TheArtOfService
Back to Frameworks

India Account Aggregator Framework (RBI)

Self-Assess
India (RBI)
v2016 (updated 2021)
8 domains
8 controls

The Reserve Bank of India (RBI) Account Aggregator (AA) framework enables consent-based sharing of financial data between Financial Information Providers (FIPs) and Financial Information Users (FIUs) through licensed Account Aggregators. Operationalised through the RBI Master Direction on NBFC-Account Aggregator (2016, updated 2021). Uses the Data Empowerment and Protection Architecture (DEPA) for consent management. Covers banking, insurance, securities, pension, and tax data.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (8)

RBI AA Audit + Logging + Authentication

1 controls
Controls in the RBI AA Audit + Logging + Authentication domain of India Account Aggregator Framework (RBI)1 controls
CodeTitle
RBI-AA-Audit-Logging-IT-System-Audit-Consent-Lifecycle-AuthenticationRBI AA Audit + Logging - IT System Audit + Consent Lifecycle Logging + Customer Authentication + Bi-Annual Audit + RBI Inspection + Sahamati Compliance Reporting

RBI AA Consent Architecture

1 controls
Controls in the RBI AA Consent Architecture domain of India Account Aggregator Framework (RBI)1 controls
CodeTitle
RBI-AA-ConsentArchitecture-ConsentArtefact-ExplicitConsent-PurposeLimitation-CustomerDashboard-ORS-CMPRBI AA Consent Architecture - Consent Artefact + Explicit Customer Consent + Purpose Limitation + Customer Consent Dashboard + Online Revocation Service + Consent Management Provider

RBI AA Customer Protection

1 controls
Controls in the RBI AA Customer Protection domain of India Account Aggregator Framework (RBI)1 controls
CodeTitle
RBI-AA-CustomerProtection-Grievance-Redressal-Fees-Transparency-RBI-OmbudsmanRBI AA Customer Protection - Grievance Redressal Mechanism + Fee Transparency + RBI Integrated Ombudsman + Customer Awareness + Internal Grievance Officer + Sahamati Dispute Resolution

RBI AA Ecosystem

1 controls
Controls in the RBI AA Ecosystem domain of India Account Aggregator Framework (RBI)1 controls
CodeTitle
RBI-AA-Ecosystem-FIPs-FIUs-Interoperability-Onboarding-Sahamati-DPI-IndiaStackRBI AA Ecosystem - Financial Information Providers (FIPs) + Financial Information Users (FIUs) + Interoperability + Sahamati SRO Onboarding + DPI India Stack + Cross-Sector Regulators

RBI AA IT + Data Protection

1 controls
Controls in the RBI AA IT + Data Protection domain of India Account Aggregator Framework (RBI)1 controls
CodeTitle
RBI-AA-IT-DataProtection-Transience-NoStorage-E2EE-DataLocalisation-IS-PolicyFrameworkRBI AA IT + Data Protection - Data Transience + No Storage at AA + End-to-End Encryption + Data Localisation in India + Information Security Policy + RBI IT Framework for NBFC-AA

RBI AA Incident Response + Resilience

1 controls
Controls in the RBI AA Incident Response + Resilience domain of India Account Aggregator Framework (RBI)1 controls
CodeTitle
RBI-AA-IncidentResponse-Resilience-RBI-CERT-In-BCP-DR-ContinuityRBI AA Incident Response + Resilience - Cyber Incident Reporting to RBI + CERT-In + Business Continuity + Disaster Recovery + Resilience + Customer Communication + Forensics

RBI AA Industry Standards + Coordination

1 controls
Controls in the RBI AA Industry Standards + Coordination domain of India Account Aggregator Framework (RBI)1 controls
CodeTitle
RBI-AA-Sahamati-SRO-IndustryStandards-DPDPAct-RBI-CSF-Coord-DPI-IndiaStackRBI AA Sahamati SRO + Industry Standards + DPDP Act 2023 + RBI Cyber Security Framework + Coordination with DPI India Stack + Cross-Sector + International AA Equivalents

RBI AA Registration + Licensing

1 controls
Controls in the RBI AA Registration + Licensing domain of India Account Aggregator Framework (RBI)1 controls
CodeTitle
RBI-AA-Registration-Licensing-NBFC-AA-NetOwnedFunds-FitAndProper-MD2016RBI AA Registration + Licensing - NBFC-Account Aggregator (NBFC-AA) Category + Net Owned Funds + Fit and Proper Criteria + RBI Master Direction 2016 + Governance

Your Compliance Coverage

If you comply with India Account Aggregator Framework (RBI), you already cover:

Family Educational Rights and Privacy Act (FERPA)

25%

2 controls mapped

Compare →

ISO/IEC 27557:2022 - Organisational Privacy Risk Management

25%

2 controls mapped

Compare →

ISO/IEC 23837 - Security Requirements for Quantum Key Distribution

25%

2 controls mapped

Compare →

+ 49 more: ISO/IEC 29100:2024 (25%), ISO/IEC 38500:2024 - Governance of IT (25%)

