An Analysis of India’s Payment System Regulations

The Reserve Bank of India (RBI) is the apex regulatory body for payments in India, it controls the inflow and outflow of money, it lays down regulations and laws for transacting and bartering in India, as well as procedures for regulating digital payments in India.

The broad framework for setting up payment systems in India was only set up as recently as 2007 by the Payment and Settlement Systems Act 2007 (PSS Act). It defines a payment system as any system that enables payments to be made between two people, (ie, the payer and the beneficiary).

Everything from the traditional paper-based clearing systems, which involve either cheques or money orders, through to more modern electronic payment systems, automated clearing houses and traditional debit and credit cards are covered by the PSS Act.

India faced a monetary turning point in 2016 when the government demonetised the INR500 and INR1,000 bank notes. This caused a pivot to digital payments, which ultimately led to the creation of the Unified Payments Interface (UPI).

The UPI allows for both peer-to-merchant (P2M) and peer-to-peer (P2P) payments through a government-led infrastructure and was given a significant boost by the COVID-19 pandemic and social distancing measures.

A key question has been who will bear the costs associated with providing these systems. These are distributed between the entities that have set up these systems, merchants, purchasers and, in some cases, they are ultimately either borne by either the technology providers or subsidised by the government.

While regulators and financial institutions will always err on the side of caution and may take a conservative view, fintech companies, which have had to spend exorbitant amounts of money to market their product and to develop the underlying technology, feel that in some respects the RBI has been overly cautious and that some of its regulations have been more onerous than global, accepted standards.

India is one of the few countries in the world that requires absolute storage of payments data (essentially any kind of sensitive personal data for financial transactions) in India. Some of these measures have, in the last two to three years, resulted in a slow-down in the rapid growth that the sector experienced in the last decade.

There is also a significant conflict between this absolute storage standard for payments data and India’s current data legislation, which allows the export of sensitive data after obtaining consent, as well as the proposed Digital Personal Data Protection Bill, which allow companies to transfer this data outside India to certain white-listed countries if certain conditions are met.

The industry is grappling with this dichotomy and it is time that regulators understood that the laws must be read harmoniously.