Get Your RBI
Account Aggregator License
with Complete NBFC-AA Registration Support
- Starting @
₹99,999
Only
End-to-End RBI Application. Technology Advisory. Compliance Support. Expert CA/CS Team.
RBI NBFC-AA Application Filing
Technology Architecture Advisory
Consent Framework Design
Data Security Policy Drafting
Sahamati Certification Support
Post-Registration Compliance
FREE ConsultationGet Started @ ₹299 ₹0
Get Expert Consultation
Talk to our business executives in minutes
What Sets Us Apart
100% RBI Approval Track Record
Expert RBI Regulatory Specialists
End-to-End Technology Advisory
0
Companies Incorporated
Successfully incorporated across India
0
Client Satisfaction
Rated excellent by our customers
0
Years of Experience
Serving businesses since 2020
0
Expert Consultants
Specialists in company formation
Testimonials
Hear What Our Customers Have to Say
India's one of the highest-rated legal tax and compliance guidance platform.
4.9 out of 5
(8521+ ratings)
Verified
Siddhu ManojFounder & CEO of Two-LYP Computations Pvt. Ltd.
“Incorporating my Startup with IncorpX was an incredibly smooth and hassle-free experience. The team was highly professional, guiding us every step of the way with clear communication and prompt support. The registration process was fast, and every detail was handled with precision and accuracy. Highly recommend IncorpX for anyone starting a business.”
Abhishek LohaniDirector at Lohani Learnings
“Company is good and service is also smooth. I used their compliance service and the response was timely with no delay and price are also convenient. They are always available to cater your need.”
Chandan Kr. ChaudharyFounder of Creative Minds
“I am very satisfied with the team of IncorpX for providing the top notch services. Team of IncorpX was giving the update on daily basis was one of the best thing which I experience in Corporate. keep doing it. Thank you!”
Jayavijaya SJFounder of Agro Farms
“Don't think twice.Got my company incorporates here. Tbh very impressed by the quality of service provided by this team. Very organized and friendly team. Had a smooth and peaceful experience. Timely regular updates were provided by the team. Overall a great experience.”
Anoop KrishnanFounder of EIGHTH DAY FORGE
“It's rare to find a service provider who makes the process feel personal - IncorpX absolutely did. From day one, they patiently explained every detail without any jargon, making it easy to understand and stress-free. There was zero chasing, no delays-just efficient, smooth execution all the way through. I felt supported, heard, and confident at every step of registering my company EIGHTH DAY FORGE (OPC) Private Limited. Thanks to Mr. Sriram and his wonderful team.”
Ramesh LankeFounder of EKnal Technologies
“IncorpX made the entire registration process for our company, EKnal Technologies, smooth and stress-free. Their team was professional, efficient, and incredibly supportive from start to finish. Highly recommend them to any founder looking for a reliable partner in their business journey! Special shoutout to Sriram and Aswin-your support, clarity, and responsiveness made the whole process incredibly smooth.”
700+
Businesses Incorporated Every Month
1000+
Ratings Trusted by 2000+ Clients
250+
Professional Network
Why Choose Us
Why Choose Us?
Expert Legal Team
Experienced legal experts in company formation and corporate law.
Fast Turnaround
Kickstart your venture with efficient company setup, generally processed within a week.
Dedicated Support
Personal manager by your side, every step of the way and beyond.
Complete Documentation
We handle all paperwork and ensure full legal compliance.
Business Growth Tools
Free business resources to fuel your company's success from day one.
24/7 Customer Service
Round-the-clock assistance for all your concerns.
Launch Your Account Aggregator with RBI License?
The Account Aggregator framework is transforming financial data sharing in India. Get your NBFC-AA license with expert guidance at every step - from RBI application to Sahamati certification.
Simple Process
Here's How It Works
01
Fill the Form
Simply fill the above form to get started.
02
Call to discuss
Our startup expert will connect with you & complete legalities.
03
Get Your NBFC-AA License from RBI
Our regulatory experts handle the complete Account Aggregator registration process - from company setup to final RBI Certificate of Registration.
Pricing
Simple & Transparent Pricing
MOST POPULAR
NBFC Account Aggregator Registration Package
From ₹99,999 one-time professional fee
Complete within 7 days
7-day turnaround 100% guaranteed
Free Regulatory Consultation
Eligibility & Viability Assessment
Company Incorporation (if needed)
Business Plan Preparation
Technology Architecture Advisory
Data Security Policy Drafting
Consent Framework Documentation
RBI Application Preparation
COSMOS Portal Submission
RBI Query Handling & Liaison
Sahamati Certification Guidance
Post-Registration Compliance Setup
*Government fees are additional and vary based on company structure
4.9/5 based on 1000+ reviews
Money back guarantee
Secure payment
Top rated service
AI-Powered Platform
Meet IncorpX Nova
Our proprietary AI engine streamlines every step of business setup, from intelligent name suggestions to automated document drafting and compliance tracking.
