This paper seeks to understand the role of the Indian Central Bank in regulating information flows through Account Aggregators. These are licensed entities exclusively dedicated to collecting, retrieving and sharing customers’ financial information with other financial entities with the customers’ consent. By regulating Account Aggregators as non-bank providers, the Reserve Bank of India (RBI) has opened up many foundational questions for Central Banking regulation. This paper investigates the issues that emerge for regulatory consideration, by tracing the evolution of the RBI’s regulatory approach to Account Aggregators. It then considers the regulatory approach taken by the Kingdom of Bahrain and the European Union (EU) to regulate “account information services” pursuant to broader Open Banking mandates.
The analysis is used to respond to the central question driving this enquiry: Should Central Banks regulate and enable the flow of personal information? In doing so, the paper addresses the RBI’s approach in the Master Directions on Non-Banking Financial Company – Account Aggregator, 2016. We propose specific changes to anchor the Master Directions to the Central Bank’s core mandate and objectives, and to harmonise it with the broader regulatory rubric for data protection in India.
Read the full report here.