India’s Central Bank Eyes Increased Fintech Regulation
Reserve Bank of India (RBI) is looking to regulate the country’s financial technology (fintech) companies and ecosystem.
The Reserve Bank of India (RBI) is looking to regulate the country’s financial technology (fintech) companies and ecosystem. Deputy Governor T Rabi Sankar noted that the RBI has been talking to the industry and monitoring the fintech space to find a balance between fostering innovation and ensuring adherence to norms. These regulations aim to be “developmental” to the rapidly growing sector, allowing for more stability while still promoting growth. Cybersecurity, fraud prevention, and risk mitigation are also being eyed in this proposed regulatory framework. There has yet to be a set timeline for implementing regulations for fintech entities, but with the industry’s rapid growth, they may be expected very soon.
Increasing Cybersecurity
India’s fintech landscape has brought forth many leading players, including Paytm, Razorpay, Lendingkart, MoneyTap, and more. With more people using these financial services, essential details and data are entrusted to these companies, who must ensure they are secure. India’s fintech companies, however, have not been immune to cyberattacks. In 2020, the fintech sector outnumbered the healthcare industry in the number of phishing activities experienced, reaching 60%. Because many of these businesses are startups or fledgling enterprises, they become frequent targets for cybercriminals who want to exploit their desire for growth. The need for cybersecurity compliance is more essential than ever and is one of the aspects the RBI hopes to enhance through regulation.
Fintech companies have had to become more protective of customer data to build (or rebuild trust, in some cases) and prevent devastating cybercrimes from affecting business. Many leading SaaS (software as a service) are automating compliance with data security standards to identify theft attempts, shut down threats, protect confidential data, and prevent fines. It’s not just payment and lending apps striving to be more compliant; trading brokerages also submit to the Payment Card Industry Data Security Standard (PCI DSS) to ensure security and privacy. An online trading platform should undergo regular vulnerability scans and penetration in accordance with PCI DSS requirements to ensure customer data and money is kept safe. With more regulation, fintech companies may expect stricter compliance with cybersecurity frameworks to safeguard critical information. Businesses may have to fulfil cybersecurity requirements to operate, regardless of the size of the enterprise.
Adherence to Banking Industry Standards
The fintech landscape is no stranger to regulations, as RBI had already implemented guidelines on digital lending last year, affecting relevant fintech companies. The fintech startup ecosystem has made innovations to make credit more accessible to people not accustomed to borrowing from traditional sources. This new regulation significantly affected Buy Now Pay Later (BNPL) services. Initially, BNPL companies partnered with banks to issue cards with a pre-loaded credit limit, acting as an intermediary or platform provider for the bank. However, in mid-2022, the RBI released a notice that banned non-bank prepaid instruments, such as digital wallets and prepaid, from loading credit lines into these instruments. BNPL fintech companies had to rework their business models to be able to provide service to customers once more.
One of RBI’s justifications for this move was the lack of credit awareness of BNPL’s target market, typically younger generations. RBI grew wary of the increased purchasing power bestowed upon younger people who may not have the means or awareness to repay the loans promptly. Another reason was that due to the leniency of the lending process compared to traditional banking institutions, interventions, and tighter norms were necessary to make for a more sound business model that adhered to proper standards. With more regulations being mulled over, stricter adherence to traditional standards might be something to expect to ensure appropriate business practices. Collaboration with banking institutions could also be a possibility to keep business models grounded in the law of the land.
Balancing Growth and Standards
The RBI’s main goal for eyeing regulation is to ensure enough space for the fintech ecosystem to experiment and innovate while still adhering to regulated practices. This allows the RBI to monitor the landscape more closely, ensuring fintech activities operate within standards. This could prevent adverse impacts on Indian consumers entrusting their funds and data to these companies while still providing accessible and easy-to-use services that allow for more financial literacy and inclusion in the country.
Currently, RBI calls for fintech companies to establish their self-regulated organizations (SROs) to set the standards for conduct or act as a bridge between the sector and regulators. However, conducting such a venture that would apply to the whole sector has been difficult for the industry. By working with the RBI, the fintech ecosystem may find a solution that could work for growth while still being disciplined in business practices. While a verdict on regulation has yet to be reached, fintech businesses should be gearing up for change to ensure development and innovation despite stricter compliance with industry-wide standards.
For more legal knowledge, keep visiting Legal Bites.
Important Links
Law Library: Notes and Study Material for LLB, LLM, Judiciary, and Entrance Exams