The rapid advancement of financial technology, or fintech, with an overall transaction value of $24 Trillion in FY21-22 alone, has revolutionised the way financial services are delivered and accessed worldwide. Fintech encompasses a wide range of digital financial services, including but not limited to mobile payments, peer-to-peer lending, robo-advisory and blockchain-based solutions.

This article aims to discuss the regulatory regime governing fintech in India. It will explore the regulatory bodies and frameworks responsible for overseeing fintech activities and delve into the specific regulations applicable to different fintech sectors.

The Regulatory Landscape

In India, the regulatory framework for fintech is currently fragmented, lacking a unified set of rules or norms that govern all fintech services. This fragmentation poses challenges in effectively regulating the industry since there is no comprehensive set of fintech laws. The primary regulatory agencies overseeing this sector in India include the Reserve Bank of India (RBI), the Insurance Regulatory and Development Authority of India (IRDAI), the Securities and Exchange Board of India (SEBI), the Ministry of Corporate Affairs (MCA), and the Ministry of Electronics and Information Technology (MEITY). Specific sectoral regulations brought in place by the aforementioned bodies are as follows:

Regulations/ guidelines by the RBI

The Payment and Settlement Systems Act, 2007 (the "PSS Act") has designated the RBI to regulate and supervise "payment systems" in India. Under the PSS Act, a "payment system" is described as a mechanism that facilitates the transfer of funds between a person making a payment (payer) and the recipient (beneficiary). This system involves services related to clearing, payment, or settlement, or a combination of these elements. However, it explicitly excludes stock exchanges from its definition.

  • The Directions for Opening and Operation of Accounts and Settlement of Payments for Electronic Payment Transactions Involving Intermediaries, 2009 (the "EPT Directions") and the Guidelines on Regulation of Payment Aggregators and Payment Gateways (the "PAPG Guidelines"): The EPT Directions and the PAPG Guidelines govern intermediaries such as a Payment Aggregators (PA(s)) and Payment Gateways (PG(s)).Intermediaries are entities that collect money from customers through electronic payment methods for goods and services and then transfer it to merchants as final payment. PA(s) facilitate e-commerce sites and merchants to accept payments, while PG(s) provides technology for online payment processing. Beyond PAs and PGs, the EPT Directions apply to a wide range of entities including electronic commerce (e-commerce) and mobile commerce (m-commerce) service providers facilitating electronic payments, and merchants accepting payments through electronic or online payment methods. The PAPG Guidelines set eligibility criteria, capital requirements, and technology-related recommendations for PAs. For PGs, the PAPG Guidelines serve as a set of non-binding technology-related recommendations. These recommendations cover various aspects related to technology infrastructure, security, data standards, risk management, and fraud prevention.
  • The Master Direction on Issuance and Operation of Prepaid Payment Instruments ("PPI Guidelines"): A Prepaid Payment Instrument (PPI(s)) refers to a financial instrument that enables individuals to load a specific amount of money onto the instrument in advance. This loaded value can then be used to make payments for various goods and services, including purchases, bill payments, money transfers, and more. Prominent examples of PPIs are pre-paid credit and debit cards, E- wallets, vouchers, etc. In order to promote innovation and competition while ensuring safety, security, and customer protection, the RBI released comprehensive PPI Guidelines to effectively regulate PPIs.
  • The Guidelines for Licensing of Payments Banks ("Payment Bank Guidelines"): The objective of payment banks is to promote financial inclusion by offering small savings accounts and payment/remittance services to various groups. These banks are registered as public limited companies and licensed under the Banking Regulation Act, 1949 with limitations mainly on accepting deposits and providing payment and remittance services. The objective of the Payment Bank Guidelines is to set out a number of requirements that payment banks must meet, such as minimum capital requirements, liquidity requirements, and governance standards. This is to ensure that payment banks are well-capitalised and run in a safe and sound manner.

The RBI has also issued regulations for Peer-to-Peer (P2P) Lending Platforms in 20171 and released the Guidelines on Digital Lending, outlining eligibility criteria, prudential norms, and risk management practices to protect the interests of lenders and borrowers.

Additionally, the RBI has been proactive in promoting innovation in the fintech sector by creating a regulatory sandbox framework2, allowing fintech companies to test their innovative products or services in a controlled environment.

