Sahamati, an industry alliance for the Account Aggregator (AA) ecosystem in India, is a non-profit organization whose mission is to drive adoption, innovation and compliance to regulatory standards amongst industry participants, with the ultimate goal of driving benefits to citizens through the AA ecosystem.
To become a part of the Account Aggregator Ecosystem, participant organisations must follow ReBIT guidelines for API & functional flow to become a part of this ecosystem.
Saksham from Aujas enables organizations to quickly and reliably test their API implementation for compliance, security, and readiness to join the account aggregator framework.
Aujas Cybersecurity has been empanelled to conduct the certification process for all the Account Aggregator ecosystem entities.
Sahamati, an industry alliance for the Account Aggregator (AA) ecosystem in India, is a non-profit organization whose mission is to drive adoption, innovation and compliance to regulatory standards amongst industry participants, with the ultimate goal of driving benefits to citizens through the AA ecosystem.
To become a part of the Account Aggregator Ecosystem, participant organisations must follow ReBIT guidelines for API & functional flow to become a part of this ecosystem.
Saksham from Aujas enables organizations to quickly and reliably test their API implementation for compliance, security, and readiness to join the account aggregator framework.
Aujas Cybersecurity has been empanelled to conduct the certification process for all the Account Aggregator ecosystem entities.
The RBI approved a new class of NBFCs in 2016 to act as Account Aggregators whose primary responsibility is to facilitate the transfer of users' financial data with their explicit consent. This primarily includes transfer, but not storing, of data. An Account Aggregator is 'data-blind', and data transmitted will be end-to-end protected. Also, an Account Aggregator does not and cannot store any user's data.
Thus, It helps businesses and individuals collate and share data digitally in a secured and controlled manner, thereby assuring the user's integrity, confidentiality, and privacy.
The architecture of AA is based on the Data Empowerment and Protection Architecture (DEPA) framework.
The three modules, FIP, AA, and FIU, to be adopted by the entities for undergoing a certification process and ensure the APIs used by each entity are as per the schema, interoperability, and security specifications of Reserve Bank Information Technology Private Limited (ReBIT).
Certified FIP/AA/FIU entities are to be included in the Central Registry and be able to connect with a network of AAs seamlessly.
Saksham from Aujas provides an automated self-assessment and API certification kit that can check and validate:
The output of the self-assessment check is a PASS/FAIL result based on the evaluation of technical controls. Once a PASS result is achieved, a Certificate of conformance is awarded by Aujas and Sahamati jointly.
The technical controls must be evaluated quarterly to ensure compliance with ReBIT specifications.
The certification shall help organizations demonstrate that they have fulfilled the specified technical and security controls defined in the NBFC-AA API specifications published by ReBIT.
Aujas provides certification after evaluation of the output of the self-assessment check. Once a certificate is issued after the first successful run of the Aujas Saksham Toolkit against the FIP, AA, FIU system, it is considered a proof of compliance unless the quarterly reports indicate a significant deviation or non-compliance with the NBFC-AA specifications, as applicable then.
