Back to Professional-Advisers-Fintech Rankings

INDIA: An Introduction

Contributors:
Shardul Amarchand Mangaldas & Co Logo
View firm profile

FINTECH IN INDIA: MARKET & REGULATORY LANDSCAPE

Authored by: Shilpa Mankar Ahluwalia. Shilpa leads the FinTech group at Shardul Amarchand.

Market Landscape  

FinTech has, over the last few years, caused significant disruption in both payments and lending in India. In November 2016, with the announcement of the demonetisation decision by the Government of India, digital payments received a tremendous external push. In the 12 months that followed demonetisation, digital payments saw growth in transaction values of 1,540% and transaction volumes of almost 755%.¹ 

In the payment space, mobile pre-paid wallets captured a large share of the stored value digital payments market. They were easy to set up, easy to use, and could be used to seamlessly pay for a wide set of goods and services. This space was initially dominated by non-bank players, but banks were quick to sense the opportunity, and proceeded to build and launch their own competing payment platforms. Today, several of the Big Tech and e-commerce companies with large customer networks have also launched payment solutions in India.

Some of the larger payment platforms have been issued a payment bank licence. Payment banks are specialised banks that focus on payment solutions. They are permitted to accept small value deposits but cannot offer any credit or credit linked products.

Digital lending has also seen significant growth. Several lending platforms (mostly regulated as non-bank financial companies (NBFCs)) offer digital lending solutions to predominantly the SME and consumer segments. The market has broadly two sets of players – those that connect banks and NBFCs with potential borrowers and those that lend on the strength of their own balance sheet. Peer to peer (P2P) lending has not, as yet, captured any significant part of the digital lending market share, in part owing to regulatory hurdles.

While FinTech has taken rapid strides in the payment and lending spaces, the same is not true for cryptocurrency, where there has been discernible resistance and apprehension. In April 2018, the Reserve Bank of India (RBI) issued a circular prohibiting any bank or other RBI licensed entity from dealing in, settling or enabling any buying or selling of cryptocurrency, with the intent to ring-fence regulated entities from the risks associated with virtual currencies. Though not legally prohibited, the RBI has on several occasions publicly stated that it does not view cryptocurrency as a valid payment system. The restrictions on cryptocurrency have prevented any significant growth in usage. There are, however, a few players in India, but given the regulatory constraints, peer to peer trading has emerged as one of the most common use cases. There has been some discussion of the Government of India formally banning the use and trading of cryptocurrency in India, but no draft or formal legislation has been introduced as yet.

Existing Regulatory Framework 

The primary regulator for FinTech in India is the central bank – the Reserve Bank of India. The RBI initially followed a light-touch approach to FinTech regulation, but has more recently moved closer towards a full-regulation model. Non-bank payment players, for example, now need to comply with customer onboarding and KYC procedures similar to those required of banks.

With the absence of any consolidated regulation or policy guideline for FinTech, the regulatory landscape is decidedly fragmented, making it challenging to navigate. The RBI has been quick to respond to market changes, and there have been several changes and updates in the law over the last few years. Broadly, the regulatory framework consists of:

  • Payment Systems: The Payment and Settlement Systems Act 2007 sets out the framework for regulation of all payment systems.
  • Mobile Wallets: Master Directions on Issuance and Operation of Prepaid Payment Instruments issued by the RBI regulates all mobile wallets and other pre-paid payment products.
  • NBFCs: the RBI has issued a series of master directions and circulars regulating the licensing and operation of Non-Banking Financial Companies (NBFCs) and has set out certain thresholds to determine whether an entity will be classified as a financial services company requiring licensing. Most digital lending entities lending on their own account are licensed as NBFCs.
  • Payment Banks: Licensing (2014) and Operating (2016) Guidelines for Payment Banks issued by the RBI govern the licensing and operations of payment banks.
  • P2P Lending Platforms: Master Directions – NBFC – Peer to Peer Lending Platform Directions 2017 is the key regulation for P2P lending platforms that introduced lender exposure norms and aggregate borrowing limits.
  • UPI Payments: The Unified Payments Interface (UPI) is a payments platform managed and operated by the National Payments Corporation of India (NPCI). The UPI enables real time mobile based bank-bank payments. The NPCI has issued a set of guidelines and criteria determining how a bank can integrate its payments platform with the UPI. Currently, only banks are able to integrate with the UPI platform. UPI enabled payments constitute a significant percentage of the consumer to merchant and peer to peer digital payment transactions.
  • Payment Gateways and Intermediaries: Payment gateways are currently not licensed, but need to comply with a broad set of direction issued by the RBI. There has been some discussion of a possible more full-fledged regulation of payment gateways going ahead.
  • Data Privacy & Protection: Access to customer data, data privacy and protection has each become an increasingly important issue with FinTech platforms collecting and storing various forms of customer personal, financial, and behavioural data. India does not today have a comprehensive data privacy framework. The Information Technology Act 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 are the two key regulations governing protection of personal data. The Justice Srikrishna Committee constituted by the Government of India to develop a data protection regulatory framework issued a set of recommendations and submitted the Personal Data Protection Bill in July 2018.

    As the reach of FinTech products and platforms grows, the RBI is likely to want to formally regulate a greater part of this sector, causing some erosion in the intrinsic competitive advantage that FinTech players have enjoyed thus far.

