NBFC Account Aggregator License in India

Set up your NBFC Account Aggregator with the right structure and RBI alignment

Entering the Account Aggregator space requires more than registration. It involves meeting RBI guidelines, setting up secure data-sharing frameworks, and building a compliant operating model. We support you through licensing, documentation, and regulatory alignment so your setup is ready for approval and long-term operations.

Get AA Licensing Guidance
NBFC Account Aggregator License Services

What is an NBFC Account Aggregator?

An NBFC Account Aggregator is an RBI-regulated entity that aggregates and shares users’ financial data across multiple financial institutions in a simplified, readable format. It operates strictly on a consent-based model, ensuring that no financial information is shared without the explicit approval of the user, thereby safeguarding client interests. Given the regulatory intricacy involved, working with account aggregator license consultants in India significantly reduces the risk of application errors or delays. The AA framework sits at the intersection of data privacy, financial regulation, and technology, which makes it structurally different from other NBFC types.

Key Participants in the Account Aggregator Ecosystem

Financial Information Provider (FIP)

Financial Information Provider (FIP)

FIPs are the original holders of financial data — such as asset management companies and pension funds — who securely transfer information upon the user's request.

Financial Information User (FIU)

Financial Information User (FIU)

FIUs, including banks and digital lenders, receive digitally signed financial data from FIPs via account aggregators for purposes like market analysis and customer evaluation.

Technology Service Provider (TSP)

Technology Service Provider (TSP)

TSPs provide the technical infrastructure that enables FIPs and FIUs to access and share data through APIs within the RBI's AA framework, supporting seamless account aggregator services.

Key Advantages of Holding an NBFC Account Aggregator License

Regulatory Credibility & Investor Confidence

RBI registration signals trust to consumers, financial institutions, and investors alike — making it easier to raise growth capital and operate within the ecosystem.

Seamless Financial Ecosystem Integration

Gain direct connectivity with banks, insurance companies, mutual funds, lending platforms, and wealth management firms.

Multiple Revenue Opportunities

Monetize through subscription fees, API licensing, and per-consent transaction charges — creating scalable, recurring income streams.

Expanded Partnership & Business Potential

Partner with fintechs and digital lenders to offer consent-driven data services, enabling faster loan approvals and broader product offerings.

Process for Obtaining an NBFC Account Aggregator License

01
Step 1

Company Registration

Register your company under the Companies Act 2013 with MOA, AOA, and all mandatory MCA certificates in place.

02
Step 2

Meet Net Owned Fund Requirement

Ensure a minimum net owned fund of INR 2 crore as mandated by the Reserve Bank of India before proceeding.

03
Step 3

Document Preparation

Compile the business plan, incorporation certificate, net-worth certificate, and all director ID proofs required for submission.

04
Step 4

RBI License Application

Submit the NBFC Account Aggregator license application along with all supporting documents directly to the RBI.

05
Step 5

RBI Evaluation & In-Principle Approval

The RBI reviews your application and grants in-principle approval upon satisfactory assessment of all submissions.

06
Step 6

IT Infrastructure Setup

Establish a secure IT framework — APIs, consent management systems, and end-to-end encryption — meeting RBI's technical specifications before the final audit.

07
Step 7

Final Registration & Permanent Certificate Issuance

Submit the completed infrastructure for RBI's final audit and compliance review. Upon approval, receive the permanent Certificate of Registration to commence AA operations.

Documents Required to Obtain an NBFC AA License

Company Documents

1. Certificate of Incorporation
2. Audited Financial Statement
3. Business Plan

Director & Promoter Details

1. KYC Details of Directors
2. KYC Details of Promoters
3. Fit and Proper Declaration

Financial Documents

1. Net Worth Certificates of Directors & Shareholders
2. Bankers' Report

Technical Documents

Report on the Company's IT Infrastructure

Miscellaneous

Any Other Supporting Documents as Required

Requirements for an NBFC Account Aggregator License

Requirement Category Details
Financial Eligibility Minimum Net Owned Fund of INR 2 crore
Company Registration Must be incorporated under the Companies Act, 2013
Entity Naming Company name must include “AA”
Business Plan Detailed plan covering HR, IT systems, finances, and business acquisition
Declarations Fit and proper declarations from all directors, partners, and shareholders
Covenant Deed Must be signed by the board of directors and shareholders as per RBI Master Direction
Application Format Application must be submitted via Form A
Business Objectives Declared objectives must be restricted to AA-related activities only
Statutory Documents MOA, AOA, board resolution, and director/shareholder identification details
Net Worth Certificate Must be authenticated and filed by a Chartered Accountant
IT Infrastructure Secure, encrypted IT systems must be in place for safe data transfer
Background Checks Comprehensive background verification of all company personnel is mandatory

Post-License Compliance for NBFC Account Aggregators

Website & Privacy Policies

Draft and maintain compliant website policies, including a privacy policy that clearly outlines the handling of client-sensitive financial data.

