The Rise of Stablecoins amidst Instability

-Megha Mittal

(mittal@vinodkothari.com

The past few years have witnessed an array of technological developments and innovations, especially in Fintech; and while the world focused on Bitcoins and other cryptos, a new entrant ‘Stablecoin’ slowly crept its way into the limelight. With the primary motive of shielding its users from the high volatility associated with cryptos, and promises of boosting cross-border payments and remittance, ‘Stablecoins’ emerged in 2018, and now have become the focal point of discussion of several international bodies including the Financial Standards Board (FSB), G20, Financial Action Task Force (FATF) and International Organization of Securities Commission (IOSCO).

Additionally, the widespread notion that the desperate need of cross-border payments and remittances during the ongoing COVID-crisis may prove to be a defining moment for stablecoins, has drawn all the more attention towards the need of establishing regulations and legal framework pertaining to Stablecoins.

In this article, we shall have an insight as to what Stablecoins, (Global Stable Coinss) are, its modality, its current status of acceptance by the international bodies, and how the ongoing COVID crisis, may act as a catalyst for its rise.

Read more

Moving to contactless lending, in a contact-less world

-Kanakprabha Jethani (kanak@vinodkothari.com)

Background

With the COVID-19 disruption taking a toll on the world, almost two billion people – close to a third of the world’s population being  restricted to their homes, businesses being locked-down and work-from home becoming a need of the hour; “contactless” business is what the world is looking forward to. The new business jargon “contactless” means that the entire transaction is being done digitally, without requiring any of the parties to the transaction interact physically. While it is not possible to completely digitise all business sectors, however, complete digitisation of certain financial services is well achievable.

With continuous innovations being brought up, financial market has already witnessed a shift from transactions involving huge amount of paper-work to paperless transactions. The next steps are headed towards contactless transactions.

The following write-up intends to provide an introduction to how financial market got digitised, what were the by-products of digitisation, impact of digitisation on financial markets, specifically FinTech lending segment and the way forward.

Journey of digitisation

Digitisation is preparing financial market for the future, where every transaction will be contactless. Financial entities and service providers have already taken steps to facilitate the entire transaction without any physical intervention. Needless to say, the benefits of digitisation to the financial market are evident in the form of cost-efficiency, time-saving, expanded outreach and innovation to name a few.

Before delving into how financial entities are turning contactless, let us understand the past and present of the financial entities. The process of digitisation leads to conversion of anything and everything into information i.e. digital signals. The entire process has been a long journey, having its roots way back in 1995, when the Internet was first operated in India followed by the first use of the mobile phones in 2002 and then in 2009 the first smartphones came into being used. It is each of these stages that has evolved into this all-pervasive concept called digitisation.

Milestones in process of digitisation

The process of digitization has seen various phases. The financial market, specifically, the NBFCs have gone through various phases before completely guzzling down digitization. The journey of NBFCs from over the table executions to providing completely contactless services has been shown in the figure below:

From physical to paperless to contactless: the basic difference

Before analysing the impact of digitisation on the financial market, it is important to understand the concept of ‘paperless’ and ‘contactless’ transactions. In layman terms, paperless transactions are those which do not involve execution of any physical documents but physical interaction of the parties for purposes such as identity verification is required. The documents are executed online via electronic or digital signature or through by way of click wrap agreements.

In case of contactless transactions, the documents are executed online and identity verification is also carried out through processes such as video based identification and verification. There is no physical interaction between parties involved in the transaction.

The following table analyses the impact of digitisation on financial transactions by demarcating the steps in a lending process through physical, paperless and contactless modes:

 

Stages Physical process Paperless process Contactless process
Sourcing the customer The officer of NBFC interacts with prospective applicants The website, app or platform (‘Platform’) reaches out to the public to attract customers or the AI based system may target just the prospective customers Same as paperless process
Understanding needs of the customer The authorised representative speaks to the prospects to understand their financial needs The Platform provides the prospects with information relating to various products or the AI system may track and identify the needs Same as paperless process
Suggesting a financial product Based on the needs the officer suggests a suitable product Based on the analysis of customer data, the system suggests suitable product Same as paperless process
Customer on-boarding Customer on-boarding is done upon issue of sanction letter The basic details of customer are obtained for on-boarding on the Platform Same as paperless process
Customer identification The customer details and documents are identified by the officer during initial meetings Customer Identification is done by matching the details provided by customer with the physical copy of documents Digital processes such as Video KYC are used carry out customer identification
Customer due-diligence Background check of customer is done based on the available information and that obtained from the customer and credit information bureaus Information from Credit Information Agencies, social profiles of customer, tracking of communications and other AI methods etc. are used to carry out due diligence Same as paperless process
Customer acceptance On signing of formal agreement By clicking acceptance buttons such as ‘I agree’ on the Platform or execution through digital/electronic signature Same as paperless process
Extending the loan The loan amount is deposited in the customer’s bank account The loan amount is credited to the wallet, bank account or prepaid cards etc., as the case may be Same as paperless process
Servicing the loan The authorised representatives ensures that the loan is serviced Recovery efforts are made through nudges on Platform. Physical interaction is the last resort Same as paperless process. However, physical interaction for recovery may not be desirable.
Customer data maintenance After the relationship is ended, physical files are maintained Cloud-based information systems are the common practice Same as paperless process