See all 52 mapped frameworks ↓

Maps to 52 other frameworks

8 total controls
Family Educational Rights and Privacy Act (FERPA)
2 source controls mapped|4 target controls covered
25%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
2 source controls mapped|5 target controls covered
25%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
2 source controls mapped|3 target controls covered
25%
ISO/IEC 29100:2024
2 source controls mapped|6 target controls covered
25%
ISO/IEC 38500:2024 - Governance of IT
2 source controls mapped|4 target controls covered
25%
ISO/IEC 29134:2023
2 source controls mapped|5 target controls covered
25%
ISO/IEC 27014:2020
2 source controls mapped|4 target controls covered
25%
ISO/IEC 27400:2022
2 source controls mapped|5 target controls covered
25%
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
2 source controls mapped|6 target controls covered
25%
FedRAMP Rev 5
2 source controls mapped|3 target controls covered
25%
Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018)
2 source controls mapped|1 target controls covered
25%
FTC GLBA Safeguards Rule (16 CFR Part 314)
2 source controls mapped|1 target controls covered
25%
Florida Digital Bill of Rights (FDBR)
2 source controls mapped|3 target controls covered
25%
SWIFT CSCF
1 source controls mapped|1 target controls covered
13%
ISO/IEC 27050 - Electronic Discovery (Parts 1-4)
1 source controls mapped|1 target controls covered
13%
21 CFR Part 58 - Good Laboratory Practice (GLP)
1 source controls mapped|2 target controls covered
13%
BRCGS Global Standard for Food Safety Issue 9
1 source controls mapped|3 target controls covered
13%
Illinois Biometric Information Privacy Act (BIPA)
1 source controls mapped|1 target controls covered
13%
ISO/IEC 30111:2019
1 source controls mapped|3 target controls covered
13%
ISO/IEC 29147:2018
1 source controls mapped|3 target controls covered
13%
ISO 19011
1 source controls mapped|2 target controls covered
13%
ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence
1 source controls mapped|2 target controls covered
13%
ISO 31000:2018
1 source controls mapped|1 target controls covered
13%
ISO/IEC 27004:2016
1 source controls mapped|3 target controls covered
13%
ISO/IEC 29115:2023 - Entity Authentication Assurance Framework
1 source controls mapped|1 target controls covered
13%
ASIS SPC.1-2009 - Organizational Resilience Standard
1 source controls mapped|1 target controls covered
13%
IEC 62351 - Power Systems Communication Security
1 source controls mapped|1 target controls covered
13%
ISO/IEC 27007:2020
1 source controls mapped|1 target controls covered
13%
ISO/IEC 27031:2011
1 source controls mapped|1 target controls covered
13%
IEC 60601-1 - Medical Electrical Equipment Safety
1 source controls mapped|2 target controls covered
13%
ISO/IEC 27011:2024
1 source controls mapped|3 target controls covered
13%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
1 source controls mapped|1 target controls covered
13%
FATF Recommendation 16 - Virtual Asset Travel Rule
1 source controls mapped|1 target controls covered
13%
FDA Quality Management System Regulation (QMSR)
1 source controls mapped|1 target controls covered
13%
IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)
1 source controls mapped|1 target controls covered
13%
ICH Q10 - Pharmaceutical Quality System
1 source controls mapped|2 target controls covered
13%
ICH E6(R3) - Good Clinical Practice
1 source controls mapped|1 target controls covered
13%
ICAO Annex 17 - Aviation Security (AVSEC)
1 source controls mapped|1 target controls covered
13%
IATF 16949:2016 - Quality Management System for Automotive Production
1 source controls mapped|2 target controls covered
13%
IATA Operational Safety Audit (IOSA) Standards Manual
1 source controls mapped|1 target controls covered
13%
IAEA Nuclear Security Series - Computer Security at Nuclear Facilities (NSS-17-T Rev 1)
1 source controls mapped|3 target controls covered
13%
HKMA SPM
1 source controls mapped|1 target controls covered
13%
HKMA Cyber Resilience Assessment Framework (C-RAF)
1 source controls mapped|1 target controls covered
13%
HITECH Act
1 source controls mapped|2 target controls covered
13%
GLI-33 - Gaming Laboratories International Event Wagering Systems
1 source controls mapped|1 target controls covered
13%
GLBA
1 source controls mapped|1 target controls covered
13%
GAMP 5 - Good Automated Manufacturing Practice
1 source controls mapped|2 target controls covered
13%
French Sapin II Law (Law No. 2016-1691)
1 source controls mapped|1 target controls covered
13%
Russia Federal Law on Personal Data (152-FZ)
1 source controls mapped|2 target controls covered
13%
IEEE 7000
1 source controls mapped|1 target controls covered
13%
Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486)
1 source controls mapped|2 target controls covered
13%
Global Cross-Border Privacy Rules (Global CBPR) Forum
1 source controls mapped|1 target controls covered
13%
Compare India Account Aggregator Framework (RBI) with Family Educational Rights and Privacy Act (FERPA)

Frequently Asked Questions

What is India Account Aggregator Framework (RBI)?

India Account Aggregator Framework (RBI) is a compliance framework from India (RBI) with 8 domains and 8 controls. The Reserve Bank of India (RBI) Account Aggregator (AA) framework enables consent-based sharing of financial data between Financial Information Providers (FIPs) and Financial Information Users (FIUs) through licensed Account Aggregators. Operationalised through the RBI Master Direction on NBFC-Account Aggregator (2016, updated 2021). Uses the Data Empowerment and Protection Architecture (DEPA) for consent management. Covers banking, insurance, securities, pension, and tax data. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does India Account Aggregator Framework (RBI) have?

India Account Aggregator Framework (RBI) has 8 controls organised across 8 domains. The largest domains are RBI AA Audit + Logging + Authentication (1 controls), RBI AA Consent Architecture (1 controls), RBI AA Customer Protection (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does India Account Aggregator Framework (RBI) map to?

India Account Aggregator Framework (RBI) maps to 52 other compliance frameworks. The top mapping partners are Family Educational Rights and Privacy Act (FERPA) (25% coverage), ISO/IEC 27557:2022 - Organisational Privacy Risk Management (25% coverage), ISO/IEC 23837 - Security Requirements for Quantum Key Distribution (25% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with India Account Aggregator Framework (RBI) compliance?

Start your India Account Aggregator Framework (RBI) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about India Account Aggregator Framework (RBI) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required