Commenting on the Union Budget 2021-22, this remark by Mr. Sharma sums up the importance of digital payments in economic growth. And rightly so. Digital payments have grown by 55% in the past 5 years and are instrumental in achieving our vision of Digital India. 

Welcome to the fourth edition of FinTales. If you missed our previous editions, you could read them here. Write to us if you (or someone you know) wants to subscribe.

Last month saw many fintech developments pick pace. The race to form the New Umbrella Entity gathered many front runners with banks facing a few road bumps. Digital payments are set to become more secure. Government is working hard to curb unsolicited communications. Merchants knocked on RBI's door to seek relaxation in storing card details, but to no avail. Public sector banks may soon partner with fintech companies to improve digital banking. And the government delivered us a googly by releasing the new intermediary guidelines which could impact all digital businesses!
 Let's get to it.

The battle to form the New Umbrella Entity takes central stage 

Remember 2015 when iPhone 6 was launched? It was by far the most popular smartphone to release. The waitlist ran in millions and everyone wanted this gadget. It reminds me of a similar situation in the fintech space today: RBI's announcement to set-up the New Umbrella Entity (NUE). And every major player wants in. From traditional banks (SBI and ICICI), card networks (Visa and MasterCard), fintech players (PayU and PayTM) to industry houses (Tata and Reliance) and tech majors (Amazon and Google) – you name it!

NUE is going to match NPCI's role: operate its own payment systems, create new payment methods, and monitor the growth of digital payments. Given what NPCI has achieved with UPI, BBPS, and RuPay, setting up the NUE is rewarding. Even more since NUE will be a for-profit entity which NPCI is not.

Although, as the application date nears, some teething issues remain unsolved. The foremost being 'conflict of interest'. RBI proposed the NUE to create competition for NPCI. But many NUE applicants are existing NPCI shareholders. The Finance Ministry added to that by asking public sector banks to not compete with NPCI. The fading lines between the governance function of NPCI (and soon NUE) and the commercial interests of its shareholders also draws attention.

The eligibility criteria to accept NUE applications could be more robust to avoid conflicting interest from NPCI shareholders. Or if RBI did not want to restrict major players from applying, a cap on NUE applicants' shareholding in NPCI could be an option. 

Further, the governance structure of NUE can be fleshed better. And the regulatory and business functions of the NUE could be separated. RBI must guard against the NUE working at the fancy of its shareholders or their commercial interests. The Finance Ministry's stance is also worth a re-look. SBI may (arguably) not be the right candidate for NUE for its conflict with NPCI. But disallowing public sector banks in general from competing with a 'government institution' is not the right approach. A better approach to safeguard NPCI could be to convert it into a for-profit entity. That will bring both NPCI and NUE at par and make the competition healthier. 

A lot is left to unfold as we move along. The last date to apply for the NUE license is 31 March 2021. And we are excited to see which cohort wins this race to the final! 

RBI releases master direction on digital payments security control

The digital payment industry's value proposition is convenience. Which is sometimes at loggerheads with RBI's agenda for security. With several moving parts like bank, payment intermediaries, and third-party applications, even users take time to repose trust in digital payments And, rightly so. Recent years have seen instances like the SBI data leakYes Bank and HDFC Bank outage, Juspay's data breach, and many others. Bank fraud was up by 159% in the year 2019-20 and RBI probed Indian banks over the data breach of over 1.3 million credit and debit cards. Scepticism around security is justified.

But RBI is constantly working to better the situation. Last month, it released the master direction on digital payments security control. Which requires scheduled banks, small finance banks, payments bank, and credit card issuing NBFCs to build better security controls and risk management policies. The directions are agnostic of all digital payments: internet banking, mobile-based payments, and card payments. 

While these directions are a welcome step, its implementation is worth deliberating on. First, to comply with these directions, entities will need to spend significantly on infrastructure, technology, and personnel which may be counter-productive for many entities. Second, if the RBI is keen to better security and safety of digital payments, it will need a streamlined implementation plan with specific sanctions against defaulters. 

