In the last five years, fintech companies in India have improved access to financial services by solving several bottlenecks that existed within the Indian banking system. However, this rise of fintechs has been accompanied with concerns surrounding the implications on financial stability as well as data privacy and security, all of which require regulatory guidance and oversight.

The Reserve Bank of India (RBI) on its part has been regulating the fintech space either through the Department of Payment and Settlement Systems when it comes to payments systems or through the Reserve Bank Information Technology Private Limited (REBIT) and Institute for Development and Research in Banking Technology in terms of technology aspects. For fintech lenders that are registered as non-banking financial companies (NBFCs), the RBI issues regulations routinely as it does for other NBFCs lenders under the Board for Financial Supervision.

However, in March this year, RBI Governor Shaktikanta Das said that the RBI would be setting up an exclusive fintech department to focus digital transactions and adoption of technology across all aspects of banking and non-banking services, BloombergQuint reported.

So what are the principles of fintech regulations that the RBI might follow? How is the fintech industry presently regulated? And what are the challenges for regulators?

The need for regulation

In its November 2020 Bulletin, the RBI published a paper titled FinTech: The Force of Creative Disruption, which said that while fintechs have helped enhance financial inclusion, a central bank’s interest in regulating the industry would be based on its impact on financial stability and monetary policy.

Financial regulators are facing unprecedented challenges with the emergence of FinTechs. These firms come in new shapes and forms, so fitting them into buckets for prudential or risk-based supervision is not easy. As the scope of activities widens from national to global, regulation too has to reach out across borders.
— RBI Bulletin November 2020

Despite the various benefits that fintechs have brought to the Indian financial system through their innovations, some threats have been magnified such as the likelihood of privacy breaches and cybersecurity risks, leaving behind digitally illiterate and unconnected consumers, said the paper authored by Rajas Saroy, Ramesh Kumar Gupta and Sarat Dhal, RBI staffers within the Department of Economic and Policy Research.

The authors also note that most fintechs at their core are using application programming interfaces (APIs), cloud computing, and biometric identification to deliver their services. And with many fintechs using artificial intelligence, machine learning, and distributed ledger technology, there is a need for wider regulation beyond routine risk assessments and the issuance of general guidance, the paper says.

In a speech delivered to the ‘National E-Summit on Non-Banking Finance Companies’, organized by ASSOCHAM on November 6, RBI Deputy Governor M Rajeshwar Rao said that while the RBI will issue regulations for fintechs in the future, the guiding principles will be based on orderly growth, customer protection, and data security.

Although significant regulatory steps have been taken already in the FinTech, the dynamic nature of the FinTech focused NBFCs keeps throwing up new challenges. The NBFC sector has been in the forefront in adopting innovative fintech-led delivery of products and services which are transforming the way one can imagine access to and interaction with these services. — M Rajeshwar Rao, Deputy Governor, RBI

Rao says that while technological innovations have improved the delivery of financial services and products on the one hand, on the other hand the regulator has had to re-calibrate its interventions to safeguard consumer protection and financial stability. “The regulatory challenges in marrying these diverse and sometimes conflicting objectives are many, but clarity of purpose would help us make the right policy choices,” he said.

Current regulatory environment

At the present, the RBI has placed guidelines and regulations for various fintech players, whether it is Peer-2-Peer lenders, storage of payment data, Account Aggregators and payment aggregators and payment gateways. In August last year, the central bank brought in a framework for a regulatory sandbox and in June this year it issued a guideline for digital lending platforms.

While these are direct regulations issued by the RBI to specific entities, much of the fintech industry in India is not directly regulated. Instead, the RBI relies on the banks and NBFCs to ensure that their fintech partners follow the same regulatory standards on Know-Your-Customer norms, Anti-Money Laundering, data privacy and protection, data storage in addition to guidelines on loans that banks and NBFCs have to follow. Further, third party payment apps and payment companies integrated on the National Payments Corporation of India’s platforms have to follow guidelines and circulars issued by the umbrella payments entity.

In a November 2017 report, an RBI working group on fintech and digital banking said that there was a need to regulate fintechs given concerns surrounding data protection, cyber security, ensuring healthy competition, encouraging new entrants and protecting users and consumers.

It would be difficult for a regulator to imagine and fully anticipate what kind of innovations can take place in the market and their impact on the broader market and institutions…While encouraging such innovations, as already stated, the challenge would be to keep in mind systemic risk, which may arise with greater innovation; consequently, risk management measures would need to be in place. RBI Working Group on FinTechs and Digital Banking

In terms of what needs to be done in terms of regulating fintechs, the working group recommended:

• Regulators should develop a detailed understanding of the inherent risks across fintech platforms
• Identify specific fintech products and devise regulatory approach
• Create dedicated organisational structure within each regulator for fintechs
• Identify changes needed within the existing regulatory structure to respond to new innovations
• Identify specific technologies and skill-sets required for regulating and supervising fintech innovations
• Engage with fintech entities to create an appropriate regulatory response and re-align existing regulatory and supervisory framework

Challenges for regulating fintechs

The RBI paper highlights five major regulatory challenges that fintechs pose to an economy and consumers:

1. Innovative cross-border payment companies pose a regulatory challenge as it requires oversight across jurisdictions
2. Use of data by fintechs raises concerns over data protection and data privacy, especially when rights and obligations of service providers are not clearly defined. Further, bias within machine learning algorithms could reproduce and perpetuate existing patterns of discrimination and exclude vulnerable sections, the paper says.
3. If fintech lenders weaken credit standards across the board in order to deliver more loans and compete with other lenders, there could be potential for system-wide risks.
4. There is need for protecting consumers, integrating digital literacy within financial literacy and ensure there are adequate safeguards and redressal mechanisms that are simple to understand and accessible to all sections of the population
5. The paper says that with large banks and multinational corporations entering the payments and lending space, there could be a trade-off between “data-fueled oligopoly for cheap services the need for re-aligning incentives to foster smaller, more innovative firms for a competitive ecosystem.” Regulators therefore should be neutral between incumbent companies and newcomers.

Update (November 12, 2020 5:33 pm): Updated headline. Originally published on November 12, 2020 at 4:56 pm