This post was originally published on Medium in August 2019
Foreword and acknowledgements:
“This will be as big as UPI #Sahamati” — Kunal Shah , Twitter
This comment, made at a 25th July event inaugurating DEPA and Sahamati, broke Indian fintech Twitter. You could practically hear the buzzing of a thousand Slack channels as startup founders rushed to instruct their teams to decode just what the hell Kunal was talking about.
Sadly, a lot of the media coverage around DEPA and Sahamati in recent weeks has been low-quality and misleading. In this article, I will attempt to demystify this exciting new system while providing lots of context relevant to startups and investors alike.
I know this article is long, but I guarantee that anybody who reads it will learn something worth learning.
Before I jump in, I would like to thank the following people for helping me gather my thoughts and facts in preparation for writing this piece:
Sid Shetty, iSpirt
Kamya Chandra, iSpirt
Amit Ranjan, DigiLocker, Slideshare
Manoj Alandkar, Finvu
iSpirt generally: I am continually inspired by the talent, dedication, and integrity of the volunteers at iSpirt. They are responsible for so much of the great public tech infrastructure of India. Thank you so much.
Nandan Nilekani inaugurating DEPA at the Four Seasons Hotel, Mumbai, 26th July, 2019. Picture taken from Sahamati Twitter account.
“Nothing is more powerful than an idea whose time has come” — Victor Hugo
Let’s dive straight in — what is DEPA?
DEPA stands for Data Empowerment and Protection Architecture. It is India’s attempt to create a data-driven economy, which includes and exceeds the concept of ‘open banking’. You can think of it as a UPI-style infrastructure layer that will facilitate consent-based sharing of personal data instead of facilitating payments.
Nandan Nilekani has been talking about a “data-rich” economy for years, and it looks like we are finally ready to jump right into one. In simple terms, DEPA and the AA (Account Aggregator) framework will allow individuals and small businesses to unlock the power of their data lying in the walled gardens of data fiduciaries such as banks, telcos, regulators etc.
What the hell are you talking about?
Imagine I’m a customer of Kotak Bank. I want to share my bank statements and financial history with a lender so I can get a loan. Here are the options I have today:
Print out my bank statements, self-attest them, and share them with a lender physically
Forward all my SMS and emails to the lender so they can parse my data and recreate my banking history
Share my net banking login credentials so the lender can analyse my account
Allow the lender to screen scrape the relevant banking pages
Share pictures or PDFs of my bank statement for OCR analysis
All of these options are suboptimal. They are either insecure, inefficient, or prone to tampering. They are mostly provided as services to financial institutions by companies like Perfios or Finbit. The terms under which these vendors (Perfios/Finbit) and data processors (lenders) access our data is currently murky and ill-defined at best.
Under DEPA, here is how the same flow will work:
I register with an AA*, create an account, and link it to my existing bank accounts (and other kinds of accounts, but more on this later)
I go to the lender’s website/app and click a button which says “Share Data with Lender”
This button brings me to my AA app which prompts me to enter a security PIN and choose which data I would like to share with the lender
After setting my consent terms, which define how the lender can access my data, I complete the transaction and allow the data to be pulled directly from Kotak bank to the lender
My data does not lie with or become accessible to the AA at any point; it merely flows from the Financial Information Provider (FIP), Kotak, to the Financial Information User (FIU), the lender, via the AA interface. The central idea here is that a user should always have visibility and control over how her data is shared.
* AAs — Account Aggregators are a special type of NBFC regulated by RBI. They provide the interfaces through which users provide the consent required to authorise the sharing of private data. The data itself travels from FIP to FIU via standardised API endpoints prescribed by RBI’s technology arm, REBIT. More on the existing AAs and their business models below.
OK but whats so cool about that?
Our data today lies behind opaque silos. Banks, regulators, and corporates all have mountains of data about each and every one of us — data that we cannot adequately protect nor utilise!
Through the DEPA protocol, we can bring transparency and interoperability to our data. We will have the ability to share our data in a secure and convenient way, resulting in many benefits to ourselves and our businesses.
Nandan Nilekani has been imagining a ‘data democracy’ for years. He believes that we need a ‘digital public good’ for data sharing — similar to how UPI is a digital public good for payments. DEPA has the potential to usher in this age of ‘data democracy’. It is a simple and extensible system which is built to encourage innovation while prioritising user consent and data security.
