fintech
RESERVE BANK OF INDIA ( Treatment of Inactive Trading account) -Estabizz Fintech
SEBI revises financial info filing formats for entities having listed non-convertible securities
SEBI notifies certification requirements for distributors, staff of portfolio management services
SEBI extends relaxations for compliance with rights issues.
SEBI extends relaxations for compliance with rights issues
SEBI extends deadline for investment advisers to conduct annual compliance audit
SEBI board okays steps to make M&As easier
SEBI proposes to revise settlement rules
SEBI approves framework for creating Social Stock Exchange
Scope of ED’s power to freeze bank accounts under Prevention of Money Laundering Act, 2002
Framework for Supervision of Authorised Persons (APs) & Branches by Members
NBFC REGISTRATION PROCESS
WHAT IS CYBER SECURITY AUDIT AND HOW IT IS HELPFUL FOR YOUR BUSINESS?
Annual Compliance for Private Limited Company
LLP Annual Compliance
FSSAI License Renewal
SEBI’s Updated Regulations for Merchant Bankers: Key Changes and Implications
ITC Foods targets growth in north and west India amid shift to branded products
Smartphone market stays below pandemic levels, concerns remain
Algo Trading Coming Soon: A New Opportunity for Retail Investors
Addressing System Inefficiencies in Collateral Deposits: Insights from SEBI’s
100% FDI for Insurance Intermediaries: FDI Insurance Reforms
New RBI Governor Sanjay Malhotra: Biography
PAN 2.0 Project: The Future of India’s Tax Services
One Nation One Subscription: Facilitating Free Access to International Academic Journals
SEBI’s New Fund Offer Regulations: A Strategic Move for Investor Protection
Who are Account Aggregators and what do they do?
NBFC Account Aggregator Compliances: Ensuring Smooth Operations
Data Security: Safeguarding Confidential Financial Information
Board Approved Policy: Handling Customer Grievances and Transparent Pricing
Corporate Governance: Assessing Controls, Systems, and Procedures
Committee Formation: Streamlining Operations and Risk Management
Fit and Proper Criteria: Ensuring Qualified Leadership
Regulatory Compliance and Approval Process
FAQ
Blog