India's Approach to Open Banking: Some Implications for Financial Inclusion
  • 1 https://isni.org/isni/0000000404811396, International Monetary Fund

Contributor Notes

We examine how the development of the digital infrastructure known as the “India Stack”—including an interoperable payments system, a universal digital ID, and other features—is delivering on the government’s objective to expand the provision of financial services. While each individual component of the India Stack is important, we argue that its key overarching feature is a foundational approach of providing extensive public infrastructures and standards that generates important synergies across the layers of the Stack. Until recently, a large share of India’s population lacked access to formal banking services and was largely reliant on cash for financial transactions. The expansion of mobile-based financial services that enable simple and convenient ways to save and conduct financial transactions has provided a novel alternative for expanding the financial net. The Stack’s improved digital infrastructures have already allowed for a rapid increase in the use of digital payments and the entry of a range of competitors including fintech and bigtech firms.

Abstract

We examine how the development of the digital infrastructure known as the “India Stack”—including an interoperable payments system, a universal digital ID, and other features—is delivering on the government’s objective to expand the provision of financial services. While each individual component of the India Stack is important, we argue that its key overarching feature is a foundational approach of providing extensive public infrastructures and standards that generates important synergies across the layers of the Stack. Until recently, a large share of India’s population lacked access to formal banking services and was largely reliant on cash for financial transactions. The expansion of mobile-based financial services that enable simple and convenient ways to save and conduct financial transactions has provided a novel alternative for expanding the financial net. The Stack’s improved digital infrastructures have already allowed for a rapid increase in the use of digital payments and the entry of a range of competitors including fintech and bigtech firms.

I. Introduction1

Over the past ten years, India has seen an ambitious overhaul of its digital infrastructure through the development of the so-called “India Stack.”2 The main objectives of this initiative have been to promote financial inclusion through increased access to financial services, improve the delivery of public services and benefits, and increase competition in the Indian financial sector. The Indian approach has had early success in promoting large increases in the number of individuals with bank accounts3 and access to digital payment services among India’s large previously unbanked population, earning praise for the speed with which financial inclusion has been increased (D’Silva et al., 2019). Moreover, these measures have set in motion a significant expansion of digital payments, with a more gradual progression in active use of new bank accounts. Based on the experience of other countries, this can support an expansion of broader financial services provision, with products offered that leverage data harvested from payments activity.

In Carrière-Swallow & Haksar (2019, 2021), we argued that policies regulating the flow of data in the economy—including sectoral policies such as open banking frameworks—have important macroeconomic and financial implications. In this paper we argue that the Indian approach points to important synergies across the provision of three public goods. Its greatest promise lies in the trifecta of digital ID with a low entry cost, a system of open APIs facilitating inter-operability in payments, albeit in a regulated space, and—perhaps most importantly—a mechanism to operationalize individuals’ control over their personal data. This is a key step in operationalizing a data policy framework that grants individuals and companies rights to control access to their data. The introduction and regulation of data fiduciaries (referred to and regulated as “account aggregators” in India)4 could reduce some of the risks to privacy and identity theft that may in principle arise from the more widespread sharing of data envisaged in other open-banking applications.

What has set the Indian approach apart from many other open banking and broader data policy frameworks implemented around the world is its foundational approach based on the provision of extensive public infrastructures and standards. This has provided a platform for operationalizing user-authorized data portability and interoperability across the economy. The stack comprises four layers of infrastructure and standards: (i) digital identity; (ii) an inter-operable payments interface; (iii) digitalization of documentation and verification; and (iv) a consent layer—still under construction—for the management of individual data through regulated intermediaries.

This paper begins with some context on the Indian financial landscape prior to the implementation of the India Stack reforms. It goes on to describe the reforms that have defined India’s approach to open banking and open data. Finally, it discusses the main design choices in the India stack and some potential implications, with some commentary about the applicability of elements of the Indian approach in other countries.

II. The Indian Financial Landscape

Until as recently as 2011, access to financial services remained low in India (Figure 1), with only 35 percent of adults in India possessing a bank account, well below the average of other emerging market economies (Demirgüç-Kunt et al., 2018). Even fewer adults saved or borrowed with a financial institution, at 12 and 8 percent respectively. The financial sector landscape was dominated by the public sector, with 61 percent of banking assets held by public sector banks (IMF, 2019).

Figure 1.
Figure 1.

Financial Service Access and Intermediation in India

Citation: IMF Working Papers 2021, 052; 10.5089/9781513570686.001.A001

Source: Demirgüç-Kunt et al. (2018).Note: Compiled in 2011 using nationally representative surveys of more than 150,000 adults aged 15 and above in over 140 economies. In India, 3,000 people were surveyed. Emerging market peers are Argentina, Brazil, China, Indonesia, Kenya, Malaysia, Mexico, Peru, the Philippines, Romania, Russia, South Africa, Sri Lanka, Thailand, Turkey, Ukraine, and Vietnam.