Regulations/ guidelines by the IRDAI

With the rise of InsurTech, the IRDAI has been proactive in encouraging the adoption of fintech in the insurance sector, while also ensuring that policyholders' and insurance product buyer's interests are protected. In that regard, the IRDAI's regulations in the insurance fintech sector broadly govern corporate agents, web aggregators and insurance brokers:

  • The Insurance Regulatory and Development Authority of India (Registration of Corporate Agents) Regulations, 2015: Corporate agents act as intermediaries between insurance companies and potential policyholders. This regulation provides a framework with respect to the ownership and control, record keeping, registration, conduct, and operations of these corporate agents operating in the insurance business of life insurance, health insurance and general insurance.
  • The Insurance Web Aggregator Regulations, 2017: This regulation was introduced to oversee and monitor web aggregators acting as insurance intermediaries. These intermediaries operate websites that offer users a platform to compare prices and access information about products from various insurance companies and other relevant topics.
  • The Insurance Regulatory and Development Authority of India (Insurance Brokers) Regulations, 2018: Insurance brokers are intermediaries who facilitate the buying and selling of insurance products between the insurer and the insured. These regulations safeguard the policyholder's interest by ensuring that insurance brokers are qualified, registered and licensed. Further, it regulates online sales, telemarketing and distance marketing and highlights measures to be followed upon non-compliance.

Furthermore, similar to the RBI, the IRDAI also released its regulatory sandbox framework3 with the aim of promoting innovation in the insurance industry to ease existing regulations while still safeguarding the rights and benefits of policyholders.

Regulations/ guidelines by the SEBI

The Securities and Exchange Board of India Act, 1992, and the Securities Contracts (Regulation) Act, 1956 provide SEBI with wide-ranging powers to regulate securities markets and ensure the integrity and fairness of trading activities.

SEBI has established various regulations to oversee the conduct of individuals and entities operating as stock brokers and investment advisers.4 These regulations set criteria for eligibility, registration requirements and compliance-based obligations to ensure that these market participants adhere to the necessary standards of competence, professionalism and ethical conduct.

Furthermore, SEBI plays a role in regulating5 the issuance and listing of securitised debt instruments and security receipts within India in order to safeguard the interests of investors in these instruments and foster the growth of the securitisation market.

The SEBI (Alternative Investment Funds) Regulations, 2012 govern securities trading in the fintech space, particularly concerning Alternative Investment Funds (AIFs). These regulations provide guidelines for the establishment and operation of AIFs, including various types such as venture capital funds, private equity funds, and similar investment vehicles. The regulations impose registration criteria, restrictions on investments, disclosure obligations and norms for investor protection on AIFs operating in India. Such regulations aim to ensure transparency, responsible practices and investor confidence within the fintech-driven AIF sector.

Other Significant Legislations

  • The National Payments Corporation of India (NPCI) Regulations: TheNPCI is responsible for managing several notable payment systems in India, such as the Unified Payment Interface (UPI), RuPay card payment network and payment aggregators. The NPCI oversee the operation and functioning of these payment systems, ensuring their efficiency and effectiveness in facilitating transactions. Last year, the RBI released its RBI Payments Vision 2025, which emphasises cross-border payments as a key focus area in its recommendations. To expand its global reach, the NPCI established NPCI International Payments Limited (NIPL), a wholly-owned subsidiary, dedicated to deploying RuPay and UPI services outside of India. Through bilateral cooperation, agreements have been reached with countries like France, Singapore, the UAE, and the United Kingdom to promote UPI adoption.
  • The Companies Act, 2013: Fintech businesses operating in India are subject to various laws and regulations that govern their operations. Under the Companies Act 2013, fintech businesses are required to register and comply with all applicable laws and regulations like any other business in the country.


The regulatory regime for fintech in India exhibits dynamism and continuous evolution, attuned to the rapid advancements within the industry. This article provides an inexhaustive list of mandates for India's most successful industry. It is evident that government bodies and regulatory authorities display an unwavering dedication to nurturing innovation whilst concurrently safeguarding consumer interests, data privacy and overall financial stability. For fintech entities, proactive comprehension and adherence to pertinent laws and guidelines are imperative to prosper within this burgeoning sector. As the fintech ecosystem further expands, it becomes indispensable for all stakeholders, encompassing startups, investors, and consumers, to possess a comprehensive understanding of regulatory mandates.

Corrida Legal is the preferred corporate law firm in Gurgaon (Delhi NCR) and Mumbai.


1. The Reserve Bank of India, Master Directions – Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017 dated 4th October, 2017.

2. Department of Banking Regulation Banking Policy Division, Enabling Framework for Regulatory Sandbox, the Reserve Bank of India dated 18th April, 2019.

3. Insurance Regulatory and Development Authority of India (Regulatory Sandbox) Regulations, 2019.

4. The SEBI (Stock Brokers) Regulation,1992; and SEBI (Investment Advisers) Regulations, 2013.

5. The SEBI (Issue and Listing of Securitised Debt Instruments and Security Recipients) Regulations, 2008.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.