The manifold repercussions

The outcome of digitisation of the financial markets in India, was a land of opportunities for those operating in financial market, it has also wiped off those who couldn’t keep pace with technological growth. Survival, in financial market, is driven by the ability to cope with rapid technological advancements. The impact of digitisation on financial market, specifically lending related services, can be analysed in the following phases:

Payments coming to online platforms

With mobile density in India reaching to 88.90% in 2019[1], the adoption of digital payments have accelerated in India, showing a rapid growth at a CAGR of 42% in value of digital payments. The value of digital payments to GDP rose to 862% in the FY 2018-19.

Simultaneously, of the total payments made up to Nov 2018, in India, the value of cash payments stood at a mere 19%. The shift from cash payments to digital payments has opened new avenues for financial service providers.

Need for service providers

With everything coming online, and the demand for digital money rising, the need for service providers has also taken birth. Services for transitioning to digital business models and then for operating them are a basic need for FinTech entities and thus, there is a need for various kinds of service providers at different stages.

Deliberate and automatic generation of demand

When payments system came online, financial service providers looked for newer ways of expanding their business. But the market was already operating in its own comfortable state. To disrupt this market and bring in something new, the FinTech service providers introduced the idea of easy credit to the market. When the market got attracted to this idea, digital lending products were introduced. With time, add-ons such as backing by guarantee, indemnity, FLDG etc. were also introduced to these products.

Consequent to digital commercialization, the need for payment service providers also generated automatically and thus, leading to the demand for digital payment products.

Opportunities for service providers

With digitization of non-banking financial activities, many players have found a place for themselves in financial markets and around. While the NBFCs went digital, the advent of digitization also became the entry gate to other service providers such as:

Platform service providers:

In order to enable NBFCs to provide financial services digitally, platform service providers floated digital platforms wherein all the functions relating to a financial transaction, ranging from sourcing of the customer, obtaining KYC information, collating credit information to servicing of the customer etc.

Software as a Service (SaaS) providers:

Such service providers operate on a business model that offers software solutions over the internet, charging their customers based on the usage of the software. Many of the FinTech based NBFCs have turned to such software providers for operating their business on digital platforms. Such service providers also provide specific software for credit score analysis, loan process automation and fraud detection etc.

Payment service providers:

For facilitating transactions in digital mode, it is important that the flow of money is also digitized. Due to this, the demand for payment services such as payments through cards, UPI, e-cash, wallets, digital cash etc. has risen. This demand has created a new segment of service providers in the financial sector.

NBFCs usually enter into partnerships with platform service providers or purchase software from SaaS providers to digitize their business.

Heads-up from the regulator

The recent years have witnessed unimaginable developments in the FinTech sector. Innovations introduced in the recent times have given birth to newer models of business in India. The ability to undertake paperless and contactless transactions has urged NBFCs to achieve Pan India presence. The government has been keen in bringing about a digital revolution in the country and has been coming up with incentives in forms of various schemes for those who shift their business to digital platforms. Regulators have constantly been involved in recognising digital terminology and concepts legally.

In Indian context, innovation has moved forward hand-in-hand with regulation[2]. The Reserve Bank of India, being the regulator of financial market, has been a key enabler of the digital revolution. The RBI, in its endeavor to support digital transactions has introduced many reforms, the key pillars amongst which are – e-KYC (Know Your Customer), e-Signature, Unified Payment Interface (UPI), Electronic NACH facility and Central KYC Registry.

The regulators have also introduced the concept of Regulatory Sandbox[3] to provide innovative business models an opportunity to operate in real market situations without complying with the regulatory norms in order to establish viability of their innovation.

While these initiatives and providing legal recognition to electronic documents did bring in an era of paperless[4] financial transactions, the banking and non-banking segment of the market still involved physical interaction of the parties to a transaction for the purpose of identity verification. Even the digital KYC process specified by the regulator was also a physical process in disguise[5].

In January 2020, the RBI gave recognition to video KYC, transforming the paperless transactions to complete contactless space[6].

Further, the RBI is also considering a separate regime for regulation of FinTech entities, which would be based on risk-based regulation, ranging from “Disclosure” to “Light-Touch Regulation & Supervision” to a “Tight Regulation and Full-Fledged Supervision”.[7]

Way forward

2019 has seen major revolutions in the FinTech space. Automation of lending process, Video KYC, voice based verification for payments, identity verification using biometrics, social profiling (as a factor of credit check) etc. have been innovations that has entirely transformed the way NBFCs work.