Payments systems have an important role to play in promoting financial inclusion by facilitating the smooth operation and provision of financial services (BIS, 2016). The payments system in India had been gradually modernized through the establishment of the Real Time Gross Settlement (RTGS) system in 2004, and the passage of regulatory reform in 2007.5 The reform empowered India’s central bank, the Reserve Bank of India (RBI), to regulate and oversee all payment and settlement systems in the country and also to provide settlement finality together with a sound legal basis for netting (BIS, 2011). Despite these efforts, a low level of bank penetration went hand in hand with the population’s high degree of dependence on cash, with currency in circulation amounting to approximately 12 percent of GDP (Chaudhari et. al, 2019). Extensive use of cash took place despite several important constraints, including a high opportunity cost of holding cash and the limited availability of ATMs in India, at only 21 per 100,000 adults (IMF Financial Access Survey, 2018). A biproduct of reliance on cash for transactions is that they are often not recorded, thus generating no data for future use as a signal of company cashflow and consumer spending patterns.

Starting around 2010, several government initiatives set the stage for the expansion of financial access, laying a technological foundation for further improvements in financial inclusion.6 To explain the evolution of financial access and intermediation in India over the past decade, we document below the chronology of reforms and public sector initiatives beginning with the large-scale provision of a national digital ID. This sequence of reforms provided the basis for several elements in the financial sector development process.

Launch of the Aadhaar Digital ID

The Aadhaar identification system, launched in 2010, is a digital identity infrastructure with a very low unit cost of operations, to which all residents of India are entitled.7 Individuals may obtain an identification number that is unique and linked at the time of enrollment to their biometric identifiers—including photograph, ten fingerprints, and two iris scans—as well as basic demographic data.8 The twelve-digit number is randomly assigned at the time of enrollment, ensuring that no information about a person is contained in the number itself.9 Crucially for the goal of universality and promoting inclusion, registration for Aadhaar does not require previous physical identification, whether state-issued or otherwise, although the capture of biometric identifiers can be physically challenging in some groups (e.g., the elderly).

A motivating objective for introducing a national digital-identity system was to help improve the delivery of government services and reduce the leakages associated with its targeting (Sen, 2019). Aadhaar can be used to digitally authenticate individuals for a variety of public and private services, enabling biometric checks to reliably verify the identity of the holder, thus reducing the chances of false identities and fraudulent claims to state benefits. The Aadhaar number can be used across the country to authenticate an identity at any location, including online.

Interoperability is an important feature of the Aadhaar digital ID system that was not present by design in several other identity systems in India, such as tax cards, voting cards and drivers licenses.10 These legacy systems are more limited in scope and restricted to specific use cases, with a non-universal coverage, rendering them inadequate for identifying individuals across government services (Misra, 2019). Prior to Aadhaar, nearly half of India’s 1.2 billion residents lacked a nationally accepted ID, often reflecting the absence of a birth certificate due to the incomplete coverage of the civil registry system. These limitations restricted the effective delivery of social welfare programs and banking services, which were often precluded by the complexity of verifying identity.

The Aadhaar database contains basic personal data on almost all Indian residents, and a key focus of its governance has been to adequately protect user privacy while enabling the provision of efficient identification services. The Unique Identification Authority of India (UIDAI) is a public agency, not reporting directly to any other Ministry, that facilitates the collection of demographic and biometric data during Aadhaar enrollment (often by third-party intermediaries), verifies its uniqueness, and stores the information on a central identity repository. The UIDAI is given a public mandate to provide identification services of Aadhaar holders and may charge a fee for doing so that is deposited in a government account. In turn, it is subject to extensive regulation requiring it to protect individuals’ privacy, particularly by ensuring the security of their core biometric data.11 Also, recent litigation in India has limited the scope of mandating use of Aadhaar data by the public sector and for financial service provision.

Figure 2 reports the cumulative number of unique Aadhaar numbers registered to Indian residents since its launch in 2010. Within three years, about 600 million Aadhaar digital ID numbers had been issued, equivalent to roughly half the Indian population. And by 2017, over 90 percent of the Indian population possessed an Aadhaar and half of the identity holders had linked their bank accounts to their Aadhaar number.

Figure 2.
Figure 2.

Aadhaar Digital ID Enrollment

Citation: IMF Working Papers 2021, 052; 10.5089/9781513570686.001.A001

Source: UAIDI.