AI-Powered Business Name Approval Check
Auto-Generated MoA & AoA Drafts
Real-Time Compliance Monitoring
3x Faster Processing Than Traditional CAs
24/7 AI Chatbot + Human Expert Support
NOVA AI
Premium Plan
IncorpX Prime
An all-inclusive solution for startups and expanding enterprises seeking a streamlined, compliant incorporation process.
Key Benefits
Personalised support from dedicated incorporation specialists.
Application prepared and filed within 2 days.
24/7 customer assistance.
Important Notes
We strive to register your preferred business name whenever feasible.
Alternative name suggestions are provided if the preferred name is not approved.
Package includes first-year compliance services: auditor appointment, annual filings, and related obligations.
The NBFC Account Aggregator (AA) License is a specialised registration granted by the Reserve Bank of India (RBI) to entities seeking to operate as consent-based financial data sharing intermediaries under the RBI Master Direction - Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016 (as updated in 2021). An Account Aggregator is a new category of NBFC that enables individuals and businesses to securely share their financial data across institutions without physically submitting documents - powered entirely by digital consent.
The Account Aggregator framework is a foundational component of India Stack - India's unified digital public infrastructure that includes Aadhaar (identity layer), UPI (payments layer), DigiLocker (documents layer), and now Account Aggregator (data sharing layer). By enabling real-time, consent-based access to financial information from banks, insurance companies, mutual funds, pension funds, and tax authorities, the AA framework has the potential to revolutionise credit access, wealth management, and financial inclusion across India.
Unlike traditional NBFCs that lend money or manage investments, an NBFC-AA operates as a data-blind intermediary - it facilitates the transfer of encrypted financial data between institutions without ever accessing, storing, or processing the data itself. The AA earns revenue through per-consent fees charged to Financial Information Users (FIUs) and operates on a volume-based business model. With over 1.1 billion data sharing consents processed since the framework went live, the AA ecosystem is one of the fastest-growing segments of India's fintech landscape.
At IncorpX, we provide comprehensive NBFC Account Aggregator registration services covering the entire lifecycle - from company incorporation and capital structuring to RBI application filing, technology advisory, Sahamati certification guidance, and post-registration compliance support. Our team of experienced regulatory professionals and RBI specialists ensures a smooth, efficient registration process.
What is an Account Aggregator (NBFC-AA)?
An Account Aggregator (AA) is a new class of Non-Banking Financial Company (NBFC) registered with the Reserve Bank of India under the NBFC-AA category. Its sole business is to provide the service of retrieving or collecting financial information pertaining to a customer from Financial Information Providers (FIPs) - such as banks, insurance companies, and mutual funds - and making it available to Financial Information Users (FIUs) - such as lenders and wealth managers - based on the explicit digital consent of the customer.
The fundamental principle of the AA framework is consent-based data sharing. No financial data can flow from an FIP to an FIU without the customer first providing their explicit, informed consent through a standardised Consent Artifact - a machine-readable digital document that specifies what data is being shared, with whom, for what purpose, and for how long. The customer retains full control over their data and can revoke consent at any time.
Critically, the Account Aggregator is designed as a data-blind entity. It transmits encrypted financial data between FIPs and FIUs without having access to the decryption keys. This means the AA cannot read, store, process, or sell any customer financial information. This architecture ensures maximum data privacy while enabling frictionless data portability - a significant improvement over the current system of sharing physical bank statements and financial documents.
Key Characteristics of NBFC-AA:
Consent-Based:
All data sharing requires explicit digital consent from the customer through a standardised Consent Artifact with defined purpose, scope, and expiry.
Data-Blind Architecture:
The AA transmits encrypted data without the ability to decrypt, read, store, or process it - ensuring maximum data privacy.
Interoperable:
Connects multiple FIPs (banks, insurers, MF houses) with multiple FIUs through standardised APIs defined by Sahamati/ReBIT.
RBI Regulated:
Licensed and supervised by RBI as an NBFC category, ensuring trust, accountability, and consumer protection.
Did You Know?
The Account Aggregator framework went live in September 2021 and has already processed over 1.1 billion data sharing consents. Major banks like SBI, HDFC, ICICI, Axis, and Kotak have joined as FIPs, while leading fintechs and lending platforms are active FIUs. The AA framework is expected to unlock over $500 billion in incremental credit for underserved segments of the Indian economy by 2030.
