RBI approves Sahamati as SRO for India’s Account Aggregator ecosystem

The Reserve Bank of India has officially recognised Sahamati Foundation as the Self‑Regulatory Organisation (SRO) for the country’s Account Aggregator (AA) ecosystem, cementing the not‑for‑profit’s role in governing consent‑based financial data sharing. The decision, announced in early June 2026, formalises the governance framework that will oversee how banks, fintechs and other financial institutions exchange customer data under the AA model. By assigning a single SRO, the RBI aims to standardise operational protocols, enforce security standards and protect consumer consent across the rapidly expanding data‑exchange network.

What happened

In a brief circular, the RBI confirmed that Sahamati Foundation meets the criteria set out in the SRO‑AA framework and is now the designated regulator for the ecosystem. The approval gives Sahamati authority to draft and enforce rules on data handling, participant onboarding, grievance redressal and audit procedures. As a not‑for‑profit entity, Sahamati will operate independently of commercial interests, reporting to the RBI on compliance matters while coordinating with banks, non‑bank lenders, wealth‑management platforms and emerging fintechs that act as aggregators. The move also signals that the RBI expects the AA network to scale rapidly, with more data providers and users joining a system that relies on explicit consumer consent for each data transaction.

Why it matters

The AA ecosystem promises to streamline credit underwriting by giving lenders a single, secure view of a borrower’s financial history—bank statements, tax filings, mutual fund holdings and more—without the need for multiple document requests. With Sahamati at the helm, the RBI can ensure that consent mechanisms remain transparent and that data is exchanged only under pre‑agreed terms. This reduces the risk of data leakage, a concern that has lingered since the AA model was first introduced. Moreover, a unified SRO can accelerate innovation by providing clear, predictable rules for new entrants, encouraging them to build value‑added services such as personalised financial advice or real‑time risk scoring. For consumers, the arrangement offers greater control over who accesses their financial information and under what circumstances.

The bigger picture

India’s AA framework, launched in 2020, is one of the most ambitious consent‑based data‑sharing initiatives globally. Early pilots involving banks like HDFC and fintechs such as Perfios demonstrated the model’s potential to cut loan processing times from weeks to days. Globally, similar efforts are underway in the UK’s Open Banking and Australia’s Consumer Data Right, but India’s scale—over 200 million bank accounts—makes the stakes higher. The RBI’s decision aligns with its broader push for digital finance, including the rollout of Unified Payments Interface (UPI) and the push for a digital identity ecosystem. By appointing Sahamati, the regulator also mirrors the approach taken in other sectors where SROs provide industry‑specific oversight without direct government intervention, a model that has been praised for balancing innovation with consumer protection.

What’s next

Sahamati is expected to publish a detailed rulebook within the next three months, outlining technical standards for APIs, data encryption, and audit trails. Participants will be given a compliance window to align their systems, after which the SRO will conduct periodic inspections. The RBI has indicated that it will monitor the rollout closely, with quarterly reports on adoption rates and any breach incidents. Industry watchers anticipate that the clarified regulatory environment will spur a wave of new AA‑enabled products, especially in small‑ticket lending and insurance underwriting. Observers will also watch how quickly legacy banks integrate the AA standards, as their speed of adoption could determine the overall health of the ecosystem.

Key takeaways

• RBI officially names Sahamati Foundation the SRO for India’s Account Aggregator ecosystem.
• The SRO will set and enforce standards for consent‑based financial data sharing across banks and fintechs.
• A unified regulator is expected to boost consumer trust, reduce data‑leakage risk, and accelerate credit‑underwriting innovation.
• Sahamati will issue a rulebook within three months, giving participants a compliance window before audits begin.
• The move positions India alongside global leaders in open‑finance frameworks while leveraging its massive digital user base.