However, financial malfeasance and irregularities have marred potential improvements in the FinTech space in recent years. Reserve Bank of IndiaAccording to the RBI’s annual report for 2021-22, 3,596 frauds involving cards and online banking were recorded in 2021-22, an increase of 34% over the previous year. Financial fraud complaints to the government average 83 per hour. There is a lack of trust in the sector due to numerous cases of fraudulent UPI transactions, e-wallet thefts, KYC leaks, and loan app frauds, among other incidents. RBI oversees the industry and has given these concerns the attention they deserve.
To curb these malpractices, a number of regulations have been framed following several rounds of stakeholder consultations. The regulatory framework developed and managed by various regulators including the Central Bank, Ministry of Finance, IRDAI and SEBI is an integral part of the success of the FinTech revolution.
As per the RBI Act, 1934 and related rules, every FinTech company operating in the country must first register with the RBI, depending on the type of financial services it offers. Some FinTechs are regulated by the Reserve Bank, either directly through the issuance of NBFC licenses (such as NBFC-P2P) or indirectly through the regulation of affiliated banks and NBFCs. The NBFCs that partner with these FinTechs are also regulated under various laws such as the Master Directions and Master Circulars issued by the RBI under the Reserve Bank of India Act, 1934, such as the Master Direction – Information Technology Framework for the NBFC Sector, 2017, Master Direction – Know Your Customer (KYC) Direction, 2016, Master Circular – Non-Banking Financial Company – Micro Finance Institutions, 2015, among others. According to the Payment and Settlement Systems Act, 2007, prior permission from the RBI is required before launching and operating any ‘payment system’ in India.
The regulatory framework that governs business operations in India is extremely dynamic and fluid. While the ecosystem is built around 1,536 laws and rules constituting 69,233 compliances, regular and continuous regulatory updates are published on over 2,000 central, state and municipal websites. During FY22-23, there were 5,986 regulatory updates, averaging over 16 updates per day. The volume and frequency of these updates amply illustrate the dynamism of the regulatory landscape. As a result, it is almost complicated for a compliance officer to stay abreast of all the relevant regulatory developments and understand how these adjustments impact the compliance requirements of his or her organization.
The recently introduced guidelines on digital lending are an example of how the regulator has acted to curb the menace of digital lending fraud. The regulator has also tightened regulations on the information front to ensure the privacy of borrowers’ data. The recent Card of Record (CoF) tokenisation norms have been introduced in light of several cyber fraud cases involving misuse of debit/credit card data. As per these norms, tokenisation is expected to replace sensitive payment credentials, such as 16-digit card numbers, names, expiry dates, and security codes, with a unique alternative number or token. The Digital Personal Data Protection Act, 2023 (DPDP Act) has added another layer of regulatory scrutiny for FinTechs that have been working in direct contact with sensitive financial data and personally identifiable information (PII) of its users. The Act lays down a series of obligations that these companies must comply with in order to ensure the security of user data. The recent draft framework for a Self-Regulatory Organisation (SRO) for the industry marks another step in creating statutory safeguards to protect the interests of customers, the economy and FinTech players. Self-regulation will enable these entities to proactively work towards creating industry standards and best practices instead of constantly turning to the regulator. This demonstrates confidence in the industry and hence, the industry must rise to the occasion. The SRO will be responsible for setting standards, maintaining oversight and enforcement of regulations, developing the industry and redressing grievances. Compliance and paperwork are inextricably linked in India. Compliance relies on documents including applications, acknowledgements, forms, receipts, licenses and records. Unfortunately, a substantial portion of the country’s compliance documentation remains paper-based and has little to no digital capabilities. Employers face significant challenges in manual document management due to the large volume of paperwork involved.
As a result, delays, defaults and unintentional lapses ensue, leading to potential financial and reputational risks. In the last few years, there have been many instances where due to continued non-compliances, the RBI has taken strict action against several banks, NBFCs and Fintech companies. The RBI had highlighted serious non-compliances during Paytm Payments Bank (PPB) for a long time. In 2018, the RBI temporarily suspended new account openings in Paytm Payments Bank due to non-compliance with KYC norms and the latter was banned completely in 2022 citing “certain significant supervisory issues”. Recently, the RBI imposed major business restrictions on Paytm Payments Bank effective March 1, 2024, which means PPBL cannot undertake any banking activities including accepting deposits, credit transactions, wallet recharges (not even from FASTags) and bill payments.
A growing organization’s compliance obligations are increasing at an exponential rate. Transitioning to digital compliance management can help organizations meet regulations quickly, seamlessly, and accurately. To facilitate compliance, digital compliance software built on regulatory technology includes, among other things, paperless repositories, dynamic workflows, automated alerts and reminders, timely reporting, and periodic regulatory updates.
Today, the digitalization of compliance processes goes beyond tracking and managing regulatory obligations and enters the realm of automation. The introduction of automation enables businesses to significantly reduce the cost of compliance as well as the cost of poor compliance. Methods for monitoring business compliance have matured with the introduction of regulatory technologies. Yet, preparing returns, registers, and challans, among other types of compliance, remains time-consuming and costly. Automation is necessary for organizations to reduce the cost of compliance and achieve timely, accurate, and transparent compliance.
Significant progress is being made in automating the generation of compliance documents for many regulatory bodies such as Labour Acts (Registers and Returns), SEBI Requirements (PDF Notices/XBRL Filings), MCA Acts (Meeting Documentation and Electronic Forms/Other Filings), etc. These layers of automation digitize the compliance process, reduce the need for manual intervention, improve accuracy, and significantly reduce compliance costs.
FinTechs have been the driving force behind the rise of the digital economy and the digitization and democratization of banking services in the country. However, the exponential growth of FinTechs has also raised concerns about good corporate governance and responsible behavior of these new-age companies. This nascent sector is now faced with an evolving regulatory framework with new statutes, rules, and regulations that are creating the necessary safeguards to guide the sector. As a result, these companies are turning to technology and digital solutions to meet the high demands of business management and compliance. RegTech solutions offer significant improvement in the efficiency, effectiveness, and efficiency of compliance programs. They have eliminated the lapses, delays, and defects induced by the manual nature of compliance functions and have given senior management complete control, visibility, and accountability over their compliance status.
(The author is director and co-founder of Team Rental (Regtech)