It should be noted that India is not the only, nor the first, country to have adopted a digitally verifiable unique identity system, with similar digital ID schemes in place in countries such as Estonia and Uruguay.12 According to the World Bank, 83 countries collect fingerprints or biometrics for issuing a digitized ID (World Bank ID4D Global Dataset, 2017). What sets the Indian experience apart is the large scale and low unit costs of operating the program, which aimed to create a digital ecosystem around the identity. These aspects enabled a large population of over a billion people to enroll in the program and quickly acquire a national identity that could be used in all aspects of economic life.

The technology that enabled Aadhaar as a foundational identity for a digital ecosystem involved several APIs. These APIs allow public and private service providers to authenticate identity using the underlying data biometrics, demographics, links to individual phones registered with Aadhaar to facilitate authentication by means of a One Time Password (OTP) (World Bank, 2017). Using these technologies, the launch of the digital ID was immediately followed by its linking with several public sector services, including banking services. For instance, to facilitate access to the banking system, the RBI enabled the holder of the Aadhaar ID to authorize a bank to obtain an electronic verification of her identity through the UIDAI in 2013.13 This new authorization procedure provided an electronic substitute for the Know Your Customer (KYC) procedure required for any bank onboarding process and was called e-KYC (for “electronic KYC”). The eKYC service adheres to the principle of data minimization, sharing only relevant demographic data and the photograph of the identity holder with the service provider, after the identity holder provides consent. According to one industry-linked think tank, this system has drastically reduced the cost of complying with regulatory KYC requirements during the onboarding process for opening bank accounts.14

Recent evidence on the linking of the unique ID to financial services shows positive benefits, in terms of efficient service delivery and reducing the leakages associated with benefits transfer. Muralidharan et al. (2016) study the impact of a biometrically authenticated payments infrastructure on beneficiaries of employment and pension programs. They find the new system effectively delivered a faster, more predictable, payments process that was also less prone to leakage. Similarly, Banerjee et al. (2020) provide evidence that digital financial platforms reduced the leakages of government funds, ensuring that they were directed to the intended beneficiaries.

Expansion of Banking Access

In August 2014, the Indian government launched a large-scale financial development program called the Pradhan Mantri Jan Dhan Yojana (JDY). Its objective was to provide access to banking services for all unbanked households in India together with convenient access to saving accounts through a debit card and mobile banking. A variety of features distinguished this financial inclusion program from previous similar programs15, including the provision of a no-frills, zero balance account with a debit card; access to mobile banking for funds transfer, overdraft facilities, and provision of basic life insurance coverage (approximately US$440) to all account holders (Agarwal et al., 2019).

Within a year of its inception, the program opened 166 million accounts, and has expanded since then with almost 384 million accounts in operation in 2019. Eighty percent of the accounts opened reside in public sector banks and half of these accounts have been opened in rural areas (RBI, 2018). An important feature of the JDY was that bank accounts under this scheme could be opened using the Aadhaar ID and subsequently linked to it for the transfer of government benefits.

As shown in Figure 3, the introduction and expansion of the JDY coincided with a period of rapid increase in financial access, in which the percentage of adults with a bank account increased from 35 percent in 2011 to 80 percent in 2017. This effect is also documented by Agarwal et al. (2019) using Indian administrative microdata, who find that the number of accounts steadily increased at a rate of 14 percent per month since the start of the program, with 77 percent of the accounts maintaining a positive but low balance (approximately US$7 in 2017, which is about 60 percent of the rural poverty line in India). As D’Silva et al. (2019) underscore based on cross-country experience, this represented an impressive leapfrogging with respect to traditional financial development processes, with India increasing access to bank accounts by what has taken countries at the same level of development 47 years to achieve.

Figure 3.
Figure 3.

Indicators of access to financial services in India

Citation: IMF Working Papers 2021, 052; 10.5089/9781513570686.001.A001

Sources: Demirgüç-Kunt et al. (2018) and IMF Financial Access Survey.

However, despite this surge in the number of new accounts, it is not clear that there has been a similar increase in the usage of financial services. Agarwal et al. (2019) find that 81 percent of new consumers do not deposit any money into their new accounts,16 and 87 percent do not withdraw any cash after opening the account. Based on analysis of the data reported in Demirgüç-Kunt et al. (2018), the effective use of financial services remains low despite increased access to finance in India (Figure 4). From 2011 to 2017, the share of adults in India who save with a financial institution increased only slightly from 12 to 20 percent and the percent of adults who borrow in fact decreased from 8 to 7 percent. In 2017, only about 39 percent of the survey respondents reported sending or receiving domestic remittances using a financial institution. The bulk of remittance transfer are conducted with cash, in person, or using a network of relatives and friends. Even among the population possessing a bank account, nearly half (48.5 percent) of the accounts remain inactive, making India the country with the highest inactivity rate in the world.17 It should be noted that one of the reasons for the low activity could be the low level of financial literacy. For instance, Sahay et al. (2020) document that the usage of digital financial services is found to be low in countries with lower digital and financial literacy.

