FAQs – Account Aggregator & CRIF Connect
Section 1: About Account Aggregator (AA) ecosystem and CRIF Connect
- What is an Account Aggregator?
An Account Aggregator (AA) is an RBI regulated entity (with an NBFC-AA license) that helps an individual digitally access and share information from one financial institution (Financial Information Providers) they have an account with to any other regulated financial institution (Financial Information users) securely in the AA network. Data cannot be shared without the consent of the individual. AAs are data fiduciaries that only fetch, consolidate, aggregate data from Financial Information Providers (FIPs), and basis explicit customer, consent present these data to Financial Information Users (FIUs).
- What is CRIF Connect?
CRIF Connect is an RBI regulated digital platform that helps you securely share your financial data from your account to any other financial institution that requires this data to serve you.These financial institutions are entities like banks, insurance companies etc. that offer you their financial services.
- What is an FIU?
Financial Information User or FIU is a regulated entity like a Bank, NBFC, Insurance, Mutual Funds companies which requires account transaction data to service their customers. For example, a user’s bank from which they intend to take a loan or a Bank / Financial institution which is assisting with financial well-being.
- What is an FIP?
Financial Information Provider or FIP is a regulated authorised entity providing account transaction data via an AA information to an FIU with a valid customer consent from which you have requested a service. For example, a bank where the user holds an account , and its information is requested by a lender to provide them with a loan.
- What is a consent?
- Consent is a digitally signed artefact collected by Account Aggregator from a User (account holder)to request financial information from an FIP.
- It includes purpose, tenure, information duration etc
- Consent can be queried, paused, revoked by the user anytime.
- Consent is generated and is valid for only linked accounts.
- AA acts as consent collector and consent manager, FIP maintains the most recent status of Consent and verifies it before servicing FI requests.
- A Consent is always associated with a recorded Purpose
- Who are the data providers and data consumers?
Data providers: Entities holding Customer financial asset information can be the data providers as per current RBI Master guidelines or any other entities as prescribed by the regulator from time to time. Such entities are called Financial Information Providers (FIP). e.g. Banks, Insurance companies, Deposit taking NBFCs, Pension Funds, Mutual Funds (AMCs) etc.
Data consumers: Any entities regulated by the four financial sector regulators i.e. RBI, SEBI, IRDA, PFRDA can be data consumers or Financial Information Users (FIUs). These are as per the current master guidelines or may expand as prescribed by the regulator from time to time. e.g. NBFCs, Banks, Registered Investment advisors (RIA) regulated by SEBI, Pension Funds, Insurance companies, Stock Brokers (regulated by SEBI), Mutual funds etc.
- What is Account Aggregation? How does it work?
Account Aggregation is the process of collecting the user’s financial asset information (balances/profile/statements)from financial institutions such as banks, insurance companies etc. and present it to the data owner in an aggregated manner. This information is collected based on the consent given to the institutions where the accounts are held. This information can also be shared by the user with other regulated institutions to avail financial service such as loan, wealth management, etc.
- How will the new Account Aggregator network improve an average person's financial life?
An Account Aggregator will give the user the control over their financial data which otherwise remains only with financial institutions. It also enables financial institutions to safely receive individuals’ data reducing the risk of fraud.
It’s a platform that securely retrieves and delivers financial data from one entity to another, without ever reading, storing or using it. One can see and manage their financial health very easily on the AA network, thus giving them greater control over their money matters. All this will happen with NO physical documentation, i.e., completely paperless.
- What new services can a customer access if their bank has joined the AA network of data sharing?
The two key services that will be improved for an individual is access to loans and access to money management. If a customer wants to get a small business or personal loan today, there are many documents that need to be shared with the lender. This is a cumbersome and manual process today, which affects the time taken to procure the loan and access to a loan. Similarly, money management is difficult today because data is stored in many different locations and cannot be brought together easily for analysis.
Through an Account Aggregator, a company can access tamper-proof secure data quickly and cheaply, and fast track the loan evaluation process so that a customer can get a loan. Also, a customer may be able to access a loan without physical collateral, by sharing trusted information on a future invoice or cash flow directly from a government system like GST or GeM.
- How is Account Aggregator different from Aadhaar eKYC data sharing, credit bureau data sharing, and platforms like CKYC?
Aadhaar eKYC and CKYC only allow sharing of four ‘identity’ data fields for KYC purposes (e.g. name, address, gender, etc). Similarly, credit bureau data only shows loan history and/or a credit score. The Account Aggregator network allows sharing of transaction data or bank statements from savings/deposit/current accounts and in future, all financial assets.
- What kind of data can be shared?
Today, banking transaction data is available to be shared (for example, bank statements from a current or savings account) across the banks that have gone live on the network. In future, it will include tax data, pensions data, securities data (mutual funds and brokerage),insurance data and even healthcare and telecom data.
- Can AAs view or ‘aggregate’ personal data? Is the data sharing secure?
The data being transmitted through the AA is encrypted. Also, AAs are not allowed to store, process and sell the customer’s data. This is designed to ensure AAs do not have a conflict of interest when designing processes to obtain consent for access to user data. They merely take it from one financial institution to another based on an individual's direction and consent. Contrary to the name, they cannot 'aggregate' the user’s data. AAs are not like technology companies which aggregate user’s data and create detailed user profiles.
