Navigating India’s evolving fintech regulatory framework

As the world’s third-largest fintech ecosystem, India’s fintech space has multiple talking points. The domestic fintech market—one of the fastest-growing fintech domains worldwide—is projected to touch about $150 billion by 2025, soaring from $50 billion in 2021. 

The total addressable fintech market by 2025 is anticipated to reach $1.5 trillion. By 2030, the AUM (assets under management) and revenue will touch $1 trillion and $200 billion, respectively. India’s payments landscape is also slated to reach the $100 trillion transaction volume milestone and record $50 billion in revenue terms. 

Dynamic laws and stringent guidelines

However, evolving fintech laws—backed by a multifaceted regulatory framework—make it challenging to navigate this dynamic terrain of laws and regulations.

Therefore, it is imperative to understand the major regulatory bodies, including the RBI, SEBI, NPCI, and IRDAI, which are responsible for overseeing diverse areas of the fintech world. 

These regulators have created a comprehensive set of regulations and guidelines that address diverse elements of fintech operations, including lending platforms, digital payments, and investment advisory services. Domestic fintech norms are primarily meant to address the novel challenges arising from swift technological changes in the financial services segment. 

For example, the RBI has instituted strict guidelines governing payment service companies, including licensing mandates for Payment Service Providers and Payment System Operators.

Similarly, regulatory norms for crowdfunding platforms and investment advisories encourage accountability and transparency in financial markets. Collectively, these regulations work to create a balance between risk management and innovation, supporting sustainable growth in India’s fintech ecosystem. 

As the sector experiences unparalleled growth, the governing bodies are crucial in ensuring regulatory compliance, collaboration, and interoperability. Simultaneously, the evolving regulations are aimed at ascertaining stability and sustained innovation, even as the industry keeps growing through greater pan-India penetration. 

Also Read

From transactions to transformation: The rise of customer-centric fintech

The role of KYC norms

With the fintech universe steadily evolving and expanding, companies must fully understand and comply with various regulatory guidelines, especially KYC (know your customer) and CKYC (central KYC) rules.

KYC compliance is imperative since these are focused on preventing money laundering, terror financing, and allied financial crimes. 

An initiative of the Indian government, CKYC became operational in July 2016 to bring the KYC processes of all financial players under a single window. Under CKYC guidelines, individual investors must fulfil the KYC requirements. By acting as a central repository of all KYC records, CKYC promotes interoperability while limiting duplication of efforts and enhancing customer experiences through standardised KYC norms.  

Here, the role of Aadhaar-based e-KYC (electronic KYC) needs special mention as it promotes seamless onboarding of customers, particularly in rural regions with subpar banking facilities. With Aadhaar-linked biometrics, fintechs can instantly verify the identities of customers remotely without needing physical documentation. 

RBI and the regulatory rules

RBI’s role is crucial in regulating the domestic fintech industry, overseeing payment and settlement systems, as well as digital lending and cryptocurrency guidelines.

For instance, the central bank is empowered to regulate and oversee payment systems in India through the Payment and Settlement Systems Act, 2007, which requires players operating within the payment and settlement systems to obtain requisite authorisations from the RBI. 

The broad definition of ‘payment system’ denotes varied payment means and mechanisms, such as smart card operating systems, money transfer services, debit and credit card operating systems, prepaid payment instruments, etc. The authorisation process includes a complete review by the RBI to ensure regulatory compliance with standards covering consumer protection, security, and systemic stability. 

In digital lending, guidelines are in place to prevent unethical practices by mandating that fintech lenders disclose all their terms and conditions upfront. Besides ensuring fair practices, these guidelines require the creation of grievance redressal mechanisms. 

Also Read

Regulatory tsunamis send shockwaves across the Indian startup ecosystem

Some crucial laws

Additionally, the Ministry of Electronics and Information Technology has a vital role in overseeing the digital aspects of fintech firms in India. Some key regulatory frameworks include the Information Technology Act, 2000 (IT Act), the Digital Personal Data Protection Bill, 2022, the National Cyber Security Policy, 2013, and the Prevention of Money Laundering Act (PMLA), 2002.

The IT Act offers a legal framework for electronic governance, which addresses issues of data protection, cybersecurity, and digital signatures. While mandating compliance with data privacy rules to safeguard sensitive financial data, it levies penalties for any data breach and cybercrimes. 

Likewise, the Digital Personal Data Protection Bill intends to offer an all-inclusive legal framework that supports data protection in the country. Accordingly, it mandates certain obligations that fintechs must follow while collecting, storing, and processing any personal data to ensure user consent and data security. 

The National Cyber Security Policy mentions strategies to protect the country’s information infrastructure. Fintech firms must implement the best cybersecurity practices, undertake periodic security audits, and institute vibrant incident response mechanisms to prevent cyberattacks. 

Another crucial legislation is PMLA, which requires fintech players to prevent any money laundering activities by ensuring compliance with AML (anti-money laundering) norms. Towards this goal, fintech players are classified as ‘reporting entities’ that need to maintain all transaction records, provide information to the financial intelligence unit, and adhere to KYC guidelines, verifying the identity of clients and ascertaining that transactions are legitimate. 

Finally, there is suspicious transaction reporting, which requires fintech players to report suspicious transactions that may potentially be linked either to terrorist financing or money laundering, including transactions that are complex, unusually large and/or lack any clear lawful purpose. 

Although these legal and regulatory requirements appear cumbersome, they are necessary to drive compliance, minimise risks, and foster sustainable growth. Be it payment processing, data protection, or consumer rights, compliance with statutory fintech laws remains indispensable for nurturing trust, transparency, and integrity in the Indian fintech universe. 

Gaurav Jalan is the Founder and CEO of mPokket, Member - FACE