Figure 4.
Figure 4.

International comparators of financial market development

Citation: IMF Working Papers 2021, 052; 10.5089/9781513570686.001.A001

Sources: Demirgüç-Kunt et al. (2018) and World Economic Forum.

Dupas et al. (2018) find similar cautionary evidence from the expansion of no-frill bank accounts in Chile, Malawi, and Uganda. In these countries, the authors conducted a small-scale experiment using a randomized control trial design, providing a subset of the selected sample households with an opportunity to open an account with no financial costs. They find that while take-up was high, only a small fraction of those that opened a bank account actually used it. The authors argue that their findings indicate that policies focused only on expanding access to basic accounts are unlikely to improve financial increases (savings and greater take-up of insurance) on their own. They do find some suggestive evidence that barriers such as transaction costs may be responsible for limited usage, suggesting that financial products that are tailored to overcome such frictions might offer a more effective solution. This points to an important role for the second layer of the stack, which offers digital payments to lower transactions costs.

A key question to consider once more data is available is the extent to which the expansion of digital payments through UPI have contributed to more active use of bank accounts. This channel may be weakened since payments in UPI no longer require a link to a bank account, with other mechanisms for funding through pre-paid wallets made possible by a 2018 reform.

Further Efforts at Digitalization—Fintech Mobile Money

Low banking intermediation in India is associated with a low level of financial market development more generally (WEF, 2019). Out of the four attributes contributing to financial market development, India scores low on both the affordability of financial services18 and ease of access to loans, reflecting in part the high cost of financial services (Figure 5). The unit cost of financial intermediation—proxied by banks’ net interest margin—has hovered about 3 percentage points in India during the past decade, above levels in advanced economies albeit lower than the average for emerging economies (World Bank, 2019). Thus, the growth in digitalization in this period does not seem to have been associated with increased efficiency, at a time when the financial sector remains dominated by state-owned banks that account for nearly 70 percent of assets in the nation’s banking sector.

Figure 5.
Figure 5.

India: Fintech Diffusion

Citation: IMF Working Papers 2021, 052; 10.5089/9781513570686.001.A001

Sources: IMF Financial Access Survey and World Bank. Fintech credit are from Cornelli et al. (2020).

One factor that has been shown to reduce the frictions confronting financial intermediation is the existence of a system that facilitates information sharing across financial institutions. Such systems, commonly known as credit bureaus or loan registries, can allow financial institutions to price, target and monitor loans and enhance competition in the credit market, and have been associated with deeper financial markets and a reduced cost of credit (Djankov, McLiesh and Schleifer, 2007). In India, the Credit Information Bureau India Ltd. (CIBIL) was established in 2000, and three other Credit Information Companies (CICs) were set up since the enactment of the Credit Information Companies (Regulation) Act (CICRA) in 2005.

However, as recently as 2014 the coverage of CICs accounted for only 19.8 percent of the adult population, and they did not collect individual- or firm-level data relating to income, personal financial information including ownership of a business, tax statements, utility payment records/telecom data, cheque bouncing, bankruptcies and court judgements (RBI, 2014). As part of its modernization efforts, from 2015 onwards, the RBI expanded the coverage of information collected and stipulated that all credit institutions are required to submit data on individuals and firms in the formal sector to credit registries. Currently India’s credit information companies cover approximately 56 percent of the population (World Bank Doing Business, 2019). Yet, a large portion of businesses operating in the informal sector and lower-income households are excluded from these credit registries, as they often lack the necessary information financial institutions require to assess their creditworthiness. This reduces their chances of getting financed and raises the cost of the loan when they do.

The advent and rapid growth of new financial technologies such as mobile money and digital wallets offer an innovative technological solution to fill the financial infrastructure gap and alleviate frictions related to the limited use of formal financial services. This is because the use of mobile money allows consumers to perform financial transactions in a relatively inexpensive and reliable way (Jack and Suri, 2014), eliminating geographic barriers, and can be used as a mechanism to hold savings by both the banked and unbanked (Morawczynski et al., 2009). As Figure 5 (left panel) shows, the number of mobile money accounts in India has grown rapidly, and these now serve over half the population (GSMA, 2018). For instance, Paytm, one of the largest mobile money service providers in India serves over 400 million users and over 14 million businesses as of 2019 (Business World, 2019). At these initial stages of expansion, already, mobile payments are estimated to account for 0.3 to 0.6 percent of GDP in India (BIS 2019, FAS 2019). For India, the large-scale expansion of mobile money is found to be associated with favorable economic outcomes, such as increased resilience to shocks for households and improved sales for firms operating in the informal sector (see Patnam and Yao, 2020). The expansion of mobile money was also accompanied by a rapid increase in fintech and bigtech lending (right panel), whose growth far exceeded the growth of domestic credit by the traditional financial sector (see Cornelli et al., 2020). Despite its rapid growth, it is important to note that fintech/bigtech lending remains a very small share (about 0.1 percent) of overall lending.

