apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
Standardising financial account aggregation
Vamsi Madhav, Head of Products and Standards at DigiSahamati
Advantages of Hiring UIUX Design Service Providers for Your Business
apidays LIVE India - Standardising financial account aggregation by Vamsi Madhav, DigiSahamati
1. Standards for the AA Ecosystem
Attribution: Challiyan at Malayalam Wikipedia
2. DigiSahamati Foundation is an Industry Alliance for the AA Ecosystem
Registered as a Section 8 Company (Not for Profit)
Key goals:
● ADOPT: Drive Awareness & impactful adoption of AA
● ORCHESTRATE: Fair playground via Standards, Certification, Code of
Conduct
● INNOVATE: Raise the bar via Collective Innovation
3.
4. PRESENCE-LESS LAYER
Aadhaar Authentication
Aadhaar e-KYC
Unique digital biometric identity with open
access of nearly a Billion users
CONSENT LAYER
Data Empowerment and Protection
Architecture (DEPA) - -AA, PCR
Provides a modern privacy data sharing
framework
PAPERLESS LAYER
E-sign, Digital Locker
Rapidly growing base of paperless systems
with billions of artifacts
CASHLESS LAYER AEPS, APB, and UPI, e-Lien
Game changing electronic payment systems
and transition to cashless economy
SUBSIDIES
(DBT)
COMMERCE
(GST)
BILLS
(BBPS)
OTHERS
Health Stack
I
N
D
I
A
S
T
A
C
K
TOLLS
(ETC)
JAM Jan Dhan, Aadhaar, Mobile
India Stack at a Glance
5. The Account Aggregator
will facilitate consented sharing of financial information in real-time
Bank
Mutual Fund
House
Insurance
Provider
Tax / GST
Platform
Flow-Based Credit
Personal Finance
Management
Wealth
Management
Robo Advisors
Financial Information Providers Financial Information Users
Consent
Manager
(Account
Aggregator)
5
Request for Data
Consent to Share
Encrypted Data Flow
E2E Encrypted Data Flow based on User Consent
Data Access
Notifications
Consent to
share data
Request for Data
Through Open APIs
Electronic Consent
Artefact by MeitY
Registry
11. The FIU Experience
Regulatory Standards
Data attributes Standardized across 20+ FI types
Data security Source encryption using a shared secret, data-
blind AAs
APIs (Consent notification, data
notification)
Standardized, best-practices-driven
Data attributes Standardized across FI types
Market Standards
Customer Experience Market-driven branding, security guidelines for embedding AA
journeys
Data Governance Confidential Computing, Responsible AI
12. The AA Experience
Regulatory Standards
Charter Only consent-management, data-blind,
decryption of data on device allowed
APIs (consent flow, data flow,
notifications)
Standardized, best-practice driven
AA customer experience Discovery, linking, consent management - only
in AA Domain (not FIU or FIP)
Market Standards
Customer Onboarding experience No KYC, custom UX
FIU relationships Pricing
AA client interface features Consent UX, privacy features, data-sharing
features
13. All Participants
Market Standards
Interoperability guarantee Certification Framework
API security Authentication Token, authorisation controls
Connectivity to AAs Discoverability through a central registry
SLAs Response times (FIP-AA, AA-FIU), uptime
Economic incentives Value-based pricing (FIU/customer),
Compensation-for-work-done (FIP)
Dispute Resolution ODR, API-driven (future)