Independent Research and Policy Advocacy

A review of BIS’ paper on The Design of Digital Financial Infrastructure: Lessons from India

Save Post

The Covid-19 lockdown in India has created greater reliance on digital infrastructure for delivering finance and other services. In December 2019, the Bank for International Settlements (BIS) released a paper titled “The Design of Digital Financial Infrastructure: Lessons from India” presenting an overview and some lessons from India’s digital financial infrastructure: India Stack (D’Silva et al., 2019) (hereafter, the BIS paper). This blog post reviews the BIS paper, and offers some reflections and critiques based on the experience of these infrastructures in India.

1. Overview of the BIS Paper

The BIS paper identifies three key challenges faced by Indian policymakers regarding financial inclusion: (i) providing a verifiable identity to help push inclusion, (ii) improving payment services within the formal financial system, and (iii) empowering customers to manage their own data through consent.

India Stack is indicated to have been developed to find solutions to each of these challenges in turn. It was envisioned as a set of Application Programming Interfaces (APIs) that could be used to query the Aadhaar database. The objective of the APIs is to decrease barriers to entry for those private firms seeking to offer services to customers, especially those who were harder-to-reach or previously excluded (Raghavan, Chugh, & Singh, 2019).

It provides four distinct technology layers: presence less layer, paperless layer, cashless layer, and consent layer, all of which perform basic functions, and operate independently. The specification and governance of each API in the India Stack collection is owned and operated by a separate entity. For example, the Aadhaar authentication, and eKYC APIs are owned by the Unique Identification Authority of India (UIDAI)[2], whereas the Unified Payments Interface (UPI) API is owned by the National Payments Corporation of India (NPCI) (IndiaStack, n.a.).

India Stack functions as a collection of “rails”, so to say, which when connected gives rise to different and competing solutions for technological problems. Accordingly, the authors of the BIS paper define the three rails as the identity rail, the payments rail and the data-sharing rail. The BIS paper analyses these rails in some detail.

  • The identity rail is based on Aadhaar. It allows authentication of identity on demand, along with e-KYC (verification), e-Sign (digital signature), and DigiLocker (online document repository). Aadhaar is a unique, biometric-based identity system. It was designed as a solution for leakages in government benefits, and targets public services through this identity system (Banerjee, 2016). The BIS paper notes that Aadhaar has served as the basis for significant policy initiatives such as the Pradhan Mantri Jan Dhan Yojana (PMJDY), and Direct Benefit Transfer (DBT) programmes.
  • The payments rail is based on the UPI developed by the NPCI, an RBI regulated entity. UPI is an instant payment system, built over the Immediate Payment Service (IMPS) infrastructure. It allows instant transfer of money between the bank accounts of any two parties (NPCI, n.a.). The features of the UPI system, such as interoperability, efficiently allows everyone mobile access to a payment system. The BIS paper notes that UPI has facilitated the adoption of digital retail payments, and ensures instant payment services in fiat money that settles within the banking system.
  • The data-sharing rail is based on Account Aggregators. Account Aggregators are non-banking financial companies (NBFCs) that aggregates and transfers financial information of a customer between financial institutions, based on consent (Reserve Bank of India, 2016). This rail allows users to share their data within the regulated financial system. The BIS paper notes that this rail will allow users to benefit by sharing their personal data in exchange for affordable, personalised, and customised financial services.

India Stack has most certainly transformed the landscape for digital services provision in India. The BIS paper indicates that its usage has led to a lower cost of doing transactions, simpler compliance, and eliminated the need for physical presence for a transaction to take place.

However, the adoption of such a large-scale digital transformation has not been without hiccups and failures. The BIS paper does mention some of the issues the infrastructure has faced in passing, but does not engage with them in detail. Certain other issues raised in the BIS paper would also merit further reflection and reconsideration, which are drawn out below. Acknowledgement and further engagement with these issues could help resolve them, and improve gains from the infrastructure.

2. Some reflections on the BIS Paper

The BIS paper provides a comprehensive overview of the India Stack system, and the potential it has to improve financial inclusion outcomes in India. It clearly lays out the workings of each component/rail of the India Stack, and also aligns it to the particular challenge that it was developed to overcome. Additionally, the paper develops the concept of India Stack for transactions in the payment system, which helps highlight one of the various use cases of the architecture. However, the BIS paper would benefit from clarification on a few aspects, to more accurately reflect the considerations in India.

Exclusions from authentication and transaction failures: The BIS paper is silent on some widely debated concerns around exclusion due to glitches in the “identity rail” that have been acknowledged in India, including in the course of the Supreme Court’s assessment of the Aadhaar project (K Puttaswamy v Union of India, 2017). Several studies now provide evidence that document these impacts.