Recognizing the rapid growth of private sector led mobile-banking and credit growth, and its role in improving financial inclusion, the RBI established a differentiated banking regime in India by issuing guidelines for the licensing of payments and small finance banks (IMF, 2017). Payments banks can provide payment and domestic remittance services and demand deposit products but are not permitted to lend (RBI, 2014).

Unique Payments Interface

The growth of mobile payments and the incorporation of its service providers into the formal banking system was accompanied by a re-think of the payments infrastructure in India. Indeed, a key reason for establishment of the UPI was to support the provision of cheaper financial services. A decade ago the RBI processed wholesale settlement amongst banks, but Cook and Raman (2019) argue that India’s retail payments systems still lacked a clear regulatory structure and lagged behind especially for low-value transactions.19 In 2007, the Payment and Settlement Systems (PSS) Act authorized the RBI to create a separate nongovernmental institution to operate retail payment systems.20 This led to the inception of an independent not-for-profit organization, the National Payments Corporation of India (NPCI), overseen by the RBI in its role as a regulator of the national payments system (see Saroy et.al., 2020 for additional details on the regulatory timeline of payment systems).21 By 2018, the NPCI processed 48 percent (by value) of all electronic payment transactions in India (RBI, 2018).

Upon creation, the RBI transferred the operation of ATM operations to the NPCI whose role in debit/credit card transactions has since then increased. Taking advantage of the Aadhaar foundational ID, the NPCI began to offer the choice of linking a person’s debit card to their Aadhaar identity. Prior to this, the use of credit and debit cards in India was very low with approximately 20 million credit cards in the country and only two million digital payment acceptance points, such that in effect, many features of card-based payment systems were inaccessible to the larger population (Raghavan, Jain and Varma, 2019).

This innovation was also central to India’s ambitious financial inclusion initiative, the JDY, where each of the new accounts created were accompanied by an Aadhaar linked “Rupay” debit card. By 2011, the National Payments Corporation of India (NPCI) launched the Aadhaar Payments Bridge (APB) and the Aadhaar Enabled Payments System (AEPS), which use the Aadhaar number as a central key for channeling government benefits and subsidies electronically to the intended beneficiary’s bank account.22 These payment services were in part created to help achieve the government’s vision of linking the JDY bank accounts, Aadhaar numbers, and mobile phone numbers—the so-called JAM initiative (JDY bank accounts, Aadhaar ID and Mobile payments)—to solve frictions and increase access to finance in India.

However, the growth of private non-bank fintech providers added new dimensions as the payments systems in place were not interoperable outside of the public-sector financial landscape which limited the ability of nonbank fintechs to provide payments services. An existing system established by the NPCI, the immediate payments service (IMPS), allowed for an instant 24/7 interbank electronic fund transfer payments but was interoperable mainly within the banking sector, and thus typically available only to the segment of the population holding a bank account.

To encourage broader interoperability, and to provide an easy to use product over the existing IMPS, the NPCI introduced the Unified Payments Interface (UPI) in 2016, a standardized protocol within the payment infrastructure that enabled banks and non-banks to operate with each other.23 This design was created with the main objective of expanding the perimeter of interoperability, simplifying the transfer of funds between any stored-value accounts held at banks or non-banks.24 It also covered Peer to Peer (P2P) transactions made at request between users of either banks or non-banks. What enabled such an architecture were the existence of APIs able to provide instantaneous authentication and authorization of both the payment service provider (banks or non-banks) and the identity holder.25

While using UPI does not require an Aadhaar ID, use of Aadhaar has greatly facilitated e-KYC compliance for opening bank accounts needed to access the UPI system. Another useful feature in the UPI architecture is that a user can use any application to send or receive money directly from their bank account, and are not restricted to the interface provided by their banking service provider. This increases the competition for user acquisition and innovation in the design and performance of banking service apps.26

It is important to note the presence also of alternate architectures, such as AEPS, that do not require the use of a smartphone for conducting a digital payment. Aadhaar based authentication can be enabled via biometrics through the payment accepting merchant’s terminal or point-of-sale machine. In effect, this means an individual can pay for items at a point of sale, with Aadhaar biometrics, with payments settled in the background over the AEPS.

