Account Aggregator India 2026 — Setu, Onemoney, Finvu, NeSL Explained

How AA works: (1) You sign up at any of the licensed Account Aggregators — Setu, Onemoney, Finvu, NeSL, CAMS Finserv, PhonePe AA, Aditya Birla AA, etc. (2) You link your bank, MF, insurance, NPS, EPF, or demat accounts via the AA app (one-time KYC + OTP confirmation per FIP). (3) When an FIU (lender, wealth-tech, financial advisor) needs your data, it sends a CONSENT REQUEST through the AA. (4) You approve the consent on your AA app — specifying which accounts, what data, for how long. (5) The FIU receives the data directly from the FIP, encrypted end-to-end. (6) The AA itself NEVER sees the data — it only routes consents and audit trails.

Licensed AAs as of 2026: NBFC-AA licensed entities include Setu (Pine Labs), Onemoney (FinSec Innovation), Finvu (Cookiejar Technologies), NeSL Asset Data Limited (NeSL Group), CAMS Finserv (NSDL/CAMS), Aditya Birla AA, Yodlee Finsoft, Cygnet AA, Anumati (PhonePe). All are regulated by RBI as Non-Banking Financial Companies (Account Aggregators) — they cannot lend or hold money, only route data.

FIPs (Financial Information Providers) live on AA: all scheduled commercial banks, all UCBs (Urban Cooperative Banks) being onboarded, NSDL + CDSL depositories (demat data), CKYC, KFin and CAMS (mutual fund data), NPS Trust, EPFO, GSTN, IRDAI-regulated insurers (term + health + ULIP). The framework covers ~90%+ of an Indian household's financial data footprint as of June 2026 — comparable to or broader than US Plaid coverage.

Use cases: (1) Loan applications — banks pull your bank statements + ITR directly via AA instead of asking you to upload PDFs. (2) Wealth management — apps like INDmoney, Cube Wealth, Smallcase consolidate your holdings via AA consent. (3) Insurance — life + health insurers pull income + asset data for term policies and health claim processing. (4) Personal finance apps — net-worth tracking apps pull multi-bank balances without asking for passwords (the dangerous 'screen-scraping' alternative). (5) Compliance — Account Aggregators integrate with GSTN for business expense + GST reconciliation. (6) MSME lending — Aadhaar + GST + bank-statement-based credit scoring without manual document collection.

Security and privacy guarantees: (1) AAs are LEGALLY BARRED from seeing the underlying financial data — they only route consents and audit trails. (2) Data is encrypted end-to-end from FIP to FIU using the FIU's public key — even the AA's database never decrypts it. (3) Consent is granular — you can specify exact accounts, exact data types (only balances, or only transactions, or only income summary), exact time windows (one-time fetch vs ongoing monthly pull), and exact validity periods (max 365 days). (4) Revocable anytime — you can withdraw consent in your AA app; the FIU stops receiving updates immediately. (5) Audit trail — every consent grant, every data pull is logged immutably for regulatory review.

AA vs Plaid — key differences: (1) Plaid is a private US company; AAs in India are RBI-regulated NBFC-AA entities, a stricter regulatory category. (2) Plaid uses bank-credential-based screen-scraping for many institutions (you give Plaid your bank password); AAs in India use OAuth-style consent — your bank password is never shared with the AA or FIU. (3) Plaid coverage in India is limited (only a handful of Indian banks); AA covers ~90%+ of Indian banks + MF + insurance. (4) AAs are mandatory under RBI's framework — banks must onboard as FIPs by progressive deadlines; Plaid has no regulatory mandate. (5) Cost structure differs — Plaid charges FIUs per API call; AAs have RBI-prescribed pricing (typically a flat fee per consent).

When Richify ships AA integration: as of June 2026, Richify is manual-entry only — Plaid integration was originally planned but the more sensible India route is via AA framework (broader bank coverage, stronger privacy guarantees, regulatory alignment). When live, Richify will connect via one of the licensed AAs (Setu or Finvu likely) to pull bank balances, MF holdings (via CAMS/KFin), EPF (via EPFO), NPS (via NSDL CRA), and demat (via NSDL/CDSL) — all via consent grants in the AA app, no passwords ever shared with Richify. Until then, manual entry remains the only path.