This is the first time anything like this has been implemented at a national level, and I am very proud of the government for continuing to set a global example on how to build world class digital public infrastructure. It is especially laudable how various government agencies including the Ministry of Finance and RBI have come together to build this system in concert.
The concept of creating a secure system for the sharing of personal data has been discussed in several countries, but this is the most ambitious project I know of. Several governments are working on launching ‘open banking’ — essentially a way for people to securely share their financial data lying with banks — but DEPA goes beyond just banking to create a machine readable electronic standard for consent. This will allow a consumer to securely unlock any personal data belonging to her — a powerful idea which will bring down the barriers to innovation that currently exist due to the silo-and-island data landscape today.
This is too vague and theoretical, give me some concrete use cases!
The first few FIPs who will come onto the network can be categorised as follows:
Private Sector Banks
Public Sector Banks
NBFCs
Insurance Providers
Tax Platforms (GSTN, Income Tax, etc)
Mutual Funds and Asset Management Companies
Pension Funds and Provident Funds
From what I have seen in the market, IDFC First, SBI, Axis, Kotak, and IndusInd seem to be leading the way in terms of getting their API endpoints ready for DEPA.
The first few FIUs who will likely join the network are:
Lenders
Wealth Managers, Brokers, Registered Investment Advisors
Roboadvisors
Analytics companies
Other kinds of fintech companies like wallets, neobanks etc.
Basically you can expect entities that are regulated by RBI, SEBI, IRDA, or PFRDA to be the first few FIUs and FIPs within the DEPA ecosystem. Here are some of the use cases for the personal finance side of things:
1. Flow-based lending:
Pull transaction/cash flow data from banks
Use this data to underwrite
Consume data directly from the source at a much lower cost than what is currently out there
Analysis: This is a really obvious use case. This sort of thing happens anyway thanks to Perfios etc, but now it will happen at a lower price because the API infrastructure has been created and enforced. Account Aggregators will charge FIUs for how many transactions they do for them, but this business will likely be quite low-margin (more on this later in the section on competitive landscape).
Here is the example provided by iSpirt and Nilekani:
Mohan needs a loan but has no collateral. His main asset is the predictability of his cash flows.
Mohan demands his GST returns, bank account data, and home loan repayment history from 3 different sources (GSTN, bank, NBFC)
Mohan securely and simply shares this data with a lender through his preferred AA app
Mohan has a great customer experience and tells all of his friends to get bank accounts, tax accounts, and to generally jump into the formal economy because it offers more advantages compared to keeping economic activity in the shadows/offline
The fourth point is something I made up, but that seems to be what iSpirt hopes will happen as people’s individual data becomes more easily consumable and valuable for FIUs. If you generate more structured data in the formal economy, you will benefit. Therefore, you should do all your economic activity digitally and in the open.
2. Aggregated Account Statements & Analytics:
Provide consent to some fintech FIU to read and access all of your banking/wealth/tax accounts
Enjoy a consolidated view of your finances across all your accounts broken up into different categories (food, travel, entertainment), time periods, and more
You may be able to give consent to some company to anonymise and share your data in return for offers and discounts
Analysis: I think a lot of FIUs will provide a great UX for customers to view/manage/handle their data, and will monetise by creating a marketplace where businesses can compete to target different users.
Examples:
Look at my banking history and show me banking products where I could earn more interest or get less overdraft penalties
Look at my average spending on travel and give me the best forex options or credit cards with the points suited to my lifestyle
Collate my finances lying across all my accounts/custodians and give me a net worth breakdown. Give me P&L breakdowns, balance sheets etc. for my personal and SME finances (Bank Open is one neobank that is currently doing this very well for SMEs. Disclosure: I am an investor via Better Capital)
3. Anonymized Data Aggregation
I have the option of sharing my anonymised data with companies in exchange for offers and incentives
If an FIU knows a user spends more than 20k/mo on Ola, he could potentially help Uber make a highly relevant impression on said user (while also protecting the privacy of the user)
Analysis: This use case seems to be one which could face pushback from privacy activists, but its something which could be worthwhile if done well. User data is shared wantonly today and users receive no recompense. Offering data in return for financial rewards seems like a no brainer in this context, but I am not sure how this can be pulled off securely.
Perhaps a trusted intermediary can anonymise the data before sharing it with market research companies/data aggregators? The UK has a Gene Bank which pays people for their anonymised genetic data — it might be worth looking into their model and security practices.
