India's fintech industry has experienced accelerated growth, driven by technology-enabled innovations in financial services. However, in the recent past, the sector has faced challenges in relation to the effective regulation of its diverse participants. While some entities operate under direct regulatory oversight, others remain inadequately regulated or unregulated, posing regulatory concerns around customer protection, cyber security, data privacy, and grievance handling. The RBI has intervened on several occasions in the recent past to tackle such concerns. For instance, in 2021, the card on file (CoF) tokenization norms were issued in light of instances of online fraud in response to concerns1 in relation to misuse of debit and credit card details, restricting entities other than card networks and card issuers from storing card data. Similarly, in 2022, the digital lending guidelines were issued in response to concerns2 around breach of data privacy, unethical business conduct and illegitimate operations of third-party lending service providers.

The need to minimise such risks associated with the fintech industry while also creating room for innovation, gave rise to the 'draft framework for self-regulatory organisation(s) in the fintech sector ("Draft Framework")' which was published by the Reserve Bank of India ("RBI") on January 15, 2024, inviting comments from the public and industry stakeholders.

Key aspects of the Draft Framework

The Draft Framework recognises that self-regulation in the fintech sector could bolster self-governance, collaborative problem-solving, and adaptability to technological advancements. A self-regulatory organisation ("SRO") is a non-profit organisation with the objective of bridging the gap between regulation and the requirements of a specific sector. The Draft Framework sets out certain key characteristics expected from an SRO, including: (i) diverse membership from a broad spectrum of industry players, (ii) actively contributing to growth and innovation of the sector, (iii) maintaining independence from the influence of any single member or group of members, (iv) acting as a legitimate arbiter of disputes, and (v) facilitating open communication between industry bodies and regulators, advocating for changes, and promoting a culture of compliance.

Recognition of SRO-FT by the RBI

The Draft Framework provides that while formal recognition of a fintech SRO ("SRO-FT") by the RBI is not a necessary condition, a formally recognised SRO-FT would acquire legitimacy and provide regulatory comfort. The Draft Framework also sets out certain conditions, as below, that are required to be met by applicant organisations before they are deemed suitable by the RBI, for issuance of a 'letter of recognition':

S. No Requirements Description
1. Incorporation
  • Register as a not-for-profit company under Section 8 of the Companies Act, 2013.
  • Memorandum of association to capture the primary objective to operate as an SRO-FT.
  • Sufficient net worth and demonstration of infrastructure capabilities.
  • No entities/offices to be set up overseas without RBI approval.
2. Technology Infrastructure
  • Robust infrastructure.
  • Ability to manage 'user harm' instances.
3. Membership
  • Demonstrate ability to secure memberships across diverse entities in the sector.
  • Membership should comprise of fintechs, and be voluntary.
  • Establish reasonable and non-discriminatory fee structure.
  • Membership agreements to grant authority to stipulate rules and codes of conduct for members.
4. Board of Directors & Key Managerial Personnel
  • Possess professional competence.
  • Reputation for fairness and integrity.
  • Demonstrate that any legal proceedings would not impede or harm the SRO-FT's functioning and reputation.
  • RBI view to be final on fit and proper status of applicant company, board of directors ("Board") and key managerial personnel.
5. Application Details
  • Constitutional documents of the SRO-FT.
  • Details of Board, management responsibilities and operations.
  • Roadmap to achieve comprehensive membership (if necessary).
  • Board authorisation for submission of application.
  • Further information as deemed necessary.

Upon consideration of the relevant data, the RBI may consider issuing a 'letter of recognition' to the SRO-FT. Having the formal recognition of the RBI would help in bolstering the functioning of the SRO-FT. It is pertinent to note that the Draft Framework does not provide a timeline within which the RBI must process and determine applications received for recognition of the SRO-FTs. A clear timeline in this regard can help minimise delay at the regulator's end. Recognition once granted is intended to be reviewed periodically and can be revoked by the RBI in the event the SRO-FT's operations are deemed detrimental to public or stakeholder interest, or are beyond the scope of its objectives.

The Draft Framework also sets out ongoing "good governance" requirements for the SRO-FT, including the requirement to (i) specify in its articles of association, the functioning of its Board and management, identify mechanisms to address all potential conflicts of interest, and specify criteria as regards admission or removal of its members, and (ii) establish a framework to monitor 'fit and proper' status of its directors. Further, the SRO-FT is obligated to uphold the independence of the Board by ensuring that at least one third of the Board including the chairperson, refrain from any active association with a fintech entity.

Functioning of an SRO -FT

The Draft Framework specifies the functions of an SRO-FT, as broadly set out below:

1435726a.jpg

These functions indicate that SRO-FTs have the potential of substantially transforming regulation of the fintech sector with the ability to promote innovation and the power to not only frame but also effectively enforce rules and standards.