Government sets up Digital Intelligence Unit 

"Congrats! You have won a lucky draw. Click on this link to claim your prize." Several unsolicited commercial communications (UCC) bombard us every day. Many of them are fraudulent and intent on siphoning money from unsuspecting users. Add to that the rise of unregulated lending apps. RBI reported a 113% increase in digital transaction complaints in the last year with over 1500 against digital lending apps. Keeping tab, the government has set the Digital Intelligence Unit (DIU) to monitor fraudulent transactions. 

The DIU will ensure that telecom service providers have necessary safeguards to curb fraud and coordinate with local area players, financial institutions, and other entities. The DIU will integrate a system through which telecom subscribers can lodge complaints against UCC and fraudsters. The Financial Intelligence Unit (that monitors money laundering cases) of the Ministry of Finance will also assist the DIU. In addition, the Ministry of Communication is also creating a cell for telecom analytics, fraud management, and consumer protection at different areas which will help the DIU in coordination.

Digital transactions are going to get safer (*fingers crossed*).

Public sector banks join hands with fintech

Private banks were among the first to partner with fintech. RBI and SEBI followed suit. And now, public sector banks (PSBs) have extended a hand. Reports suggest that PSBs may soon set-up a Digital Banking Infrastructure Corporation (DBIC) – a platform to combine their banking and co-lending services. Much like a Zomato for banks. And its benefits fall on both sides. Banks gain by sharing IT infrastructure and cutting cost of setting individual platforms, whereas customers benefit by having a one-stop-shop for banking services. DBIC also bridges the gap between demand for digital loan products and presence of ethical and authorised lending platforms.

DBIC's plan to partner with fintech companies will push the envelope and benefit financial inclusion. Users will participate more since a 'public' bank is offering digital banking at their doorstep. But the DBIC also entails some areas of concern. PSBs will share their software, hardware infrastructure, and servers through DBIC. Fintech companies may also integrate with the DBIC platform. This could expose the infrastructure and data of PSBs and its customers. Segregation of data and controlling access by fintech players will be challenge too and create a compliance nightmare. This development has come at the right time and DBIC could be a game changer. But it will need relevant frameworks and governance measures before scaling up.

RBI rejects merchants' plea to store card credentials

Many of us use digital payments for convenience. Click-click-click and you can get almost anything. The fewer the steps the better. Several platforms sensed this way back and started offering features that helped users to save their card details. Most platforms do this today and users have little to complaint. But things are about to change. 

The RBI guidelines on payment aggregators (PAs) disallow online merchants (the likes of Amazon, Uber, Netflix) to save customer card details. Many merchants approached the RBI to relax this requirement last month but to no avail. Experts fear high user dropouts since making digital payments will now be less convenient. While RBI's concern around security is valid, it could have taken a holistic view here. Merchants already comply with PCI-DSS standards to ensure security of card details. And players have significantly invested to comply with these standards. This development will affect digital adoption in a time when RBI itself is trying to boost digital payments.

New intermediary guidelines for digital media release 

The Ministry of Information and Broadcast (MIB) notified the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 (IT Rules) this month. This affects how media content shared on social media, content platforms, or news publishers is shared on the internet. Each intermediary and news provider will need to adhere to several obligations under the IT Rules. For instance, intermediaries will need to institute a grievance redressal mechanism, help law enforcement agencies, retain data for investigation purposes, among other things. Users will also need to be periodically updated about their privacy policy and user agreements with the intermediaries.

The broad definitions in the IT Rules may become a cause of concern for fintech players too. Many fintech platforms regularly share updates and developments around the industry. Founders and employees of fintech companies also share their views on how recent updates impact their business. And given the current construct of the IT Rules, such content will could also be considered news and require related compliances.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.