INTRODUCTION
As we enter the last quarter of 2024, the fintech landscape in India is witnessing significant transformations, driven by a blend of regulatory advancements and innovative market strategies. Financial regulators such as the Reserve Bank of India ("RBI"), the Securities and Exchange Board of India ("SEBI"), the Insurance Regulatory and Development Authority of India ("IRDAI"), and the International Financial Services Centres Authority ("IFSCA") have continued to finetune the regulatory landscape surrounding the fintech sector in line with the themes of investor and customer protection and discipline among regulated entities with respect to, inter alia, critical infrastructure and net worth requirements.
The RBI has been at the forefront, implementing new regulations aimed at enhancing the operational integrity of non-banking financial companies ("NBFCs") and ensuring compliance with fair lending practices. Recent actions include the suspension of loan disbursements by several NBFCs due to concerns over excessive interest rates and inadequate assessment of borrower's income among others, highlighting the RBI's commitment to protect borrowers.
Additionally, the RBI's recent initiatives to raise transaction limits for UPI123Pay and UPI Lite reflect a commitment to fostering greater accessibility and convenience in digital payments.
In this edition of the Fintech Newsletter, we outline these updates and highlight other regulatory developments and industry challenges in the Indian fintech space from September 01, 2024, to October 31, 2024.
RECENT LEGAL & REGULATORY DEVELOPMENTS
SEBI Issues Circular for Specific Due Diligence of Investors and Investments of AIFs1
SEBI vide circular dated October 08, 2024, issued specific due diligence measures to be carried out by Alternative Investment Funds ("AIF") to prevent circumvention of the SEBI (Issue of Capital and Disclosure Requirements) Regulations, 2018 ("ICDR Regulations"), Securitisation and Reconstruction of Financial Assets and Enforcement of Security Interest Act, 2002 ("SARFAESI Act"), Foreign Exchange Management (Non-Debt Instruments) Rules, 2019 ("NDI Rules") and the prudential norms specified by the RBI for regulated lenders with respect to income recognition, asset classification, provisioning and restructuring of stressed assets.
The circular introduces due diligence requirements to prevent circumvention of the aforementioned laws in specific scenarios, some of which are as follows:
- As per Regulation 22(1)(ss) of the ICDR Regulations, AIFs have been designated as Qualified Institutional Buyers ("QIB"). To prevent AIFs from facilitating investors who are ineligible for QIB benefits, specific due diligence measures will have to be undertaken by AIFs in line with implementation standards formulated by the Standard Setting Forum for AIFs ("SFA").
- AIFs also enjoy benefits as Qualified Buyers ("QB") under the SARFAESI Act and may hence avail subscriptions to Security Receipts ("SR") issued by Asset Reconstruction Companies ("ARC"). In a similar manner proposed above and to prevent investors who are ineligible for QB benefits on their own, SEBI has prescribed due diligence requirements in line with implementation standards of the SFA for every scheme of AIFs having an investor who contributes 50% (fifty percent) or more to the corpus of the scheme before making any investments in SRs issued by ARCs or availing QB benefits under the SARFAESI Act.
- Under the NDI Rules, a person resident outside India but from a country sharing a land border with India or a person whose beneficial owner is situated or is a citizen of such country, must invest in equity of an Indian company only after securing government approval. In this regard, due diligence requirements in line with the implementation standards of the SFA has been prescribed by SEBI for the schemes where 50% (fifty percent) or more of the corpus is contributed by investors who are from or whose beneficial owners are from a bordering country. The AIF manager must report details of these investors and schemes in the specific due diligence standards prescribed by the SFA within 30 (thirty) days of the investments within the scheme.
RBI Introduces Internal Risk Assessment Guidance for Money Laundering and Terrorist Financing2
On October 10, 2024, the RBI issued a comprehensive Internal Risk Assessment ("IRA") Guidance for Money Laundering/Terrorist Financing Risks ("Guidance Note") to support Regulated Entities ("RE") in identifying and managing money laundering ("ML"), terrorist financing ("TF"), and proliferation financing ("PF") risks. The Guidance Note is designed to enhance the resilience of REs by setting detailed processes for IRA exercises that assess and mitigate risk exposure in a dynamic regulatory environment.
