Last week, a new data sharing framework went live across 1.1 billion bank accounts that would allow users to seamlessly consolidate their personal financial data in one place and share it with multiple lenders in one. click. This is a big step forward for consumers. But is the cost of comfort too high?
The data sharing framework, called Account Aggregators (AAs), allows users to digitally share their data with different service providers in exchange for loans, insurance or any other financial service. The user can then decide what data they want to share, with whom to share it, for what purpose, and even revoke the authorization to access their data.
“You can think of an AA as a gateway to your financial data,” tweeted Sahamati, a collective of non-profit account aggregators. “Users download an AA app and use it to securely link their bank and other financial accounts [such as insurance, investments, and pension funds]. Once the accounts are linked, users can share data from their banks and other service providers with a single click. »
This new system could be a game-changer for banks and insurers accessing new borrowers. Currently, the process is interrupted: a lender seeking to secure a customer receives financial data in different formats, such as PDFs, paper printouts or images of bank statements, which costs money to import into systems. standard. With consent-based sharing of user data through account aggregators, credit risk assessment becomes faster, smoother and more cost-effective.
With 1.1 billion real accounts, including the participation of India’s largest bank, the State Bank of India (SBI), some believe that the open banking framework open a $300 billion lending market by targeting small and medium enterprises.
But some privacy advocates are alarmed by the new system. “The account aggregator does to banking privacy what Truecaller did to caller privacy,” said Srikanth Lakshmanan, a member of Cashless Consumer, a consumer protection collective for digital payments.
While signing up for the Truecaller caller ID app, users agree to share their contacts with the company. So even if your friends haven’t signed up, their numbers and identities will automatically end up as registered identities in Truecaller’s database.
“If you consent to your lender actively monitoring your bank statement for the loan you obtained, and I pay you digitally, your lender/fintech value chain now has access to knowledge of my transaction from your statement without my consent. This is a gaping hole in the account aggregator that disregards counterparty privacy. Given the collection practices of lenders and the poor oversight of regulators, I assume that these data will be systematically misused,” Lakshmanan said.
The biggest risk is the Central Bank of India’s refusal to regulate digital lending, even after more than two years of data misuse and dozens of suicides. “Sahamati’s self-regulation will prioritize industry interests and provide limited redress options for consumers,” Lakshmanan said.
In the future, “it will be impossible to access credit without consenting to active surveillance, and it is the equivalent in the banking world of having a million CCTV cameras all over the city – both by police and business establishments,” Lakshmanan said. “This will give banks a sense of security in granting loans; [it] might increase trust but will not improve safety, just like how CCTV cannot make the streets safer.