With technological developments becoming a regular thing, the FinTech space is yet to see the best of its innovations. A few innovations that may bring a roundabout change in the FinTech space are in-line and will soon be operable. Some of these are:

  • AI-Driven Predictive Financing, which has the ability to find target customers, keep track on their activities and identify the accurate time for offering the product to the customer.
  • Enabling recognition of Indian languages in the voice recognition feature of verification.
  • Introduction of blockchain based KYC, making KYC data available on a permission based-decentralised platform. This would be a more secure version of data repository with end-to-end encryption of KYC information.
  • Introduction of Chatbots and Robo-advisors for interacting with customers, advising suitable financial products, on-boarding, servicing etc. Robots with vernacular capabilities to deal with rural and semi-urban India would also be a reality soon.

Conclusion

Digital business models have received whole-hearted acceptance from the financial market. Digitisation has also opened gates for different service providers to aid the financial market entities. Technology companies are engaged in constantly developing better tools to support such businesses and at the same time the regulators are providing legal recognition to technology and making contactless transactions an all-round success. This is just the foundation and the financial market is yet to see oodles of innovation.

 

 

[1] https://www.rbi.org.in/Scripts/PublicationsView.aspx?id=19417

[2] https://www.bis.org/publ/bppdf/bispap106.htm

[3] Our write on Regulatory Sandboxes can be referred here- http://vinodkothari.com/2019/04/safe-in-sandbox-india-provides-cocoon-to-fintech-start-ups/

[4] Paperless here means paperless digital financial transactions

[5] Our write-up on digital KYC process may be read here- http://vinodkothari.com/2019/08/introduction-of-digital-kyc/

[6]Our write-up on amendments to KYC Directions may be read here: http://vinodkothari.com/2020/01/kyc-goes-live-rbi-promotes-seamless-real-time-secured-audiovisual-interaction-with-customers/

[7] https://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/WGFR68AA1890D7334D8F8F72CC2399A27F4A.PDF

 

RBI to regulate operation of payment intermediaries

Guidelines on regulation of Payment Aggregators and Payment Gateways issued

-Mridula Tripathi (finserv@vinodkothari.com)

Background

In this era of digitalisation, the role of intermediaries who facilitate the payments in an online transaction has become pivotal. These intermediaries are a connector between the merchants and customers, ensuring the collection and settlement of payment. In the absence of any direct guidelines and adequate governance practices regulating the operations of these intermediaries, there was a need to review the existing instructions issued in this regard by the RBI. Thus, the need of regulating these intermediaries has been considered cardinal by the regulator.

RBI had on September 17, 2019 issued a Discussion Paper on Guidelines for Payment Gateways and Payment Aggregators[1] covering the various facets of activities undertaken by Payment Gateways (PGs) and Payment Aggregators (PAs) (‘Discussion Paper’). The Discussion Paper further explored the avenues of regulating these intermediaries by proposing three options, that is, regulation with the extant instructions, limited regulation or full and direct regulation to supervise the intermediaries.

In this regard, the final guidelines have been issued by the RBI on March 17, 2020 which shall be effective from April 1, 2020[2], for regulating the activities of PAs and providing technology-related recommendations to PGs (‘Guidelines’).

In this article we shall discuss the concept of Payment Aggregator and Payment Gateway. Further, we intend to cover the applicability, eligibility norms, governance practices and reporting requirements provided in the aforesaid guidelines.

Concept of Payment Aggregators and Payment Gateways

In common parlance Payment Gateway can be understood as a software which enables online transactions. Whenever the e-interface is used to make online payments, the role of this software infrastructure comes into picture. Thinking of it as a gateway or channel that opens whenever an online transaction takes place, to traverse money from the payer’s credit cards/debit cards/ e-wallets etc to the intended receiver.

Further, the role of a Payment Aggregator can be understood as a service provider which includes all these Payment Gateways. The significance of the Payment Aggregators lies in the fact that Payment Gateway is a mere technological base which requires a back-end operator and this role is fulfilled by the Payment Aggregator.

A merchant (Seller) providing goods/services to its target customer would require a Merchant Account opened with the bank to accept e-payment. Payment Aggregator can provide the same services to several merchants through one escrow account without the need of opening multiple Merchant Accounts in the bank for each Merchant.

The concept of PA and PG as defined by the RBI is reproduced herein below:

PAYMENT AGGREGATORS (PAs) means the entities which enable e-commerce sites and merchants to meet their payment obligation by facilitating various payment options without creation of a separate payment integration system of their own. These PAs aggregate the funds received as payment from the customers and pass them to the merchants after a certain time period.