The data AAs share is encrypted by the sender and can be decrypted only by the recipient. The end-to-end encryption and use of technology like the ‘digital signature’ makes the process much more secure than sharing paper documents. In short, the AA is completely ‘data blind’, acting only as a pipeline between financial institutions via a user.
- Can a consumer decide not to share their financial data?
Yes. Registering with an AA is fully voluntary for consumers. If the consumer’s bank has joined the network, a person can choose to register on an AA, choose which accounts they want to link, and share their data from one of their accounts for some specific purpose to a new lender or financial institution at the stage of giving ‘consent’ via one of the Account Aggregators. A customer can reject a consent to ‘share request’ at any time. If a customer has accepted to share data in a recurring manner over a period (e.g. during a loan period), it can also be revoked at any time later as well.
- If a customer has shared their data once with an institution, for how long can they use it?
The exact period for which the recipient institution will have access will be shown to the customer at the time of consent for data sharing.
Section 2: CRIF Connect for customers
- How do I register with CRIF Connect?
Visit or download the mobile app and register by providing your mobile number. You will receive an OTP on the registered number for authentication and then you are allowed to create a PIN. After authentication, you can link your bank accounts which can be used later to provide consent to Financial Information User (FIU) to access data from Financial Information Provider (FIP), typically your bank, but can also be GST, Mutual fund houses, etc.
- Are there any charges for registration?
No. CRIF connect is not charging customers for registration.
- I have an account with some other account aggregator. Can I open an account with CRIF connect AA also?
Yes, you can also open an account with CRIF Connect.
- I have a foreign account. Can that info can be aggregated?
No, it is only for Indian accounts, i.e., accounts with Indian branches of Indian or Foreign banks/insurance companies, etc.
- What does the discovery & linking of accounts mean in CRIF Connect?
In the app, user need to link their FIPs (Bank accounts) via which a user can share the data from that FIP with an FIU. The linking process requires user to enter a unique identifier number by which the FIP can discover your account. (e.g. Mobile number, PAN number or Customer Registration Number – this is FIP specific). The FIP will verify that the user is the owner of that account by sending an OTP.
- How to View/ Give/ Manage consent in CRIF Connect?
It’s quite simple and easy to manage your consent. Login to your CRIF app/ portal and go to the consent section. You can view pending, paused, active, inactive consents. User can view details there and decide what action needs to be taken.
- Once my consent is given, can I stop or revoke the same?
Consents are given for specific periods. There is a provision to revoke your active consent by selecting the consent to be revoked and confirming the same. Once revoked, the consent will not be acted upon for the remainder of the period of the original consent and related reports will also not be generated.
- Can I modify my consent?
Consents once given, cannot be modified. However, they can be paused/revoked, and new consents can be given as per your requirement.
- What kind of data can an FIU access through CRIF Connect?
Currently only asset-based data is available (bank accounts, deposits, mutual funds, insurance policies, pension funds, etc). Other data types are likely to be added over time.
- Is my data safe with CRIF Connect?
CRIF connect is an RBI licensed NBFC. We at CRIF Connect, care about users’ data and we are committed to protecting its privacy. We comply with privacy laws including RBI Master Circular – ‘Know Your Customer’ (KYC) Guidelines – RBI/2015-16/108, Master Direction – Non-Banking Finance Company – Account Aggregator (Reserve Bank) Directions, 2016. We have implemented various checks and controls to ensure that users’ data is safe. Our systems are tested, audited, and certified by reputed external auditors and we comply with all security standards to ensure the users can rest assured about the safety of their data. We use latest technologies to encrypt the data. The data exchange between the FIP/FIU through AA uses the best in the industry for security and encryption. You can see our privacy policy . CRIF Connect, in the truest sense of the term, is ‘data-blind’. It can neither read nor analyse user’s data. It’s only a pipeline between various financial institutions for fetching and safe delivery of data.
- Can a user have a full transparency on who has fetched and accessed my data?
Yes, your CRIF Connect application has a section where you can see all the details of your consent, changes to your consent, data fetch initiated by your FIUs, data provided by your FIPs, etc. You can see a trail of all the activities of your account on the application.
- What are the terms and conditions applicable for my account with CRIF Connect?
The terms and conditions between CRIF Connect and the customer are posted on our website
Section 3: CRIF Connect for customer complaints
- What if I have a complaint?
Please check the grievance policy provided on our website . The company has also appointed a Grievance Redressal Officer, who may be approached by the customers/public for lodging complaints/grievances against the company as detailed under ‘Contact Us’ in our website .
- What do I do if my complaint is not resolved by CRIF Connect?
In terms of the RBI regulations, if the complaint / dispute is not redressed within a period of one month, the customer may appeal to the Reserve Bank of India.
- Who will be the grievance redressal officer?
If the grievance is not resolved within 10 days, then customer can reach CRIF Connect Grievance Redressal Officer, Phone:9730261232 , Email: grievance.aa@crif.com
Section 4: CRIF Connect for FIU’s
- We are an FIU and would like to leverage CRIF Connect AA. How do we get started?
Start with our Sandbox API documentation and do Contact Us for more information.
- What are FIU payment terms for using AA services?
Visit our payment page and do contact us in case you need more information.