    Aadhaar: Regulatory Developments & Implications for FinTech

    The Aadhaar scheme (India’s unique biometric identity project, and possibly the largest of its kind) has played a central role in the growth of the FinTech sector. India Stack, which is often viewed as the backbone of the FinTech infrastructure, is essentially a series of APIs built on the Aadhaar platform. The Government agency that has been responsible for implementing the Aadhaar scheme – Unique Identification Authority of India (UIDAI) – allowed for an Aadhaar enabled e-KYC which essentially changed the way FinTech did business. With e-KYC, a payments or digital lending platform could on-board customers cost-effectively (at a fraction of the cost of a physical document based on-boarding procedure), very quickly, and without using any paper.

    In September 2018, however, the Supreme Court of India (SC) in a landmark decision² on the constitutional validity of the Aadhaar Act,³ struck down the ability of any private entity to use Aadhaar authentication to establish the identity of an individual without the backing of law. Consequently, private entities (banks, NBFCs, payment system operators, mobile wallets or any other private bodies) can no longer undertake e-KYC authentication of individuals using Aadhaar, even if done under a contract where consent of the individual is obtained. Any mandatory linkage of a customer’s Aadhaar number to a bank account or any other service has also been barred.

    The SC did indicate that private players may be allowed access to Aadhaar-based authentication if backed by appropriate legislation. Press reports seem to indicate that the Government may be open to introducing required legislation to allow private players the ability to use Aadhaar numbers for purposes of establishing identity (essentially, in order to be able to undertake e-KYC authentication). However, there is no visibility on the timing, form or content of such a legislation.

    The UIDAI has indicated that certain forms of offline verification using Aadhaar data and verification via the embedded QR code on the Aadhaar card are permissible. The industry is working towards developing viable offline, digital, paperless models for customer verification using a combination of these procedures.

    Market Trends 

    The FinTech sector has, more recently, seen a shift from bank–non-bank competition to a more collaborative model between banks and non-banks with increasing partnerships between both sets of players, each leveraging their respective strengths.

    Non-banks have the ability to leverage technology more effectively, and are able to access customers and markets that banks would find too expensive to tap in the ordinary course. Banks have strong balance sheets and a good understanding of the regulatory and licensing regime governing financial products.

    In the payments space, banks have partnered with technology platforms to manage the customer and product interface for both pre-paid and UPI enabled payment solutions. In digital lending, banks, at the origination stage, are beginning to rely on credit scoring procedures of non-bank partners that use non-conventional data to perform a credit risk analysis. The market is also likely to see post-origination deals, such as securitisation of loan portfolios, risk sharing and back-end bank participation structures.

    Payment companies have been pushing for inter-operability and a level playing field between banks and non-banks. The RBI recently issued guidelines for inter-operability of all mobile wallets (enabling wallet to wallet transfers across multiple issuers). As the sector evolves, and regulation increases, the RBI is likely to be more comfortable giving non-bank players access to the payments, financial and digital infrastructure that banks are able to access.

    Separately, the sector is likely to see more and more horizontal collaborations, with FinTech platforms using their distribution channels to offer a wider set of financial products (credit, insurance, investments, and other saving linked products).

    Key Challenges 

    The two key challenges facing the FinTech sector today are (i) how to develop a cost-effective way to onboard customers given that e-KYC is no longer permitted; and (ii) costs associated with data management (particularly for global players looking to come into India).

    Customer on-boarding: In October 2017, the RBI introduced a full KYC requirement for all mobile wallets and other pre-paid instruments. This significantly increased costs on the ground for FinTech players, given that several do not have a wide on the ground branch or agent network to meet customers face to face and verify KYC documentation. E-KYC provided the FinTech sector with an effective and low-cost means to complete the KYC checks required by the RBI before being able to distribute any financial products or services. Now that e-KYC authentication is no longer available, players will need to evaluate costs and revert to physical KYC checks. The industry is working with technology partners to find other low-cost alternatives, but until the RBI amends its regulations and states that such alternative means of KYC are legally valid, such will have only limited acceptability and usage.

    Data localisation: A data localisation requirement was mandated by the RBI in April 2018 for all payments-related data. Payment system operators have been required to ensure that all data linked to a payment transaction in India is mandatorily stored only in India. Licensed entities were given a time frame of 6 months (until October 2018) to comply with this requirement. The costs of compliance for global players are significant, particularly given that several such entities have global data processing and fraud control hubs. Setting up a parallel data infrastructure in India will be time consuming and expensive, but many payment platforms are working towards compliance with this requirement. The Personal Data Protection Bill 2018 also contemplates a data localisation requirement for certain kinds of critical personal data, but no such requirement has yet been notified.

    Looking Ahead 

    The debate re access to Aadhaar information is intrinsically linked to the sector’s ability to ensure personal data privacy and protection. Newer FinTech players will be well advised to invest in technology and systems that are able to securely manage and handle customer data. Once the Government and the RBI are satisfied that these entities do in fact have secure data handling systems in place, they are more likely to put in place a framework enabling access to Aadhaar details and other sensitive customer data.

    Despite the market and regulatory challenges facing the sector, FinTech in India is well positioned to grow. There will be (and is already) innovation in spaces other than payments and digital lending, and regulations will continue to evolve as the sector does.

    ------------------------------------------

    1. These statistics track UPI based digital payment transactions. Source: https://www.pwc.in/consulting/financial-services/fintech/fintech-insights/demonetisation-effect-digital-payment-gain-new-momentum.htmlExponential rise in digital payments in the last one year

    2. Justice K.S. Puttaswamy (Retd.) v. Union of India.

    3. Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.


  •