This country-specific Q&A provides an overview of the legal framework and key issues surrounding fintech law in India.
This Q&A is part of the global guide to Fintech.
For a full list of jurisdictional Q&As visit http://www.inhouselawyer.co.uk/index.php/practice-areas/fintech-2nd-edition
What are the sources of payments law in your jurisdiction?
The regulatory landscape for payments law in India is largely fragmented. There is no single set of regulations or guidelines that uniformly apply to FinTech payment products in India. The absence of a uniform set of regulations and guidelines makes it challenging to navigate the regulatory landscape. The sources of payments law in India primarily include the following:
(a) Law passed by the Indian Parliament: Legislations enacted by the Indian parliament constitute the primary source of payments law in India. The Payment and Settlement Systems Act, 2007 (PSS Act) is the principal legislation governing payment services in India. Under the PSS Act, no person can commence or operate a payment system in India without obtaining prior approval from the RBI. The PSS Act defines a “payment system” as “a system that enables payment to be effected between a payer and a beneficiary, involving clearing, payment or settlement service of all of them, but does not include a stock exchange.” By way of illustration, payment systems under the PSS Act include the systems enabling credit card operations, debit card operations, smart card operations, money transfer operations and pre-paid payment instruments (PPIs) (such as prepaid cards and mobile wallets).
(b) Directions, notifications and circulars issued by the Reserve Bank of India (RBI): The RBI is the central bank of India responsible for regulating payments and financial products. The key payment products that the RBI regulates via master directions and regulations are:
(i) PPIs: The Master Direction on Issuance and Operation of Prepaid Payment Instruments issued by the RBI on October 11, 2017 as amended from time to time (PPI Master Directions) prescribes the eligibility criteria for PPI issuers, permissible debits and credits from PPIs and other operational guidelines to be followed by PPI issuers while issuing PPIs to customers in India. PPIs are regulated as payment systems under the PSS Act and specified PPI issuers are required to obtain prior approval of the RBI to be able to issue PPIs to subscribers.
(ii) Issuance of Cards: The issuance of credit cards and debit cards is primarily governed by the RBI’s Master Circular on Credit Card, Debit Card and Rupee Denominated Pre-paid Card Operations of Banks and Credit Card Issuing NBFCs dated July 1, 2015 (as amended from time to time) (Cards Master Circular). The Cards Master Circular inter alia prescribes the conditions, eligibility criteria and approval requirements for the issue of credit cards, debit cards and pre-paid cards in India.
(iii) Operations of payment gateways and payment aggregators: The operations of payment gateways and payment aggregators which act as intermediaries in digital payment transactions are primarily governed by the RBI’s directions for Opening and Operation of Accounts and Settlement of Payments for Electronic Payment Transactions involving Intermediaries, 2009 (Payment Intermediary Directions). The Payment Intermediary Directions set out the legal framework applicable to payment intermediaries operating in India. Under the current regulatory framework, there is no licensing requirement for payment intermediaries; however, the RBI has recently indicated that it is considering enhanced regulation and supervision of payment intermediaries such as payment gateways and payment aggregators.
(iv) Payments Banks: The RBI issues a separate category of licenses to ‘payment banks’. Payments banks are primarily governed by the Operating Guidelines for Payments Banks dated October 6, 2016 read with the Guidelines for Licensing of Payments Banks dated November 27, 2014, each issued by the RBI. Payments banks are permitted to maintain small value deposit accounts (upto a maximum amount of INR 100,000 (Indian Rupees one hundred thousand) for their customers, but, are not permitted to undertake any lending operations.
(v) Directions and guidelines issued by the National Payments Corporation of India (NPCI): The NPCI is the implementing entity behind the United Payments Interface (UPI), and is registered with the RBI to operate a payments system under the PSS Act. UPI payments in India are primarily regulated by the UPI Procedural Guidelines and the UPI Operating and Settlement Guidelines issued by the NPCI. Under the current framework, only banks can integrate with the UPI platform to provide money transfer services to their customers. Banks are however permitted to engage technology providers for the design and operation of mobile applications for the purpose of UPI payments, subject to compliance with certain eligibility and prudential norms prescribed by the NPCI. PPI issuers have also been permitted to act as payment system providers within the UPI framework.
