In an exclusive conversation with Financial Express Online, Rishi Agrawal, CEO and Co-Founder, Teamlease RegTech, talked about various compliance measures and regulatory frameworks that companies need to follow in order to stay on top of their compliance obligations.
After the Reserve Bank of India (RBI) took regulatory action against Paytm Payments Bank on January 31, barring it from offering banking services effective March, the fintech industry has become watchful about the regulatory framework and guidelines they need to adhere to. The business regulatory ecosystem consists of 1,536 acts and rules and over 69,000 compliance obligations. In an exclusive conversation with Financial Express Online, Rishi Agrawal, CEO and Co-Founder, Teamlease RegTech, talked about various compliance measures and regulatory frameworks that companies need to follow in order to stay on top of their compliance obligations.
“At the outset, depending on the type of financial services offered, every fintech entity operating in the country must be registered with the RBI per the RBI Act, 1934 and associated regulations. The Reserve Bank regulates some fintechs directly by granting them NBFC licences (such as NBFC-P2P) or indirectly by regulating the associated banks and NBFCs. As per the Payment and Settlement Systems Act, 2007, initiating and operating any ‘payment system’ in India can only be done with the prior authorisation of RBI,” Rishi Agrawal said.
Also Read
SBI in talks with RBI to lower cash reserve ratio requirement on green deposits
Most recently, the RBI has implemented the Guidelines on Digital Lending to safeguard the interests of borrowers in light of the increasing digital loan fraud cases in the country. “As per the guidelines, all loan disbursals and repayments must be executed only between the borrower’s bank accounts and the regulated entities (REs). Lending Service Providers (LSPs) or any third party are barred from having pass-through pool accounts. Automatic credit limit increases without the borrower’s explicit consent have been prohibited. Other stipulations such as direct payment of fees/ charges by REs to LSPs, providing standardised KFS (Key Fact Statement) to borrowers, and a cooling-off period for borrowers to exit digital loans without penalty have been inserted,” he added.
The recent card-on-file (CoF) tokenisation norms have been introduced in light of several instances of cyber fraud involving misuse of debit/credit card data. “As per these norms, tokenisation is set to replace sensitive payment credentials, such as 16-digit card numbers, names, expiry dates, and security codes, with a unique alternate number or token. The Digital Personal Data Protection Act, 2023 (DPDP Act) added another layer of regulatory scrutiny for fintech working in direct contact with its users’ sensitive financial data and Personal Identifiable Information (PII). The Act lays down a series of obligations that these companies must adhere to in order to ensure the safety and security of the users’ data,” said Rishi Agrawal.
Some other notable acts and guidelines for fintech are:
- Master Directions on Prepaid Payment Instruments (MD-PPIs), 2021.
- Framework for Scale Based Regulation for Non-Banking Financial Companies, 2021.
- Directions for opening and operation of Accounts and settlement of payments for electronic payment transactions involving intermediaries, 2009.
- Guidelines for Licensing of Payments Banks, 2014 and Operating Guidelines for Payments Banks, 2016.
- Framework for Recognition of a Self-Regulatory Organisation for Payment System Operators, 2020.
- Guidelines on Regulation of Payment Aggregators and Payment Gateways, 2020.
- Circular on Processing of e-mandate on cards for recurring transactions, 2019.
- RBI Master Directions on Credit Card and Debit Card – Issuance and Conduct, 2022
How to ensure compliance?
In order to ensure compliance with consumer protection laws and guidelines issued by the RBI, Rishi Agrawal said, “Companies must stay on top of the Master Circulars and Master Directions issued by RBI. Analysing the impact of RBI’s directions will allow businesses to stay on top of their regulatory obligations. Furthermore, setting the tone from the top towards prioritising good compliance behaviour will further aid the institution in ensuring continued compliance with consumer protection laws and guidelines issued by RBI.”
Further, they must also digitise internal processes to monitor deposits, lending, recovery and other business operations. “These internal IT systems must be encoded to set employee conduct limits. Risk flagging prevents unsafe and illegal transactions from being permitted without senior management clearance. Internal systems need stronger, risk-based lending policies to deter rule-breaking staff,” he added.
Also Read
HDFC Bank’s savings accounts gets boost post merger
The Paytm fiasco
The RBI’s action on Paytm Payments Bank is the culmination of a four-year scuffle between the two on issues such as segregation in IT, risk and other operations between the two entities, and persistent violation of KYC and customer on-boarding norms. The RBI first imposed curbs on the bank in 2018 which were eventually lifted after the company submitted an IT audit report detailing its compliance with necessary regulations. However, it later emerged that Paytm had made falsified reports. Following discussions with the company through 2020, the RBI in 2021 asked Paytm to undertake another audit, through approved auditors. One 97 was also warned to fix any compliance and governance issues if it did not wish to face penalties or curbs. On March 11, 2022, the RBI had also directed PPB to stop onboarding of new customers with immediate effect.
Besides the KYC norms violations, PPB could also have flouted foreign exchange norms at the entity level, sources had said earlier. FE had reported earlier that the Enforcement Directorate (ED) was gathering information about the “end uses” of foreign direct investment (FDI) in One97 Communications, which owns PPB. Currently, 34 foreign (FDI) investors hold a little over 45 per cent of One97 Communications, and over 450 FPIs together have an 18.64 per cent stake in the firm. The rest of the shares are with PPB part-time chairman Vijay Shekhar Sharma (9.1 per cent), retail investors (12.85 per cent), mutual funds (4.99 per cent), body corporates (6.33 per cent) and others.