But enough on this section for now, we will discuss more use cases and DEPA startup ideas later.
OK thanks for providing a whopping 3 use cases, what else is cool about this thing?
The most exciting thing about DEPA is that the architecture for this system is completely industry-agnostic and interoperable. Today the early adopters are from the finance industry (thanks to some nice pressure and regulation by RBI, SEBI, IRDA, and PFRDA), but tomorrow I expect to see a lot more FIPs on this platform including:
Telco operators (in fact TRAI has already made this recommendation to telcos)
Healthcare providers
Startups and other private sector companies
That means that I can potentially request all of the following data:
Medical records, pharmacy purchases
My phone bill/data breakup
My consumption history on Swiggy
My travel history from Ola
If this data does become open and accessible, then there is quite a lot a startup could do with all of it.
Think about behaviour-based rewards and pricing (if you eat 3 healthy meals a week from Swiggy and clock into Cure.Fit everyday, your health insurance premium will go down) or aggregated purchase power (“hey, you seem to buy Asthalin very frequently, if you and 500 other users buy it together by tomorrow, you could get 30% off!”).
Now I don’t know whether I’m delusional or silly for imagining all this, but the possibilities are quite exciting. If I can unlock my data from the silos it lies in and allow it to flow freely as per my explicit consent, I would be pretty happy to do so in turn for rewards and incentives. My data is presently flying freely around the internet anyway, and I’m not getting a rupee’s worth of compensation for that today.
Who is trying to build an Account Aggregator?
So far we know of 7 parties who have been given an in-principle approval to obtain NBFC-AA licenses. These are:
Finvu, a startup
Onemoney, a startup
CAMS
NESL
MyUniverse, an Aditya Birla Group fintech company which purports to help customers view all their various assets and expenses in one place (no payments yet)
Reliance Jio (yikes)
Yodlee, a group company of Chicago based financial data aggregator Envestnet (NYSE $ENV)
There are also unannounced startups looking to take advantage of the new access to customer data by building neobanks. Some of these startups may choose to get an AA license (in addition to creating a separate entity that can be an FIU and consume the data).
Is Account Aggregation a good business to be in?
Maybe, but lets start with understanding the AA business model exactly
Account Aggregators make money from FIUs. Whenever a successful data transfer (or transaction) takes place, an FIU will pay the AA that facilitated the transfer.
As a result, an AA must try and capture as many users as possible. They may do so by offering the best UX, the best distribution, or the best incentives in the form of cashbacks, gamification, or rewards. Hopefully some AAs can also innovate and unlock traditionally ‘hard-to-reach’ groups like low-literacy customers of banks and MFIs*. There are lots of niche (but still large) user groups out there who would benefit from this data sharing, and I hope startups don’t just rush to serve the top 100mm who are served anyway!
Moving onto some numbers, AAs can initially expect to earn 25–30 rupees per transaction. This pricing may be locked in by regulation to help protect startups from big companies like Jio coming in and ruining the market.
Important note: an AA account will be completely interoperable, similar to how I can make an payment to any UPI address using any UPI-compatible client. This means that you can use your AA account anywhere, you will not be limited to working with the preferred vendor of a certain FIU. For example, Capital Float may partner with an AA like Finvu to help get their infrastructure ready to consume data via DEPA. In return, Capital Float may encourage people without AA accounts to register with Finvu. If somebody already has an account though, they can use whatever AA they wish — so if Capital Float accepts DEPA transactions from one AA, they have to accept transactions from all AAs.
* — My friends at Navana Tech are doing exactly that, check them out
How big is the market size for AAs?
Given the current ticket size of 25–30 rupees/tx, the market size for AAs looks pretty large. I would not be surprised if we had 1bn DEPA transactions per year by August 2022.
At this stage I should mention that the price of 25–30/tx is just based on my informal market research with AAs and FIUs. There is no guarantee RBI will create price controls, and there is no guarantee the number will be Rs. 25–30. Yet.
Furthermore, this policy cannot be a long term measure. In the long term, the market must decide a fair pricing mechanism. In a free market, I can see companies fighting hard on pricing and trying to get preferential promotion from FIUs in return for lower prices per transaction.
My intuition tells me that over the long term the AA industry will be similar to the payments industry — margins suck but the business has strategic value (for AAs that benefit will be owning a customer and knowing who she interacts with, for payments the value is knowing who is spending what/where).
How might AAs want to think about distribution?