Can payment services be provided by non-banks, and if so on what conditions?
Under Indian law, recognised non-banking entities such as PPI issuers, money transfer operators registered under the RBI’s money transfer service scheme, and other non-banking financial companies (NBFCs) are permitted to provide payments related services. Set out below is a brief overview of the kinds of products that each such entity can provide and the key eligibility conditions applicable to each such entity:
(a) PPI issuers: Under the PPI Master Directions, companies incorporated in India (including those with foreign investment that are compliant with the extant foreign direct investment policy) are permitted to issue closed and semi-closed PPIs:
(i) Closed system PPIs do not permit cash withdrawal and facilitate the purchase of goods and services from that entity only; issuers of such closed system PPIs do not require prior approval of the RBI.
(ii) Semi-closed system PPIs facilitate purchase of goods and services, including financial services, remittance facilities etc. at a group of clearly identified merchant locations / establishments which have a specific contract with the PPI issuer (or contract through a payment aggregator / payment gateway) to accept the semi-closed system PPI as a payment instrument. No cash withdrawal is permitted against such instruments. Semi-closed system PPIs permit peer-to-peer transfers between holders of PPIs issued by the same issuing entity or between holders of PPIs issued by different entities (subject to compliance with the guidelines prescribed by the RBI allowing such inter-operability). Prior authorisation of the RBI is required by non-bank entities that intend to issue semiclosed PPIs.
(iii) Open system PPIs: Non-bank entities are not permitted to issue open system PPIs i.e. PPIs that permit cash withdrawal and may be used at any merchant location.
(iv) Key regulatory framework: All PPI issuers are required to comply with the minimum positive net worth requirement set out under the PPI Master Directions i.e. entities must have a minimum positive net worth of INR 50,000,000 (Rupees fifty million) to apply to the RBI for issuance of PPIs and must achieve a minimum positive net worth of INR 150,000,000 (Rupees one hundred and fifty million), by the end of the third financial year from the date of receiving final authorisation from the RBI. In addition, non-bank entities that are regulated by other financial services regulators must submit, along with the application for issuance of PPIs to the RBI, a ‘no objection certificate’ from their respective regulators within 45 days from receipt of such clearance. Non-bank entities are also required to communicate any takeover or acquisition of control or change in management to the RBI. In addition to these eligibility conditions, the PPI Master Directions require PPI issuers to maintain adequate balances in an escrow account, which are sufficient to cover all outstanding amounts in relation to all PPIs issued by them, which must be monitored on a daily basis. Further, depending on the kind of PPI issued (i.e., whether a minimum detail PPI or a full KYC compliance PPI), the PPI Master Directions prescribe monthly and annual limits restricting the volume of transactions and top-ups for PPIs.
(b) Money transfer operators: The RBI allows non-bank money transfer operators to facilitate foreign inward remittances to individual beneficiaries in India through authorised ‘Indian agents’. Such cross border inward remittances are primarily governed
by the RBI’s Master Directions on Money Transfer Service Scheme dated February 22, 2017 (as amended from time to time) (MTSS Master Directions).
(i) Permissible products: Under the MTSS Master Directions, eligible non-banking entities are permitted to act (after obtaining permission from the RBI) as Indian agents of their ‘overseas principals’ to facilitate permissible cross-border personal remittances such as remittances towards family maintenance, remittances in favour of foreign tourists visiting India, etc.
(ii) Key eligibility criteria: Applicants intending to obtain authorisation as ‘Indian agents’ under the MTSS Master Directions must have a minimum net owned fund of INR 500,000,000 (Rupees five hundred thousand). Applicants with limited outreach in terms of branch network in the country and localised operations overseas are typically not granted an authorisation under the MTSS Master Directions. In addition, the overseas principals of each Indian agent must obtain prior authorisation from the RBI to operate a payment system under the PSS Act.
(iii) Transaction limits: The MTSS Directions specify a per transaction maximum limit of USD 2500 along with a cap of 30 individual remittances received by a single individual beneficiary in a calendar year.