Consent Architecture Management

Implement, maintain, and store RBI-mandated consent frameworks to support audit trails and efficient dispute resolution.

Regulatory Filings & Returns

File quarterly and annual returns, audited financial statements, and the statutory auditor's certificate within prescribed RBI deadlines.

Director & Shareholder Changes

Promptly inform the RBI of any changes in directors or shareholders in the prescribed format to remain compliant.

Net Owned Fund Monitoring

Continuously track and maintain Net Owned Funds above the minimum INR 2 crore threshold as required by the RBI.

IT Security & Cybersecurity Compliance

Implement and uphold a secure, encrypted IT infrastructure in line with RBI's cybersecurity regulations for safe data transfer.

Periodic Audits

Conduct regular internal and external audits through CISA-certified auditors to ensure ongoing operational and regulatory compliance.

Grievance Redressal Mechanism

Appoint a Nodal Officer to provide a transparent, time-bound framework for resolving client disputes and maintaining institutional trust.

KYC & AML Compliance

Implement rigorous identity verification and monitoring protocols to ensure legal client onboarding and mitigate financial crime risks.

Scale-Based Regulation (SBR) for NBFCs

Scale-Based Regulation was introduced by the Reserve Bank of India in 2022 to classify NBFCs based on their size, activity, and risk exposure. Instead of applying the same rules to every NBFC, SBR places entities into different layers, each with its own level of regulatory supervision.

This directly affects how an NBFC is structured, how it operates, and how closely it is monitored after licensing.

The Four Layers Under SBR

Base Layer (NBFC-BL)

This includes smaller NBFCs with limited risk exposure. Compliance requirements are basic, covering capital adequacy, governance, and periodic filings. Under the current guidelines (as of 2026), NBFC-Account Aggregators (NBFC-AAs) are explicitly classified in the Base Layer (NBFC-BL),

RBI SBR Classification for NBFC-AA

The RBI’s “Scale Based Regulation (SBR): A Revised Regulatory Framework for NBFCs” defines the layering based on size, activity, and risk. Here is how it applies specifically to Account Aggregators:
Fixed Classification: Unlike Investment and Credit Companies (NBFC-ICC), which move to the Middle Layer once they cross the ₹1,000 crore asset threshold, the RBI has specifically carved out certain categories to “always remain” in the Base Layer.

Middle Layer (NBFC-ML)

NBFCs with higher operational scale fall into this category. They are subject to tighter governance norms, enhanced disclosures, and stricter regulatory oversight.

Upper Layer (NBFC-UL)

This layer consists of systemically important NBFCs identified by the RBI. They face bank-like supervision, including stronger capital requirements and closer monitoring.

Top Layer (NBFC-TL)

This is a supervisory layer reserved for NBFCs that may pose significant systemic risk. It remains empty unless the RBI specifically moves an entity into it.

Why SBR Matters for Account Aggregator License

For businesses applying for an NBFC Account Aggregator License, SBR determines the level of compliance from the outset.
  • Regulatory Intensity: Entities in the Middle Layer must follow stricter governance and reporting standards
  • Technology and Data Controls: Strong IT systems and data security measures are expected
  • Ongoing compliance: Requirements continue after licensing, with periodic audits and filings
  • Scalability Impact: As operations grow, the NBFC may move to a higher layer with increased regulatory expectations

What ReBIT Covers for Account Aggregators

For NBFC Account Aggregators, technology and data security are central to regulatory approval, not optional requirements. ReBIT defines the cybersecurity and technical standards that must be followed during licensing and ongoing operations.

Consent Architecture

Structured consent framework where data is shared only with user approval, remains time-bound, and can be revoked anytime.

Data Security and Encryption

End-to-end encryption is mandatory, with strict controls on data storage and safeguards against unauthorized access.

API-Based Data Sharing

Secure APIs connect FIPs and FIUs, following standard protocols with full traceability of data flow.

IT Governance and Risk Management

Defined IT governance with clear roles, regular risk assessments, and response plans for security incidents.

Audit and Compliance Checks

Periodic audits, security testing, and detailed audit trails are required to validate system integrity.