As I mentioned before, AAs may want to capture users by offering cashbacks, rewards, or other monetary incentives. However, they may also want to think about alternative distribution strategies instead of just throwing marketing dollars at advertising.
One approach may be partnering with popular apps to capture a large existing customer base. For example, an AA startup may partner with somebody like PhonePe to embed the AA’s SDK into PhonePe’s application.
PhonePe’s users now have an easy and convenient way to register with an AA that doesn’t require them downloading another app. The startup is able to hack customer acquisition, and PhonePe takes revenue share while also increasing the stickiness/utility of their product.
Another approach, and one that already seems to be happening in the market, is that AAs are providing tools to help FIPs and FIUs consume and export DEPA data. In return for this help, the AAs want the FIPs to blast their customers encouraging them to sign on with XYZ AA. Similarly, the AAs want the FIUs to encourage customers to create an account with XYZ AA if they don’t already have an account.
While this may help AAs get users in the short run, I find it hard to see a situation in which a huge player like Jio can’t just buy users over with rewards and cash backs. Having said that, we have seen with PayTM that throwing cashbacks at users only works for so long — in the end, UX and product must win :)
What about the other ecosystem participants like FIUs and FIPs?
The FIUs will be the real beneficiaries of DEPA (along with us users of course) — their costs of data acquisition and customer onboarding will get lower than ever, and they will just need to focus on providing the best products and services to their customers.
To paraphrase the excellent Sid Shetty of iSpirt, “the advantage will shift from those who have access to information to those who can use readily available information to make the best predictions, judgements, and analyses”. Sounds exciting — we’ll brainstorm a few startup ideas for companies that can leverage DEPA in a later section of this article.
As for FIPs, they really don’t have any choice but to come on board and adapt to the specified technical standard. I talk more about FIP adoption of DEPA in the next section.
Your picture of DEPA is quite rosy and optimistic, what are some drawbacks and concerns?
Data Security/Governance
There are certainly some unknowns and concerns over the current DEPA model. One such drawback is the confusion around the privacy of the data once it has reached an FIU.
As an FIU, I am going to be consuming and processing data — if I store the processed and organised data insecurely, data leaks could still occur. We have seen before how even billion dollar companies can screw up by keeping customer data stored on unsecured AWS databases and other random publicly accessible infrastructure (famously with Aadhaar data).
Hopefully the upcoming Personal Data Protection Bill (SriKrishna Bill) will clear up many of the ambiguities around data governance, but the legal system should be the last resource for punishing bad actors. We need private sector solutions to the problem of data governance, especially for banks and other similarly technologically cumbersome data fiduciaries. I am a huge proponent of bug bounties and would like to see them introduced by FIUs, FIPs, AAs, and regulators.
(I will be posting a breakdown of the SriKrishna Bill in the next 2 days so make sure to subscribe here or follow me on Twitter @AaryamanVir)
Key Management
I haven’t yet had a chance to review the technical plans for handling key transfer/management, but coming from a blockchain background, I am acutely aware of how clunky and suboptimal most key management systems can be. Until I know more, I will just say that I hope key management is handled well so that we can get maximum convenience and security when it comes to verifying, signing, and encrypting data.
Is RBI the right regulator for this stuff?
There are also some concerns that having RBI be the main regulator and technology standard creator (via REBIT) may be problematic. Personally, I am not concerned about this and would rather see how the system evolves with use rather than try to predict potential overreaches or abuses by any party.
After all, a similar argument could have been made around RBI and UPI. As we all saw, NPCI played the winning role in the creation of UPI and was the perfect go-between for RBI, the private sector, and the interests of consumers and developers.
In mirrored fashion, Sahamati will play the role in DEPA that NPCI played in UPI. A conscious decision was made to give Sahamati the operational freedom to set and run certification programs, drive evangelisation of DEPA, and build the right conditions required for this initiative to succeed. Sahamati will operate as a non profit that will be funded by the RBI, AAs, and FIUs — it is NOT an AA as some publications have been reporting *facepalm*
Will public and private sector organisations actually adopt this?
The first slew of ecosystem participants have been directly mandated to conform to the expected standards by RBI via the 2016 directive on AAs. The next wave of FIUs (telcos, private corporations, others) will be incentivised to come on board the DEPA system due to the principal of reciprocity. If any organisation wishes to be an FIU, they must also be an FIP. Since there are so many reasons why an organisation might want to be an FIU (cleaner, cheaper, faster access to customer data), it stands to reason that they will all become FIPs as well.
