Citizen's Charter

About the Company

OMS Fintech Account Aggregator Private Limited is a private limited company with inprinciple license from Reserve Bank of India (RBI) and pending operating license to commence business as an Account Aggregator from Reserve Bank of India under the NBFC-AA regulations.

About the Product

OMS AA is the brand name of the product of the Company. OMS AA is an empowering one-stop solution for providing a real-time aggregated view of financial assets for Individuals and Enterprises from multiple financial institutions (Banks & NBFCs, Mutual funds, Insurance providers), EPFO, Income tax and GSTN.

This state-of-the-art API driven solution puts you in the driver seat of managing your finances and personal wealth.

OMS AA enables an Individual &Enterprise to share their financial information securely and digitally with any other regulated financial institution in the AA network. OMS AA is data blind and is not allowed to share such information without the consent of the Individual / Enterprise.

Vision and Mission of the Company

Vision: Enable access to affordable credit for every bank account holder.

Mission: Deliver a world-class secure product to customers, helping them achieve their financial goals.

Application of Charter

The Company has framed this Citizen’s Charter and it does not by itself create new legal rights. It aims in enforcing existing rights of the customers and guarantees protection of the rights of a customer. This Charter applies to all products and services of the Company.


The Company commits that it shall:

  • Provide services to a customer based on the customer’s explicit consent.
  • Ensure that the providing of services to a customer shall be backed by appropriate agreements/ authorizations between the Company, the customer and the Financial information providers
  • Ensure transactions by customers shall not be supported.
  • Ensure appropriate mechanisms for proper customer identification
  • Share information with the customer to whom it relates or any other financial information user as authorized by the customer in accordance with the terms of the consent provided by the customer.
  • Not undertake any other business other than the business of account aggregator.
  • Ensure that no financial information of the customer accessed by the Company from the financial information providers shall reside with Company
  • It shall not use the services of a third party service provider for undertaking the business of account aggregation
  • Not access user authentication credentials of customers relating to accounts with various financial information providers
  • It shall not part with any information that it may come to acquire from/ on behalf of a customer without the explicit consent of the customer.
  • Strictly comply with the internal guidelines adopted for pricing of services

Consent Architecture

  • The Company will not retrieve, share or transfer financial information of the customer without the explicit consent of the customer.
  • The Company shall perform the function of obtaining, submitting and managing the customer’s consent in accordance with applicable regulations
  • The Company shall obtain the consent of the customer in a standardised consent artefact which shall contain the following details:
    • identity of the customer and optional contact information;
    • the nature of the financial information requested;
    • purpose of collecting such information;
    • the identity of the recipients of the information, if any;
    • URL or other address to which notification needs to be sent every time the consent artefact is used to access information
    • Consent creation date, expiry date, identity and signature/ digital signature of the Account Aggregator; and
    • any other attribute as may be prescribed by the Reserve Bank of India.
  • At the time of obtaining consent, the Company shall inform the customer of all necessary attributes to be contained in the consent artefact as mentioned above and the right of the customer to file complaints with relevant authorities in case of non-redressal of grievances.
  • The Company shall provide its customers a functionality to revoke consent to obtain information that is rendered accessible by a consent artefact, including the ability to revoke consent to obtain parts of such information.
  • The Company will ensure that the electronic consent artefact is capable of being logged, audited and verified

Usage of information

  • In the cases where financial information has been provided by a Financial Information provider to the Company for transferring to a Financial Information user with the customer’s explicit consent, the Company shall:
    • verify the identity of the Financial Information user; and, if verified,
    • securely transfer the customer’s information to the intended recipient in accordance with the terms of the consent artefact.
  • In the cases where financial information has been provided by a Financial Information provider to the Company for transferring to the customer or to a Financial Information user, the Company shall not use or disclose except as may be specified in the consent artefact.

Data Security

  • The Company’s business as an Account Aggregator is entirely Information Technology (IT) driven. The Company shall adopt required IT framework and interfaces to ensure secure data flows from the Financial Information providers to its own systems and onwards to the Financial Information users.
  • The Company shall not request or store customer credentials (like passwords, PINs, private keys) which may be used for authenticating customers to the Financial Information providers.
  • The Company shall access customer’s information shall only be based on consentbased authorisation.
  • The Company shall deploy such technology which should also be scalable to cover any other financial information or financial information provider as may be specified by Reserve Bank of India in future.
  • The Company shall build adequate safeguards in its IT systems to ensure that it is protected against unauthorised access, alteration, destruction, disclosure or dissemination of records and data.
  • The Company shall put in place appropriate measures for Disaster Risk Management and Business Continuity.
  • The Company shall undertake an Information System Audit of the internal systems and processes at least once in two years by CISA certified external auditors.
  • The Company shall adopt the technical specifications published by Reserve Bank Information Technology Private Limited (ReBIT), as updated from time to time.

Rights of the customer

  • The Company shall enable customer to access a record of
    • the consents provided by him and
    • the Financial Information users with whom the information has been shared.
  • The Company shall not use or access any customer information other than for performing the business of account aggregator explicitly requested by the customer

Customer Grievance

The Company has in place a Board approved policy for handling/ disposal of customer grievances/ complaints. The policy details the customer grievance Redressal mechanism. The same is available in the website of the Company.

Evaluation and Review

The Citizen’s Charter may undergo changes as and when required by statutory directions and laws of the land, periodically.