Regulatory oversight over Self Regulatory Organisations in the Fintech Sector
Analysis of the Draft Framework for Self Regulatory Organization(s) in the Fintech Sector
– Archisman Bhattacharjee, finserv@vinodkothari.com
Introduction
On January 15, 2023, the Reserve Bank of India (RBI) published a draft Framework titled “Draft Framework for Self-Regulatory Organisation(s) in the Fintech Sector” (‘Framework’) with the objective of eliciting feedback and gauging stakeholder expectations. In this article we analyse the said Framework which in our view is targeted more towards the unregulated FinTech sector and recommend why an SRO should opt for a recognition from the RBI.
The FinTech sector is booming and is a market disruptor as well as facilitator, based on the report published by Inc42, the estimated market opportunity in India fintech is around $2.1 Tn+ and currently there are 23 FinTech “unicorns” with combined valuation of $74 Bn+ and 34 FinTech “soonicorns” with combined valuation of $12.7Bn+.
The main functions of the FinTech sector includes providing solutions to Regulated Entities (REs) both as outsourced information technology providers as well as acting as lending services (such as customer acquisition, KYC task, servicing, etc.). The sector, however, not being under the direct supervision of the RBI may pose significant risks toward customer protection, data privacy, cyber security, grievance handling, internal governance, financial system integrity. In this respect the introduction of the Framework of Self-Regulatory Organisation(s) in the FinTech Sector (SRO-Ft) remains a welcome move where the SRO-FT would act as an instrument of self-regulation for the market participants, which may include both regulated and unregulated entities, by coming out with its own policies, codes of conducts etc. which are aligned with the industry standards, best practices and expectations/ recommendations of the RBI and other sector regulators. However it should be noted that due to lack of legislation, the RBI does not have have any jurisdiction over the FinTech sector (Discussed in details in Section 2 of this Article) vis-a-vis their SRO, unless the SRO’s voluntarily submit to the jurisdiction of the RBI and the same has also been envisaged under Para 3 of the directions under the head “Introduction” of the draft Framework under discussion.
Need for Self-regulation
The suggestion of a FinTech industry being self-regulated by an SRO can be traced back initially to the “Report of the Working Group on FinTech and Digital Banking” dated February 08,2018 and later on to the “Report on the Working Group on Digital Lending including Lending through Online Platforms and Mobile Apps” dated November 18, 2022, wherein the RBI had suggested setting up of an SRO to look after the activities of the FinTech sector specifically relating to the regulations for Digital Lending. The Functions as suggested under such Working Report is aligned with the current framework and such suggestions have itself been used to make this Framework under discussion.
In India there are SROs operating in the field of FinTech already with memberships ranging from 80-85 fintech entities per SRO[1]. These SROs are significantly large in their course of operations and as mentioned above have a large number of members under their heads and are currently regulating their members through their Code of Conduct. These SROs do acknowledge that though regulations might not be applicable on their members currently, its members are expected to adhere to their Code of Conduct which appreciates and incorporates necessary clauses in their Code of Conduct to well align their members with the expectations of RBI. This draft framework might be a welcome step for the SRO-FT as they can now provide a voice for their unregulated members in front of the RBI.
Authority of the RBI to issue this Framework
As per the “Report of the Working group on Digital Lending including Lending through Online Platform and Mobile Apps” dated November 18, 2021, the FinTech MarketPlace Lending landscape in India can be divided into two main categories:
- Those already regulated by RBI including Credit Information Companies, NBFC-AA, NBFC P2P;
- Those not specifically regulated by any financial sector regulator.
For the entities specifically regulated, the RBI has proposed a draft omnibus framework for discussion published by RBI dated December 21, 2023 [Read our analysis of the framework – here]. The focus then shifts to “Entities not specifically regulated by any financial sector regulator.” The power of regulation towards the MarketPlace Lending landscape is drawn from the power conferred on the RBI vide the Reserve Bank of India Act, 1934 to regulate the Non Banking Financial Companies.
As per Section 45I(f)(iii) of the above mentioned Act the RBI may with the previous approval of the Central Government and by Notification in the Official Gazette notify any company to be an NBFC. Though the RBI vide the above section may have power to include the unregulated FinTech Sector within its regulatory purview with the previous approval of the Central Government, however due to lack of any existing legislation towards such FinTech sector, the RBI presently is not endowed with any legislative power to regulate such FinTech entities, vis a vis their SRO, hence relying upon the SROs voluntary submission to the RBI’s authority—an aspect mentioned under Para 3 of the Framework under the “Introduction” section.