How RBI Evaluates Your AA License Application

Getting an NBFC Account Aggregator license is not just about submitting documents. The RBI reviews your application across multiple layers, financial strength, governance, technology, and the viability of your business model. Approval depends on how well these elements are aligned.

1. Promoter Background and “Fit & Proper” Criteria

RBI reviews the credibility, track record, and integrity of promoters and directors. Any adverse history or weak profile can impact approval early in the process.

2. Business Model and Use Case Clarity

The application must clearly define your role as a data intermediary within the AA framework. RBI looks for a structured plan covering users, partners, and revenue approach.

3. Financial Strength and Capital Adequacy

Applicants must meet the minimum net owned fund requirement and show financial stability. RBI also checks the source of funds and ability to sustain operations.

4. Technology Architecture and Data Security

RBI evaluates your consent architecture, APIs, and data protection systems in detail. This review aligns with standards set by ReBIT.

5. Governance Structure and Internal Controls

A defined board structure, risk framework, and compliance setup is expected. RBI ensures the entity can manage operations with proper oversight.

6. Regulatory Scope and Activity Restrictions

The business must strictly operate as a data aggregator without handling funds. RBI checks alignment with AA regulations and permitted activities only.

7. IT Readiness Before Final Approval

Post-in-principle approval, systems are tested for security and functionality. Final registration is granted only after successful validation of IT infrastructure.

Why Choose IMC for NBFC Account Aggregator License?

Expert Regulatory Guidance

As experienced RBI Account Aggregator consultants, we guide you through every complex regulatory requirement with precision and clarity, ensuring your application is accurate, complete, and well-positioned for approval.

Comprehensive Licensing Support

Our team manages the entire lifecycle of your NBFC AA license application — from initial entity structuring to securing final approval — so nothing falls through the cracks.

Strategic Operational Setup

Our Account Aggregator setup advisory focuses on building a compliant, resilient, and scalable operating model right from the foundational stage.

Compliance-First Framework

We provide dedicated compliance and advisory support to ensure your entity consistently meets evolving RBI standards and operational benchmarks.

Technical and Systems Alignment

We ensure your IT infrastructure aligns with mandatory data security and consent framework requirements set by the RBI.

Post-Licensing Execution

As your long-term AA license compliance partners, we handle ongoing audits, regulatory updates, and statutory maintenance as your operations grow.

FAQs

To obtain an NBFC Account Aggregator license, your company must first be incorporated under the Companies Act 2013 with a minimum Net Owned Fund of INR 2 crore. You are then required to submit an application in Form A to the Reserve Bank of India, along with all mandatory documents including the business plan, MOA, AOA, and a CA-authenticated net worth certificate. Upon RBI approval and successful establishment of the required IT infrastructure, the final registration certificate is issued.
The Reserve Bank of India (RBI) is the sole regulatory authority that governs and issues the NBFC Account Aggregator License. It oversees all AA operations through its Master Direction on NBFC Account Aggregators, ensuring data privacy, consent-based sharing, and financial ecosystem integrity.
Essential documents include the Certificate of Incorporation, MOA, AOA, KYC details of directors and promoters, net worth certificate authenticated by a Chartered Accountant, audited financial statements, business plan, IT infrastructure report, and fit and proper declarations from all authorized personnel.
Any company incorporated under the Companies Act 2013 with a minimum Net Owned Fund of INR 2 crore is eligible to apply. The entity’s name must include “AA,” and its declared business objectives must be restricted exclusively to account aggregator activities.
To qualify, the applicant must be a registered company under the Companies Act 2013, maintain a minimum NOF of INR 2 crore, and demonstrate a secure IT infrastructure, a structured business plan, and compliance with all RBI Master Direction requirements for account aggregators.

A FIP, such as a bank or insurance company, is the original holder of a customer’s financial data and shares it upon consent. An FIU, such as a digital lender or NBFC, receives this data through the account aggregator for purposes like credit assessment, market analysis, and customer evaluation.

A minimum Net Owned Fund (NOF) of INR 2 crore is required to apply for an NBFC Account Aggregator License from the RBI.

The timeline varies based on RBI processing, document completeness, and IT infrastructure readiness, but typically ranges from 6 to 12 months from application submission.

Only companies incorporated under the Companies Act 2013 in India are eligible. Foreign entities must establish a local entity before applying for the AA license.

Licensed account aggregators are permitted exclusively to consolidate and share financial data between FIPs and FIUs with the explicit consent of the customer — no other financial activity is allowed.