The potential exclusionary impacts of Aadhaar can be seen in the Public Distribution System (PDS). A failure of the Aadhaar-based biometric authentication (ABBA) when purchasing ration, failure to link Aadhaar with the ration card, and cancellation of cards for non-possession of Aadhaar could all result in exclusion from the food security system (Khera, 2017). According to the 2019 State of Aadhaar Survey, biometric authentication failure was experienced by 1.5% of PDS users, and 0.8% of people faced exclusion from welfare services due to Aadhaar related reasons (Dalberg, 2019). Further, as per UIDAI statistics presented before the Supreme Court, the failure rate in ABBA for accessing government subsidies and benefits was 12% (Sachdev, 2018).

With regard to financial services, the fragility of the Aadhaar enabled Payment System (AePS) as a cash-out medium was revealed, as reliance on the system increased in India’s Covid19-induced lockdown. Transaction failure rates, ranging from 10% to 62% across 4 financial institutions in April 2020 were noted in a recent study, with reasons for failure being biometric mismatches and bank accounts not being properly linked to Aadhaar (Raghavan M. , 2020). So, while 1.2 billion Aadhaar IDs have been generated, making sure that it is beneficial to the most vulnerable sections of society are objectives that remain to be achieved (IndiaSpend, 2019).

Risk of conflating Aadhaar-enrolment with bank account opening, and bank account ownership with financial inclusion: As per the BIS paper, the creation of a universal identity through Aadhaar enabled a sharp increase in bank accounts, thereby increasing financial inclusion in the country (D’Silva et al., 2019, p. 12). It notes that this financial inclusion also resulted in a distinct decrease in the exclusion of marginalised groups (D’Silva et al., 2019, p. 13).

The push for universal bank account ownership in India flowed from the Pradhan Mantri Jan Dhan Yojana in 2014, and prior to that as part of the RBI’s financial inclusion agenda. These efforts enabled accounts to be opened with a variety of officially valid documents including voter id card, driving licence, NREGA job cards etc. (PMJDY, n.d.). Therefore it is important to distinguish that while the Government and the RBI did use Aadhaar based identification as an additional tool to advance the opening of bank accounts, in alignment with its financial inclusion agenda (Sriram M. , 2014), universal account ownership was enabled and achieved using a wide array of other strategies and officially valid documentation as well.

Separately, although a bank account is essentially the first step towards entering a formal financial system, true financial inclusion requires an emphasis on broader access, and usage of suitable financial services. Ideally, this would mean consumers have access to a larger suite of financial products that are matched to the financial situation, investment objective, level of risk tolerance, financial need and experience of the individual (Dvara Research, 2012).

Better usage of bank accounts for payments and to obtain other financial services and products will need to be tracked consistently to understand the impact of this digital financial infrastructure on financial inclusion.

The data sharing rail’s reliance on consent can be disempowering for consumers: The BIS paper presents the view that sharing data based on the consent of citizens is the most prudent approach to the treatment of data. This consent-led approach is embedded in the logic of the Account Aggregator system or the “data sharing rail”.

However, consent-led approaches are increasingly recognised as being fallible and an ineffective tool when it comes to empowering individuals with regard to data sharing (Matthan, 2016).  Globally, most regimes are moving away from mere reliance on consent and focusing more on organisational accountability for data governance.

This is because the limitations of consent in data-sharing arrangements has been well-established in academic literature, and repeatedly recognised in recent Indian debates and official reports on data protection (Government of India, 2017). The cognitive limitations of individuals present several obstacles for privacy self-management and meaningful “consent” to data sharing. Individuals often do not read privacy policies, do not understand them, lack the knowledge to make an informed choice, or might make a skewed choice based on context (Solove, 2013). Keeping in mind these limitations, the consent model may not be the most prudent approach to data management and protection, as stated by the BIS paper. Further, with regard to the Account Aggregator architecture, researchers at Dvara Research have made the case for stronger accountability systems and access controls that work independent of consent to protect consumers in the data ecosystem (Raghavan & Singh, 2020).

In conclusion, the BIS paper is a welcome addition to the global literature describing India’s public digital infrastructure. The application of India Stack certainly provides insights into how the design and implementation of a digital infrastructure can be used to provide solutions to the challenges of inclusive financial development. While the paper does point out that the rapid development of the infrastructure offers cautionary lessons, it would benefit from a more in-depth engagement with these issues (which have been hotly debated in India) to give a complete view of India’s journey with digital financial infrastructure.



Ananth, B., & Chugh, B. (2018, January 29). Last-mile Issues Can Make or Break the Promise of Aadhaar. Retrieved from

Ananth, B., & Raghavan, M. (2017, June 07). Aadhaar’s Potential for Financial Inclusion. LiveMint. Retrieved from

Banerjee, S. (2016). Aadhaar: Digital Inclusion and Public Services in India. Retrieved from World Bank:

Cámara, N. &. (2017). Measuring Financial Inclusion: A Multidimensional Index. Bank for International Settlements. Retrieved from

Cavoukian, A. (2011). Privacy by Design: The 7 Foundational Principles Implementation and Mapping of Fair Information Practices. Retrieved from

CGAP. (2011, October). Global Standard-Setting Bodies and Financial Inclusion for the Poor. Retrieved from

