Ease of doing business for MSMEs: While there is rapid growth with the AA network, the key challenge here especially for the MSME sector is around lack of awareness.
Ease of doing business for MSMEs: The anticipation of India’s Goods and Services Tax Network (GSTN) to be integrated with the country’s Account Aggregator (AA) network by July 1, 2023, will be a boon to over 1 crore MSMEs who will then be able to easily access credit from authorized lenders. AAs enable access to customized financial products and services, and faster credit assessment by easing data sharing with approved financial institutions.
Since the AA framework was announced by the Reserve Bank of India (RBI) in September 2021, nearly 100 regulated financial institutions have been onboarded which includes all major PSU and private sector banks. The rapid adoption of AA signals a new era in financial inclusion, especially for MSMEs who face a vast credit gap in India. In the last year, banks and non-banking financial companies (NBFCs) have disbursed over Rs 6,000 crores of loans through AA-based underwriting.
While there is rapid growth with the AA network, the key challenge here especially for the MSME sector is around lack of awareness. Consider the fact that while there are over 1 billion AA-enabled accounts in India – only some 2 million accounts are voluntarily sharing their financial data.
Although AA is a secure network that mandatorily seeks user consent before any data is shared, small business owners have always cited concerns about the security and privacy of any of their financial data online. When it comes to last-mile borrowers, there are many who still refuse to even access their bank accounts online. According to a survey conducted by CRISIL last year, around 80 per cent of MSME respondents were hesitant to share their financial data online due to the fear of data theft. Sharing sensitive information with third-party entities through an aggregator may further raise apprehensions about data breaches, unauthorized access, or misuse of data.
Building trust in the AA ecosystem is crucial for widespread adoption. For example, more users today understand that the data on the AA network is shared with consent only but not enough know that they have control over the consent duration and which entities can access their data at any given time. It is not blanket consent for all entities to access their data without their knowledge. This is an important point of value for small businesses to understand fully.
Similar to UPI, a strong educational and informational push will be necessary to capture the attention of MSMEs and encourage active participation within the ecosystem, ultimately allowing them to realize its advantages.
The RBI set forth a series of well-considered data privacy regulations to protect the users and limit fraudulent usage by any of the entities that will be on the AA network.
Despite a strong checks-and-balance system in place with AA, hackers worldwide stay a step ahead and BFSI attracts a set of its own with rampant phishing, malware, and other forms of unauthorized data access. In 2022, India emerged as a global hotspot and the most attacked nation in Asia. Ransomware attacks jumped 51 per cent in India. Despite this alarming trend, it is important to note that an IBM study showed that human error is the main cause of 95 per cent of cybersecurity breaches. Data in fact is encrypted and far more secure to share via AA vs traditional physical document sharing where some financial institutions still require multiple copies of each.
Therefore, the BFSI sector must follow the RBI guidelines to a tee around data storage, data sharing etc and they must build their systems with zero trust methodology, that is, trust no one and verify first. Zero trust will mitigate the majority of the common security access challenges where human errors abound, it will provide conditional access on a need-to-know basis while reducing overreliance on passwords. The zero trust model prepares the network to avoid being compromised by addressing definite user or application or server vulnerabilities.
The RBI set forth a series of well-considered data privacy regulations to protect the users and limit fraudulent usage by any of the entities that will be on the AA network.
Despite a strong checks-and-balance system in place with AA, hackers worldwide stay a step ahead and BFSI attracts a set of its own with rampant phishing, malware, and other forms of unauthorized data access. In 2022, India emerged as a global hotspot and the most attacked nation in Asia. Ransomware attacks jumped 51 per cent in India. Despite this alarming trend, it is important to note that an IBM study showed that human error is the main cause of 95 per cent of cybersecurity breaches. Data in fact is encrypted and far more secure to share via AA vs traditional physical document sharing where some financial institutions still require multiple copies of each.
Therefore, the BFSI sector must follow the RBI guidelines to a tee around data storage, data sharing etc and they must build their systems with zero trust methodology, that is, trust no one and verify first. Zero trust will mitigate the majority of the common security access challenges where human errors abound, it will provide conditional access on a need-to-know basis while reducing overreliance on passwords. The zero trust model prepares the network to avoid being compromised by addressing definite user or application or server vulnerabilities.