AA Framework Architecture - How Data Flows:
The Account Aggregator framework operates through a three-party architecture: Financial Information Provider (FIP) → Account Aggregator (AA) → Financial Information User (FIU). Understanding this flow is essential for anyone seeking an NBFC-AA license.
1. Financial Information Provider (FIP)
Banks, insurance companies, mutual fund houses, depositories, pension funds, and tax authorities that hold customer financial data. FIPs make data available to AAs upon receiving a valid consent artifact.
2. Account Aggregator (AA)
The RBI-licensed NBFC-AA intermediary that manages consent, routes data requests, and transfers encrypted financial data between FIPs and FIUs. The AA is data-blind - it cannot decrypt or access the data in transit.
3. Financial Information User (FIU)
Lenders, wealth managers, personal finance apps, and other registered entities that consume financial data to provide services. FIUs receive decrypted data only after valid consent is obtained.
4. Consent Manager
The AA's consent management system generates, stores, and manages digital Consent Artifacts. Customers approve, deny, or revoke consent through the AA's mobile or web application.
5. End-to-End Encryption
Data is encrypted at the FIP using keys shared between the FIP and FIU. The AA transmits encrypted data without access to decryption keys, ensuring zero data exposure during transit.
6. Customer Control
The customer has complete control over data sharing. They can view all active consents, modify sharing parameters, and revoke consent instantly - stopping all data flow immediately.
Data Flow Process: When a customer applies for a loan with an FIU (e.g., a digital lending platform), the FIU sends a data request to the AA. The AA generates a Consent Artifact and presents it to the customer for approval. Upon approval, the AA forwards the consent to the relevant FIP (e.g., the customer's bank). The FIP encrypts the requested data and sends it through the AA to the FIU, which decrypts and uses it for loan underwriting. The entire process takes seconds to minutes compared to days or weeks for traditional document collection.
Eligibility Criteria for NBFC Account Aggregator License:
To apply for an Account Aggregator License from RBI, the applicant must meet the following eligibility requirements under the Master Direction:
Company incorporated under the Companies Act, 2013 (or 1956) - sole proprietorships and partnerships are not eligible
Minimum Net Owned Fund (NOF) of ₹2 crore at the time of application and maintained at all times thereafter
All directors must satisfy fit and proper criteria as prescribed by RBI - no criminal record, no wilful default, no disqualification under Companies Act
At least one director must be an Indian resident (resided in India for 182+ days in the preceding financial year)
Robust technology infrastructure for consent management, API integration with FIPs/FIUs, and end-to-end data encryption
Comprehensive data privacy and security policy compliant with IT Act, 2000 and RBI data localisation requirements
Business plan demonstrating viability, revenue model, and 5-year financial projections for AA operations
The MOA must include the objective of carrying on Account Aggregator business - the entity cannot engage in any other NBFC activity
Information security management system - ISO 27001 certification or equivalent is expected
Customer grievance redressal mechanism with designated nodal officer and escalation matrix
Types of Financial Information Covered Under the AA Framework:
The Account Aggregator framework covers a wide range of financial information from multiple regulators and sectors. The types of financial information that can be shared through an AA are defined in the RBI Master Direction and are periodically expanded.
The types of financial information covered under the AA framework are periodically expanded by RBI. Recent additions include data from GSTN (GST returns) and the Income Tax Department (ITR, Form 26AS). This expansion significantly benefits MSMEs and small businesses that can now share tax data digitally for faster loan approvals without submitting physical documents. The AA framework is designed to eventually cover all regulated financial data in India.
Step-by-Step Process for NBFC-AA Registration:
Obtaining an NBFC Account Aggregator License from RBI is a multi-phase process that requires careful planning, technology development, and regulatory engagement. At IncorpX, we guide you through every stage. Here is the detailed process:
Step 1: Incorporate a Company Under the Companies Act
Incorporate a Private Limited Company or Public Limited Company with MOA objectives that explicitly include Account Aggregator business. Ensure minimum Net Owned Fund (NOF) of ₹2 crore. Appoint directors who satisfy RBI's fit and proper criteria. Complete all post-incorporation compliances including INC-20A filing.
Step 2: Build the Technology Platform
Develop or procure the AA technology stack including consent management system, API gateway for FIP/FIU integration (compliant with Sahamati/ReBIT specifications), end-to-end encryption pipeline, customer-facing app, and back-office systems. Obtain ISO 27001 certification and CERT-In security audit. Investment: ₹50 lakh to ₹2 crore.
Step 3: Apply to RBI for NBFC-AA Registration
Submit the application to the Regional Office of RBI along with prescribed forms, business plan, technology architecture documentation, data security policy, consent framework design, directors' fit and proper declarations, audited financials, and ₹10,000 application fee. Our team ensures every document meets RBI's exacting standards.
Step 4: RBI Due Diligence and Scrutiny
RBI conducts thorough evaluation including verification of directors' backgrounds, business plan assessment, technology readiness review, data privacy policy analysis, and financial soundness verification. RBI may request additional information or modifications. Timeline: 3 to 6 months. Our experts handle all RBI queries proactively.
Step 5: Receive In-Principle Approval
Upon satisfactory due diligence, RBI grants in-principle approval valid for 12 months. This allows the entity to complete remaining infrastructure, conduct final testing, and prepare for operations. The entity cannot commence AA business until final CoR is issued.
Step 6: Complete Infrastructure and Sahamati Certification
Finalize technology platform, establish primary and DR data centres within India, complete Sahamati certification process, conduct end-to-end testing in sandbox environments, implement customer grievance redressal system, and set up compliance monitoring infrastructure. Submit compliance readiness report to RBI.
Step 7: Obtain Final Certificate of Registration (CoR)
After RBI verifies all conditions are met, it issues the final Certificate of Registration as NBFC-Account Aggregator. The entity can now commence operations - register with Sahamati, onboard FIPs and FIUs, and begin processing data sharing consents. Maintain ongoing compliance with all RBI directions.
Get expert guidance on your Account Aggregator License from IncorpX!
What Are the Documents Required for NBFC-AA Registration?
The RBI application for NBFC Account Aggregator registration requires comprehensive documentation covering the entity, its promoters, technology infrastructure, and operational readiness. Here is the detailed document checklist:
Category
Document
Details
Company Documents
Certificate of Incorporation
Certified copy of CoI issued by RoC under Companies Act, 2013
Memorandum & Articles of Association
Must include AA business objective; certified copies required
Board Resolution
Resolution authorizing the application and appointing authorized signatory
Financial Documents
Audited Financial Statements
Last 3 years (or since incorporation) showing NOF ≥ ₹2 crore
Business Plan
Detailed 5-year business plan with revenue model, market analysis, and financial projections
Capital Structure Details
Source of funds, shareholding pattern, and fund infusion plan
Director Documents
Fit & Proper Declarations
Signed declarations from all directors as per RBI format
Disaster recovery, data backup, system redundancy, and failover procedures
KYC/AML Policy
Customer identification and anti-money laundering procedures as applicable
Application
RBI Application Form
Prescribed format application to the Regional Office of RBI with ₹10,000 fee
Technology Requirements for Account Aggregator Operations:
Technology is at the core of Account Aggregator operations. RBI mandates robust, secure, and scalable technology infrastructure. Here are the key requirements:
1. API Specifications
APIs must comply with Sahamati/ReBIT technical specifications for FIP-AA-FIU communication. RESTful APIs with OAuth 2.0 authentication, JSON data format, and versioned endpoints are required.
2. Data Encryption
End-to-end encryption using Diffie-Hellman key exchange between FIP and FIU. The AA must not possess decryption keys. AES-256 encryption for data at rest and TLS 1.2+ for data in transit.
3. Consent Artifact Standards
Digital consent management system supporting standardised consent artifacts with purpose, data types, frequency, expiry, and revocation. Must support real-time consent creation, approval, and withdrawal.
4. Sahamati Ecosystem Integration
Mandatory compliance with Sahamati's central registry, certification framework, and testing sandbox. Complete interoperability testing with certified FIPs and FIUs before go-live.
5. DigiLocker & Identity Integration
Integration with DigiLocker for document verification and Aadhaar-based eKYC for customer authentication. Support for electronic signing using Aadhaar eSign or DSC.
6. Security Audit & Compliance
Annual IT security audit by CERT-In empanelled auditor, ISO 27001 ISMS certification, vulnerability assessment and penetration testing (VAPT), and SOC 2 Type II compliance (recommended).
7. Data Centre Requirements
Primary and disaster recovery data centres must be located within India (RBI data localisation mandate). Minimum Tier-3 data centre with 99.9% uptime SLA and geographic redundancy.
8. Customer Application
Mobile and/or web application for customers to manage consents - view active consents, approve new requests, modify parameters, and revoke consent. Must support multi-language and accessibility standards.
Ongoing Compliance Requirements After Registration:
Once the NBFC-AA Certificate of Registration is obtained, the entity must maintain ongoing compliance with RBI directions and applicable laws:
Compliance Area
Requirement
Frequency
Net Owned Fund
Maintain minimum NOF of ₹2 crore at all times
Continuous
Data Handling Norms
No storage, processing, or sale of financial data; data-blind operations
Continuous
Consent Logging
Maintain complete audit trail of all consent activities for regulatory inspection
Continuous
Financial Statements
Submit audited annual financial statements to RBI
Annual
IT Security Audit
Comprehensive security audit by CERT-In empanelled auditor
Annual
RBI Returns
Periodic returns on data sharing volumes, consent patterns, and operational metrics
Monthly / Quarterly
Grievance Redressal
Operational customer complaint mechanism with designated nodal officer
Continuous
Board Meetings
Regular board meetings reviewing compliance, security, and operational performance
Quarterly
Data Protection
Compliance with DPDP Act, 2023 - data protection officer, consent management, breach notification
Continuous
Sahamati Certification
Maintain active Sahamati certification and participate in ecosystem updates
Annual Renewal
Fees & Timeline for NBFC-AA Registration:
Here is a detailed breakdown of the costs and timeline involved in obtaining an NBFC Account Aggregator License:
Cost Component
Estimated Amount
Remarks
RBI Application Fee
₹10,000
Non-refundable, payable at the time of application
Company Incorporation
₹15,000 - ₹25,000
If new company needs to be incorporated (govt fees at actuals)
Minimum Capital (NOF)
₹2 Crore
Must be infused and maintained at all times
Technology Platform
₹50 Lakh - ₹2 Crore
Build vs. buy; includes consent engine, APIs, encryption, app
Benefits of Obtaining NBFC Account Aggregator License:
The Account Aggregator framework presents a significant business opportunity at the intersection of fintech, data privacy, and financial inclusion. Here's why obtaining an NBFC-AA license is a strategic move:
High-Growth Market
The AA ecosystem is processing billions of consent transactions annually with exponential growth. Early movers capture significant market share in India's $500 billion+ credit gap opportunity.
RBI-Regulated Trust
An RBI license provides unmatched credibility with banks, insurers, and financial institutions. FIPs and FIUs prefer working with licensed, regulated AAs for data sharing partnerships.
India Stack Integration
Be part of India's digital public infrastructure alongside Aadhaar, UPI, and DigiLocker. AAs are positioned as essential infrastructure for the next wave of digital financial services.
Recurring Revenue Model
Per-consent fees create a scalable, volume-based revenue model. As more FIPs and FIUs join the ecosystem, transaction volumes and revenue grow predictably.
Financial Inclusion Impact
AAs enable access to formal credit for underserved segments by leveraging alternative financial data. Social impact combined with commercial viability attracts ESG-focused investors.
Regulatory Moat
The RBI license creates a strong competitive moat. Limited licenses, high entry barriers, and stringent compliance requirements protect licensed AAs from unlicensed competition.
Join the AA revolution with IncorpX's expert regulatory guidance!
Related Services You May Need:
Depending on your business model, you may also need these complementary registrations and services:
If your business plan involves lending or financial services beyond data aggregation, explore NBFC-ICC, NBFC-MFI, or NBFC-Factor registration with RBI.
Need to incorporate a new company for your AA venture? Our end-to-end company registration services include MOA drafting with AA business objectives.
Frequently Asked Questions About NBFC Account Aggregator License in India (2026)
The Account Aggregator framework is a relatively new regulatory development, and many entrepreneurs and fintech companies have questions about the registration process, technology requirements, and business viability. Below, we answer the most commonly asked questions about NBFC-AA registration - sourced from real search queries, RBI guidelines, and our experience helping businesses navigate RBI regulatory approvals.
These FAQs cover everything from eligibility requirements and capital needs to technology specifications, compliance obligations, and business model viability. Whether you are a fintech startup, an established NBFC exploring AA opportunities, or a technology company entering financial services, these answers will guide you through the entire Account Aggregator licensing process.
An Account Aggregator (AA) is an RBI-regulated entity classified as NBFC-AA under the NBFC framework. It acts as a consent-based intermediary that facilitates secure sharing of financial data between Financial Information Providers (FIPs) like banks, insurance companies, and mutual funds, and Financial Information Users (FIUs) such as lenders and wealth managers. The AA does not store, process, or sell any financial data - it only transfers encrypted data based on explicit customer consent through a standardised digital consent artifact as defined under the RBI Master Direction - Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016.
Unlike traditional NBFCs such as NBFC-ICC or NBFC-MFI, an NBFC-AA does not engage in lending, investment, or deposit-taking activities. Its sole function is consent-based financial data sharing. Key differences: (1) NBFC-AA has a lower net owned fund requirement of ₹2 crore compared to ₹10 crore for NBFC-ICC, (2) it cannot hold or process customer financial data beyond transit, and (3) it must comply with RBI's technology and data privacy standards under the Account Aggregator framework. NBFC-AA is a technology-intensive, data-neutral intermediary that earns revenue through consent-based data transfer fees.
The minimum Net Owned Fund (NOF) requirement for an NBFC Account Aggregator is ₹2 crore as prescribed by RBI. This is significantly lower than other NBFC categories. The NOF must be maintained at all times during the operational life of the entity. Additionally, you need to budget for technology infrastructure (₹50 lakh to ₹2 crore) for building the consent management platform, API integration, data encryption systems, and security audit compliance. Total investment typically ranges from ₹3 crore to ₹5 crore including capital, technology, and operational setup.
To apply for an Account Aggregator License, the applicant must be a company incorporated under the Companies Act, 2013 (or Companies Act, 1956). Key eligibility criteria include: (1) minimum net owned fund of ₹2 crore, (2) directors must satisfy fit and proper criteria as per RBI norms, (3) the company must have robust technology infrastructure for consent management and data transfer, (4) a comprehensive data privacy and security policy, and (5) a viable business plan demonstrating sustainability. Foreign nationals and NRIs can be shareholders subject to Companies Act provisions and FEMA regulations.
Under the RBI Master Direction, an Account Aggregator can facilitate sharing of 16+ categories of financial information from regulated entities including: Banking - deposit accounts, loan accounts, SIP details; Insurance - life and general insurance policies; Securities - demat holdings, mutual fund folios, SIP investments; Pension - NPS account details, EPF statements; Tax - GST returns, income tax filings (via GSTN and IT Department). The types of financial information are defined in the Financial Information section of the Master Direction and are periodically expanded by RBI. Only information from RBI-regulated FIPs and entities notified under the AA framework can be shared.
In the AA ecosystem, Financial Information Provider (FIP) is any RBI-regulated entity that holds customer financial data - such as banks, NBFCs, insurance companies, pension funds, and depositories. The Financial Information User (FIU) is any entity registered with RBI that consumes financial data to provide services - such as lending institutions, wealth management platforms, and personal finance apps. The Account Aggregator sits between FIP and FIU, facilitating data flow only when the customer provides explicit digital consent. The AA framework ensures that FIPs and FIUs never communicate directly for data sharing - all data flows through the AA's encrypted pipeline.
A Consent Artifact is a machine-readable, digitally signed electronic document that records the customer's consent for sharing specific financial information. It contains: (1) purpose of data sharing, (2) types of financial information to be shared, (3) identity of FIP and FIU, (4) data life and frequency - how long data can be used and how often it can be fetched, (5) consent expiry date, and (6) digital signature of the customer. The consent artifact follows the electronic consent framework specified by RBI and is stored by the AA for audit purposes. Customers can revoke consent at any time through the AA application.
Sahamati is the industry alliance for the Account Aggregator ecosystem, established as a not-for-profit collective to promote the AA framework in India. It serves as: (1) certification body for AA ecosystem participants, (2) standards-setting organization for API specifications and consent protocols, (3) dispute resolution facilitator, and (4) ecosystem coordinator connecting FIPs, FIUs, and AAs. While Sahamati is not a regulatory body (RBI is the regulator), it provides the technology specifications, testing sandbox, and certification that entities must comply with to participate in the AA ecosystem. All licensed Account Aggregators are expected to work within the Sahamati framework.
The complete NBFC-AA registration process typically takes 12 to 18 months from application to final Certificate of Registration (CoR). The timeline includes: (1) Company incorporation and capital infusion - 1 to 2 months, (2) Technology platform development - 3 to 6 months, (3) RBI application submission - 1 month, (4) RBI due diligence and scrutiny - 3 to 6 months, (5) In-principle approval - granted after initial verification, (6) Infrastructure completion and testing - 2 to 3 months, (7) Final CoR issuance - 1 to 2 months. The timeline can vary based on RBI's processing workload and the completeness of your application. At IncorpX, we streamline the process through pre-verified documentation and proactive RBI liaison.
RBI mandates stringent technology requirements for Account Aggregators including: (1) API infrastructure compliant with Sahamati/ReBIT specifications for FIP-AA-FIU communication, (2) end-to-end data encryption - data must be encrypted in transit and the AA must not have access to decryption keys, (3) consent management system supporting digital consent artifacts with customer authentication, (4) DigiLocker integration for identity verification, (5) ISO 27001 certified information security management system, (6) annual IT security audit by CERT-In empanelled auditor, (7) data centre requirements - primary and disaster recovery sites within India, and (8) customer-facing application (mobile/web) for consent management. Technology investment typically ranges from ₹50 lakh to ₹2 crore.
After obtaining the NBFC-AA Certificate of Registration, the entity must comply with: (1) Maintain minimum NOF of ₹2 crore at all times, (2) annual statutory audit and submission of audited financial statements to RBI, (3) monthly/quarterly RBI returns on data sharing volumes and consent patterns, (4) annual IT security audit by CERT-In empanelled auditors, (5) customer grievance redressal mechanism with dedicated nodal officer, (6) compliance with data handling norms - no storage, processing, or sale of financial data, (7) consent log maintenance for audit trail, (8) board-approved policies on information security, business continuity, and data privacy, and (9) KYC/AML compliance as applicable. Non-compliance can lead to penalties, suspension, or cancellation of the CoR by RBI.
An existing NBFC cannot simultaneously hold an NBFC-AA license and another NBFC category license. The RBI Master Direction explicitly states that an NBFC-AA shall not undertake any other business other than the business of an Account Aggregator. If an existing registered NBFC wishes to become an Account Aggregator, it must either: (1) surrender its existing NBFC license and apply for NBFC-AA registration, or (2) incorporate a separate company to apply for the AA license. This restriction ensures that the AA remains a data-blind, neutral intermediary without conflicts of interest from lending or investment activities.
The fee structure for Account Aggregator registration includes: (1) RBI application fee - ₹10,000 (non-refundable) payable at the time of application submission, (2) Company incorporation costs - ₹15,000 to ₹25,000 if a new company needs to be set up, (3) Technology platform development - ₹50 lakh to ₹2 crore depending on build vs. buy approach, (4) Security audit and certification - ₹5 lakh to ₹10 lakh for ISO 27001 and CERT-In audit, (5) Legal and professional fees - ₹5 lakh to ₹15 lakh for RBI application preparation and liaison. At IncorpX, our comprehensive NBFC-AA registration package starts at ₹99,999 covering application preparation, RBI liaison, documentation support, and compliance advisory. Government fees, technology costs, and capital requirements are payable at actuals.
The Account Aggregator framework provides significant benefits to consumers: (1) Faster loan approvals - lenders can access verified financial data in real-time, reducing loan processing from weeks to minutes, (2) Elimination of physical documents - no need to submit bank statements, ITR copies, or salary slips manually, (3) Complete data control - customers decide what data to share, with whom, and for how long through granular digital consent, (4) Data portability - easily switch financial service providers by sharing data with new institutions, (5) Lower interest rates - better data access enables more accurate credit assessment, potentially lowering borrowing costs, and (6) Financial inclusion - enables access to formal credit for individuals with limited credit history by leveraging alternative financial data.
Account Aggregators generate revenue through: (1) Per-consent fees - charged to FIUs for each data fetch request fulfilled (typically ₹5 to ₹50 per consent), (2) Subscription model - recurring fees from FIUs for API access and integration, (3) Premium consent services - higher fees for real-time, recurring, or high-frequency data access, (4) Onboarding fees - one-time charges for FIP/FIU integration and certification, and (5) Value-added services - analytics dashboards, consent management tools for enterprises. The AA cannot monetize customer data directly. Revenue depends on transaction volumes, which are growing rapidly as more FIPs and FIUs join the ecosystem. The AA market in India is projected to process over 1 billion consent transactions annually by 2026.
The AA framework implements multiple layers of data security: (1) End-to-end encryption - data is encrypted at source (FIP) and can only be decrypted by the FIU; the AA has no access to the decryption keys, (2) Data-blind architecture - the AA transmits encrypted data without the ability to read, store, or process it, (3) Consent-gated access - data flows only when a valid digital consent artifact exists, (4) Time-bound data access - consent artifacts have built-in expiry and frequency limits, (5) Revocable consent - customers can withdraw consent at any time, immediately stopping data flow, (6) Audit trail - complete logging of all consent activities for regulatory oversight, and (7) CERT-In security audits - mandatory annual security assessment by government-empanelled auditors. This design makes the AA framework one of the most secure data sharing infrastructures globally.
Account Aggregator is India's version of Open Banking, but with key differences: (1) Regulatory framework - AA is regulated by RBI under NBFC directions, while Open Banking (e.g., PSD2 in EU) is typically regulated by banking regulators, (2) Consent architecture - AA uses a standardised digital consent artifact with explicit customer approval; Open Banking implementations vary, (3) Data scope - AA covers banking, insurance, securities, pension, and tax data across multiple regulators; Open Banking typically covers only banking data, (4) Intermediary model - AA introduces a licensed intermediary that does not store data; Open Banking often involves direct API access between banks and third parties, and (5) India Stack integration - AA integrates with Aadhaar, UPI, and DigiLocker as part of India's digital public infrastructure. The AA framework is considered more comprehensive and privacy-preserving than most global Open Banking implementations.