Dalberg. (2019). State of Aadhaar 2019. Retrieved from

DBT, GoI. (n.a.). Retrieved from

Demirguc-Kunt, A., Klapper, L., Singer, D., Ansar, S., & Hess, J. R. (2018). The Global Findex Database 2017: Measuring Financial Inclusion and the Fintech Revolution. Washington D.C.: World Bank Group. Retrieved from

D’Silva et al. (2019). The Design of Digital Financial Infrastructure: Lessons from India. Bank for International Settlements. Retrieved from

Dvara Research. (2012). An Emphasis on Product Suitability. IFMR Financial Systems Design Conference 2012. Retrieved from

Government of India. (2017). White Paper of the Committee of Experts on a Data Protection Framework for India. Retrieved from

IndiaSpend. (2019, December 09). Despite Supreme Court Stricture, Schools in 5 States Asked 75% Children to Show Aadhaar . IndiaSpend. Retrieved from

IndiaStack. (n.a.). Retrieved from

Jahagirdar, R., & Bodduluri, P. (2020, May 30). Digital Economy: India’s Account Aggregator System is Plagued by Privacy and Safety Issues. Economic and Political Weekly, 55(22). Retrieved from

K Puttaswamy v Union of India, Writ Petition (Civil) No 494 of 2012 (Supreme Court of India August 24, 2017).

Khera, R. (2017). Impact of Aadhaar on Welfare Programmes. Economic and Political Weekly, 52(50), 61-70. Retrieved from

Matthan, R. (2016, June 29). Consent is Dead. Retrieved from

Matthan, R. (2017). Beyond Consent – A New Paradigm for Data Protection. Retrieved from

Matthan, R. (2019, August 06). A New Framework for Consent to Ensure Data Privacy. Retrieved from

Medine, D. (2016, November 15). Making the Case for Privacy for the Poor. CGAP. Retrieved from

MeitY. (n.d.). Electronic Consent FrameworkTechnology Specifications Version 1.1. Ministry of Electronics and Information Technology. Retrieved from

MoF, GoI. (n.a.). Retrieved from

Noelia Cámara, D. T. (2017, July 14). Measuring Financial Inclusion: A Multidimensional Index. Bank for International Settlements . Retrieved from

NPCI. (n.a.). Retrieved from

PMJDY. (n.d.). Retrieved from

Raghavan, M. (2020). Transaction Failure Rates in the Aadhaar enabled Payment System. Dvara Research. Retrieved from

Raghavan, M., & Shah, S. (2020, May 11). Fix the Problems in Aadhaar-based Cash Transactions. Retrieved from

Raghavan, M., & Singh, A. (2020, January 06). Building Safe Consumer Data Infrastructure in India: Account Aggregators in the Financial Sector. Retrieved from

Raghavan, M., Chugh, B., & Singh, A. (2019). Primer on Consumer Data Infrastructure. Dvara Research. Retrieved from

Ravi, S. (2019). Accelerating Financial Inclusion in India. The Brookings Institution. Retrieved from

Reserve Bank of India. (2016). Master Direction- Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016. Retrieved from

Sachdev, V. (2018, March 27). Aadhaar Authentication for Govt Services Fails 12% of Time: UIDAI . The Quint. Retrieved from

Sanghera, T. (2019, June 22). Banking in India: Why Many People Still Don’t Use Their Accounts. AlJazeera. Retrieved from

Sen, S. (2019). A Decade of Aadhaar: Lessons in Implementing a Foundational ID System. Observer Research Foundation. Retrieved from

Singh, A., & Kumar, N. (2018, May 17). Between the State of Access and Use in India: Some Observations from the Global Findex. Retrieved from

Solove, D. J. (2013). Privacy Self-Management and the Consent Dilemma . Harvard Law Review. Retrieved from

Sriram, M. (2014). Identity for Inclusion: Moving Beyond Aadhaar. Economic and Political Weekly, 49(28), pp. 148-154. Retrieved from

Sriram, M. S. (2015, March 18). The Financial Inclusion Agenda and Aadhaar. Ideas for India. Retrieved from

Swetha Totapally, P. S. (2019). State of Aadhaar Report 2019. Dalberg. Retrieved from

UIDAI. (n.d.). Retrieved from

Unique Identification Authority of India. (2016, March 25). THE AADHAAR (TARGETED DELIVERY OF FINANCIAL AND OTHER SUBSIDIES, BENEFITS AND SERVICES) ACT, 2016. Retrieved from Unique Identification Authority of India:

Wadhwa, V. (2017, January 24). What the US Can Learn from India’s Move Towards a Cashless Society. The Washington Post. Retrieved from

World Bank. (2017). Global Findex Database. Retrieved from

[1] The author would sincerely like to thank her colleagues Malavika Raghavan, Anubhutie Singh, and Srikara Prasad for their inputs and guidance.

[2] UIDAI is a statutory authority established under the provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act, 2016. It was instituted by the Government of India under the Ministry of Electronics and Information Technology (MeitY) as on 12 July 2016. Initially it functioned as an attached office of the then Planning Commission (UIDAI, n.d.).

Authors :

Tags :

Share via :

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts :