In June 2026, the Reserve Bank of India took a step that signals the Account Aggregator ecosystem is no longer experimental: it formally recognised the Sahamati Foundation as the Self-Regulatory Organisation for the AA ecosystem. For investors and founders watching India’s fintech infrastructure, this is the equivalent of a municipal utility getting a permanent operating licence — the rules are now being written by the industry, under regulatory oversight, in an official capacity.

Understanding why this matters requires understanding what the AA framework actually is: not a product, not a company, but a consent-based data plumbing layer that sits between India’s 300+ million financially active citizens and the lenders, insurers, and wealth managers who want to serve them.

The numbers behind the architecture.

The AA framework has facilitated ₹42,300 crore in loans since its launch, across 17 RBI-licensed Account Aggregators and a growing regulated network spanning hundreds of Financial Information Providers (banks, insurers, and depositories that hold user data) and Financial Information Users (NBFCs, fintechs, and banks that want to consume that data). The consent architecture is the distinguishing feature: a borrower explicitly authorises each data pull, sees exactly what is being shared, and can revoke consent at any time.

The FY2025 breakdown is revealing. NBFCs led AA consent volumes in FY25 with a 60% share — outpacing banks and wealth management platforms combined. This tells you something about where the demand actually lives: not in the incumbent banks with existing customer data relationships, but in the non-bank lenders who need consent-based data pulls to underwrite thin-file borrowers. The MSME lending use case is the dominant one, precisely because MSMEs have fragmented financial histories across multiple banks and informal revenue sources that traditional credit assessment cannot capture.

The structural innovation.

What makes the AA framework architecturally interesting — and why the Sahamati SRO recognition matters — is that it inverts the traditional data-ownership model. Under legacy lending infrastructure, a bank owns the customer’s transaction history and uses it to cross-sell. Under AA, the customer owns their data and temporarily licences it to whichever institution they choose. The result is a competitive credit market where a new-entrant NBFC in Coimbatore can underwrite an MSME in Rajasthan with the same data richness as the MSME’s primary bank.

The implications for incumbents are defensive: they cannot use data captivity as a moat anymore. The borrower can walk into any FIU with a consent token and get a competitive quote. This is UPI’s logic applied to credit data — not payment rails, but underwriting rails. India’s fintech market, already covering more than 14,500 companies, now has a consent-based data layer beneath it that is standardised, regulated, and growing.

Why it matters.

The Sahamati SRO recognition changes three things concretely. First, Sahamati now has formal authority to set technical standards — expect the consent UI/UX and API specifications to converge across all 17 licensed AAs, reducing integration friction for FIUs. Second, dispute resolution has an official channel; consumer complaints and FIU grievances will have a structured path outside full RBI adjudication. Third, the recognition signals to foreign capital that the framework has cleared the “pilot project” phase and is being treated as permanent infrastructure.

For founders, the opportunity remains in the FIU layer — the applications built on top of the AA rails — rather than the AA licences themselves (where margins are thin and technical requirements are heavy). Lending, insurance underwriting, and wealth onboarding products that use AA-sourced data are in the same position as payments fintechs were in 2016 when UPI reached critical mass: the infrastructure is live, adoption is accelerating, and the regulatory framework is clarifying.

The Charaka View.

India’s financial infrastructure stack has a consistent pattern: a government-mandated consent or interoperability layer (Aadhaar, UPI, now AA) achieves critical mass over 4–6 years, then becomes a platform layer for a wave of private-sector applications. In Manthan Intelligence’s coverage of India’s BFSI sector, the AA-adjacent companies reaching Series B and beyond are predominantly MSME-focused credit platforms that use AA data to extend formal credit to previously thin-file borrowers. The SRO recognition suggests the infrastructure phase is ending and the application-layer investment phase is beginning.


This analysis draws on Business Standard’s reporting on the RBI-Sahamati SRO recognition, data on loans facilitated under the AA framework, and FY2025 NBFC consent data. Human editorial oversight applied.

This analysis is informational and does not constitute investment advice, a research report, or a recommendation to buy, sell, or hold any security.

Charaka Notes by Manthan Intelligence. Subscribe