(c) Other payment services: NBFCs with a minimum net owned fund of INR 100,00,00,000 (Rupees one hundred crores) are permitted by the RBI to issue co-branded credit cards with scheduled commercials banks, without risk sharing, with the prior approval of the RBI. The role of such NBFCs is however limited to marketing and distribution of credit cards. In addition, RBI has permitted certain NBFCs to undertake credit card business (subject to specific prior approval of the RBI). Non-bank entities are also generally permitted to service customers as an intermediary (i.e a payment gateway / payment aggregator) subject to compliance with the PSS Act.
What are the most popular payment methods and payment instruments in your jurisdiction?
(a) In the digital payments space, mobile pre-paid wallets have been one of the most popular payment instruments in India owing to ease of access and compatibility with both online and offline merchant establishments, thereby enabling subscribers to purchase a wide set of goods and services. Several technology platforms and e-commerce players, non-bank and banking entities have launched payment solutions in India. However, changes in law, especially those pertaining to KYC verification of customers, have resulted in increased regulatory compliance and associated costs for PPI issuers, resulting in several PPI issuers re-evaluating their business strategies and growth plans.
(b) UPI enabled payment solutions dominate the digital payment market today. Easily accessible technology, and universal remittance services associated with low costs have significantly contributed to the popularity of UPI based payment solutions in India. Increased KYC burden on PPI issuers, in light of recent regulatory changes, have also resulted in UPI enabled payments constituting a significant percentage of the customer to merchant and peer to peer remittance transactions in India.
(c) In addition to PPI wallets and UPI enabled payments, conventional payment methods such as debits cards and credit cards continue to play a significant role in the payments landscape in India. While card based payments have been one of the most popular payment modes for customer to merchant transactions in India, PPI wallets and UPI based payments are eating into their market share of digital transactions. As per the RBI, debit cards and credit cards made up to 25% of the payment system volumes in the financial year 2018-19, down from 29.9% in 2017.
(d) Debit cards and credit cards in India primarily operate on the global card networks provided by VISA, Mastercard, American Express, etc. A relatively newer entrant in the card payments landscape in India is the payment network operated by the NPCI – “RUPAY”. The Government of India’s policy to encourage digital transactions along with the issue of RUPAY cards for basic savings bank accounts promoted the use of RUPAY cards in the interior areas of the country, and has resulted in RUPAY acquiring a market share of more than 50% (by no. of cards issued) of the total debit cards issued in India as of March 31, 2019. In addition, other traditional modes of payment such National Electronic Funds Transfer (NEFT), Real Time Gross Settlement (RTGS), Immediate Payment Service (IMPS) also continue to play a significant role in the payments landscape in India.
(e) While digital payment systems have acquired an important role in the payments landscape in India, a substantial percentage of payment transactions in the country continue to rely on cash and other paper instruments (such as cheques, demand drafts, etc.). In 2012, India had a high cash circulation ratio (calculated as a percentage of the GDP) pegged at 11.59% of the GDP. While demonetisation and the Indian government’s impetus on digital transactions brought this number down to 8.70% of the GDP in 2016, cash in circulation increased to 10.70% of the GDP in 2017, indicating continued reliance on cash for payment transactions.
What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?
(a) UPI interface: One of the first steps towards open banking in India in the payments space was the introduction of UPI that allows users to perform inter-bank money transfers and pay retail merchants directly from one’s bank account. Through a set of application programming interfaces (APIs), the UPI framework ensures interoperability among existing players. Currently, banks can integrate with the UPI platform to provide money transfer services to their customers and PPI issuers have also been permitted to act as payment system providers in UPI. Almost all the major banks in India now provide UPI linked payment functionality.
(b) Account aggregators: Another step towards open banking has been the issue by the RBI of the Master Directions – NBFC- Account Aggregator (Reserve Bank) Directions, 2016 dated September 2, 2016 (Account Aggregator Master Directions) which seek to regulate access to customer’s financial data among banks, non bank and other financial players that provide financial services. The Account Aggregator Master Directions provide a regulatory framework under which NBFCs permitted by the RBI can aggregate customer’s financial information (with the customer’s consent) and share such information with other financial service providers. Currently, there is no account aggregator fully operational in India; however the RBI has recently issued in-principle approvals to 5 entities to commence account aggregation services. Under the Account Aggregator Master Directions, the in-principle approval is typically valid for a period of 1 year, during which the applicant entity must achieve operational readiness to commence operations in compliance with the Account Aggregator Master Directions.
