According to section 45-IA of the RBI Act, no NBFC may start or conduct the business of a non-bank financial institution without obtaining the RBI registration certificate. ICLG - Fintech Laws and Regulations - The India chapter covers a broad overview of common problems in fintech laws and regulations. While waiting for clarity, public sources suggest that the Ministry of Finance recognizes the benefit of blockchain technology and may provide private actors with a window to “experiment with blockchain and cryptocurrencies.”. In order to raise funding, usually most entities in India obtain their funds privately through angel investors or private equity funds and, in limited cases, through crowdfunding.
Alternatively, depending on the growth stage or size of the organization, funds may also be raised pursuant to an IPO. In light of revised foreign exchange regulations, today, most sectors allow 100% foreign investment without obtaining any approval. Recently, relaxations have also been introduced for foreign portfolio investors, such as an increase in the limits on short-term investment in Central Government securities (including Treasury bills), state development loans and corporate bonds from 20% to 30% of total investments and an increase in the limit of investment under the voluntary withholding route to INR 75,000 crore. Similarly, initiatives such as the Commercial Receivables Discount System have promoted online discounting platforms for small and medium-sized businesses to raise funds by facilitating the online sale of their business receivables.
Despite only three entities obtaining a license to operate this platform, according to public sources, these licensed entities have projected a turnover of more than INR 25,000 to INR 30,000 crore for the next financial year. Bodies such as NPCI have further expanded the network system by floating the unified payment interface, which has inadvertently resulted in major technology service providers integrating payment capabilities into their platforms, further boosts peer-to-peer modes of payment. While there is no single ombudsman regulator for fintech companies, most fintech companies would fall under the purview of the RBI. In addition to the RBI, depending on the nature of the activity that is intended to be regulated, or the third party with which a fintech entity would interact, regulators such as SEBI, the Ministry of Electronics and Information Technology, the Insurance Regulation and Development Authority of India (“IRDAI) and the Ministry of Corporate Affairs would also have oversight.
Under the Information Technology (India) Act 2000 (“IT Act”), any collection, disclosure or transfer of personal data that includes details such as an email address, password or financial data, such as bank account details, would require the consent of the owner . Regardless of the nature of the entity or the operations it carries out, if such information is collected, disclosed or transferred, any entity performing this activity shall do so with its consent, which may be obtained under a legally binding contract. Since the IT Act has extraterritorial jurisdiction, its provisions may be made applicable to offshore entities, even in the event of a data breach. In addition, while the IT Act does not restrict the international transfer of personal data, in the case of payment data, payment system providers are obliged to store such domestic transaction data only within India.
For cross-border transactions, a copy of the transaction can be stored abroad; however, a domestic copy must also be stored. Parliament had also proposed a specific law on data protection (“Data Protection Act”) which is currently being reviewed by the Joint Parliamentary Committee (“JPC”). Upon completion of the review by CPJ, it is expected that a revised draft of the legislation will be introduced in Parliament (although the bill is not currently available in public). However, according to the Data Protection Bill (ie,.
In addition, the above-mentioned legislation also gave the Government broad discretionary power to identify “critical data”, which would have to be processed in India and cannot be transferred outside India unless it is for the provision of health services or emergency services and immediate action is required. or to a country or, any entity, etc. In addition to the above, the Government is also contemplating the introduction of regulations for “non-personal data”; however, these terms, together with the Data Protection Bill, are still under consideration. In India, cybersecurity, that is,.
Consequently, all companies, including fintech companies, must take appropriate data protection measures, such as adopting international security standards to ensure that there is no data breach. In addition, in the event of a data breach, each company must report such a data breach to the CERT and take the necessary corrective action to resolve it. The requirement to pay compulsory labor benefits varies depending on a number of factors, including the employer's industry, the number of employees in the establishment and the employee's length of service. General statutory employment benefits include the payment of tips, social security contributions (ie, e.