Applicability
The Framework under discussion is applicable on all Self-Regulatory Organizations (SROs), whose constituent members are Fintech irrespective of the territory of operation of such Fintech. However, for the operations of an SRO recognised by the RBI, such SRO needs to be registered/ domiciled in India.
Why should an SRO apply for recognition to RBI
As envisaged under the draft Framework, the role of an SRO-FT is multifaceted including acting as a collective voice of the sector and also looking after the needs of its members. The Framework may provide an initial boost to the growing FinTech sector by bringing them under an indirect supervision through the SRO and hence aiming at a metamorphosis of the unorganised FinTech sector to an organised one. Since the SRO acts as a collective voice for the entire industry, the support and backing received from the RBI on recognition would help its members as a whole to achieve legitimacy and regulatory comfort. FinTech entities are usually service providers, whether in the nature of LSPs, financial service providers or information technology providers of regulated entities (RE) who are required to conduct due diligence and ongoing monitoring of such service providers. Hence, accreditation of the service provider with an RBI-recognised SRO may alleviate some of the onboarding or monitoring tasks of the RE enhancing the market appeal of the service provider and consequently, bolstering membership of the SRO.
Why should a fintech company take Membership of an SRO
Since a significant part of the FinTech sector is unregulated, a question might be posed as to why should a FinTech company voluntarily come under the supervision of an SRO, which in turn is under the regulatory supervision of the RBI. As touched upon in the earlier sections, it is pertinent to understand that even though FinTech companies are unregulated currently as most of them act in the capacity of an outsourcing partner/technology service provider for REs, and the REs are subsequently bound to impose contractual obligations on such service provider to ensure that a similar degree of care is employed by the FinTech in performing the services as would have been employed by the RE, if the same activity were not outsourced.
Further every RE is expected to carry out due diligence of its outsourced partner/ technology service provider prior onboarding and throughout the period of receipt of service from the FinTech. Furthermore the REs are also answerable and responsible to the RBI for any non compliance on part of its FinTech partner .
In case these FinTech companies are accredited with the RBI-recognised SRO, the FinTech companies would have an edge over the ones who are not members of the SRO,having submitted to the supervision and code of conduct formulated by the SRO. Such regulatory comfort is likely to ease the burden upon the REs when onboarding service providers in line with RBI’s outsourcing norms. This in turn will help members of the SRO in their process of customer acquisition.
Eligibility And Application Process
As per the Framework, the SRO draws its powers as a Self-Regulator from its large number of memberships subscribed by the FinTech Sector. The requirement towards the minimum membership is inherent to determine the SROs competence as well as authority in terms of regulating and enforcing its standards including imposition of penal consequences.
Additionally along with the requirement of minimum membership the SRO to become a true representative of the sector needs to be a body independent from the vested interests of any of its individual member and thus requires to have an independent board as well as its own independent set of operations which should be clearly mentioned in its AoA. Figure 1 aims to analyse the eligibility requirements of an entity that aims at receiving the status of an SRO.
Figure 1: Eligibility criteria to become and SRO-FT
Clauses 5, 6, 7 of Framework
The RBI may also prescribe such other conditions as may be required to ensure that the functioning of the SRO-FT does not become detrimental to public interest.
As per the draft Framework the RBI may invite applications from SROs of the entire FinTech sector or from SROs of specific sub sectors as and when it is required. As per the Draft Framework, the following documents need to be submitted along with the Application by the SRO:
- A Copy of MoA and AoA;
- Details of constitution of its Boards, roles/responsibilities of its management and the manner in which its operations would be undertaken;
- Roadmap to achieve comprehensive membership criteria, if necessary;
- Board Authorization for submitting such application
- Declaration of any Legal proceedings against the applicant, BOD, KMP and demonstration that such legal proceeding shall not affect the the functioning of the SRO or harm its reputation;
- Any further information that may be required by the RBI
Governance And Management Framework
Being a governance instrument, the operations of the SRO need to be transparent, professional and independent. This requirement is expected to foster a feeling of confidence and integrity among the members of the SRO.