PAYMENT GATEWAYS (PGs) are entities that channelize and process an online payment transaction by providing the necessary infrastructure without actual handling of funds.

The Guidelines have also clearly distinguished Payment Gateways as providers of technological infrastructure and Payment Aggregators as the entities facilitating the payment. At present, the existing PAs and PGs have a variety of technological set-up and their infrastructure also keeps changing with time given the business objective for ensuring efficient processing and seamless customer experience. Some of the e-commerce market places have leveraged their market presence and started offering payment aggregation services as well. Though the primary business of an e-commerce marketplace does not come within the regulatory purview of RBI, however, with the introduction of regulatory provisions for PAs, the entities will end up being subjected to dual regulation. Hence, it is required to separate these two activities to enable regulatory supervision over the payment aggregation business.

The extant regulations[3] on opening and operation of accounts and settlement of payments for electronic payment transactions involving intermediarieswe were applicable to intermediaries who collect monies from customers for payment to merchants using any electronic / online payment mode. The Discussion Paper proposed a review of the said regulations and based on the feedback received from market participants, the Guidelines have been issued by RBI.

Coverage of Guidelines

RBI has made its intention clear to directly regulate PAs (Bank & Non-Bank) and it has only provided an indicative baseline technology related recommendation. The Guidelines explicitly exclude Cash on Delivery (CoD) e-commerce model from its purview. Surprisingly, the Discussion Paper issued by RBI in this context intended on regulating both the PAs & PGs, however, since PGs are merely technology providers or outsourcing partners they have been kept out of the regulatory requirements.

The Guidelines come into effect from April 1, 2020, except for requirements for which a specific deadline has been prescribed, such as registration and capital requirements.

Registration requirement

Payment Aggregators are required to fulfil the requirements as provided under the Guidelines within the prescribed timelines. The Guidelines require non-bank entities providing PA services to be incorporated as a company under the Companies Act, 1956/2013 being able of carrying out the activity of operating as a PA, as per its charter documents such as the MoA. Such entities are mandatorily required to register themselves with RBI under the Payment and Settlement Systems Act, 2007 (‘PSSA, 2007’) in Form-A. However, a deadline of June 30, 2021 has been provided for existing non-bank PAs.

Capital requirement

RBI has further benchmarked the capital requirements to be adhered by existing and new PAs. According to which the new PAs at the time of making the application and existing PAs by March 31, 2021 must have a net worth of Rs 15 crore and Rs 25 crore by the end of third financial year i.e. March 31, 2023 and thereafter. Any non-compliance with the capital requirements shall lead to winding up of the business of PA.

As a matter of fact, the Discussion Paper issued by RBI, proposed a capital requirement of Rs 100 crore which seems to have been reduced considering the suggestion received from the market participants.

To supervise the implementation of these Guidelines, there is a certification to be obtained from the statutory auditor, to the effect certifying the compliance of the prescribed capital requirements.

Fit and proper criteria

The promoters of PAs are expected to fulfil fit and proper criteria prescribed by RBI and a declaration is also required to be submitted by the directors of the PAs. However, RBI shall also assess the ‘fit and proper’ status of the applicant entity and the management by obtaining inputs from various regulators.

Policy formulation

The Guidelines further require formulation and adoption of a board approved policy for the following:

  1. merchant on-boarding
  2. disposal of complaints, dispute resolution mechanism, timelines for processing refunds, etc., considering the RBI instructions on Turn Around Time (TAT)
  3. information security policy for the safety and security of the payment systems operated to implement security measures in accordance with this policy to mitigate identified risks
  4. IT policy(as per the Baseline Technology-related Recommendations)

Grievance redressal

The Guidelines have put in place mandatory appointment of a Nodal Officer to handle customer and regulator grievance whose details shall be prominently displayed on the website thus implying good governance in its very spirit. This is similar to the requirement for NBFCs who are required to appoint a Nodal Officer. Also, it is required that the dispute resolution mechanism must contain details on types of disputes, process of dealing with them, Turn Around Time (TAT) for each stage etc.

However, in this context, the Discussion Paper provided for a time period of 7 working days to promptly handle / dispose of complaints received by the customer and the merchant.

Merchant on boarding and KYC compliance

To avoid malicious intent of the merchants, PAs should undertake background and antecedent check of the merchants and are responsible to check Payment Card Industry-Data Security Standard (PCI-DSS) and Payment Application-Data Security Standard (PA-DSS) compliance of the infrastructure of the merchants on-boarded and carry a KYC of the merchants on boarded. It also provides for some mandatory clauses to be incorporated in the agreements to be executed with the merchants.

Risk Management

For the purposes of risk management, apart from adoption of an IS policy, the PAs shall also have a mechanism to monitor, handle and report cyber security incidents and breaches. They are also prohibited to allow online transactions with ATM pin and store customer card credentials on the servers accessed by the merchants and are required to comply with data storage requirements as applicable to Payment System Operators (PSOs).

