On July 20, NITI Aayog launched a regulatory framework for digital banking. Finance Minister Nirmala Sitharaman had recently suggested that all public service banks (PSBs) should implement the account aggregator system by the end of this month.
In an interview with Moneycontrol on July 21, Bank Bazaar CEO, Adhil Shetty, spoke about the challenges that may come in the way of doing that and the expectations fintech and banks may have from the government in terms of implementing the technology.
Edited excerpts from the interview:
Do you think stricter regulations are on the way from the government and the RBI for digital banking?
Clearly, more regulations are coming soon. And the RBI is trying to make sure that consumer interest is served. But we learn from other markets. So, I think it is guaranteed that the framework for digital lending is on its way, so the good players can continue to scale, and the unregulated behaviour can be removed. But we have gone and spoken to the regulators saying please make it a fair level playing field between online and offline.
Also read: NITI Aayog flags problems with neobanking model, says credibility on line
Do you think the draft report on digital lending published by the Reserve Bank of India in November has been able to address the issue?
As an industry, we appreciated most of it. The principle we focused on while we share our opinion and feedback after the report is to create a level playing field for all lending bodies. We don't want to kill a young industry which is doing so well for India.
They are saying online all commissions have to be disclosed, commercial arrangements to be disclosed, it should be the same for offline also. It should be for everyone who's involved in the product.
How do you think account aggregator can bring in a change? Do the PSBs have the kind of infrastructure needed to do it so fast – by the end of July?
I think, the interesting thing about account aggregator is that it is a practical manifestation of what the data protection law seeks to do. It will have your consent captured, a data controller who's liable for how the data is used, and secure movement of data.
Today, public sector banks are investing a lot in technology. Be it Bank of Baroda, Punjab National Bank or State Bank of India, all of them are trying their best to do technological advancement. Already, many private banks have implemented the same.
I am confident that given how much they put into technology and how every Chief Digital Officer is talking about the importance of account aggregator, it won’t be difficult for them to have the system in place within the deadline. Many PSBs are at some stage of integration. So, they're not starting today from scratch. The integration work has been ongoing; a lot of integration testing has been done.
As the use of digital banking expands, the number of financial frauds are also rising. What are the challenges that need to be addressed with the implementation of account aggregator?
The risks related to information security and privacy are only going to keep increasing. The threat is always changing. So, it's constantly evolving.
Can a fintech actually say I am safe now? They can only say that I am constantly working in order to manage the evolving time. I think, there are three levels at which this can be dealt with. One is at the policy level, where the account aggregator clearly states how consent should be taken -- there's an OTP-based consent. So, even if I want it, I have to clearly show what I'm taking the data for.
Then at an infrastructure level, account aggregator ensures better data protection as it doesn’t store data unnecessarily for longer period. So even one year from now, some attack happens from somewhere, the account aggregator would have no data that could be breached.
And the third, the only people who can log into the account aggregator are the regulated entities.
So, you have to be a regulated entity of either RBI or SEBI or PFRDA. If you're not a regulated entity, you can’t log into the account aggregator system. Now, before anyone gets access to the account aggregator system, they both do our InfoSec review process. The more we get on account aggregator, the less data is lying outside. So, I actually see it as being well thought out.
Suppose the mergers do happen, will it be feasible to flawlessly merge the account aggregator back-end for two banks?
I absolutely think so. Now that the experience of merger is there and as far as technology integration is concerned, none has actually been smoother than offline. They know how to absorb a branch, how to absorb license, Aadhaar access. So, I think, because it's been happening, it's not the first time it's happening, so it will be hassle-free this time.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