Personally I appreciate this approach — forcing adoption of technology via diktat seems too heavy-handed and could damage the ecosystem if done wrong. Giving companies a choice to either leverage the system or leave it altogether is a good approach that will accelerate the ubiquity of the system while also rewarding the early adopters and technologically forward looking companies.
Despite my endorsement of free market policies, I do support the decision to force banks and finserv companies to adopt DEPA due to the following reasons:
The data they hold is too valuable and urgently needs to be freed up in order to give consumers more control and choice over their financial service providers (thats why the EU and UK are forcing Open Banking down the throats of their banks)
Banks typically really suck at adopting and rolling out new technology unless forcefully handheld by regulators
Having a situation in which some banks allow this and others don’t will probably create a really confusing market dynamic for customers and businesses
Low adoption by the public
The adoption of AAs and DEPA by the public will largely be down to the ingenuity of the private sector. Will we be able to build killer apps that pull people onto the platform? Can we build products that generate real value for users? If we can, there is no doubt people will adopt it just as they have adopted UPI.
Luckily, we are likely to get plenty of help and support by the government and large corporates. The banks all view DEPA as a market expansion opportunity (it makes it easier to access customers and more also creates incentives for customers to open bank accounts etc), so they will be pushing the system hard. The government is also very excited about this, and we have Mister Nilekani and a slew of high ranking bureaucrats all championing this open-data ecosystem.
I would be surprised if we see low public adoption of this system.
The system shares too many overlaps with DigiLocker
This is true. DigiLocker and DEPA were both built with very similar design principles in mind: to prioritise consent and interoperability in the sharing of data.
However, there are a few key differences. DigiLocker focuses on ‘lifetime documents’ — documents that are issued once but used recursively ie. Aadhaar, school certificates etc. On the other hand, DEPA prioritises the sharing of transactional data which gets updated regularly ie. bank statements.
As a result, there may be scope for the two to coexist. Digilocker should ideally be a quasi-FIP ( DigiLocker doesn’t usually store the documents itself), since it has already done the legwork of bringing various real FIPs like UIDAI, Govt. departments, schools etc. on board. There is also a possibility that DigiLocker becomes an AA itself, but I don’t know if that makes sense.. I guess time will tell what happens to DigiLocker.
Ultimately though, we should view DigiLocker as a kind of precursor to DEPA. It would be great if we could transfer the learnings, data, and integrations of DigiLocker to DEPA. Interestingly, FIPs on DigiLocker come from across the economy, whereas the first wave of participants in the AA ecosystem are all necessarily from within the jurisdictions of RBI, SEBI, IRDA, and PFRDA. That may be a valuable point that helps in seeding the DEPA ecosystem and creating synergies with DigiLocker.
You mentioned a few startup ideas arising from the introduction of DEPA?
Yes, I did. Here are some business ideas that come to my mind as a result of this new digital public good:
Data governance SaaS company
Thanks to DEPA, companies will be accessing lots of sensitive customer data
Thanks to the Data Protection Bill, companies will be on the hook if they mismanage this data
As a result, data fiduciaries have no excuse to hide behind should they screw up their data governance and security
And as we all know, traditional corporates suck at making software. Banks are especially bad at this. They need products that will help them in managing their consent artefacts, securing user data, and providing transparency and security within their systems.
I hope some startups can provide a solution to this problem.
New age credit rating agencies and registries
Its now going to be possible to capture a lot of user data
Users may want somebody to analyse their finances and behaviour in order to provide them advice, opportunities, or validation
When I say validation I mean the following — I have great repayment histories and financial behaviour, but a lot of this is not captured by traditional credit scores like CIBIL. I want an impartial assessment of my behaviour which will help me get the best offers from new age lenders
It will be possible to Public Credit Registries that go down to the granular level, not just for large corporate borrowers
You could also create registries of all kinds now by pulling data from many sources (eg. you can pull insurance data directly into the credit registry). I don’t know what registries would be useful to keep track of — healthiest individuals? Most active traders or investors? Highest donators to charity? No idea but the possibilities seem endless if all databases now become open to aggregation and analysis
Fintech marketplace
I covered this in prior sections of the article
Analyse my banking history
Tell me how I can save or earn more money by switching to different products or vendors
Take a cut of the savings/earnings
Neobanks & Neo lenders
Also covered in an earlier section
Consume my banking data
Give me a consolidated view of my finances and spending
Enable me to find offers and make payments
Or in the case of neolenders, access data that was previously hard to get and build new underwriting and disbursal models to lend
Bulk buying marketplace
Consume my GSTN data to see what my business buys and how often
Aggregate dozens of buyers who make repeat purchases and help me get economies of scale
There are loads more use cases and ideas but I have already spent far too long on this article and I am just eager to get it out there in the open now.. But I do encourage people to reach out to me to brainstorm further!
