FinTech is a disruptive sunrise industry with the potential to make financial services accessible, simple and cost-effective. The Indian FinTech ecosystem is the third largest in the world, with the market size expected to reach US$ 150 billion by 2025. The 3,000+ FinTechs registered with the DPIIT are taking advantage of the highest FinTech adoption rate (87%) in the world. The sector has given the underbanked and unbanked sections access to banking solutions. Digital lending had already become a US$ 270 billion market in 2022.
However, financial misbehaviour and irregularities have tainted the potential improvements in the FinTech space in recent years. According to the Reserve Bank of India‘s (RBI) Annual Report for 2021–2022, there were 3,596 frauds involving cards and online banking in 2021–2022, a 34% y-o-y increase. Financial fraud complaints to the government come in at an average of 83 per hour. There is a lack of trust in the sector as a result of numerous instances of fraudulent UPI transactions, e-wallet thefts, KYC leaks, and lending app fraud, among other incidents. The RBI oversees the industry and has given these worries the attention they deserve.
To rein in such dishonest acts, a number of regulations have been established following multiple rounds of stakeholder consultations. The regulatory framework built and managed by various regulators, including the Reserve Bank, Ministry of Finance, IRDAI, and SEBI, is an integral part of the success of the FinTech revolution.
According to the RBI Act, 1934 and related rules, every FinTech company operating in the nation must first register with the RBI, depending on the kind of financial services it offers. Certain FinTechs are regulated by the Reserve Bank either directly through issuing NBFC licences (such as NBFC-P2P) or indirectly through the regulation of the affiliated banks and NBFCs. NBFCs that partner with these FinTechs are also regulated by various legislation such as the Master Directions and Master Circulars issued by RBI under the Reserve Bank of India Act, 1934, such as the Master Direction – Information Technology Framework for the NBFC Sector, 2017, Master Direction – Know Your Customer (KYC) Direction, 2016, Master Circular – Non-Banking Financial Company – Micro Finance Institutions, 2015 among others. According to the Payment and Settlement Systems Act, 2007, the RBI’s prior authorisation is required before launching and running any ‘payment system’ in India.
The regulatory framework overseeing business activities in India is highly dynamic and fluid. While the ecosystem is built around 1,536 acts and rules constituting 69,233 compliances, regular and continuous regulatory updates are being published on over 2,000 central, state, and municipal websites. In FY 22-23, there were 5,986 regulatory updates, averaging over 16 updates per day. The volume and frequency of these updates amply illustrate how dynamic the regulatory landscape is. As a result, it is nearly complicated for a compliance officer to stay up to speed on all relevant regulatory developments and comprehend how these adjustments affect their organisation’s compliance requirements.
The recently introduced guidelines on digital lending are one instance wherein the regulator acted to curb the menace of digital loan fraud. The regulator also enhanced regulation on the information front to ensure data privacy for borrowers. The recent card-on-file (CoF) tokenization norms have been introduced in the light of several instances of cyber fraud involving misuse of debit/credit card data. As per these norms, tokenization is set to replace sensitive payment credentials, such as 16-digit card numbers, names, expiry dates, and security codes, with a unique alternate number or token. The Digital Personal Data Protection Act, 2023 (DPDP Act) added another layer of regulatory scrutiny for FinTechs that have been working in direct contact with sensitive financial data and Personal Identifiable Information (PII) of its users. The Act lays down a series of obligations that these companies must adhere to, in order to ensure the safety and security of the user’s data.
The recent draft framework for a Self-Regulatory Organisation (SRO) for the sector marks another step in creating statutory guardrails to protect the interests of the customers, economy and FinTech players. Self-regulation will allow these entities to proactively work towards creating industry standards and best practices instead of continuously looking towards the regulator. This showcases the trust in the sector, and consequently, the sector must rise to the opportunity. The SRO will be responsible for setting standards, maintaining oversight and enforcing regulations, developing the sector, and redressing grievances.
Compliance and paperwork are inextricably linked in India. Compliance is predicated on paperwork including, but not limited to, applications, acknowledgements, forms, receipts, licences, and registers. Sadly, a substantial portion of the nation’s compliance documentation remains on paper and has minimal or no digital functionality. Employers face significant challenges in manual documentation management due to the substantial volume of paperwork involved.
Consequently, unintended delays, defaults, and lapses ensue, giving rise to potential financial and reputational hazards. In the last few years, there have been multiple instances where on account of continuous non-compliances, RBI has taken strict actions against several banks, NBFCs and Fintech Companies. RBI had been highlighting severe noncompliance for Paytm Payments Bank (PPB) for a long time. In 2018, the RBI temporarily halted new account openings in Paytm Payments Bank on account of non-compliance with KYC norms and the same was barred completely in Year 2022 citing ‘certain material supervisory concerns’. Recently, RBI has imposed major business restrictions on Paytm Payments Bank from March 1, 2024 which means that PPBL cannot undertake any banking activity, including acceptance of deposits, credit transactions, wallet top-ups (not even form FASTags) and bill payments.
The compliance obligations of an expanding organisation escalate at an exponential rate. Transitioning to digital compliance management can assist organisations in attaining timely, transparent, and precise adherence to regulations. In order to facilitate compliance, digital compliance software founded on regulatory technology includes, among other things, paperless repositories, dynamic workflows, automated alerts and reminders, timely reports, and periodic statutory updates.
Today, the digitisation of compliance processes has gone beyond tracking and managing regulatory obligations and entered the realm of automation. Introducing automation allows enterprises to drastically reduce the cost of compliance as well as the cost of poor compliance. Corporate compliance monitoring methods have matured with the introduction of regulatory technologies. Yet, preparing returns, registers, and challans, among other sorts of compliance, remains time-consuming and costly. Automation is required for organisations to lower the cost of compliance and achieve timely, accurate, and transparent compliance.
There are significant developments being made in automating the generation of compliance documents for multiple regulators, such as Labour Laws (Registers & Returns), SEBI requirements (PDF Intimations / XBRL Filings), MCA Laws (Meeting related documentation and E-Forms / other Filings), and so on. These automation layers are digitising the compliance process, reducing the need for manual intervention, improving accuracy, and significantly decreasing compliance costs.
FinTechs have been the driving force behind the rise of the digital economy and the digitalisation and democratization of banking services in the country. However, the exponential growth of FinTechs has also raised concerns about good corporate governance and responsible behavior on part of these new age corporations. This sunrise sector is now dealing with an evolving regulatory framework with new statutes, rules, and regulations that are creating the requisite guardrails to guide the industry. Consequently, these enterprises are turning towards technology and digital solutions to meet the high demands of business and compliance management. RegTech solutions offer a significant improvement in the efficiency, efficacy, and effectiveness of compliance programs. They have eliminated lapses, delays, and defaults induced by the manual nature of compliance functions and given the senior management complete control, visibility, and accountability over their compliance status.
(The author is Director and Co-founder of Teamlease Regtech)
(You can now subscribe to our Economic Times WhatsApp channel)
(Disclaimer: The opinions expressed in this column are that of the writer. The facts and opinions expressed here do not reflect the views of www.economictimes.com.)