This novel payment interface provides an alternative by which the unbanked informal-sector population could access digital payment services. Figure 6 shows for instance the evolution of different payment systems within the retail sector in India; while check payment remained the dominant mode of transacting, digital payments (including P2P transactions) have increased rapidly. As D’Silva et al. (2019) emphasize, the UPI has expanded rapidly since its inception in early 2016, particularly in terms of the volume of transactions. At the same time, we find that the narrower interoperable payment system (IMPS)—operated by banks for their account holders—also grew rapidly in terms of gross values transacted, while its volume growth remains low relative to the UPI. This suggests that the UPI may responds to different use cases, bringing in specific segments of the unbanked population whose transactions may have fallen outside the formal financial system.

Figure 6.
Figure 6.

Indicators of Retail Financial Transactions in India

Citation: IMF Working Papers 2021, 052; 10.5089/9781513570686.001.A001

Notes: Data from National Payments Corporation of India (NPCI) a subset of retail transactions. NACH is automated clearing house; NFS refers to Inter-bank ATM cash withdrawal; CTS is cheque clearing; IMPS is immediate payment service and UPI is Unified Payments Interface.

III. The India Stack: Key Features

As discussed in the introduction, the India Stack contains four layers of digital infrastructure that have been introduced gradually over the last decade. The first is the “presenceless layer,” featuring the Aadhaar digital ID system that allows for identity verification and for the mapping of information across datasets. The second is the “cashless layer,” built on the Unique Payments Interface’s interoperable payments system. The third is the “paperless layer,” which allows for the verification of digital documents that can replace traditional paper analogs. The fourth is the “consent layer”—which is on the cusp of becoming fully operational—that will involve the operation of data fiduciaries that act as intermediaries between individuals and financial companies. These fiduciaries will be charged with facilitate the aggregation of individuals’ financial data across their accounts at multiple financial institutions, and sharing that data with interested third parties subject to the individual’s consent.

The first two layers of the India Stack—which have been in operation together since 2016—make up the interoperable payments system that characterizes the core of open banking systems in other jurisdictions. The fourth layer will introduce the sharing of customer data that is held by each financial institution and financial service provider. Later in the paper we will argue that this final layer may be particularly transformative given the synergies it will gain from the success of the other layers.

How does the Indian approach to open banking compare to the designs that have been implemented in other countries? Table 1 offers a comparison to several jurisdictions that have implemented or are in the final stages of preparing their open banking frameworks, including Australia, European Union, and the United Kingdom. Regulated data sharing subject to user consent exists in several of these jurisdictions. There is considerable variation across countries in terms of the data classes that must be shared, with some countries including a very narrow set of traditional bank account data, whereas others have added information about other products such as mortgage loans and credit cards. In the case of Australia, the Competition Authority that is directing the open banking initiative plans to expand the perimeter of data classes to include energy and telecommunications accounts.

Table 1.

Open Banking design choices: India and selected other jurisdictions

article image
Source: Authors’ compilation based on information from BCBS (2019), Ehrentraud et al. (2020) and national authorities.

While no single aspect of the India Stack is entirely unique, it strikes us that the key differences of the Indian approach are: (i) comprehensiveness, in the sense of the stack seeking synergies across multiple infrastructure layers; (ii) introduction of a centralized digital ID that has helped millions of people get an ID for the first time and that allows for e-KYC verification, (iii) introduction by the public sector of standards and open APIs facilitating (but not mandating) interoperability of payments, and (iv) operationalization of consent for user data sharing by data fiduciaries in finance and, eventually, in other sectors.

It is worth remarking that the perimeter of the eco-system in the Indian design is broad, encompassing existing financial intermediaries and new tech entrants, including smaller fintechs and large bigtechs. However, to participate fully in the stack entrants must accept to be regulated as financial entities by the financial regulator27 or to have payments services they link to through regulated banks. To facilitate the former, India innovated by introducing new types of bank licenses including a more restricted “payments bank” license, which has lower thresholds of regulatory requirements but are more limited in the financial services they can offer. This is a key difference compared to other open banking models that allow fintechs and third parties to provide financial services without being subject to regulation by the traditional bank, but instead subject to a more focused regulation, for example by specially designated open-banking authorities, that may be more focused on data and consumer protection practices. Arguably, the approach in India could raise the threshold of entry into the system for smaller tech providers, though further analysis is required of the trade-offs involved.

That said, the Indian design spans data shared by consumers and by SMEs, such that the impact on provision of finance including credit, in principle, may be closer to that seen in closed loop systems in China.28 Moreover, it is possible that an entrant could obtain user data through the consent layer and offer services without participating in the payments layer of the stack, and hence in principle avoiding the need to be regulated, though it is hard to see how this would work in practice. Lastly, by contrast with some approaches like PSD2, data sharing is by design symmetric (as in other countries like Australia): to get data, participants must also be willing to allow others access to their customers’ data.

We discuss some of these design choices and their implications for open banking models more broadly in the next section.

IV. Discussion of the Indian Open Banking Model

Digital ID (Aadhaar)

The introduction of low-cost digital ID has facilitated a large expansion in the user base, and this has been crucial for the success of open banking in India. The ubiquity and low cost arising from both technology and the fact that a self-declaration is all that is required to establish an identity could be appealing to other developing jurisdictions. The combination with biometrics and the fact that the UPI does not require access to a smart phone may also be appealing to many jurisdictions, as technological exclusion across income and age characteristics is common around the world (e.g., older populations may not be comfortable using smartphones to access mobile banking).

Aadhaar has been an important part of delivering more efficient KYC. While a physical meeting is typically required to open an account at a financial institution, the process can be greatly expedited, and subsequent verification of transactions is easy and quick with Aadhaar. Thus, in principle it seems that a system of digital ID can go a long way to reducing the costs of complying with KYC requirements andgiven the strength of the unique biometric ID, is a more robust solution to establishing identity than other more traditional means. However, even with digital ID, the establishment of beneficial ownership in a ML/TF and tax base-shifting context remains a challenge.29

Around the world there has been concern with the scale of digital ID provision under the auspices of the central government and the potential for its use in applications that infringe on individual rights for privacy. An interesting feature of Aadhaar’s governance is that the UIDAI is a separate body under the Government of India. Could the establishment of an independent government agency with a mandate to manage identity separate from the other interests of the state be a way forward? This has been the subject of litigation in India and the Supreme Court has established limits on the mandatory use of digital ID and affirmed the individual right to privacy, which is reflected in the development of modern data privacy legislation currently before parliament. This suggests that to successfully implement such a stack-based approach, there is a need to have a modernized privacy framework.30

Payments (UPI)

In order to participate in the UPI system, fintech firms are required to operate, either through an institution with a banking license, or by obtaining a special payment bank license that would bring them within the financial regulatory perimeter. The key difference between a payments bank and a full bank license is that the former’s activities are restricted mainly to acceptance of demand deposits and provision of payments and remittance services. Keeping all participants in the payments system within the regulatory perimeter allowed the RBI to promote financial inclusion while fulfilling its objective of ensuring the system’s stability and resilience.31

The design has proven sufficiently flexible to facilitate entry of a large number of new tech-based payment service providers into the UPI, increasing competition and user choice. A question that arises is whether the compliance costs associated with being regulated as a type of financial intermediary acts as a barrier to entry for smaller service providers, thereby reducing competition in favor of existing intermediaries, many of whom are state owned banks, or large bigtech competitors. Arguably, this is a matter of balance between stability and efficiency. In principle the payments landscape in India should be poised for greater competition, supported also by a commitment that that participants in UPI not charge consumers for use of the system in the first few years (Google Payments, 2019). However, there are some concerns that while inter-operability has increased contestability and facilitated entry by diverse actors into UPI, the inherent network scale advantages of bigtech providers could allow them to acquire a dominant position in the market.32

A crucial feature of the payments system layer of the India Stack is the RBI’s support for interoperability, which in principle sets the stage for a more competitive payments landscape. The public sector (through the NPCI) developed an open API standard and UPI defined a payments markup language that standardized instructions for sending and receiving money within the system. Entrants were invited—but not mandated—to utilize the public infrastructure drawing on this standard. To facilitate peer-to-peer payments RBI also helped to develop payment aliases, and helped banks agree to a common authentication system. The RBI facilitated the provision of extensive technical support to merchants and the design aspects of the UPI to include third-party technology players.

Interoperability of the payments system has been operationalized through open APIs, available to banks and to fintechs who set up payments banks or leverage links to existing banks. This has set the stage for greater competition in the provision of a broad range of financial services that leverage data collected via the payments interface.33 While other jurisdictions have accommodated a range of fintech payment providers, not all are fully interoperable, which limits the scale of activity that can be achieved and creating an advantage for data-rich bigtechs, who leverage large existing platforms and networks. By contrast in India, it is possible for a user to transfer funds across accounts at different providers—from a wallet issued by one provider to another user’s wallet issued by another provider—instantaneously. The combination of licensing and open systems has therefore in principle set the stage for a more competitive financial services landscape than might have otherwise arisen given the strong economies of scale inherent in payment networks, though as noted above the jury is still out on how the relative effects of inter-operability and network scale will play out and whether further policy action will be needed to support competition.34 Furthermore, risks of open-API architectures for cyber-security highlight the need to consider policies to ensure adequate investments by regulated entities in protecting data security and individual privacy.

Data sharing

A key challenge of data policy is to ensure that access to personal data is handled according to the preferences of the individuals it affects. Some jurisdictions have taken a rights-based approach to individuals’ control of personal data. In the European Union, the General Data Protection Regulation (GDPR) is a prime example establishing the obligations of the data controller and processor to ensure that the rights of the data subject are respected as data is transferred for analysis and value extraction. In practice, the approach has involved the controllers issuing GDPR-compliant checklists for data subjects to complete in order to gain access to services.