OK this article is already too long and meandering, what are some timelines here?
August 2019: Testing with banks and AAs
October 2019: Formal launch of Sahamati, closed user trial in insurance and taxation. AAs get to test with thousands of real FIP customers.
November 2019: Fingers crossed the Data Protection Bill is enacted during the winter session of Parliament
December 2019: A full citizen launch of DEPA with 50 FIPs (inshallah). The plan is to have the PM inaugurate it!
Concluding remarks
In order for any society to achieve maximal “efficiency”, defined (by me) as the ease of administering and receiving goods and services, certain building blocks need to be in place.
These building blocks are:
Identity systems
Payments systems
Data and documentation systems
(communication and transport systems are also vital but we have had those for a while)
With Aadhaar, UPI, and DEPA, we have the infrastructure in place to build a highly efficient digital economy.
Having said that, we must recognise that there will likely be flaws and issues with these systems, including DEPA. Any system can be expected to have vulnerabilities. This should not lead us to condemn or politicise these systems the way Aadhaar was unfairly condemned and politicized. We need more informed discourse around these issues, particularly from the tech and startup communities. Too few people educate themselves about the nuances of a topic before jumping tostrongly held opinions.
The SriKrishna bill and DEPA show that utility, privacy, and agency over one’s own data are the guiding principles in our legal and governmental tech policies. This is hugely commendable. We should encourage this thinking and get the public more involved by continuing our traditional of open source development and bug bounty programs. It would also be super helpful if the courts once again liberalised the restrictions around Aadhaar usage (once the SriKrishna Bill is enacted, of course). We’ll really be able to zoom ahead once eSign, eKYC, eNACH etc. can be properly used by startups again.
I feel like we are standing at an inflection point; we have a huge opportunity to build a world-class digital economy. I hope that you, my reader, feel the same enthusiasm and excitement to build for India that I do, and that you dive into this ecosystem wholeheartedly. And I hope that you learned something worthwhile because of this article!
Who is Aaryaman?
I am an entrepreneur and investor from Mumbai. I co-founded a company called Elemential Labs which made developer tools for blockchain developers. We were funded by Matrix, Lightspeed, and a bunch of other investors. I left the company (which is still full of unbelievably smart and great people) to start Prophetic Ventures.
You can find out more about Prophetic at www.prophetic.ventures — do check out our website, it has a bunch of information about our philosophy and portfolio etc. As you can tell, we love IndiaStack and fintech :)
I love building startups and helping other founders build startups. Please do reach out to me for any feedback or just to chat. I am always looking for new people and companies to fund and learn from.
In the next few weeks I will be posting articles about various topics; if you have any requests for a write up, let me know. I am available at aaryaman[at]prophetic[dot]ventures and on Twitter at @AaryamanVir
Bonus Anecdotes and Miscellaneous Information
GSTN Data is oil, start drilling!
One of the funny moments from the 25th July event was when the Secretary of MeiTY (Ministry of IT) recounted the following story:
“I was talking to [the head of the GSTN platform] and I told him — “You are the Sheikh of Saudi Arabia, and GSTN data is your oil!”
There is clearly a huge amount of valuable data lying in the GSTN platform, hopefully some of our brilliant entrepreneurs can learn to unlock it soon with DEPA!
Lending fintechs are drooling over DEPA
I spoke to a lending fintech CEO and he told me that being able to access taxation and banking data for 30 rupees a pop would be a “huge improvement” over current systems.
What do i need to become an AA?
AAs are a type of NBFC, and they are required to hold a Net Owned Funds deposit of 2 Crores in order to obtain their license. This capital requirement is not needed in order to apply for an in-principle license though, so startups can focus on getting their licenses first and then raising money afterwards. Reach out to Sahamati to find out more about the AA application process.
Further Reading:
RBI Directive which regulates AAs
iSpirt write up on DEPA and its place in IndiaStack