How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?
(a) Current data regulatory framework: Data protection in India is currently governed by the Information Technology Act, 2000 read with the Information Technology (Reasonable Security Standards and Procedures and Sensitive Personal Data and Information) Rules, 2011 (SPDI Rules). While the SPDI Rules set out the broad guidelines applicable to processing and storage of customer data by service providers, they are not adequately equipped to address privacy issues and concerns created by modern day technological innovations in delivery and distribution of financial products and services.
(b) Personal Data Protection Bill 2018: The Government of India has proposed a complete overhaul of the data protection regime in India via the draft Personal Data Protection Bill (PDP Bill), which is currently under discussions and is expected to become effective law by the end of this year. The draft PDP Bill has been modelled closely along the lines of the General Data Protection Regulation (GDPR) and adopts its key principles, including fair and reasonable processing, purpose limitation, collection intimation and storage limitation. Financial service providers are currently gearing towards compliance with increased standards of data protection and have started the process of aligning internal data protection systems and controls with what has been prescribed under the PDP Bill.
(c) Data localisation: In addition, the RBI’s circular on storage of payment system data dated April 6, 2018 (read with clarifications issued by the RBI) (Data Localisation Circular) requires all banks and payment system operators to ensure that all data related to payments is stored only in servers located in India. Entities which are required to comply with the Data Localisation Circular are additionally responsible to contractually ensure that any intermediaries or other unregulated entities participating in payment transactions also comply with such localisation requirements. The Data Localisation Circular significantly increases the cost of operation for foreign payment services providers that typically have centralised offshore systems for data processing and storage. The PDP Bill also includes a provision for data localisation of all critical data (the exact scope of which is yet to be finalised).
What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?
(a) Sandboxing framework: The RBI recently released the ‘Enabling Framework for Regulatory Sandbox’ dated August 13, 2019 setting out the guidelines governing regulatory sandboxes to be set up by the RBI to test new products in a controlled regulatory environment under close supervision. Under the regulatory sandbox framework, eligible entities (including startups, banks, financial institutions and any other company partnering with or providing support to financial services businesses) will be selected for testing their products in the regulatory sandbox. The eligibility criteria include parameters such as: (i) net worth of at least INR 2,500,000 (Rupees two million and five hundred thousand), (ii) satisfactory credit score, (iii) promoters and directors of the applicant entity meeting the prescribed ‘fit and proper’ criteria, (iv) ability to comply with personal data protection laws, and (v) adequate IT infrastructure and safeguards to protect against unauthorised access, alteration, destruction and disclosure. The sandbox is intended to allow for testing of products and technology that (i) are not currently governed by regulations and face some form of regulatory barrier in implementation; (ii) require certain regulatory relaxations for testing; and (iii) seek to improve delivery of financial services. The RBI has indicated that the solution proposed for sandboxing must highlight an existing gap in the financial ecosystem and specifically address how this can be solved.
(b) Stages of the sandbox process: The RBI contemplates product testing by a limited number of eligible entities in a single regulatory sandbox cohort (i.e. end to end sandbox process), where products broadly fall within a shared theme. There is a requirement for the test scenarios and expected outcomes to be clearly defined upfront. The entity must report results to the RBI on an ongoing basis, as per a pre-agreed schedule. While certain regulatory requirements may be relaxed for the duration of the sandbox, the RBI has made it clear that applicants will have to continue to comply with data protection laws and KYC requirements. In addition, applicants will continue to be liable to customers for financial products tested in the sandbox. The framework outlines the 5 stages of the sandbox process for a single cohort, each of which shall be monitored by the FinTech Unit at the RBI (FTU): (i) Stage 1: preliminary screening of applications to the cohort (4 weeks);
(ii) Stage 2: finalisation of test design by the FTU via an interactive process with applicants (4 weeks); (iii) Stage 3: application assessment and vetting of test design by the FTU (3 weeks); (iv) Stage 4: testing by the FTU based on empirical evidence and data (12 weeks); (v) Stage 5: evaluation by the FTU basis the final outcome of the testing of the product or technology that was sandboxed (4 weeks).
Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
(a) There are two key regulatory focus areas for Fintech in India today: (i) the new laws governing data privacy and protection expected to be effective by the end of this year and (ii) KYC compliance requirements and customer on-boarding costs.
(b) KYC: A key regulatory development that has had a significant impact on the FinTech ecosystem in India is the Indian Supreme Court’s judgment in Justice (Retd.) K. Puttaswamy & Ors. v. Union of India (Aadhaar Judgment) and consequent legislative changes. The Supreme Court’s decision in the Aadhaar Judgment restricted private bodies from undertaking Aadhaar e-KYC authentication (e-KYC) to verify the identity of their customers. Aadhaar-based e-KYC authentication facilities offered by the Unique Identification Authority of India (UIDAI) provided a convenient and easily accessible tool for FinTech players to verify the identity of new customers. However, owing to reports of privacy breaches by some entities, the Supreme Court of India in the Aadhaar judgement had prohibited private entities from utilising the e-KYC authentication facilities relying on a private contract with the customer and had permitted only banks and other entities (as may be authorised under applicable laws) to undertake e-KYC authentication. Post the Aadhaar judgement, the recently revised KYC guidelines prescribe that banks and such other entities as may be notified by the Government of India, after considering such entities’ ability to ensure compliance with reasonable adequate data protection standards, may utilise the Aadhaar based e-KYC authentication facility offered by the UIDAI for undertaking KYC verification of their customers. The e-KYC authentication facility offered by the UIDAI is a relatively easier method of completing KYC by regulated entities, but, involves access by such entities to sensitive personal data of their customers.. The Indian government is also contemplating permitting NBFCs to undertake e-KYC authentication to complete identity verification of their customers, thereby, reiterating the principal that ability to ensure compliance with adequate data protection standards is the key criteria for the growth of FinTech players in India. Recent changes introduced in the KYC guidelines applicable to entities regulated by the RBI, suggest that entities which can demonstrate a commitment and ability to adopt control measures to ensure data protection and privacy, including compliance with the PDP Bill, would be permitted to undertake additional modes of KYC verification of their customers.
What tax incentives exist in your jurisdiction to encourage fintech investment?
While the Income-tax Act, 1961 (Income Tax Act) does not exclusively provide for tax incentives to entities in the ‘FinTech’ space, a host of incentives/ benefits are available to ‘start up’ companies in general. The same benefits will be available to such FinTech start-ups which are recognised as ‘eligible start-ups’ under the Income Tax Act, subject to satisfaction of prescribed conditions.
(a) Conditions to be met by start-ups to avail incentives under the Income Tax Act:
Benefits are available to start-ups who qualify the below requirements (Qualifying Eligible Start-ups):
(i) It is incorporated on or after 01 April 2016 but before 01 April 2021.
(ii) Turnover of such Qualifying Eligible Start-ups should not exceed INR 250,000,000 (Rupees twenty five million) in any year for which such tax holiday is claimed.
(iii) Should engage itself in innovation, development or improvement of products or processes or services, or if it is a scalable business model with a high potential of employment generation or wealth creation (Eligible Business) and also hold a valid certificate of Eligible Business from the Inter-Ministerial Board of Certification.
(b) Key Benefits available to such Qualifying Eligible Start-ups:
(i) Tax Holiday under section 80-IAC of the Income Tax Act: Deduction of 100% of profits from Eligible Business is available to such Qualifying Eligible Start-ups for any 3 consecutive assessment years out of 7 assessment years beginning from the year in which such start-up is incorporated, subject to conditions prescribed in the said section.
(ii) Angel tax exemption: In case a closely held company issues shares to a resident and receives consideration in lieu thereof, which exceeds the prescribed fair value of such shares, the excess consideration is taxed in the hands of the company. In the context of start-ups, this levy of tax is popularly referred to as the 'angel tax'. The government has now clarified that such start-ups which are recognised by Department for Promotion of Industry and Internal Trade (DPIIT) and satisfy the conditions as prescribed by DPIIT, shall be exempt from the levy of the angel tax (refer notification issued by Ministry of Commerce (DPIIT) dated 19 February 2019.
Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?
Several FinTech companies across sectors such as mobile technology, data analytics, digital lenders and online payment solutions have received foreign investment (both internal and external rounds of funding). 100% foreign direct investment under the automatic route is permitted for FinTech companies that are regulated by the RBI or any other financial services regulator in India, subject to certain compliances such as minimum capitalisation norms. Given the FinTech sector in India is in its growth stages, it has consistently attracted investments from domestic as well as foreign investors. Generally speaking, FinTech sector is fairly mature and several FinTech companies have raised investment ranging from Series A-Series D funding.
If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?
FinTech has caused significant disruption in the payments landscape in India, aided by the Indian government’s push towards a digital economy incentivising digital payment transactions. RBI has recently published its Vision Statement for 2019-2021 for Payment Systems in India (Vision 2021) which recognizes the exponential growth of digital payment systems in India and lays down a framework for the next steps in the era of digitisation of payment methods- to endeavour to ensure increased efficiency, uninterrupted availability of safe, secure, accessible and affordable payment systems. Aided by regulatory and government support to move towards a cashless economy, India has a tremendous potential for continued growth in the FinTech space given the sheer number of new customers that can be on-boarded on digital payment platforms and the Government’s continued endeavours to make digital payments more accessible to give a boost to digital India. In addition, the Government of India has announced measures such as the ‘Start Up India’ scheme to encourage entrepreneurship in India which makes India the go-to space for FinTech entrepreneurs. The RBI’s regulatory sandbox is poised to be another key driver towards growth and development of FinTech space in India.
Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?
There is no quota system in place for any sector for foreign nationals entering India. However, as per the guidelines issued by the Bureau of Immigration, Ministry of Home Affairs, a foreign national being sponsored for an employment visa in any sector should draw a gross salary in excess of USD 25,000 per annum. Further, as per the employment visa requirements, employment visa is not granted for jobs for which qualified Indians are available or for routine, ordinary, secretarial or clerical jobs. It is granted to highly skilled/ qualified professionals or to persons engaged or appointed on contractual or employment basis. Consular and immigration officials consider an applicant’s academic and professional qualifications to fill the proposed position in India, and the availability of Indian workers to fill the position.
Typically, employment visas for most sectors are processed on a case-by-case basis and historically have been granted for 1 year even if the duration of employment is longer than a year. It is possible to get an extension of the visa in India for an additional 12-month period enabling the individual to remain in India on the employment visa for up to a total of 5 years from the date of initial issue of the visa. The extension procedure and processing time differs in every jurisdiction within India. U.S nationals who are the CEOs or senior executives of a U.S. company may be granted employment visas for a period of three years or for the validity of the employment contract, whichever is shorter. Special provisions regarding visa processes and validity apply to the citizens of Japan and China.
If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?
At present, given that India has substantial labour surplus, there are no new guidelines/policies in pipeline in relation to entry of foreign nationals in India. The Indian government from time to time enters into agreements with other countries in order to bring about relaxed immigration guidelines for individuals from both the countries. Such relaxed guidelines typically include visa on arrival, medical and tourist visa relaxations. However, these agreements have not focused on any specific sector. Currently, the Indian FinTech sector does not seem to have any specific policies/guidelines in place.
What protections can a fintech use in your jurisdiction to protect its intellectual property?
Under Indian law, computer programs and software codes are generally protected by copyright whereas brands, logos, sounds, colours and 3D shapes are protected by trademark. Typically FinTech companies enter into non-disclosure and confidentiality agreements to protect their intellectual property. However, there is no common law protection for such confidentiality agreements and parties typically resort to damages and contractual breach as remedy. Several companies have also filed patent applications with the patent office in India for patenting blockchain based technology that provides financial solutions.
How are cryptocurrencies treated under the regulatory framework in your jurisdiction?