The Guidance Note applies to all REs, including banks, NBFCs, and Payment System Operators ("PSO"), mandating dual-level risk assessment at both the business and individual levels. The Guidance Note necessitates distinct assessments based on key risk factors, ensuring that REs can tailor risk-based controls to their specific risk profile.
Key risk factors identified by the Guidance Note include customer type, geographic exposure, product complexity and delivery methods. Each RE must assign weights to these factors and apply suitable internal controls, such as policies on customer due diligence, AML units and teams, training, transaction reporting, and sanctions screening, in line with internationally recognized standards like those from the FATF.
The Guidance Note further requires REs to quantify risks using a weighted approach, translating identified risks into a three-tier risk level (high, medium, low). This quantification integrates both inherent risk scores and control effectiveness to calculate a residual risk level, guiding REs in establishing a prioritized remediation or risk mitigation strategy.
Reflecting heightened global standards, the Guidance Note extends to PF risks, urging REs to assess the potential for breaches in targeted financial sanctions and implement controls aligned with FATF recommendations. This proactive approach aligns with the RBI's overarching AML efforts.
The Guidance Note calls for REs to adopt robust internal controls and governance frameworks, prioritizing areas where residual risk levels remain high. The approach is intended to foster a culture of compliance, allowing REs to adapt dynamically to emerging ML and TF threats. REs must act promptly on any IRA findings, implementing measures to mitigate vulnerabilities identified through periodic assessments. The Guidance Note reaffirms its commitment to safeguarding India's financial sector against ML, TF or PF threats by ensuring that REs implement comprehensive, risk-based assessment and mitigation processes. Compliance with these standards is expected to enhance transparency, foster trust and align REs with global regulatory practices.
RBI Issues New Framework for Credit Information Reporting After License Cancellations3
On October 10, 2024, the RBI issued a circular introducing a framework for the reporting of credit information by financial institutions whose licenses or Certificates of Registration ("CoR") have been cancelled. This move is intended to address challenges faced by borrowers of such entities, ensuring that their credit history is accurately reported despite the cancellation of their lenders' regulatory status.
Under the Credit Information Companies (Regulation) Act, 2005 ("CICRA") only Credit Institutions ("CI") with valid licenses or CoRs are permitted to furnish credit information to Credit Information Companies ("CICs"). Entities whose licenses have been cancelled are no longer considered CIs under the CICRA, creating a gap in the reporting of borrowers' ongoing repayments.
To address this gap, the RBI has mandated that CIs whose licenses or CoRs have been revoked must continue to report the credit information of borrowers onboarded prior to cancellation until the completion of the loan lifecycle or the winding-up of the institution, whichever occurs first. Entities whose licenses have been cancelled will still have access to Credit Information Reports for borrowers onboarded before the cancellation, but they will not be required to pay annual or membership fees to CICs. The CICs are also required to tag such institutions as "Licence Cancelled Entities" in their systems.
The new credit information reporting requirements must be implemented within 6 (six) months of the issuance of the notification, i.e., by April 10, 2025, ensuring that even entities with cancelled licenses continue to fulfil their obligations under the CICRA.
The framework introduced via the circular provides relief to borrowers, ensuring that their repayment history remains updated and accessible to credit agencies, even after the cancellation of their lender's CoR. It also establishes clear guidelines for CICs to manage and tag these cancelled entities, hence promoting transparency in the credit reporting system. The RBI's circular reflects its ongoing efforts to maintain the integrity of credit reporting while providing necessary safeguards for borrowers affected by regulatory actions. Financial institutions must now align their systems with these new requirements to ensure compliance within the stipulated deadline.
Consultation Paper on Rule 8(1)(f) and 8(3)(f) of the Securities Contracts (Regulation) Rules, 1957 ("SCRR")
The Department of Economic Affairs ("DEA"), Ministry of Finance, ("MoF"), Government of India on September 10, 2024, issued a consultation paper seeking public comments on Rules 8(1)(f) and 8(3)(f) of the SCRR (the "Consultation Paper")4.
