After UPI, Account Aggregator network creates great impact: BG Mahesh, CEO, Sahamati

Mahesh is an internet pioneer, known for launching news and information portals like IndiaInfo and OneIndia.

He holds a bachelor’s degree in computer science from the University of Mysore and a master’s in computer science from the University of Alabama at Birmingham.

Mahesh spoke to indianexpress.com on the Account Aggregator system in India, the uptake of the practice, the privacy safeguards, and how secure data sharing can move into other areas from mere financial statements. Edited excerpts:

Venkatesh Kannaiah: Can you explain the Account Aggregator framework and how it works?

Mahesh: I will explain this in terms of the UPI app, because it is well-known. Before UPI, for payments, I would have given you my account number and IFSC code, and asked you to transfer the money. UPI only removed the friction in making payments. Account Aggregator plays a similar role in removing friction in sharing financial data.

Even before UPI, you were giving consent to your bank to transfer money. When UPI came, you gave consent to the app, like Paytm or PhonePe, and the app interacted with your bank. The app is like a consent manager. Account Aggregator is also a consent manager, but for sharing of financial data. There is only financial data sharing and no money is involved.

But theoretically, Account Aggregator can share any data — health records, education records, and financial data. The technology can handle it, but today it is authorised by the RBI only to share financial data and nothing else.

Venkatesh Kannaiah: Who are the players in this AA system?

Mahesh: For the Account Aggregator to function, there are four players. One, the customer, like you and me. Two, the Financial Information Provider (FIP), like your bank. Three, the FIU (Financial Information User), the entity that consumes your data, which could be a bank giving you a loan or an insurance. Four, the Account Aggregator itself. RBI gives licenses for account aggregators. There are about 16 licensed account aggregators today. They are highly regulated, under the purview of the RBI, and audited every year.

Venkatesh Kannaiah: How did this idea take shape in India?

Mahesh: Around 2014-2015, the government and regulators realised that financial inclusion required more than just opening bank accounts. Credit delivery was constrained because lenders did not have access to reliable, structured data.

At the same time, India was building the digital public infrastructure stack — Aadhaar for identity, UPI for payments, DigiLocker for documents. The missing piece was data. The regulators — the Reserve Bank of India (RBI), Pension Fund Regulatory and Development Authority (PFRDA), Securities and Exchange Board of India (SEBI), and Insurance Regulatory and Development Authority (IRDAI) came together to create a consent-driven data-sharing framework.

This was the birth of the Account Aggregator system. The RBI issued the Master Directions in 2016, and after years of pilots and sandbox testing, live adoption began around 2021. The first-ever AA license was granted in 2017. The system officially went live in September 2021, with eight of India’s largest banks joining the network.

Venkatesh Kannaiah: What are the challenges for this ecosystem?

Mahesh: The framework is there, the tech is strong, but adoption takes time. Banks are a bit slow. It took years for them to fully join UPI; the same with the Account Aggregator system. Today, most banks are on the system. The momentum is there, but it needs some encouragement.

The challenge is not technology — it works. The challenge is governance, adoption, and awareness. Earlier, some banks had some reservations, like if I give away my customers’ data, will I lose them to another bank? That mindset has changed now. The truth is, if data flows, lending increases, and financial inclusion deepens. Everyone benefits.

Venkatesh Kannaiah: Where does Sahamati come into the picture?

Mahesh: Sahamati Foundation is a Section 8 company. We provide common frameworks, templates, and best practices. We help align FIPs, FIUs, and AAs, so that the ecosystem scales smoothly.

We are a catalyst. We are not a regulator. We are a collective. Banks, AAs, NBFCs, fintechs — they all come together here.

We also run workshops, publish standard operating procedures, and resolve issues when banks and AA companies face difficulties. Without a neutral industry body, adoption would be slow.

The focus of the Sahamati AA alliance is to serve the needs of all its members, regardless of its size, business, role, or patronage to the alliance. Sahamati’s funding needs are met by membership fees and sponsorships.

Venkatesh Kannaiah: And what about privacy? People worry about misuse of data.

Mahesh: Privacy is central to this story. First, the customer gives explicit consent every time. Consent is granular — you can choose which accounts, which data, for what purpose, and for how long. You can revoke it anytime.

