For fintech start-ups, 'funding winter' was one of the most used terms of 2023. December did not fundamentally change this narrative as the sector ended with a yearly total of just over a billion dollars in funding – the least the sector has seen since 2016. The dip has made fintech startups and investors proactive and cautious, and the focus seems to have shifted more towards cutting costs and increasing profitability. The Reserve Bank of India ("RBI") is also as proactive as ever, with final authorisations being granted to some payment aggregators and release of notification in relation to industry-centric regulations. Separately, cryptocurrency operators were kept busy with regulatory scrutiny under the Prevention of Money Laundering Act, 2002 ("PMLA") and directions from the Financial Intelligence Unit, India ("FIU") reaching new heights, and the government pushing hard to enforce anti-money laundering regulations against foreign operators offering services in India.

In light of this, this edition of newsletter highlights the key developments and measures as well as other developments in the Indian fintech space from December 01, 2023, to December 31, 2023.


RBI releases Master Direction - Reserve Bank of India (Internal Ombudsman for Regulated Entities) Directions, 20231

On December 29, 2023, the RBI released the Master Direction - Reserve Bank of India (Internal Ombudsman for Regulated Entities) Directions, 2023 ("Internal Ombudsman Direction"). The Internal Ombudsman Directions are applicable to Banks with 10 (ten) or more banking outlets in India, deposit taking Non-Banking Financial Companies ("NBFCs") with 10 (ten) or more branches, non-deposit taking NBFCs with assets size of INR 5000 Crores (Indian Rupees Five Thousand Crores) and above with a public customer interface, Non-Bank System Participants and Credit Information Companies ("CICs") (collectively referred to as "REs"). The Internal Ombudsman Directions replaces and consolidates 3 (three) distinct and separate ombudsman schemes which were applicable to Banks2, NBFCs3 and CICs4. Through the consolidated Internal Ombudsman Directions, the RBI seeks to ensure uniformity in the internal ombudsman scheme applicable to all the REs and address issues identified in the erstwhile internal ombudsman schemes.

The Internal Ombudsman Directions requires the entities to appoint an Internal Ombudsman Officer ("IO") and a deputy internal ombudsman officer to deal with customer complaints. The IO will handle the complaints that have been already assessed and rejected by the REs. These complaints should be escalated to the IO through a fully automated complaints management software within 20 (twenty) days of pronouncement of REs' decision on the complaints. Further, the IO and REs are also obligated to ensure that the final decision should be communicated to the complainant within 30 (thirty) days from the date of receipt of complaint by RE. The final decision of the IO will be binding on the REs.

If IO overrules the decision of the RE, the RE can only disagree with such decision after the approval of its executive director in-charge of customer services. However, irrespective of whether the IO upholds or overrules the decision of the RE, the reply to the complainant should clearly state that the complaint has been examined by the IO.

RBI prohibits investment in AIFs with downstream investments in debtor companies of a regulated entity.5

Following requests by the stock market regulator, the RBI prohibited regulated entities such as commercial banks and NBFCs from making investment in units of Alternative Investment Funds ("AIF") that have downstream investments either directly or indirectly in a debtor company of the regulated entity. It has been clarified that a debtor company would mean any company in which the regulated entity currently or in the previous 12 (twelve) months had a loan or investment exposure. If in case of an AIF (in which the regulated entity invests) makes a downstream investment in a debtor company, then the regulated entity is required to liquidate its investment in the scheme within 30 (thirty) days from the date of the downstream investment. However, if a regulated entity is unable to liquidate its investment in the scheme as per the prescribed time limits it will be required to make 100% (hundred per cent) provisions on such investments.

RBI enables Card on File Tokenisation (CoFT) through card issuing banks6

On December 20, 2023, the RBI released directions for enabling the Card on File Tokenisation (CoFT) directly through the bank issuing such cards. Previously, customers were only permitted to create separate tokens through individual applications/websites of the merchants. Introduction of these norms will now allow the customer to tokenise its cards for multiple merchant sites at once through a single process.

The cards can only be tokenised if the process of tokenisation fulfils the requirements prescribed by the RBI including (a) explicit consent of the customer should be acquired for tokenisation; (b) consent should be obtained pursuant to Additional Factor of Authorization ("AFA"); (c) generated tokens should be available for the customers' account on the merchant's page; (d) the card issuer should maintain a list of merchants for whom the customer can avail the tokenisation services; and (e) the tokens should be issued by the card network or the card issuer or both. Additionally, the payment systems providers and participants providing card tokenisation services are still required to comply with the following RBI circulars- Tokenisation – Card transactions dated January 08, 20197, Tokenisation – Card Transactions: Permitting Card-on-File Tokenisation (CoFT) Services dated September 07, 20218 and Restriction on Storage of Actual Card Data i.e. Card-on-File (CoF) dated June 24, 20229.

To view the full article please click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.