Reporting Requirements

The Guidelines provide for monthly, quarterly and annual reporting requirement. The annual requirement comprises of certification from a CA and IS audit report and Cyber Security Audit report. The quarterly reporting again provides for certification requirement and the monthly requirement demand a transaction statistic. Also, there shall be reporting requirement in case of any change in management requiring intimation to RBI within 15 days along with ‘Declaration & Undertaking’ by the new directors. Apart from these mainstream reporting requirements there are non-periodic requirements as well.

Additionally, PAs are required to submit the System Audit Report, including cyber security audit conducted by CERTIn empanelled auditors, within two months of the close of their financial year to the respective Regional Office of DPSS, RBI

Escrow Account Mechanism

The Guidelines clearly state that the funds collected from the customers shall be kept in an escrow account opened with any Schedule Commercial Bank by the PAs. And to protect the funds collected from customers the Guidelines state that PA shall be deemed as a ‘Designated Payment System’[4] under section 23A of PSSA, 2007.

Shift from Nodal to Escrow

The Discussion Paper proposed registration, capital requirement, governance, risk management and such other regulations along with the maintenance of a nodal account to manage the funds of the merchants. Further, it acknowledged that in case of nodal accounts, there is no beneficial interest created on the part of the PAs; the fact that they do not form part of the PA’s balance sheet and no interest can be earned on the amount held in these account. The Guidelines are more specific about escrow accounts and do not provide for maintenance of nodal accounts, which seems to indicate a shift from nodal to escrow accounts with the same benefits as nodal accounts and additionally having an interest bearing ‘core portion’. These escrow account arrangements can be with or without a tripartite agreement, giving an option to the merchant to monitor the transactions occurring through the escrow. However, in practice it may not be possible to make each merchant a party to the escrow agreement.

Timelines for settlement to avoid unnecessary delay in payments to Merchants, various timelines have been provided as below:

  1. Amounts deducted from the customer’s account shall be remitted to the escrow account maintaining bank on Tp+0 / Tp+1 basis. (Tp is the date of debit to the customer’s account against good/services purchased)
  2. Final settlement with the merchant
  3. In cases where PA is responsible for delivery of goods / services, the payment to the merchant shall be made on Ts + 1 basis. (Ts is the date of intimation by merchant about shipment of goods)
  4. In cases where merchant is responsible for delivery, the payment to the merchant shall be on Td + 1 basis. (Td is the date of confirmation by the merchant about delivery of goods)
  5. In cases where the agreement with the merchant provides for keeping the amount by the PA till expiry of refund period, the payment to the merchant shall be on Tr + 1 basis. (Tr is the date of expiry of refund period)

Also, refund and reversed transactions must be routed back through the escrow account unless as per contract the refund is directly managed by the merchant and the customer has been made aware of the same. A minimum balance requirement equivalent to the amount already collected from customer as per ‘Tp’ or the amount due to the merchant at the end of the day is required to be maintained in the escrow account at any time of the day.

Permissible debits and credits

Similar to the extant regulations, the Guidelines provide a specific list of debits and credits permissible from the escrow account:

  • Credits that are permitted
  1. Payment from various customers towards purchase of goods / services.
  2. Pre-funding by merchants / PAs.
  3. Transfer representing refunds for failed / disputed / returned / cancelled transactions.
  4. Payment received for onward transfer to merchants under promotional activities, incentives, cashbacks etc.
  • Debits that are permitted
  1. Payment to various merchants / service providers.
  2. Payment to any other account on specific directions from the merchant.
  3. Transfer representing refunds for failed / disputed transactions.
  4. Payment of commission to the intermediaries. This amount shall be at pre-determined rates / frequency.
  5. Payment of amount received under promotional activities, incentives, cash-backs, etc.

The aforesaid list of permitted deposits and withdrawals into an account operated by an intermediary is wider than those allowed under the extant regulations. The facility to pay the amount held in escrow to any other account on the direction of the merchant would now enable cashflow trapping by third party lenders or financier. The merchant will have an option to provide instructions to the PA to directly transfer the funds to its creditors.

The Guidelines expressly state that the settlement of funds with merchants will in no case be co-mingled with other business of the PA, if any and no loans shall be available against such amounts.

No interest shall be payable by the bank on balances maintained in the escrow account, except in cases when the PA enters into an agreement with the bank with whom the escrow account is maintained, to transfer “core portion”[5] of the amount, in the escrow account, to a separate account on which interest is payable. Another certification requirement to be obtained from auditor(s) is for certifying that the PA has been maintaining balance in the escrow account.

