Have you ever been to a party where the police showed up? If yes, congrats, I suppose. What if it's not the police? A surprising party pooper showed up at India's digital lending party this month.
Let me set the scene: You're at a party, the music is popping, the décor is unicorn-themed, and the drinks are flowing. You get the drift. It's late and a few gate crashers turn up. These newcomers are a rowdy bunch – moving fast and breaking bottles. Rumours swirl that they may even belong to 'hostile' countries. The party continues, everyone's having a great time. But the gate crashers keep getting more aggressive. Now sirens are blaring. You think it's the police – a fine and a warning, perhaps. But lo and behold, it's the army breaking down the door. The party comes to a screeching halt. It's pandemonium, and you're caught in the crossfire.
Digital lenders had their party crashed by the central government this month. The Ministry of Electronics and Information Technology (MeitY) issued blocking orders banning 94 digital lending apps. These apps are ordinarily policed by the RBI – accustomed to the regulator's restrain and measure. They were ill-equipped to handle carpet bombing by the central government. But with digital lending becoming a political hot-potato, digital lenders may have to get used to facing the cavalry. More about this in our main course story.
Onto our FinTales menu for the month.
Main course: stories on the digital lending app ban and the national financial information registry.
Dessert: sweet news about a simplified risk-based KYC process.
Mints: a refresher on recent developments in the fintech world.
Takeaway: articles and podcasts to grab-and-go.
The digital lending rigmarole
On 5 February, a tweet from a public broadcaster announcing the blocking of 94 digital lending apps raised a furore within the fintech industry. In the following week, lending apps were banned and unbanned – both without much clarity.
A quick backstory: In September 2022, the RBI released rules to regulate digital lending. Around the same time, the government met with the RBI to discuss how to tackle rogue loan apps. It was decided that the RBI will prepare a whitelist of legal loan apps and MeitY would ensure only these apps feature on app stores.
Now, onto 5 February 2023, and the week that followed.
The ban: MeitY asked Google to block94 digital lending apps (including some prominent ones) from the Play Store. The blocking order was issued under Section 69A of the Information Technology Act, 2000 (IT Act). The affected fintech companies were at sea – they reportedly received no notice from the government about why their apps/websites were being blocked.
One-on-one: As unpleasant as the uncertainty was, fintech founders and industry bodies scrambled to meet MeitY. These meetings revealed a bouquet of reasons for the ban (apart from Chinese links). The reasons included borrower harassment, predatory loan pricing, money laundering, flouting KYC norms, misuse of customer data, and data storage on Chinese servers. To prove their legitimacy, MeitY asked fintech companies to produce documentary proof.
The undoing: MeitY examined these documents. Only to conclude that few of the blocked apps were in fact operating lawfully. And so, it issued orders to unblock compliant apps. The government later admitted that some of the bans may have been inadvertent.
So, where was the RBI in all of this, you ask? Well, the RBI's statement in a press conference is telling: it didn't greenlight the ban. Or even ask for one. It only prepared a list of digital lending apps used by regulated lenders (on MeitY's instructions).
The government's actions are concerning for three reasons.
First, the ban itself may not have been legitimate. Here's why. Section 69A orders are passed if there's a threat to national security or public order. In this case, the apps were blocked not just for having Chinese links. The reasons also extended to malpractices (like high-interest rates and borrower harassment) of digital lending apps. These practices, while they demand stringent course correction, don't pose a threat to national security or public order. Neither do they necessitate an 'emergency action'.
Second, legitimate fintechs suffered collateral damage. The ban jolted operations of compliant fintech companies that were banned. Since MeitY will scrutinize other fintechs too now, they're concerned about the precedent set by the ban.
Third, it may spook investors. Digital lending received 40% of the total fintech funding in 2022 (more than twice the amount investors poured into payments or neo-banking). But now, with the regulatory uncertainty exacerbated by the app ban, digital lending is an iffy proposition for investors. Post the ban, "investors will be more selective in their funding decisions which could result in reduced funding", says the MD of a VC firm who'd invested in one of the fintechs that was banned. "Building a compliant and sustainable fintech company will require a deep understanding of regulatory compliance", he adds.
Closing thoughts: Prior consultation with fintech companies could have avoided this fickle banning saga. Come to think of it, delisting apps may not end malpractices. The listed loan apps may still harass borrowers or levy excessive interest rates. And the delisted loan apps may find new ways to creep into the digital lending space. Like convincing desperate borrowers to side-load them without going through app stores, or listing with different credentials on the app stores. Eliminating rogue lending apps and correcting poor business practices needs the implementation of existing rules. Like RBI's Fair Practices Code and Digital Lending Guidelines which already outlaw unregulated and predatory lending. What is needed is predictable and consistent implementation of the rules of the game, not knee-jerk and overbroad bans. This is challenging because the RBI doesn't have the capacity to police the ever-expanding digital lending industry. It's already reliant on app stores run by private companies to enforce its bans. The RBI simply can't fix the problem on its own. Which is why we believe it should formally adopt a co-regulatory approach and bless a self-regulatory organization. Such a model would increase implementation capacity and ensure effective and balanced restrictions.
Where does this leave us: Being a part of the digital lending cosmos just got tougher for fintechs. With the sequence of events so far, two things are certain (even if other things are not): First, the whitelist that the RBI prepares will be sacrosanct. If fintechs want a share of the digital lending pie, they must mould their practices to mosey their way into that list. Second, fintechs must shift their focus (from everything else) to first ensuring regulatory compliance.