The SRO needs to satisfy the independence criteria as set forth by the regulator. True independence can only be achieved when the persons/ authorities controlling the entity i.e. the Directors are independent. The RBI has attempted to achieve this by mandating 1/3rd of the Directors of the SRO to be independent (Determination of Independency as per Companies Act, 2013) and such directors should not have any active association with a FinTech entity.
Figure 2 aims to analyse the Governance and Management Framework that the SRO needs to comply with:
Figure 2: Governance and management framework for SROs
Clause 14(i) to 14(v) of the Framework
If required RBI may nominate/ depute Observer(s) on the Board of the SRO-FT
Roles, Responsibility and Functions of an SRO-FT
The SRO is envisioned as a governance body responsible for guiding and overseeing its members and ensuring that they adhere to industry standards . Emphasising ethical conduct, adherence to industry standards, and compliance with laws as one of the key objectives. As per the framework a SRO-FT would aim to foster responsible innovation while ensuring consumer protection, data security, and privacy. Its functions include standard-setting, where it establishes rules, codes of conduct, industry benchmarks, and governance standards.
In terms of oversight and enforcement, the SRO-FT is expected to implement surveillance mechanisms to monitor the FinTech sector, offering counselling on undesirable practices. The developmental role involves promoting, understanding of regulatory requirements, organising training programs, and disseminating sector-specific information. Encouraging research and development, the SRO-FT conducts studies and facilitates responsible innovation.
Grievance redressal and dispute resolution are crucial aspects, with the SRO-FT establishing efficient frameworks for member conflicts. Additionally, customer education on FinTech products and services is emphasised. Overall, the SRO-FT seeks to be a steward of trust, balancing innovation and integrity in the FinTech sector, ensuring fair competition, and addressing grievances to maintain stability and credibility.
Beyond the functions and responsibilities of an SRO-FT towards the FinTech sector it also has a role to play with the RBI and can be treated as an ally to RBI. The SRO-FT is envisioned as a crucial bridge between the FinTech sector and the Reserve Bank, with a primary focus on ensuring compliance with statutory and regulatory frameworks, industry standards, and best practices. Its responsibilities encompass relaying sector-specific insights, addressing regulatory concerns, and contributing to the overall development of the FinTech sector.
The SRO-FT is expected to act as the collective voice of its members in engagements with the Reserve Bank, prioritising the broader interests of the FinTech sector over individual member concerns. Transparency and equitable treatment for all members are emphasised. It must keep the Reserve Bank informed about sector developments and promptly report any violations by its members.
A key responsibility involves collecting and sharing up-to-date sectoral information to aid the Reserve Bank in policymaking. The SRO-FT is tasked with developing a scalable technology solution to provide detailed insights into specific products, services, and activities of FinTech entities, facilitating the introduction of new products within the regulatory framework.
Collaboration with the Reserve Bank in developing and updating the taxonomy for FinTechs is highlighted, demonstrating a cooperative approach. The SRO-FT is obligated to carry out assigned tasks, review proposals, and supply requested data. Regular reporting, including an Annual Report, and periodic interactions with the Reserve Bank are mandated.
The SRO-FT is also obligated to allow the RBI to inspect the books or get the same audited by an audit firm as arranged by the RBI, as and when required by the RBI. The SRO is also expected to discharge additional functions specified by the Reserve Bank and guide the regulatory authority on the extent, scope, and manner of regulating entities in the FinTech sector. Overall, the SRO-FT is positioned as a vital bridge fostering cooperation and providing policy recommendations to address the dynamic nature of the FinTech sector.
Conclusion
In conclusion, the draft framework marks a significant step towards a more agile, collaborative, and effective regulatory landscape, aligning with the evolving needs of the FinTech sector. This measure taken by the RBI will not only give a representative voice to the SRO on behalf of the FinTech sector, but also provide for a level playing field ensuring uniform compliance with applicable laws, including consumer protection, data privacy, data security laws etc.
Overall, the framework provides a robust foundation for ethical and responsible SROs, contributing to the stability and development of the FinTech ecosystem under RBI oversight.
Whilst the draft framework is fairly comprehensive, some clarifications and further considerations are required especially on the role that REs will play in this Framework (for instance representation on the SRO Board) and prescribing an outer timeline within which the minimum membership criteria should be met by the SRO applying for recognition.
[1] Based on a survey of 2 SROs in the digital lending space
Other articles related to the topic:
Leave a Reply
Want to join the discussion?Feel free to contribute!