Technology-related Recommendations

Several technology related recommendations have been separately provided in the Guidelines and are mandatory for PAs but recommendatory for PGs. These instructions provide for adherence to data security standards and timely reporting of security incidents in the course of operation of a PA. It proposes involvement of Board in formulating policy and a competent pool of staff for better operation along with other governance and security parameters.

Conclusion

With these Guidelines being enforced the online payment facilitated by intermediaries will be regulated and monitored by the RBI henceforth. The prescribed timeline of April 2020 may cause practical difficulties and act as a hurdle for the operations of existing PAs. However, the timelines provided for registration and capital requirements are considerably convenient for achieving the prescribed benchmarks. Since PAs are handling the funds, these Guidelines, which necessitate good governance, security and risk management norms on PAs, are expected to be favourable for the merchants and its customers.

 

[1] https://www.rbi.org.in/scripts/PublicationReportDetails.aspx?ID=943

[2] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11822&Mode=0

[3] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=5379&Mode=0

[4] The Reserve Bank may designate a payment system if it considers that designating the system is in the public interest. The designation is to be by notice in writing published in the Gazette, as per Payment System Regulation Act, 1998

[5] This facility shall be permissible to entities who have been in business for 26 fortnights and whose accounts have been duly audited for the full accounting year. For this purpose, the period of 26 fortnights shall be calculated from the actual business operation in the account. ‘Core Portion’ shall be average of the lowest daily outstanding balance (LB) in the escrow account on a fortnightly (FN) basis, for fortnights from the preceding month 26.

 

 

Our other write ups on NBFCs to be referred here http://vinodkothari.com/nbfcs/

Our other similar articles:

http://vinodkothari.com/2017/04/overview-of-regulatory-framework-of-payment-and-settlement-systems-in-india-by-anita-baid/

Cryptotrading’s tryst with destiny- Supreme Court revives cryptotrading, RBI’s circular struck down

-Megha Mittal

(mittal@vinodkothari.com

April 2018, the Reserve Bank of India (RBI) issued a “Statement on Developmental and Regulatory Policies” (‘Circular’) dated 06.04.2018, thereby prohibiting RBI regulated entities from dealing in/ providing any services w.r.t. virtual currencies, with a 3-month ultimatum to those already engaged in such services. Cut to 4th March, 2020- The Supreme Court of India strikes down RBI’s circular and upheld crypto-trading as valid under the Constitution of India.

Amidst apprehensions of crypto-trading being a highly-volatile and risk-concentric venture, the Apex Court, in its order dated 04.03.2020 observed that RBI, an otherwise staunch critic of cryptocurrencies, failed to present any empirical evidence substantiating cryptocurrency’s negative impact on the banking and credit sector in India; and on the basis of this singular fact, the Hon’ble SC stated RBI’s circular to have failed the test of proportionality.

In this article, the author has made a humble attempt to discuss this landmark judgment and its (dis)advantages to the Indian economy.

Read more

Fintech Framework: Regulatory responses to financial innovation

Timothy Lopes, Executive, Vinod Kothari Consultants

finserv@vinodkothari.com

The world of financial services is continually witnessing a growth spree evidenced by new and innovative ways of providing financial services with the use of enabling technology. Financial services coupled with technology, more commonly referred to as ‘Fintech’, is the modern day trend for provision of financial services as opposed to the traditional methods prevalent in the industry.

Rapid advances in technology coupled with financial innovation with respect to delivery of financial services and inclusion gives rise to all forms of fintech enabled services such as digital banking, digital app-based lending, crowd funding, e-money or other electronic payment services, robo advice and crypto assets.

In India too, we are witnessing rapid increase in digital app-based lending, prepaid payment instruments and digital payments. The trend shows that even a cash driven economy like India is moving to digitisation wherein cash is merely used as a way to store value as an economic asset rather than to make payments.

“Cash is King, but Digital is Divine.”

  • Reserve Bank of India[1]

The Financial Stability Institute (‘FSI’), one of the bodies of the Bank for International Settlement issued a report titled “Policy responses to fintech: a cross country overview”[2] wherein different regulatory responses and policy changes to fintech were analysed after conducting a survey of 31 jurisdictions, which however, did not include India.

In this write up we try to analyse the various approaches taken by regulators of several jurisdictions to respond to the innovative world of fintech along with analysing the corresponding steps taken in the Indian fintech space.

The Conceptual Framework

Let us first take a look at the conceptual framework revolving in the fintech environment. Various terminology or taxonomies used in the fintech space, are often used interchangeably across jurisdictions. The report by FSI gives a comprehensive overview of the conceptual framework through a fintech tree model, which characterises the fintech environment in three categories as shown in the figure.

Source: FSI report on Policy responses to fintech: a cross-country overview

Let us now discuss each of the fintech activities in detail along with the regulatory responses in India and across the globe.

Digital Banking –

This refers to normal banking activities delivered through electronic means which is the distinguishing factor from traditional banking activities. With the use of advanced technology, several new entities are being set up as digital banks that deliver deposit taking as well as lending activities through mobile based apps or other electronic modes, thereby eliminating the need for physically approaching a bank branch or even opening a bank branch at all. The idea is to deliver banking services ‘on the go’ with a user friendly interface.

Regulatory responses to digital banking –

The FSI survey reveals that most jurisdictions apply the existing banking laws and regulations to digital banking as well. Applicants with a fintech business model must go through the same licensing process as those applicants with a traditional banking business model.

Only a handful of jurisdictions, namely Hong Kong, SAR and Singapore, have put in place specific licensing regimes for digital banks. In the euro area, specific guidance is issued on how credit institution authorisation requirements would apply to applicants with new fintech business models.

Regulatory framework for digital banking in India –

In India, majority of the digital banking services are offered by traditional banks itself, mainly governed by the Payment and Settlement Systems Act, 2007[1], with RBI being the regulatory body overseeing its implementation. The services include, opening savings accounts online even through apps, facilitating instant transfer of funds through the use of innovative products such as the Unified Payments Interface (UPI), which is governed by the National Payments Corporation of India (NPCI), facilitating the use of virtual cards, prepaid payment instruments (PPI), etc. These services may be provided not only by traditional banks alone, but also by non-bank entities.

Fintech balance sheet lending

Typically refers to lending from the balance sheet and assuming the risk on to the balance sheet of the fintech entity. Investors’ money in the fintech entity is used to lend to customers which shows up as an asset on the balance sheet of the lending entity. This is the idea of balance sheet lending. This idea, when facilitated with technological innovation leads to fintech balance sheet lending.

Regulatory responses to fintech balance sheet lending –

As per the FSI survey, most jurisdictions do not have regulations that are specific to fintech balance sheet lending. In a few jurisdictions, the business of making loans requires a banking licence (eg Austria and Germany). In others, specific licensing regimes exist for non-banks that are in the business of granting loans without taking deposits. Only one of the surveyed jurisdictions has introduced a dedicated licensing regime for fintech balance sheet lending.

Regulatory regime in India –

The new age digital app based lending is rapidly advancing in India. With the regulatory framework for Non-Banking Financial Companies (NBFCs), the fintech balance sheet lending model is possible in India. However, this required a net owned fund of Rs. 2 crores and registration with RBI as an NBFC- Investment and Credit Company.

The digital app based lending model in India works as a partnership between a tech platform entity and an NBFC, wherein the tech platform entity (or fintech entity) manages the working of the app through the use of advanced technology to undertake credit appraisals, while the NBFC assumes the credit risk on its balance sheet by lending to the customers who use the app. We have covered this model in detail in a related write up[2].

Loan & Equity Crowd funding

Crowd funding refers to a platform that connects investors and entrepreneurs (equity crowd funding) and borrowers and lenders (loan crowd funding) through an internet based platform. Under equity crowd funding, the platform connects investors with companies looking to raise capital for their venture, whereas under loan crowd funding, the platform connects a borrower with a lender to match their requirements. The borrower and lender have a direct contract among them, with the platform merely facilitating the transaction.

Regulatory responses to crowd funding –

According to the FSI survey, many surveyed jurisdictions introduced fintech-specific regulations that apply to both loan and equity crowd funding considering the similar risks involved, shown in the table below. Around a third of surveyed jurisdictions have fintech-specific regulations exclusively for equity crowd funding. Only a few jurisdictions have a dedicated licensing regime exclusively for loan crowd funding. Often, crowd funding platforms need to be licensed or registered before they can perform crowd funding activities, and satisfy certain conditions.

Table showing regulatory regimes in various jurisdictions

Fintech-specific regulations for crowd funding
Equity Crowd Funding Equity and Loan Crowd Funding Loan Crowd Funding
Argentina           Columbia

Australia             Italy

Austria                Japan

Brazil                   Turkey

China                   United States

Belgium                Peru

Canada                 Philippines

Chile                      Singapore

European Union  Spain

France                   Sweden

Mexico                  UAE

Netherlands         UK

Australia

Brazil

China

Italy

 

Source: FSI Survey

Regulatory regime in India

  1. In case of equity crowd funding –

In 2014, securities market regulator SEBI issued a consultation paper on crowd funding in India[3], which mainly focused on equity crowd funding. However, there was no regulatory framework subsequently issued by SEBI which would govern equity crowd funding in India. At present crowd funding platforms in India have registered themselves as Alternative Investment Funds (AIFs) with SEBI to carry out fund raising activities.

 

  1. In case of loan crowd funding –

The scenario for loan crowd funding, is however, already in place. The RBI has issued the Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017[4] which govern loan crowd funding platforms. Peer to Peer Lending and loan crowd funding are terms used interchangeably. These platforms are required to maintain a net owned fund of not less than 20 million and get themselves registered with RBI to carry out P2P lending activities.