The India Stack’s approach to the control of data is more operational. The “fiduciary”—in the current state of the stack a “financial data aggregator”35—has the responsibility to manage the subject’s data and rights and seek consent for data processing. In doing so the fiduciary may not access or store the data being shared, but will be allowed to charge fees to offer the service. This limit on access to the subject’s data by the fiduciary marks a very different approach than in other jurisdictions, where aggregators offer their services in exchange for access to the data that can be used to offer other financial services. In principle, the Indian approach should better align the interests of the fiduciary with that of the subject. Moreover, this limited data aggregation role should facilitate operational compliance with India’s incipient privacy framework while allowing a wide class of service providers to gain access to the financial data of consumers and businesses.

In addition to being a consent manager, the fiduciary can also be thought of as a trust engine that is powered by the multiple layers of the India Stack. This is accomplished by completing several links. First, the fiduciary can authenticate the subject using their digital ID. Second, the digital ID offers a mechanism for generating trust that the data is indeed that of the subject. Then, the fiduciary uses digital ID to link to the third layer of the stack, mapping individual identity to the veracity of digital documents laying out the data subject’s financial assets, liabilities and cashflows. This allows the fiduciary, combining these layers, to essentially assure third parties of the provenance of the data subject’s identity, data and documents underpinning their balance sheet. This is a powerful basis for establishing trust, reducing the key friction of asymmetric information that impedes the offering of financial services. If successful it should offer a package solution to third parties wishing to offer financial services to data subjects, encompassing a model of management of data usage of households and small businesses within the regulatory perimeter.

The rationale for ensuring that open banking involves interoperability is that the network externalities in payments and data can then accrue to all users regardless of their provider, precluding these being appropriated by individual institutions.36 A level playing field can be provided by making data sharing reciprocal across financial service providers. This avoids the concerns expressed in the EU, where PSD2 mandates that banks share extensive user financial data with fintechs, who are not required to reciprocate by sharing their user data with the banks.

The extent to which open banking frameworks can ensure a level playing field is determined by the data classes that are included in data sharing schemes. In India, data sharing extends to more classes of data than in many other jurisdictions, such as the EU and UK. While it will initially remain limited to data concerning financial services, it is intended to expand to insurance and health data. However, there remain level-playing-field concerns with bigtechs, who will be able to obtain financial data from incumbent banks/fintechs, but will not have to surrender non-traditional data such as social media or web browsing behavior, or location data. These classes of data are outside the open banking data sharing perimeter, but can nonetheless inform financial decisions such as credit assessments.37

A final noteworthy feature of the Indian approach to open banking is that the perimeter of data subjects is broader than in most other jurisdictions. Many open banking approaches are focused on consumer data and their access to financial services. The Indian approach extends this to include also small businesses, who can participate in the payments and data layers of the stack and gain access to improved financial services and access to funding.

Currently, a series of data aggregators have received regulatory approval from the RBI, but the take-up of these services remains limited. It is worth noting that there are practical limits to even fiduciary-based data sharing, as cross-country attitudes to data sharing with financial intermediaries are quite variable (Ernst and Young, 2019). In the development of the system, it will be crucial that aggregators operate in a way that builds and preserves the public’s trust in their data management practices.

V. Conclusion

The development of the India Stack has implemented open banking principles of competition and contestability through interoperability and data sharing in the financial sector. By bringing in a diverse range of banks and non-banks together under a common infrastructure, this architecture has potentially facilitated financial inclusion, as evidenced by the increase in high volume-low value payment transactions. The overall structure of publicly provided digital infrastructures has scope to support the provision of many financial services and to further deepen financial inclusion and development.

The entry of new and efficient payments providers could in principle increase competition for existing financial intermediaries, given that fees derived from payments can be an important source of income for existing banks. Future research will need to consider the implications of these technological developments for competition, market structure and financial stability and efficiency trade-offs in financial sectors around the world, including in India.

The potential of the infrastructure provided by the India Stack could extend far beyond finance. As a broader data policy framework, the confluence of the four layers described in this paper form the basis for a competitive and inclusive digital economy, in which individuals exercise meaningful control over their data. The data fiduciary model is of general interest as an approach that could operationalize control of personal data by the data subject, facilitating data sharing while preserving privacy. The operations of the recently approved account aggregator fiduciaries will be interesting to watch as the scope of data classes is expanded to non-financial data, including in health services.

India’s Approach to Open Banking: Some Implications for Financial Inclusion
Author: Mr. Yan Carriere-Swallow, Mr. Vikram Haksar, and Manasa Patnam