Fastest path to Account Aggregator Framework Readiness!

Sahamati, a collective of Account Aggregator (AA) ecosystem in India, is built as a digital public infrastructure that empowers individuals to share their own financial data from one party to the other with their consent. Organizations registered with and regulated by either of the four regulators – RBI, SEBI, IRDA, PFRDA, are permitted to be a part of Sahamati.

To become a part of the Account Aggregator Ecosystem, participant organizations need to comply with RBI guidelines for API & functional flow.

Saksham from Aujas enables organizations to quickly and reliably test their API implementation for compliance, security, and readiness to join the account aggregator framework.

Aujas Cybersecurity has been empanelled to conduct the certification process for all the Account Aggregator ecosystem entities.

Fastest path to Account Aggregator Framework Readiness!

Saksham-Web-Page-Banner

Sahamati, a collective of Account Aggregator (AA) ecosystem in India, is built as a digital public infrastructure that empowers individuals to share their own financial data from one party to the other with their consent. Organizations registered with and regulated by either of the four regulators – RBI, SEBI, IRDA, PFRDA, are permitted to be a part of Sahamati.

To become a part of the Account Aggregator Ecosystem, participant organizations need to comply with RBI guidelines for API & functional flow.

Saksham from Aujas enables organizations to quickly and reliably test their API implementation for compliance, security, and readiness to join the account aggregator framework.

Aujas Cybersecurity has been empanelled to conduct the certification process for all the Account Aggregator ecosystem entities.

Account Aggregator Framework – A Primer

The RBI approved a new class of NBFCs in 2016 to act as Account Aggregators whose primary responsibility is to facilitate the transfer of users' financial data with their explicit consent. This primarily includes transfer, but not storing, of data. An Account Aggregator is 'data-blind', and data transmitted will be end-to-end protected. Also, an Account Aggregator does not and cannot store any user's data.


Thus, It helps businesses and individuals collate and share data digitally in a secured and controlled manner, thereby assuring the user's integrity, confidentiality, and privacy.


Account-Aggregator-Framework-A-Primer
The architecture of AA is based on the Data Empowerment and Protection Architecture (DEPA) framework.

Saksham – Self Service Based Automatic API Certification Approach

The three modules, FIP, AA, and FIU, to be adopted by the entities for undergoing a certification process and ensure the APIs used by each entity are as per the schema, interoperability, and security specifications of Reserve Bank Information Technology Private Limited (ReBIT).


Certified FIP/AA/FIU entities are to be included in the Central Registry and be able to connect with a network of AAs seamlessly.


Saksham from Aujas provides an automated self-assessment and API certification kit that can check and validate:

  • API specification adherence
  • Function flow specification adherence inline with the controls/specifications as defined by ReBIT for FIP/AA/FIU modules
  • Completeness of implementation

The output of the self-assessment check is a PASS/FAIL result based on the evaluation of technical controls.


The technical controls must be evaluated quarterly to ensure compliance with ReBIT specifications. Per prevailing requirements, the self-assessment report is to be provided to the Sahamati Foundation quarterly.


The certification shall help organizations demonstrate that they have fulfilled the specified technical and security controls defined in the NBFC-AA API specifications published by ReBIT.


Saksham-Self-Service-based-Automatic-API-Certification-Approach-1


Aujas provides certification after evaluation of the output of the self-assessment check. Once a certificate is issued after the first successful run of the Aujas Saksham Toolkit against the FIP, AA, FIU system, it is considered a proof of compliance unless the quarterly reports indicate a significant deviation or non-compliance with the NBFC-AA specifications, as applicable then.

Benefits

Saksham has completely automated the process of checking compliance of the application/tool being developed by Technical Service Providers (TSPs) / Organizations against the ReBIT Account Aggregator Ecosystem API Specifications.


  • The fastest way to become compliant and a part of the Account Aggregator ecosystem.
  • Fully automated test scenarios.
  • User manual for self-assessment kit and installation instructions to be given as part of pre-installation manual kit.
  • Strict adherence to the API request and response JSON structures to ensure interoperability in the ecosystem.
  • Control checklist to be provided before a certification audit.

Financial entities should become a part of the Account Aggregator ecosystem for faster business turnarounds, ensure cost efficiencies, lower infrastructure costs/credit costs, and provide better products and solutions for users.


To become a part of the Account Aggregator ecosystem, write at contact@aujas.com, and start your certification journey today.

Thanks for Your Interest in Saksham - Fully Automated API Capability Test Kit.

We are ready to help you get started. Let us know how to contact you,
and we will get in touch with you.