In the AA dashboard, a customer can see all the transactions at one go. He/she can see what kind of consent he has given to which entity, and for what purpose. And these are all time-bound. It can be given for even 15 days. So that data flow will be there only for 15 days. Or if I just want to say stop data flow to anyone at any point in time, I can stop it. It is about giving active consent.

You will get to choose which bank accounts you want to share. Not everything will be shared. Also now only the assets data is being shared, and not the liabilities.

Second, data is encrypted end-to-end. It is digitally signed. Account Aggregator cannot store the data. It is only a pipe. It is a consent manager, like UPI is a consent manager for payments. This is to protect privacy and ensure security.

Third, everything is digitally signed and time-stamped. You can trace every data flow. Audit trails are compulsory and RBI monitors AAs closely.

So it is far safer than the informal ways data is shared today, like emailing PDFs of statements or uploading them on loan apps.

Venkatesh Kannaiah: What are the relevant use cases?

Mahesh: Lending is the first. MSMEs can get sachet loans instantly. Banks can underwrite better with verified data. Sachet loans are sometimes called microloans or nano loans, ranging from a few thousand rupees up to one lakh. They are designed for low-income individuals, micro-entrepreneurs, and small business owners who often cannot access traditional banking services. Some banks are reluctant to give such small loans, as the cost of processing them is as high as large loans. The Account Aggregator system will reduce the processing cost and banks might give out such loans easily.

Second, personal finance management. Imagine an app where you see all your bank accounts, mutual funds, insurance, pensions, tax records, everything in one dashboard in real time.

Third, wealth management. Advisors get access to a client’s data and can provide tailored advice.

Fourth, taxation. Businesses can share GST and IT records seamlessly with accountants or auditors.

In future, education or health data could also use this kind of a consent-based framework.

Venkatesh Kannaiah: How has it been adopted by users?

Mahesh: As of now, more than a dozen AAs have been licensed. Major banks, NBFCs, and financial institutions have been onboarded. The first-ever AA license was granted in 2017. The system officially went live in September 2021, with eight of India’s largest banks joining the network.

As of now, there are 16 AAs, 150 odd Financial Information Providers, and around 700 Financial Information Users.

We are seeing adoption across use cases: personal loans, MSME loans, wealth management, insurance. Over time, we will see more sectors.

By June 2025, we cumulatively crossed 24 crore consents, 18 crore AA-linked accounts, and the participants in the ecosystem include banks, financial institutions, mutual funds, insurance companies, and broking firms. Around Rs 1.67 lakh crore was disbursed across 189 lakh loans using the AA framework so far. Every month, around Rs 15,000 crore worth of loans are being provided using the AA framework.

Personal loans and consumer durable loans continue to lead usage, while unsecured business loans and motor loans are growing in traction.

Venkatesh Kannaiah: What has been the international experience with the AA system?

Mahesh: Most countries are trying, but they don’t have what India has. In Europe, there is the concept of Open Banking, but it is mostly about payments and access to bank accounts. In some European countries, the AA sits within a bank, and each bank might have its own AA. It is fragmented, every country implements differently, and adoption is patchy.

In the US, there is no regulatory mandate. Data sharing happens in a haphazard manner. Banks do not like it, customers do not understand it, and security is questionable.

India’s model is unique: it is regulator-backed, inter-operable, consent-driven, and built on common standards. It covers not just banks, but insurance, pensions, GST, securities. It is a financial data highway, not just open banking.

That is why many countries are now watching us. Some are trying to replicate. But it has taken us nearly a decade — from 2014 to 2023 — to build the rails and frameworks.

Venkatesh Kannaiah: What challenges remain?

Mahesh: First, awareness. Many citizens don’t know this exists. Banks and fintechs need to make it visible, as happened with UPI. Second, adoption. Financial institutions must integrate deeply. Some are proactive, some are slower. Third is innovation. The ecosystem must create products that use this data responsibly to serve citizens.

Venkatesh Kannaiah: What is the vision?

Mahesh: The ultimate vision is data empowerment of the citizens. For decades, financial data has been locked away. You couldn’t easily see or use it.

With AA, you can access your own data, share it when you want, and use it to your benefit. That changes everything — access to credit, insurance, wealth management, pensions.

It’s not just about loans. Imagine a farmer getting instant credit using crop receipts and bank statements. Or a retiree easily consolidating pension and insurance details. Or a young professional tracking investments seamlessly. Data is power, and for the first time, that power is shifting to the citizen.