Rules 8(1)(f) and 8(3)(f) of SCRR sets out the disqualifications for a person from becoming a member of a recognized stock exchange in India and the conditions to continue being a member of such exchanges respectively. The said rules prohibit stockbrokers (i.e., trading members of recognized stock exchanges) from undertaking any business other than that of securities or commodity derivatives except in the capacity of a broker or an agent not incurring 'personal financial liability'. The scope of the said restriction under SCRR has been expanded by circulars issued by stock exchanges ("Exchange Circulars") wherein the scope of activities of a stockbroker have been further explained.5 The restrictions under the SCRR, specifically the expanded scope of the said restriction through the Exchange Circulars have faced criticism from stakeholders and has even been challenged before the Bombay High Court for being too restrictive.6 As identified by the Consultation Paper, more than 100 (hundred) stockbrokers have been found in violation of the Exchange Circulars since their introduction. In light of these developments and multiple representations from stakeholders, the MoF has issued the Consultation Paper.
The Consultation Paper recognises that the cause for ambiguity and repeated violations by stockbrokers is the broad nature of restriction on 'any business' being undertaken by stockbrokers outside of securities or commodity derivatives. Further, it also states that "prohibiting the making of any investments by a broker, including in group companies, may place unreasonable fetters on its ability to use its retained earnings as per its commercial prudence.7"
In light of the foregoing, the DEA has proposed amending the existing Rules 8(1)(f) and 8(3)(f) of SCRR by clarifying that any investments made by a stockbroker which does not involve client funds or client securities, or which do not involve creating a financial liability on the broker, would not be considered as a 'business' for the purposes of the restrictions set out therein. The Consultation Paper has sought feedback from stockbrokers, exchanges and other stakeholders on the proposed amendment and on specific queries in this regard like the need for an indicative list of prohibited activities by October 10, 2024.
While an acknowledgement of the discontent among stockbrokers vide Rules 8(1)(f) and 8(3)(f) of the SCRR and the Exchange Circulars is a positive, it remains to be seen whether industry players view the proposed amendment as a sufficient resolution of the issue. Further, it will be worth seeing how the proposed amendment to the SCRR evolves based on stakeholder inputs.
Amendments to Guidelines for Business Continuity Plan (BCP) and Disaster Recovery (DR) of Market Infrastructure Institutions (MIIs)
SEBI through a circular dated September 12, 20248 ("MII Circular") has modified the guidelines issued by it on business continuity and disaster recovery for market infrastructure institutions prescribed by it for stock exchanges, clearing corporations and depositories through previously issued master circulars.9 Through the MII Circular, SEBI requires stock exchanges, clearing corporations and depositories to also have a Near Site ("NS") in addition to having a Disaster Recovery Site ("DRS") to ensure zero data loss in the event of a disaster. Further, the manpower deployed for the DRS is required to have the expertise equivalent to manpower deployed for the Primary Data Centre ("PDC") to enable independent operations at short notice. Additionally, through the MII Circular, SEBI requires Recovery Point Objective ("RPO") for market infrastructure institutions to be near zero and that there should be a documented process for data reconciliation when resuming operations from the DRS or other sites. PDC, DRS, and NS of are also required to ensure high availability, fault tolerance, no single point of failure, near-zero data loss, and data integrity market infrastructure institutions.
A more robust framework for disaster recovery and business continuity for market infrastructure institutions would boost confidence for market intermediaries and investors alike and would be a net-positive for all stakeholders involved on a macro level. That said, this would also mean additional compliance burden for market infrastructure institutions.
To view the full article, click here.
Footnotes
3. https://rbidocs.rbi.org.in/rdocs/notification/PDFs/NT8168B076CEC99F42B8B35977E11DE09224.PDF
4. Consultation Paper for Public Comments on Rule 8 SCRR (1957).pdf (dea.gov.in)
5. https://www.bseindia.com/markets/MarketInfo/DispNewNoticesCirculars.aspx?page=20220107-45 Notice Number (bseindia.com); COMP50957.pdf (nseindia.com).
7. See Para 12 of the Consultation Paper for Public Comments on Rule 8 SCRR (1957).pdf (dea.gov.in).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