Foreign companies can participate in the AA ecosystem in the following ways: (1) As investors - FDI is permitted in NBFC-AA entities subject to RBI and FEMA regulations, though at least one director must be an Indian resident, (2) As technology partners - foreign technology companies can provide platform solutions to licensed AAs, (3) As FIUs - foreign-owned financial institutions operating in India with RBI registration can register as FIUs. However, the AA entity itself must be an Indian company incorporated under the Companies Act with its data centres and primary infrastructure located in India. Foreign banks operating in India can participate as FIPs. For company incorporation requirements, refer to Private Limited Company Registration.
RBI has extensive enforcement powers over NBFC-AAs including: (1) Monetary penalties - fines under Section 58B of the RBI Act, 1934, which can range from ₹1 lakh to ₹1 crore per violation, (2) Directions and restrictions - RBI can issue directions to cease specific activities or restrict operations, (3) Suspension of CoR - temporary suspension of the Certificate of Registration for serious violations, (4) Cancellation of CoR - permanent revocation of the AA license for repeated or severe non-compliance, (5) Criminal prosecution - for fraudulent activities involving customer data or consent manipulation. Key violations include storing or processing financial data, sharing data without valid consent, inadequate security measures, failure to maintain minimum NOF, and non-submission of regulatory returns.
The AA framework operates at the intersection of financial regulation and data protection: (1) Under the Digital Personal Data Protection Act, 2023, AAs are classified as data fiduciaries and must comply with data processing, consent, and purpose limitation requirements, (2) The RBI Master Direction already embeds strong consent and data minimisation principles that align with DPDP Act provisions, (3) IT Act, 2000 and its associated rules govern electronic consent, digital signatures, and cybersecurity obligations, (4) RBI's data localisation directive requires all financial data processing and storage to occur within India, and (5) AAs must appoint a Data Protection Officer and establish grievance redressal mechanisms compliant with both RBI and DPDP Act requirements. The AA's data-blind architecture inherently supports the principle of data minimisation as the AA never accesses or stores personal financial data.
The team was very responsive and helpful. I received daily updates from the WhatsApp group, and their guidance made everything much simpler to comprehend. If you want a simple and hassle-free way to launch your business, I would highly recommend them!
S
Simon Job
4.9/5
I recently used IncorpX to register my limited liability partnership, and I had an amazing experience! There were no hidden fees, and the team was helpful, quick to respond, and open. They provided thorough explanations of each step, and their services are reasonably priced without sacrificing quality. The entire process was made simple by IncorpX's professionalism, attention to detail, and sincere support. Strongly advised!
J
Jay R
4.8/5
The experience was flawless; the team completed each task with care and always responded quickly. Throughout the process, I never felt stuck. We would especially like to thank Saksham and Sriram for making everything run so smoothly! The IncorpX team offers extremely competitive pricing; anyone just starting out should definitely get in touch with them.
M
Mohammed Affan
4.9/5
I'm really grateful to the wonderful team at IncorpX for helping bring my co-founder's and my dream to life. The whole process was super smooth - fast service, great support, and no hassles at all. I'd highly recommend IncorpX to any new entrepreneur or founder looking to register their company. Excited to continue working with them in the long run. Thank you, IncorpX!
R
Riyom Taipodia
4.6/5
One of the best agency I have ever experienced. Team members are very friendly as if we know each other from before and came communicate and share easily. My work has been done in a very short period and I am so happy. Thank you so much.
A
Ayyappa Swamy
5/5
Highly recommend... IncorpX services regarding incorporation of our company and roc filing and all are very impressive.. the team IncorpX is polite and friendly. Our Lands Time pvt ltd has incorporated through IncorpX... And thanks to IncorpX team..
R
Ramesh Babu
4.9/5
Trouble free service, Rendering good co-operation for company incorporation. Trust worthy team to have better knowledge.
P
Pravesh Kudesia
5/5
IncorpX is providing best service... And user experience! Thank You IncorpX Team
B
Balaji Gutte
4.9/5
I recently got my Private Limited Company incorporated through IncorpX, and the experience was seamless! The team was professional, supportive, and quick to respond throughout the process. Highly recommend IncorpX for a smooth and stress-free company registration experience.
D
Dia
5/5
I'd been planning to register my Private Limited Company for months but didn't know where to start - until I found IncorpX. The team guided me step by step, explained everything clearly, and completed the registration smoothly within the promised timeline. Their pricing was transparent with no hidden charges. Highly recommend IncorpX to anyone starting a business!
Trusted by 15,000+ Entrepreneurs
Get Expert Guidance for Your Business
Fill out the form and our team will connect with you to understand your requirements and recommend the best way forward.
