To print this article, simply register or connect to Mondaq.com.
The Indian fintech sector received more than USD 2 billion of investments in 2021 in August 2021, which is USD 411 million more than the investments received in 2020.1 The value of transactions through digital modes such as the unified payment interface (“UPI“) and card payments, also continue to grow at record rates.2
In line with the policy objective of protecting consumers and making digital payment systems safer and more convenient for consumers, the Reserve Bank of India (“RBI“) introduced significant changes to the existing guidelines for digital wallets, recurring payments and tokenization, and also introduced new outsourcing standards for payment system operators to bring them on par with banks and non-bank financial corporations (“NBFC“).
This newsletter highlights the main developments in the Indian fintech space from July 1, 2021 to September 30, 2021.
RECENT REGULATORY DEVELOPMENTS
Prepaid payment instruments
On August 27, 2021, the RBI issued a new set of general instructions on prepaid payment instruments (“New PPI guidelines“),3 the introduction of some key changes in the old regulatory framework, viz. the “General guidelines on the issuance and operation of prepaid payment instruments” of October 11, 2017.
The new PPI guidelines overhauled the existing prepaid payment instruments (“IPP“) and simplified the categorization of PPIs into two limited categories of ‘small PPI‘ and ‘KYC Complete PPIs‘, both of which can be issued by banks and non-bank entities. Small PPIs, which only require minimal information about the PPI holder, can only be used for the purchase of goods and services from an identified group of traders (who have a specific contract with the PPI issuer or a contract through a payment aggregator or payment gateway), and these PPIs cannot be used for cash withdrawals or fund transfers. On the other hand, full KYC PPIs, which require the PPI holder’s entire KYC process to be completed, are not limited to an identified group of merchants and allow cash withdrawals and fund transfers to the source account (subject to certain prescribed limits) which is similar to previous open system PUPs. Closed system PPIs remain outside the scope of the new PPI guidelines.
Among many other changes introduced in the new PPI guidelines, the RBI: (a) reiterated its goal of mandating interoperability for full KYC PPIs in accordance with its previous guidelines (and identified the role of the NPCI and networks cards authorized in this regard); (b) authorized the use of video identification processes for customer onboarding, both for issuing fully KYC PPIs and for converting small PPIs to fully KYC PPIs; and (c) introduced standards for escrow account management, information security measures and customer grievance resolution, to be followed by PPI issuers (in accordance with RBI guidelines for non-payment aggregators. banking).
The above development to simplify the PPI regime and create a level playing field between bank and non-bank issuers, reinforces RBI’s goal of fostering financial inclusion through PPIs given its high degree of penetration. among smartphone users in India, while simultaneously increasing consumer protection guarantees for PPI transactions.
New regulatory standards for outsourcing by non-bank payment system operators
Mitigate and effectively manage the risks associated with the outsourcing of payment and settlement activities through a non-bank payment systemI the operators (“OSP“), the RBI has published a new regulatory framework for the outsourcing of these activities by PSOs (“Outsourcing framework“).4Above all, PSOs are prohibited from outsourcing certain “basic management functions” (such as risk management, internal auditing and determining compliance with KYC standards).
PSOs must necessarily adhere to certain minimum criteria in their outsourcing agreements with entities in India and abroad. In particular, these provisions must reflect the prudential supervision of the OSP to ensure compliance with RBI standards, frame an outsourcing policy approved by the board of directors, perform due diligence, confidentiality and security standards of data, additional requirements for offshore outsourcing, among other obligations. It is important to note that ancillary activities such as customer onboarding and IT services have been interpreted as “payment and settlement related” services that can be outsourced. The RBI reserves the ultimate responsibility and liability of the PSOs (and their management) with respect to the outsourced activity and the actions of the service provider.
The Outsourcing Framework puts non-bank PSOs on par with banks and NBFCs (which so far have followed similar outsourcing standards) and highlights the growing importance of non-bank PSOs in the payments ecosystem digital in India. PSOs will also need to undertake a reassessment of their outsourcing arrangements (current and potential), to ensure compliance with the outsourcing framework by the deadline of March 31, 2022.
To view the full article, please click here.
The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.
POPULAR ARTICLES ON: Technology from India