In the context of an SRO-FT, it is also pertinent to examine the level of oversight that would be exercised by the RBI over such SRO. Under the Draft Framework, the RBI is empowered to determine the 'fit and proper status' of the Board and key managerial persons of the SRO-FT. Any adverse change in such status must be promptly reported to the RBI. Further, the RBI is authorised to nominate observers on the SRO-FT's Board. Note that unlike the Framework for Recognition of an SRO for Payment System Operators ("PSO SRO Framework")3, the Draft Framework does not specify indicators on what would meet the 'fit and proper criteria'.4 Given that the nature of products and services provided by entities in the fintech sector is critically aligned with the core banking functions of banks and financial institutions, the level of supervision sought to be exercised by the RBI over an SRO-FT as contemplated by the Draft Framework may be considered appropriate. Enumerated below are the various obligations of the SRO-FT towards the RBI, as specified in the Draft Framework:

1435726b.jpg

Affiliation to an SRO-FT

Although not mandatory, the Draft Framework provides that a fintech entity may consider affiliation with an SRO-FT through voluntary membership. Such membership could also potentially be beneficial from the perspective of making a member of an SRO-FT a more credible and viable option for partnership with Regulated Entities ("REs"), given that they would have submitted to the regulatory oversight of the SRO-FT.

While the Draft Framework provides that the members of an SRO-FT are intended to be fintech entities, it has sought inputs from industry participants on whether such entities should only be unregulated entities, or a combination of regulated and unregulated entities. Further, industry inputs are also sought on the number of SRO-FTs that should be granted recognition, as well as the incentives that can be offered by the SRO-FT in connection with its membership.

Concluding thoughts:

The self-regulation of the fintech sector through SRO-FTs should be encouraged. Given that certain sub-sectors of the fintech industry are already under the direct oversight of multiple regulatory bodies including the RBI, Insurance Regulatory and Development Authority of India (IRDAI), and the Securities and Exchange Board of India (SEBI), the fintech industry would benefit from the SRO-FT paying greater attention to market players that are inadequately regulated, such as third party service providers operating in partnership with banks and other REs. However, certain crucial aspects will need to be borne in mind while assessing the ability of the SRO-FT to operate independently and achieve its stated objectives. For example, certain clauses, such as the inclusion of the RBI's authority to appoint an observer, and its power to revoke recognition for wider reasons beyond "detriment to public interest," such as "detriment to another stakeholder", or for not being in conformity with the SRO-FT's objectives, may potentially limit the autonomy of the SRO-FT and its members. This is also a notable departure from the approach of the PSO SRO Framework. Another aspect to consider is whether there should be a single SRO-FT overseeing the entire fintech sector or multiple ones considering its diverse nature. Given that there are established industry associations in the fintech sector, like the Digital Lenders Association of India (DLAI) and the Payments Corporation of India (PCI), it may be prudent to contemplate multiple SRO-FTs to accommodate the needs of varied sectors within the fintech industry. It may also be noted that this is the second push from the RBI for an SRO framework – it would be interesting to see how relevant fintech players in the payments ecosystem may engage with SROs set up under the Draft Framework and the PSO SRO Framework, and how these SROs themselves might differ in their approaches to self-regulation.

The Draft Framework adopts a principles-based approach to the governance, functions and obligations of the SRO-FT. If implemented in an effective manner, the SRO-FTs would play a major role in easing the regulatory burden on existing sectoral regulators, avoiding over-regulation by the regulators and achieving an ideal balance between innovation and regulation. The current developments surrounding Paytm Payments Bank Limited ("PPBL") and the RBI's ban on its banking operations also highlight certain systemic issues, as entities in the fintech space increasingly explore both regulated as well as unregulated activities. Besides PPBL's know your customer (KYC) violations, non-compliance with anti-money laundering standards and lapses in data security reporting, it appears that an implicit concern for the RBI may have been the heavy reliance of PPBL over its parent entity, an unregulated entity.5 With fintech entities having come a long way from merely offering digital payments services, it becomes all the more crucial to consider submitting to an SRO-FT to remain compliant with norms, boost investor confidence and legitimacy.

Effective self-regulation through SRO-FTs represents a pivotal step towards balancing innovation with regulatory compliance in India's fintech sector. The successful implementation of the Draft Framework will foster industry resilience, regulatory collaboration, and consumer protection, paving the way for sustainable growth and innovation.

Footnotes

1. https://www.rbi.org.in/scripts/FS_PressRelease.aspx?prid=53920&fn=9

2. https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=1189

3. https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11986&Mode=0

4. The PSO SRO Framework defines the "fit and proper criteria" as applicable to the Board and key managerial personnel, as a person of high integrity, with blemishless character and having relevant expertise in relevant fields in the payments ecosystem.

5. https://www.thehindu.com/business/kyc-issues-money-laundering-concerns-said-to-have-led-to-rbi-order-on-paytms-bank/article67805305.ece

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.