The Reserve Bank of India (RBI) has officially recognised the Sahamati Foundation as the Self-Regulatory Organisation (SRO) for the country’s Account Aggregator (AA) ecosystem. This landmark decision formalises the governance of India’s consent-based financial data-sharing framework, ensuring greater accountability and security for all participants. The recognition marks a pivotal shift towards a mature, self-governed digital financial infrastructure in India.
What is the Sahamati Foundation?
The Sahamati Foundation is a Section 8 not-for-profit industry alliance incorporated on September 17, 2019. Headquartered in Bengaluru, the foundation serves as a collective body for the Account Aggregator ecosystem, representing various financial institutions and technology providers. It is led by industry veterans, including Rama Subramaniam Gandhi, a former Deputy Governor of the RBI, who serves as the Non-Executive Chairman, and B.G. Mahesh, the co-founder and CEO.
Before receiving the official SRO status, Sahamati acted as an informal industry coordination body. It played a crucial role in the adoption of the AA framework by facilitating discussions between regulators like SEBI, IRDAI, and PFRDA, and market participants. Its transition to a recognized SRO empowers it with formal authority to set standards and enforce discipline across the network.
The Role of a Self-Regulatory Organisation in the AA Ecosystem
The recognition of Sahamati follows the RBI’s comprehensive framework for Self-Regulatory Organisations (SROs) in the financial sector. An SRO is an industry-led body that sets and enforces rules for its members, acting as a bridge between the regulator and the market. In the context of the Account Aggregator ecosystem, Sahamati will now be responsible for maintaining technical and operational standards to ensure that data flows seamlessly and securely across different platforms.
Key responsibilities of the newly recognized SRO include:
- Standard Setting: Developing and updating technical protocols for data transfer and interoperability.
- Dispute Resolution: Establishing a transparent and formal mechanism to resolve grievances between participants or between users and entities.
- Compliance Monitoring: Ensuring that all members adhere to the code of conduct and reporting any significant violations directly to the RBI.
- Policy Advocacy: Providing data-driven insights to the government and regulators to help shape future digital finance policies.
By decentralising some regulatory functions to an industry-led body, the RBI ensures that the ecosystem remains agile and responsive to emerging technical challenges while maintaining high standards of consumer protection.
Understanding the Account Aggregator Framework
The Account Aggregator (AA) ecosystem is a consent-based data-sharing framework that allows individuals and small businesses to share their financial information securely across different institutions. It is often described as the ‘UPI for lending’ because it simplifies the process of getting credit by replacing physical documents with digital, encrypted data transfers.
The ecosystem consists of three primary players:
- Financial Information Provider (FIP): These are the sources of data, such as banks, mutual funds, insurance companies, and tax portals.
- Financial Information User (FIU): These are entities that request data to provide services, such as a bank processing a loan or a personal finance app.
- Account Aggregator (AA): This is the intermediary that manages the customer’s consent. AAs are regulated by the RBI as a specific class of NBFC-AA (Non-Banking Financial Company - Account Aggregator).
A unique feature of the NBFC-AA is that it is ‘data-blind’. It cannot see, store, or monetize the data it transfers. The data is encrypted at the source (FIP) and can only be decrypted by the recipient (FIU) after the customer provides explicit consent. This ensures that users retain full sovereignty over their financial data.
Significance of RBI’s Recognition
The official recognition of an SRO is a watershed moment for India’s digital public infrastructure. As of June 2026, the Account Aggregator network has achieved massive scale, with over 1,120 live regulated financial entities participating in the ecosystem. This includes 176 Financial Information Providers (FIPs) and 1,020 Financial Information Users (FIUs).
The framework has already facilitated more than 450 million fulfilled consent requests and supports nearly 290 million monthly data-sharing transactions. With over 294 million accounts already linked to the network, the AA ecosystem has moved beyond the pilot phase and is now a critical pillar of India’s financial system.
The transition to an SRO-led governance model brings several benefits:
- Institutional Trust: Sahamati acts as an ‘institution of trust,’ ensuring that all participants follow high ethical standards.
- Interoperability: Common technical standards prevent the fragmentation of the network, allowing a customer of one bank to share data seamlessly with any other financial institution.
- Scaling to Open Finance: While initially focused on lending, the AA framework is now expanding into wealth management, insurance, and personal finance, paving the way for a comprehensive ‘Open Finance’ era in India.
This development cements India’s position as a global leader in consent-based digital infrastructure, providing a blueprint for other nations looking to build secure and inclusive financial systems.
Key Takeaways
- The Reserve Bank of India (RBI) officially recognized the Sahamati Foundation as the Self-Regulatory Organisation (SRO) for the Account Aggregator (AA) ecosystem on June 5, 2026.
- The Sahamati Foundation was incorporated in September 2019 as a Section 8 not-for-profit company and is headquartered in Bengaluru.
- Rama Subramaniam Gandhi, a former Deputy Governor of the RBI, serves as the Non-Executive Chairman of Sahamati.
- The Account Aggregator framework operates through three key participants: Financial Information Providers (FIPs), Financial Information Users (FIUs), and the Account Aggregator (AA) intermediary.
- Account Aggregators are regulated by the RBI as a specialized class of NBFC-AA and act as ‘data-blind’ fiduciaries that cannot store or see user data.
- As of June 2026, the AA network has facilitated more than 450 million fulfilled consent requests across over 1,120 live regulated entities.