The mysterious National Financial Information Registry
In this year's budget speech, the Finance Minister announced plans to create the National Financial Information Registry (Registry). The Registry, according to the minister, would be a 'credit public infrastructure' meant to promote financial inclusion and stability. It's unclear how, though. The RBI Governor called the Registry a '360-degree kind of information system'which will expedite credit flows.
Little else is known about the Registry. So, when we tried to write an 'opinion piece' on the Registry, it was largely speculative. The only way to write about this development, we think, is to ask questions. Here are a few:
- Why do we need the Registry? How is it different from other data repositories like credit bureaus (like Equifax and CIBIL) and account aggregators (like Finvu and Saafe)? What gap is it filling?
- Is the Registry another avatar of the 'Public Credit Registry' – a credit information repository envisaged by the RBI a few years ago? The RBI constituted a taskforce – which submitted its report in 2018 – on setting-up public credit registries in India. This registry was intended to provide a comprehensive credit information repository – from loan origination and pricing to defaults, monitoring, repayment.
- What 'financial and ancillary information' will be stored in the Registry? Is it only credit information from lenders? Or will it include other data points? If so, which ones?
- Whose data is covered – only individual borrowers or businesses? Is it geared primarily towards MSMEs and micro-entrepreneurs seeking credit?
- Who will provide this data to the Registry – banks, NBFCs, and similar regulated entities? Or will unregulated tech companies provide data as well? Is sharing this data mandatory?
- Who can access the information stored in the Registry? Is access contingent on borrowers' consent?
- Is the Registry at risk of becoming a honeypot of sensitive data – a potential single point of failure?What safeguards will be in place to prevent cyber-attacks and unauthorised access (even from the government)?
Data is essential to lending. Of course, raw data alone isn't enough – a fintech's secret sauce is its data analytics and insights. Even so, the Registry could be valuable if it provides access to a wide dataset through a single window. For now, though, we wait for a few answers, before we can ask more questions, and then perhaps have an opinion.
A painkiller for the KYC headache
Friction is a necessary evil in financial services. But should an INR 2,000 loan need the same friction as an INR 20 lakh loan? That's the question the government and the RBI will soon answer.
Earlier this month, the Finance Minister declared that the KYC process will be simplified by adopting a 'risk-based' instead of a 'one size fits all' approach. This will allow an entity to have different customer identification and transaction monitoring processes, depending on the risk profile of the customer and the product or service being offered.
Currently, most financial products follow a one size fits all approach toward KYC. An exception to this rule is prepaid payment instruments (commonly known as e-wallets). KYC for e-wallets depends on the balance limit of the e-wallet. For instance, e-wallets that have a balance limit of INR 10,000 require a lower level of KYC than those with higher limits. For these low-value e-wallets, mobile number-based OTP verification and self-declaration of name and an official identity number are sufficient KYC.
Onerous KYC norms make it difficult to offer financial products to the masses. Because they increase customer acquisition costs and customer drop-offs. On the flip side, KYC innovations like Aadhaar-based KYC and Video KYC can yield huge cost savings for fintechs. The proposed risk-based KYC process is likely to have a similar impact and act as a fillip for growth and innovation in the fintech industry.
Budget-ing for fintechs
The Union Budget 2023-24 included several proposals that affect the fintech sector – a national financial information registry, simplification of KYC process, public consultation by RBI in regulation-making, and clear timelines for RBI to respond to applications. The proposals were well-received by the industry. Experts opined that a simpler KYC process will reduce friction in loan disbursals. And a credit information repository will make credit underwriting easier.
G-20 travellers get a taste of UPI
The RBI has gone live with the UPI facility for travellers from G-20 countries visiting India. These travellers can now use UPI-linked e-wallets to pay merchants while in India. Apart from two banks (IDFC First Bank and ICICI Bank), the RBI has looped in two non-bank wallet issuers (Pine Labs and Transcorp International Ltd) to offer this facility. For now, the facility is available only at Bengaluru, New Delhi, and Mumbai airports.
RBI discloses the status of PA applications
RBI has published a list of entities who've applied for payment aggregator authorization along with the status of their applications. This information has been officially disclosed for the first time. 32 existing PAs have received in-principle approval and they can continue offering PA services. 19 new PAs have also received in-principle approval but they can offer PA services only after receiving final approval.
UPI linked to Singapore's PayNow
In a first, India's UPI has been integrated with Singapore's fast payments system, PayNow. Indians and Singaporeans can now instantly and inexpensively transfer funds to each other (subject to a daily limit of INR 60,000). However, at present, fund transfers are only allowed on a peer-to-peer basis for maintenance of relatives and gifts. Further, fund transfers can only be done through UPI apps of banks, and not widely used third-party apps like PhonePe or Google Pay.
PhonePe's international stint with UPI
PhonePe has launched an international payment service, UPI International, in collaboration with NPCI. The service will enable Indian travellers to pay select foreign merchants through UPI (using the PhonePe app). This service will be available in these countries which have a local QR code: Bhutan, Mauritius, Nepal, Singapore, and the UAE. Whoof! UPI is clearly having its moment.
Crypto-traders face tax default penalties
The Finance Bill 2023 penalizes failure to deposit tax deducted at source (TDS) on income received from virtual digital assets. Now, delayed TDS payments on virtual digital asset related income will attract 15% p.a. interest. And non-payment can lead to imprisonment and fine. Will these penalties convince crypto traders to use compliant Indian exchanges instead of foreign ones? Only time will tell.
- Inside PhonePe's pay-now-buy-later deal with ZestMoney [The Morning Context]
- How UPI LITE makes small payments faster & easier [Business Insider]
- How ChatGPT kicked off an AI arms race [The New York Times]
- The 'Widowmaker' crypto trade that helped blow up an industry [Odd Lots]
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.