How many consent requests can I get?
There is no official limit on the number of consent requests you can get through the Account Aggregator India framework. The system is designed around your explicit approval for each request, meaning you have full control over who gets your data and when.
How Many Account Aggregator Consent Requests Can I Get?
Many people believe there's a strict limit on how many consent requests you can get within the Account Aggregator India framework. They think the Reserve Bank of India (RBI) has set a cap, like 10 requests a month or 100 a year. This is a common misunderstanding.
The real answer is: there is no hard limit on the number of consent requests you can receive. The system isn't built around a fixed number. Instead, it's designed around your control, the purpose of the request, and the duration of access. You are the ultimate gatekeeper of your financial data.
What Actually Governs Consent Requests in India?
The Account Aggregator (AA) system connects institutions that hold your data with institutions that need it to provide a service. Think of it like a digital courier for your financial information that only works with your permission.
The key players are:
- Financial Information Provider (FIP): This is where your data lives. It's your bank, mutual fund house, or insurance company.
- Financial Information User (FIU): This is the app or company that wants to access your data. It could be a lending app, a wealth advisor, or a budgeting tool.
- Account Aggregator (AA): This is the licensed entity that manages your consent. It never sees your data; it only handles the permission slip.
The framework's rules don't say "You can only get X requests." Instead, they create a structure where every single request is tied to specific factors that you control completely.
The Four Factors That Define Your Consent
Instead of a single number, think of your consent as a package defined by four key elements. Each time an FIU wants your data, it must ask for permission based on these terms.
1. The Exact Purpose of the Request
Every consent request must state exactly why the FIU needs your data. Vague requests are not allowed. For example, a lending app can't just say, "Give us your data." It must specify, "We need your last six months of bank statements to assess your eligibility for a personal loan."
Because the purpose is so specific, you might get multiple requests from the same company for different reasons. An app might ask for your bank statement for a loan and later ask for your investment statement for a financial plan.
2. The Duration of the Consent
You decide how long the permission lasts. There are two main types:
- One-Time Access: The FIU gets your data once, and the consent expires immediately after. This is common for loan applications or identity verification.
- Recurring Access: The FIU can fetch your data periodically for an agreed-upon duration. A personal finance app might need recurring access to update your spending habits every day. You set the end date for this access, which could be 30 days, 90 days, or up to a year. After it expires, they must ask you again.
3. The Specific Data You Choose to Share
You have line-item control over what data is shared. A request is not an all-or-nothing deal. The FIU will ask for certain data, and you can approve or deny access to each piece.
For instance, a wealth management app might ask for:
- Your savings account balance.
- Your credit card transaction history.
- Your mutual fund holdings.
You can choose to share only your mutual fund holdings and deny access to the other two. This granular control means one interaction can involve multiple data points, all under your command.
4. Your Explicit and Active Approval
This is the most important factor. Nothing happens without your direct approval. Every single consent request lands on your Account Aggregator app. You must enter your secure PIN to approve it, just like making a UPI payment. If you see a request you don't recognize or don't want to approve, you can simply reject it. Your silence or inaction is a 'no'.
Real-World Example: Imagine Priya applies for a home loan. The bank (an FIU) sends a consent request via her AA. The request asks for one-time access to her salary account statements for the last year and her investment portfolio details. Priya reviews the request, sees it's legitimate, and approves it with her PIN. The data is shared securely. The consent is now fulfilled and expired.
How Consent Requests Can Add Up: An Example
Let's see how a financially active person might receive multiple requests in a short time. This shows why a hard limit wouldn't make sense.
| Day | Action | FIU (App) | Purpose | Result |
|---|---|---|---|---|
| Monday | Applies for a credit card | NewAge Bank | Income verification (6 months bank statement) | 1st Request (Approved) |
| Tuesday | Signs up for a budgeting app | MoneyView Pro | Expense tracking (recurring access to savings & credit card) | 2nd Request (Approved) |
| Wednesday | Checks eligibility for a car loan | AutoLoan Fast | Credit assessment (12 months bank statement) | 3rd Request (Approved) |
| Friday | Links investments to a portfolio tracker | WealthTrack | Portfolio analysis (recurring access to Demat account) | 4th Request (Approved) |
In just one week, this person received four separate, legitimate requests. Each had a different purpose and was approved individually. This flexibility is a core feature of the system.
Is There Any Official Limit from Regulators?
No. The RBI's master directions for the Account Aggregator India ecosystem do not specify a maximum number of consent requests a person can receive. The regulations are focused on ensuring the consent process is secure, transparent, and explicit.
The official guidelines emphasize the consent architecture—what information must be in a consent request, how it should be displayed to you, and your right to revoke it. The focus is on empowering you, the user, not on setting arbitrary caps. You can read the detailed framework on the RBI's website to understand the principles behind it. For those interested, RBI's official guidelines provide the full legal context.
Why No Limit Is a Good Thing
The absence of a hard limit is a feature, not a bug. It promotes financial innovation. Companies are free to create new and helpful services that rely on your data, knowing they can request access when needed. More importantly, it gives you the freedom to choose which services you want to use without worrying about hitting an artificial ceiling.
The real limit is your comfort and your need. You are in the driver's seat. The question isn't how many requests you *can* get, but which ones you *will* approve to improve your financial life.
Frequently Asked Questions
- Is there a daily or monthly limit on Account Aggregator requests?
- No, the RBI has not set any daily, monthly, or yearly numerical limits on consent requests. The system is based on purpose and your explicit approval for each request.
- What happens if I reject a consent request?
- If you reject a request, no data is shared. The Financial Information User (the app that asked for it) will be notified of the rejection, and you can usually proceed without sharing data, though the service might be limited.
- Can I see all my past and active consent requests?
- Yes. Your chosen Account Aggregator app provides a dashboard where you can view a complete history of all requests, see which consents are active, and pause or revoke access at any time.
- Does getting many requests affect my credit score?
- No. Account Aggregator consent requests are for data sharing, not for credit inquiries. Approving or denying these requests does not directly impact your credit score.