Answer ... India does not have a unified code of laws governing fintech. Fintech activities in India are primarily regulated by the Reserve Bank of India (RBI), India’s banking regulator. Regulation takes the form of acts passed by the legislature and rules and regulations passed by the RBI and other regulators.
Payments are the most evolved fintech sub-category in India, in terms of both business and regulations governing this space. The Payment and Settlement Systems Act, 2007 (PSSA) governs and regulates the operation of payment systems in India. The PSSA authorises the RBI to regulate payment system participants. Any entity wishing to operate a payment system in India is required to obtain RBI authorisation under the PSSA.
Certain fintech activities may be regulated by other regulators. For example, fintech activities involving securities trading/securities advisory functions are regulated by the Securities and Exchange Board of India (SEBI). These activities include fund administration, peer-to-peer trading, algorithmic trading and exchange-traded funds. Similarly, fintech activities falling under insurtech or otherwise under the insurance sector are regulated by the Insurance Regulatory and Development Authority of India (IRDAI).
Other applicable laws include:
- data protection laws in India, primarily the Information Technology Act, 2000 and allied rules;
- know-your-customer (KYC) and anti-money laundering (AML) laws, primarily under the Prevention of Money Laundering Act, 2002; and
- consumer protection laws, primarily under the Consumer Protection Act, 1986 and the Consumer Protection Act, 2019.
Yes. A good example is the payments space, where the regulatory regime is comparatively well developed. Digital payments in India are predominantly executed through prepaid payment instruments (PPIs) and debit cards (by volume), and the Real-Time Gross Settlement system and National Electronic Funds Transfer system (by value).
The PSSA is the primary legislation governing payment systems in India. Separately, the RBI, as the payments regulator, issues rules and regulations covering different aspects of the payments ecosystem from time to time. Examples include the following:
- Card network providers are governed by specific regulations issued by the RBI from time to time regarding debit/credit card operations.
- PPIs, including mobile wallets, are governed by the RBI’s Master Direction on Issuance and Operation of Prepaid Payment Instruments. The PPI Master Direction divides PPIs into three categories:
- closed loop;
- semi-closed loop; and
- open loop.
It further prescribes the compliance requirements that apply to entities issuing each type of PPI in India.
- The RBI mandates the implementation of two-factor authentication for all domestic card-not-present transactions. Low-value transactions (less than INR 2,000) are exempt.
- The RBI imposes data localisation requirements on all information relating to payment systems in India.
- The RBI passes rules and regulations from time to time governing, among other things:
- KYC and AML compliance;
- transaction limits and fraud prevention compliance;
- reporting obligations; and
- dispute resolution mechanisms
Answer ... There is no single fintech regulator in India. The nature of regulations and the relevant regulator will depend on the nature of the fintech business. The regulator may be the RBI, SEBI, the IRDAI or another sectoral regulator. The regulator is responsible for enforcing applicable laws and regulations.
Given that most fintech activities currently fall within the domain of payments, banking and finance, lending or related financial services, the RBI – as the principal regulator of these activities – has been responsible for enforcing applicable laws and regulations. Regulators such as the RBI, SEBI and the IRDAI have extensive powers to oversee compliance with applicable laws. These include the power to:
- authorise certain activities;
- refuse authorisation and blacklist certain fintech activities;
- impose conditions of business and operations;
- audit business and operations;
- require appropriate filings to be made with them; and
- impose penalties for non-compliance with applicable laws and regulations.
Indian courts may be called to test the validity of certain laws and regulations. The courts’ jurisdiction may also be invoked in situations where the position adopted by or the procedure followed by a regulator is questioned.
Answer ... The regulations applicable to the fintech industry do not differ significantly from those applicable to traditional financial service providers in India. This is primarily because these entities are largely regulated by an existing regulator – either the RBI or other regulators such as SEBI or the IRDAI. Although there have been proposals for the establishment of an independent authority to regulate the payments industry, these proposals have not yet been accepted.
In most cases, the compliance requirements and obligations applicable to traditional financial institutions are more onerous than those applicable to their new counterparts. Traditional banks and non-banking financial institutions are subject to more demanding capitalisation requirements, reporting requirements, consumer grievance redressal obligations and other operational restrictions. For instance, while a fintech company can outsource parts of its operations relatively easily, a similar outsourcing arrangement in a bank would be subject to numerous restrictions and requirements, including requirements to include specific clauses and provisions in outsourcing agreements. Banks and non-banking finance companies are also required to have several committees and policies in place; such requirements do not always apply to fintech companies.
Regulators today recognise the need to update and modify their regulations to accommodate the introduction of new technologies by fintech companies and make compliance with such regulations easier for non-banking entities. With this objective in mind, the RBI has introduced the concept of a regulatory sandbox for fintech companies. SEBI has separately issued guidelines for a fintech regulatory sandbox. In both instances the first cohort is expected to begin operating in 2020. The RBI has already opened applications for the first cohort, which has ‘retail payments’ as its theme.
Answer ... There is no single official trade association for the fintech sector. However, each fintech sub-category may have one or more associations or consortia representing its interests. Examples include:
- the Digital Lenders Association of India, a consortium of entities involved in core lending business and facilitation of digital lending; and
- the Payments Council of India, which represents the interests of the payments industry.