This content is not intended to be an advertisement or a request. The content of this update is intended for information only and is not a substitute for professional advice. Legal advice should be obtained based on the specific circumstances of each case, before relying on the content of this update or before making any decision based on the information contained in this update. The members of AZB & disclaim all liability and accept no liability for the consequences of any person acting, or refraining from acting, on such information.
Srinath Dasari AZB & Partners Vipul Jain AZB & Partners Rachana Rautray AZB & Partners Working with GLG has been a smooth and efficient cooperation from start to finish. We look forward to working with you in future editions, Peter Lyck, partner at Nielson Norager. These regulatory developments are in addition to the increase in indirect regulatory governance of fintech entities through more onerous “outsourcing” rules that now apply to regulated financial institutions and payment system operators. The expansion of the FinTech sector has been driven, in large part, by technological innovation, reduced data costs, increased smartphone penetration, better digital infrastructure and a generally FinTech-friendly regulatory environment in India.
In addition to the goal of a “less cash” economy, there is now a greater regulatory and market focus on other aspects, such as business-to-business product offerings, contactless payments, offline transaction capabilities, interoperability in payment systems and the development of cross-border digital payments infrastructure. While these fintech entities are increasingly being monitored indirectly through more onerous outsourcing patterns, including for operators of non-bank payment systems, Indian regulators are at the same time studying different cases of technology evolution and market practices to identify any risks, especially with respect to non-regulated fintech entities carrying out activities that should ideally be carried out by regulated entities. Although the RBI is the key regulator for most FinTech activities in banking, payments and lending, there is jurisdictional overlap with the Securities and Exchange Board of India (SEBI) when trading or advising on securities, the Insurance Regulation and Development Authority of India (IRDAI) for insurance products and services, as well as the rapid growth of the Ministry of Electronics and Information Technology (MEITY) in relation to data protection. In this context, India's Financial Stability and Development Council has recently constituted a new interregulatory panel, including officials from RBI, SEBI and IRDAI, to seek better regulatory coordination for dealing with FinTech companies.
In addition, by expanding the reach of intermediaries only, the government has placed the Central Register for Reconstruction of Securitisation Assets and Security Interests of India in charge of the KYC Central Registry of Registries which is responsible for data exchange between reporting entities of all major regulators financial transactions, and has facilitated the process of financial transactions, similar to KRA. There is no special fintech license in India and regulations governing offline banking and financial services also apply to fintech companies. The expansion of the FinTech sector has raised valid political concerns around data protection and privacy, data monopolization, cybersecurity risks, consumer protection against fraud and money laundering, as well as the impact on financial stability and broader systemic risk to the financial ecosystem of India. Subsequently, minimum cap rules were prescribed for “other financial services” activities for “fund-based” and “non-fund-based” activities, respectively (even if they are not regulated), including securities brokering, portfolio management, venture capital and advice on investments.
A Balancing Act Trying to strike the right balance between consumer protection and product innovation has been (and will be) a struggle for regulators to govern the fintech space. AAs are regulated data access intermediaries that facilitate the secure and consent-based exchange of financial data through an interoperable and technology-independent framework with entities providing financial services. An important cross-border issue for foreign entities providing fintech services in India is the requirement to locate financial data for various services on servers or hardware located in India, including payment system providers, payment intermediaries and lending platforms between pairs. The National Payments Corporation of India (NPCI) has issued regulatory and technical guidelines for each of its products (such as the Unified Payment Interface (UPI) and RuPay).
These include onerous operating and licensing guidelines applicable to banks and non-bank financial corporations and, more generally, national laws relating to contracts, information technology, data protection, intellectual property, consumer protection and combating money-laundering and the fight against money-laundering, financing of terrorism. It is significant to note that a growing number of fintech entities in India operate as third-party enablers that provide technology and ancillary services to licensed entities, which in turn provide the underlying regulated financial services. . .
