Put yourself in the driver’s seat of
your financial information
Fair Practices Code Ver.1.0
Preamble
This Fair Practices Code has been framed to provide the customers of “Dashboard Account Aggregation Services Private Limited” (the Company/ Dashboard) an effective overview of the practices followed by the Company and to enable Customers to take informed decisions in respect of the services offered by the Company.
The Company shall adopt all the best practices prescribed by RBI from time to time and shall make appropriate modifications if any necessary to this code to confirm to the standard so prescribed.
Objective
This Code has been developed to:
- Promote good, fair and trustworthy practices by setting minimum standards in dealingwith the customers
- Increase transparency to enable the customers to have a better understanding of what theycan reasonably expect of the services
- Encourage market forces, through competition, to achieve higher operating standards;
- Foster a fair and cordial relationship between the Customers and the Company;
- Strengthen mechanisms for redressal of customer grievances.
Commitments
The Company commits that it shall
- Provide services to a customer based on the customer’s explicit consent.
- Ensure that the providing of services to a customer shall be backed by appropriate agreements/ authorizations between the Company, the customer and the Financial information providers
- not support your transactions in financial assets
- Ensure appropriate mechanisms for proper customer identification
- Share information with the customer to whom it relates or any other financial information user as authorized by the customer in accordance with the terms of the consent provided by the customer.
- Not undertake any other business other than the business of account aggregator.
- Ensure that no financial information of the customer accessed by the Company from the financial information providers shall reside with Company
- It shall not use the services of a third party service provider for undertaking the business of account aggregation
- not access user authentication credentials of customers relating to accounts with various financial information providers
- It shall not part with any information that it may come to acquire from/ on behalf of a customer without the explicit consent of the customer.
- Strictly comply with the internal guidelines adopted for pricing of services
Consent Architecture
- The Company will not retrieve, share or transfer financial information of the customer without the explicit consent of the customer.
- The Company shall perform the function of obtaining, submitting and managing the customer’s consent in accordance with applicable regulations
- The Company shall obtain the consent of the customer in a standardised consent artefact which shall contain the following details:
- identity of the customer and optional contact information;
- the nature of the financial information requested;
- purpose of collecting such information;
- the identity of the recipients of the information, if any;
- URL or other address to which notification needs to be sent every time the consent artefact is used to access information
- Consent creation date, expiry date, identity and signature/ digital signature of the Account Aggregator; and
- any other attribute as may be prescribed by the Reserve Bank of India.
- At the time of obtaining consent, the Company shall inform the customer of all necessary attributes to be contained in the consent artefact as mentioned above and the right of the customer to file complaints with relevant authorities in case of non-redressal of grievances.
- The Company shall provide its customers a functionality to revoke consent to obtain information that is rendered accessible by a consent artefact, including the ability to revoke consent to obtain parts of such information.
- The Company will ensure that the electronic consent artefact is capable of being logged, audited and verified
Usage of information
- In the cases where financial information has been provided by a Financial Information provider to the Company for transferring to a Financial Information user with the customer’s explicit consent, the Company shall:
- verify the identity of the Financial Information user; and, if verified,
- securely transfer the customer’s information to the intended recipient in accordance with the terms of the consent artefact.
- In the cases where financial information has been provided by a Financial Information provider to the Company for transferring to the customer or to a Financial Information user, the Company shall not use or disclose except as may be specified in the consent artefact.
Data Security
- The Company’s business as an Account Aggregator is entirely Information Technology (IT) driven. The Company shall adopt required IT framework and interfaces to ensure secure data flows from the Financial Information providers to its own systems and onwards to the Financial Information users.
- The Company shall not request or store customer credentials (like passwords, PINs, private keys) which may be used for authenticating customers to the Financial Information providers.
- The Company shall access customer’s information shall only be based on consent-based authorisation.
- The Company shall deploy such technology which should also be scalable to cover any other financial information or financial information provider as may be specified by Reserve Bank of India in future.
- The Company shall build adequate safeguards in its IT systems to ensure that it is protected against unauthorised access, alteration, destruction, disclosure or dissemination of records and data.
- The Company shall put in place appropriate measures for Disaster Risk Management and Business Continuity.
- The Company shall undertake an Information System Audit of the internal systems and processes at least once in two years by CISA certified external auditors.
- The Company shall adopt the technical specifications published by Reserve Bank Information Technology Private Limited (ReBIT), as updated from time to time.
Rights of the customer
- The Company shall enable customer to access a record of
- the consents provided by him and
- the Financial Information users with whom the information has been shared.
- The Company shall not use or access any customer information other than for performing the business of account aggregator explicitly requested by the customer
Customer Grievance
The Company has in place a Board approved policy for handling/ disposal of customer grievances/ complaints. The policy details the customer grievance Redressal mechanism. The same is available in
the website of the Company.
Periodical Review
A periodical review of Compliance of the Code and the functioning of the grievances redressal mechanism at various levels of management would be undertaken by the Company and a consolidated report of such reviews shall be submitted to the Board of Directors of the Company at regular intervals.