Neo-bank is the latest buzzword in the fintech start-up space across the globe. They are 100% online banks, which have no physical branches. Essentially, a neo-bank is a partnership between a fintech company or a non-bank and banks or a financial institution, which aim to improve the accessibility for customers. They partner with traditional banks and help them acquire new customers in a seamless manner. Through this partnership, the non-banks seek to provide a host of financial and value-added services. For this purpose, the non-bank depends upon the partner bank to provide the core regulated services. Therefore, the non-bank acts as a facilitator of services. While the non-bank may facilitate the opening of a current account or facilitate a customer to apply for loan, the actual services shall only be provided by the partner bank or an NBFC.


ndian regulatory regime does not allow for the granting of virtual banking licenses. RBI, through its 2015 Master Circular on "Mobile Banking Transactions in India – Operative Guidelines for Banks", has mandated the requirement for digital banking service providers to have some physical presence. As a result, neo-banks can provide banking related services only through outsourcing their banking responsibilities to licensed banking institutions and non-banking financial companies. In many cases, such banks and fintech companies are structured as an outsourcing arrangement where the non-banks verify data for credit requests or undertake the preliminary work for opening current accounts. This arrangement shall be governed by the 2006 RBI Guidelines on "Managing Risks and Code of Conduct in Outsourcing of Financial Services by banks" as well as the 2010 RBI Guidelines on "Financial Inclusion by Extension of Banking Services – Use of Business Correspondents (BCs)".1

In addition to the above guidelines, neo-banks are also obligated to comply with data protection laws since they facilitate a number of services between the consumer and the banking institutions by providing an online platform. The Indian data privacy regime is set out in the IT Act and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules). As per the SPDI Rules, an entity that collects or processes sensitive personal data (including bank account information and payment instrument details) pertaining to an individual must: (i) establish a privacy policy; (ii) provide mandatory notice/disclosure to the data subject before collecting the information; (iii) appoint and provide details of a grievance officer; (iv) allow data subjects to access and update their information; (v) ensure that data collected is not retained for longer than necessary under applicable law; (vi) obtain the prior consent of the data subject when collecting sensitive personal information; (vii) implement reasonable security measures and standards to protect this information; (viii) ensure compliance with requirements for the transfer and of sensitive personal information.

The Indian data protection regime is set for a revamp, as the government has proposed passing new legislation this year. The original bill was prepared by a committee of experts and submitted to the government in July 2018. Once passed, the new legislation will go some way towards aligning India's data protection laws with the EU General Data Protection Regulation. The bill is expected to be tabled for legislation in the winter session of the Parliament in 2019, or the subsequent session.


Neo-Banks have been instrumental in catering to the underserved MSME sector of India. A 2019 report by RBI estimated the credit gap to be at a staggering INR 20-25 trillion.2 Recognising this gap, the neo-banks have made this sector their targeted market by offering them banking services which the traditional banks have not managed to provide till yet. The disbursal of credit is a long and cumbersome process which has been simplified and demystified by the neo-banks. As a result, the MSME sector has seen increased credit inflow, which has enhanced the financial inclusion in the country.

Apart from making access to credit easier, neo-banks' major selling factor are the value-added services which they offer over and above the traditional banking institutions. Some common facilities offered by the neo-banks include facilitating opening and operating savings or current account with a licensed bank, access to loan offers or applying for loans, issuance of co-branded cards, payment gateway facilities, personal finance, or expense management, providing value added services such as invoice generation, accounting, GST compliance, payroll management, enterprise resource planning, etc. Services like these have made neo-banks widely popular among the tech savvy youth of the country who prefer banking through applications rather than physically going to a branch which can be inconvenient and time-consuming.


Neo-banks, for a long time, have not been operating to their full potential. Many neo-bank start-ups mischaracterise themselves as banks since the use of terms like bank, banker, banking, and banking company are restricted to licensed banks alone.3 There is a lack of direct supervision by RBI on neo-banks since they are not responsible for providing the financial services to the end consumer and only provide the online platform. Neo-banks may also face operational difficulties in terms of external dependency on their banking partner and onerous partnership obligations. Increase in the risk of sophisticated cyber security incidents and cybercrimes also pose safety and security challenges for neo-banks.

In order to combat the above failings, RBI must consider direct regulatory overseeing of nascent sector. In 2019, it had introduced a new regulatory sandbox for testing new financial technologies. Similar regulatory sandbox should be introduced for neo-banks considering their potential to accelerate financial inclusion of the masses. In the past, RBI has already experimented with differentiated banks in the form of payments banks and small finance banks and has issued licenses to such banks to commence their operations. On these lines, the regulator must consider issuing of digital bank licenses and do away with the mandatory requirement of having a minimum number of physical branches. This will bode well for the consumers by subjecting the neo-banks to stricter regulatory requirements relating to data protection, deposit, and lending, among others. Foreign jurisdictions such as Singapore and Taiwan have already made headways in creating frameworks for digital only banks. It is high time that RBI leverages the technology behind these new age banks and capitalises on the opportunities presented by them.


1 Reserve Bank of India, 'Guidelines on "Financial Inclusion by Extension of Banking Services -Use of Business Correspondents (BCs)' (2010)

2 Reserve Bank of India, 'Expert Committee on Micro, Small and Medium Enterprises' (2019) (

3 Section 7, The Banking Regulation Act 1949.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.