While digital payments and other FinTech products have seen rapid strides in India, the same is not true for cryptocurrency, which has not been viewed favourably by Indian regulators. In April, 2018 the RBI prohibited all banks and other entities regulated by the RBI from dealing in, settling, enabling any buying or selling of cryptocurrency with an intent to ring fence regulated Indian financial entities from the risks associated with trading and dealing in virtual currencies and also to protect against money laundering. While currently, cryptocurrency per se is not prohibited in India, the RBI has repeatedly indicated that it does not view cryptocurrencies as valid legal tender in India. In addition, the Indian government is proposing to completely ban the use, possession, trading or otherwise dealing in cryptocurrencies in India; a legislation in this respect is currently pending parliamentary approval.
How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?
Initial coin offerings are not viewed favourably by Indian regulators, especially in light of the stand taken by the RBI against cryptocurrency in India. With the introduction of a proposed legislation ‘Banning of Cryptocurrency and Regulation of Official Digital Currency Bill 2019’, the Indian government has made its stand clear on non-recognition of cryptocurrency as legal tender.
Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?
While cryptocurrency is not recognised as valid legal tender in India, block chain technology has not faced the same regulatory resistance. Indian regulators are open to block chain technology based innovations, with the RBI specifically including applications under block chain technologies in the indicative list of innovative products and services which could be considered for testing under the framework for regulatory sandboxes notified by the RBI. Several startups in India are using block-chain based technology for providing solutions to different industries ranging from healthcare, banking, trade finance, insurance, and others. Leading banks in India have partnered with technology firms to roll-out block chain technology based solutions to assist in legal documentation and KYC verification of customers. These solutions will be based on private ledgers, which can be accessed only by permissible entities (other banks which have signed up for the service) to ensure compliance with data protection and privacy regulations. Banks are also looking to develop fraud prevention tools based on block-chain technology, to help prevent fraud in trade financing transactions. In addition, a group of large banks have agreed to partner-up and have formed a group - ‘Bankchain’ (which includes leading banks such as SBI, ICICI Bank, Axis Bank, etc.), to undertake research projects to analyse the advantages block-chain technology can offer in the banking sector.
To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?
Artificial intelligence (AI) based tools and utilities have witnessed increased use cases in the financial sector in India, with financial services witnessing a shift from personal customer interactions to automated processes. The primary areas where AI has made strides in the financial services in India relate to product matching in accordance with the requirements and profile of customers, fraud detection, assistive chatbots and personal finance management.
The NITI Aayog has recently proposed an institutional framework for AI which requires funding of INR 75,000,000,000 (Rupees seventy five billion) for creation of cloud computing platform called AIRAWAT. Reports suggest that the Indian government is looking to invest INR 75,000,000,000 (Rupees seventy five billion) initially over a three-year period and set up a high-level taskforce to oversee roll-out and implementation of AI. The Government of India has also proposed setting up a National Centre for Artificial Intelligence to encourage AI based technology including in the FinTech sector.
That being said, the key challenge in connection with use of AI in financial sector in India is with respect to data privacy and protection. Use of AI utilities involves access to sensitive customer data including inter alia financial information, credit history, spending patterns, etc. So long as financial service providers are able to comply with the changing regulatory landscape pertaining to data privacy in India, regulation is unlikely to impede further use of AI in financial services. However, financial service providers will need to re-think their systems and operations so as to ensure a smooth transition to the proposed data protection framework in India and to deploy AI for enhancement of customer experience in banking and payments space.
Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?
InsurTech in India is currently in its nascent stages of growth, but, it has to a large extent disrupted the traditional supply chain of insurance products in the country. Several insurance providers have partnered with technology partners and other FinTech players to offer a range of digital insurance products to their customers. For example, several PPI wallets operating in the country have entered into collaboration arrangements with insurance companies to offer insurance products to their customers through their digital platforms. In addition to partnering with FinTech players like PPI wallets, insurance providers have also set up independent digital platforms for offering insurance products to existing and new customers.
The key regulations governing InsurTech in India include the Guidelines on Insurance e-commerce dated March 9, 2017, the Guidelines on Insurance Repositories and Electronic Issuance of Insurance Policies dated May 29, 2015, the Issuance of e-insurance Policies Regulations, 2016, each issued by the Insurance Regulatory and Development Authority of India (IRDAI) to regulate and govern the provision of digital insurance products by eligible insurance providers to new and existing customers.
