20 January 2022
In recent years, in line with global trends, India’s growth has been fuelled by technology and platform economy, with physical moving towards digital and ‘phygital’.
The financial services sector, particularly payments, lending, investing, and banking services, is pivoting towards digital and App-based delivery models, hence rise of ‘Fintechs’, defined by the Financial Stability Board (FSB) as ‘technology-enabled innovation in financial services that could result in new business models, applications, processes or products with an associated material effect on the provision of financial services’.
A recent rise has been that of ‘Techfins’ – other side of the coin, with large technology companies entering finance, and increasingly offering financial services products – example, an e-commerce, social commerce or OTT platform, offering payments via payment aggregator license, credit via NBFC, ‘buy now pay later’ (BNPL), bureau data pull and credit scoring via AI/ ML tools, data analytics and account aggregation via NBFC-AA services, to users and merchants on its platform, both captive and white-label – the “super-app” phenomenon !
This has brought a host of financial services to the un/ under-banked, millennials and Gen-Zs, and provided ‘hooks’ for e-commerce creating self-sustained digital ecosystems.
Web3, digital assets/ crypto-currencies and metaverse – a virtual space where users can interact in a computer-generated realm with others, may be the next frontiers for fintechs and techfins!
By some accounts, around 60% of the 44 new unicorns created in India in 2021 are in some form or shape ‘fintechs’. This creates opportunities and risks – KYC, AML/ CFT, data protection, ownership, privacy and use, lending hygiene/ sub-prime lending and collection practices, tax, creation of closed-loop architectures, anti-trust, customer protection, outsourcing, platform liability, data sovereignty, local presence and accountability for cross-border models.
Whilst in addition to the extant Department regulating payments and settlement systems (DPSS), the Reserve Bank of India (RBI), India’s Central Bank, has had a Fintech Unit, formed in June 2018 within the Department of Regulation (DOR), later transferred to DPSS, on January 7th RBI announced the creation of a new Fintech Department, with dedicated leadership and subsuming the earlier Fintech Unit (renamed Division) within it. The stated purpose of the new Department is to promote innovation/ incubation, identify challenges and opportunities, provide framework for research and policy interventions, given wider implications for the financial sector/ markets, inter-regulatory and international coordination.
Given experience, we expect the new Fintech Department to focus on emerging fintech and Techfins use-cases, market guidance, including to the wider financial institutions/ sector, covering not just emerging risks highlighted above, but also CBDCs/ private ‘digital assets’ (subject to the final approach taken under our new CBDC/ Crypto-currencies Bill and eventual Law), digital and neo-banking, decentralised finance (DeFi), digital lending, ‘metaverse’, KYC issues, bank/ speciality finance (NBFC) outsourced models and entities, new ‘sandbox’ models, maybe digital-only banks in future, bank/ NBFC and fintech collaborations for acquiring weaker banks, and entire fintech system as a whole, current or future.
Regulators worldwide are often accused of playing catch-up with emerging models, especially in the digital space. RBI for one has been a proactive, yet balanced, regulator in this space, and, in fact, has gone a step further in creating IT and governance frameworks for India’s fintech (and Techfins) ecosystem – be it the ‘Payments’ Banks, National Payments Corporation of India (NPCI), licensed as a ‘payment system operator’ (PSO), which in turn created the ‘third-party application provider’ model for technology companies to promote and integrate UPI services into their Apps, or the TReDS Platform for invoice discounting, wallets, ATMs including white label, cross-border money transfer ecosystem – both for P2P and e-commerce via online gateways, card network regulation, Bharat Bill Payment System/ Operating Units, P2P Lending, Account Aggregation, data sovereignty, ‘sandbox’ cohorts, grievance redressal systems, data and security guidelines, technology/ platform and bank/ NBFC/ PSO outsourcing models (on which our fintech/ Techfins ecosystem is built), recent Pan India Umbrella Entities (PUE) Framework for retail payments and payment aggregator licensing.
Historically, say 5-10 years ago, payments and settlement was the only ‘fintech’ activity – now it’s morphed into wider use-cases, especially with ‘neo-banking’ or ‘open banking’, with technology companies, Indian and global, increasingly offering a gamut of banking services (via an App ‘wrapper’) replicating banks, sans regulation or licensing, via RBI’s outsourcing framework. Basis global ‘challenger’ or ‘digital’ banking trends and new players, getting a bank charter still remains the holy grail for Fintechs, and Niti Aayog’s recent Discussion Paper on Digital Banks offers a two-stage roadmap for full-stack internet-only banks in India, hitherto not exempt from universal banking norms, unlike in other jurisdictions.
Fintechs and Techfins cut across multiple regulators – RBI, SEBI – in investing space, insurance and pension products (IRDAI/ PFRDA) – called ‘insure-tech’ and the more wider ‘reg-tech’. Future industry consolidation may, and most likely will, result in the ‘super-app’ phenomenon becoming more widespread, akin to China, with a few players offering the entire package of financial services, including cryptos/ digital assets, plus e-commerce – one stop shop!
This also raises many questions and challenges for RBI’s new Fintech Department – inter-regulatory coordination (actually both inter and intra): across RBI, SEBI, IRDAI, PFRDA, Government’s Ministry of Electronics and Information Technology (MEITY), future Data Protection Authority (DPA) and the Crypto-currencies regulator if any; and overlaps between DPSS/ IT and the new Fintech Department, and even RBI’s bank/ non-bank Department and the Foreign Exchange Department (FED), for cross-border – OPGSP/ SNRR route etc.; will ‘not in money’ fintech and Techfins models be licensed in future, or only conduct regulations can be expected by the new Department, and if yes, how, as RBI, or SEBI, regulations have so far been aimed at entities licensed by them, basis bespoke frameworks issued, and never qua pure IT/ ITES, a.k.a. technology only, business models, or will we see more ‘push-down’ regulations – addressed to existing licensed players, for them to in turn contractually enforce qua their vendors, partners and intermediaries – how done with data localisation, card tokenisation qua card schemes, OPGSP, Outsourcing Guidelines, etc.
What about M&A and ‘change in control’ (voting, shareholding, control or directorships) in the emerging fintech/ Techfins space and business models regulated by the new Fintech Department in future – will that also be vetted and pre/ post approved by the RBI, like in case of entities currently regulated by DPSS and the NBFC Department – example, wallets, payment aggregators, P2P lending, account aggregator NBFCs, etc.
And what about banks getting into more and more tech and fintech, the often talked ‘fight back’ – how does that overlap with the new Fintech Department’s mandate, or that will continue to be the RBI Department of Supervision’s lookout. And what about ‘fintech’ in the securities market/ SEBI space – example of recent relaxations to allow tech/ Fintechs to get into ‘sponsoring’ mutual funds and acknowledging RBI regulated payment aggregators for one-time mandates (OTMs) for mutual funds. Same with insurance and pension. And where do OTT platforms, being just ‘pipes’, fit in – some of the world’s largest platforms are in this space, communicating with, and facilitating transactions for, regulated financial institutions.
And how does data protection tie in here – similar to the approach taken qua anti-trust, so far, our sectoral regulators have stayed away from framing detailed data privacy and protection regulations, except for customer confidentiality, modelled around consent architectures. The proposed Personal Data Protection Bill has prescriptions around financial data and protection/ sharing thereof. Interesting times ahead!
Anu Tiwari – Partner (Co-Head – Fintech)
anu.tiwari@cyrilshroff.com