A key area of discussion pertaining to offering of insurance products in India is bundling of insurance products with other goods and services (including financial products). The concerns around packaging of insurance products with other products primarily include inadequate disclosure to the customer of the characteristics of the bundled insurance products, restrictions on consumer choice or the freedom to make informed choices or comparisons with other products available in the market and undue influence over the customers by the provider of the packaged bundled products. With advances in technology and fast paced developments in the FinTech market, opportunities to bundle insurance products with other financial products have become easier and convenient. In 2012, with a view to regulate bundling of insurance products with other goods and services, the IRDAI had released a discussion paper on “tying and bundling insurance policies with other services and goods” and had invited comments from the public. However, the discussion paper could not culminate into codified guidelines or regulations to regulate bundling of insurance products.
Are there any areas of fintech that are particularly strong in your jurisdiction?
Digital lending, PPI instruments (mostly pre-paid mobile wallets) and UPI enabled payment systems dominate the Fintech space in India; however the sector continues to evolve at a rapid pace and several new developments are expected in light of RBI’s regulatory sandbox regime and its vision statement for 2019-2021.
What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?
Banks and non-bank FinTech players had initially launched competing products and the FinTech landscape in India was, for a while, segmented into bank vs. non-bank players. In fact, the major advantage for a non-bank FinTech player such as a non-bank PPI issuer was ease of customer onboarding process and ease of access to diversified goods and services, without the need to primarily rely on bank accounts, for such purposes. However, the market has now shifted to a more collaborative model, with banks and non-bank entities partnering on several dimensions, each leveraging their respective strengths, to provide customers easy to use financial products. Non-banks have the ability to leverage technology more effectively, and are able to access customers and markets that banks would find too expensive to tap in the ordinary course. Banks have strong balance sheets and a robust understanding of the regulatory and licensing regime governing financial products, particularly KYC regulations.
In the payments landscape, banks regularly partner with third party technology service providers to manage the customer and product interface for both PPI and UPI based payment products. In the digital lending space with the notification of the Account Aggregator Master Directions, it is expected that banks will increasingly rely on innovative credit scoring and appraisal procedures developed by technology partners, for processing applications at the loan origination stage and for offering tailor made financial products to their customers.
To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?
In the digital payments space, PPI mobile wallets offered by non-bank PPI issuers had initially captured a significant share of the stored value digital payments market. However, banks were quick to sense the potential that this space has to offer, and proceeded to launch their own prepaid wallets. Changes in law (particularly around KYC and onboarding of customer rules), however, have significantly increased the regulatory burden and costs of operation for wallet players, causing several players to re-think business strategy. Increased regulatory burden and costs of operations have resulted in increasing co-branding arrangements between banks and non-bank entities with each partner playing to its strength to formulate attractive products for their customers.
Banks have also assimilated their systems, by developing compatible interfaces on top of already existing technological infrastructure, with UPI to offer extended services to their customers. Post the roll-out of UPI, a number of banks have been able to tweak their existing digital banking solutions to enable functionalities offered by UPI, with a view to retain customers and provide the full benefits of UPI to their customers without substantially changing user experience.
In addition to co-branding arrangements, leading banks have invested in research projects to take advantage of developments in block-chain technologies and their adoption in the services offered by them.
Are there any strong examples of disruption through fintech in your jurisdiction?
The strongest examples of disruption in India are the prevalence of PPI wallets and UPI enabled solutions to facilitate customer to merchant and peer to peer transactions. India has traditionally been a cash based economy, but, is now rapidly transforming into a digital economy on the strength of the digital payment products offered by FinTech players operating in the country, especially in the wake of demonetisation and the Indian government’s push towards digital payments. In the 12 months that followed demonetisation, digital payments saw growth in transaction values of 1,540% and transaction volumes of almost 755%. Demonetisation and the consequent growth of digital payment products in the country is a classic example of disruption caused by FinTech products in India.
A key area where further disruption in the payments ecosystem is expected is the adoption of evolving technologies such as block-chain and AI by payment service providers (including both bank and non-bank entities). Both bank and non-bank entities have already began to rely on AI based tools to improve customer experience, especially, in the areas of product identification and matching, background and credit verification checks which all make for a seamless customer experience.