 

As per the Directions, the Platform cannot raise deposits or lend on its own or even provide any guarantee or credit enhancement among other restrictions. The idea is that the platform only acts as a facilitator without taking up the risk on its own balance sheet.

Robo- Advice

An algorithm based system that uses technology to offer advice to investors based on certain inputs, with minimal to no human intervention needed is known as robo-advice, which is one of the most popular fintech services among the investment advisory space.

Regulatory responses to robo-advice –

According to the FSI survey, in principle, robo- and traditional advisers receive the same regulatory treatment. Consequently, the majority of surveyed jurisdictions do not have fintech-specific regulations for providers of robo-advice. Around a third of surveyed jurisdictions have published guidance and set supervisory expectations on issues that are unique to robo-advice as compared to traditional financial advice. In the absence of robo-specific regulations, several authorities provide somewhat more general information on existing regulatory requirements.

Regulatory regime in India –

In India, there is no specific regulatory framework for those providing robo-advice. All investment advisers are governed by SEBI under the Investment Advisers Regulations, 2013[5]. Under the regulations every investment adviser would have to get themselves registered with SEBI after fulfilling the eligibility conditions. The SEBI regulations would also apply to those offering robo-advice to investors, as there is no specific restriction on using automated tools by investment advisers.

Digital payment services & e-money

Digital payment services refer to technology enabled electronic payments through different modes. For instance, debit cards, credit cards, internet banking, UPI, mobile wallets, etc. E-money on the other hand would mostly refer to prepaid instruments that facilitate payments electronically or through prepaid cards.

Regulatory responses to digital payment services & e-money –

As per the FSI survey, most surveyed jurisdictions have fintech-specific regulations for digital payment services. Some jurisdictions aim at facilitating the access of non-banks to the payments market. Some jurisdictions have put in place regulatory initiatives to strengthen requirements for non-banks.

Further, most surveyed jurisdictions have a dedicated regulatory framework for e-money services. Non-bank e-money providers are typically restricted from engaging in financial intermediation or other banking activities.

Regulatory regime in India –

The Payment and Settlement Systems Act, 2007 (PSS) of India governs the digital payments and e-money space in India. While several Master Directions are issued by the RBI governing prepaid payment instruments and other payment services, ultimately they draw power from the PSS Act alone. These directions govern both bank and non-bank players in the fintech space.

UPI being a fast mode of virtual payment is however governed by the NPCI which is a body of the RBI.

Other policy measures in India – The regulatory sandbox idea

Both RBI and SEBI have come out with a Regulatory Sandbox (RS) regime[6], wherein fintech companies can test their innovative products under a monitored and controlled environment while obtaining certain regulatory relaxations as the regulator may deem fit.  As per RBI, the objective of the RS is to foster responsible innovation in financial services, promote efficiency and bring benefit to consumers. The focus of the RS will be to encourage innovations intended for use in the Indian market in areas where:

  1. there is absence of governing regulations;
  2. there is a need to temporarily ease regulations for enabling the proposed innovation;
  3. the proposed innovation shows promise of easing/effecting delivery of financial services in a significant way.

RBI has already begun with the first cohort[7] of the RS, the theme of which is –

  • Mobile payments including feature phone based payment services;
  • Offline payment solutions; and
  • Contactless payments.

SEBI, however, has only recently issued the proposal of a regulatory sandbox on 17th February, 2020.

Conclusion

Technology has been advancing at a rapid pace, coupled with innovation in the financial services space. This rapid growth however should not be overlooked by regulators across the globe. Thus, there is a need for policy changes and regulatory intervention to simultaneously govern as well as promote fintech activities, as innovation will not wait for regulation.

While most of regulators around the globe have different approaches to governing the fintech space, the regulatory environment should be such that there is sufficient understanding of fintech business models to enable regulation to fit into such models, while also curbing any unethical activities or risks that may arise out of the fintech business.

[1] https://rbidocs.rbi.org.in/rdocs/Publications/PDFs/86706.pdf

[2] http://vinodkothari.com/2019/09/sharing-of-credit-information-to-fintech-companies-implications-of-rbi-bar/

[3] https://www.sebi.gov.in/sebi_data/attachdocs/1403005615257.pdf

[4] https://rbidocs.rbi.org.in/rdocs/notification/PDFs/MDP2PB9A1F7F3BDAC463EAF1EEE48A43F2F6C.PDF

[5] https://www.sebi.gov.in/legal/regulations/jan-2013/sebi-investment-advisers-regulations-2013-last-amended-on-december-08-2016-_34619.html

[6] https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=938

https://www.sebi.gov.in/media/press-releases/feb-2020/sebi-board-meeting_46013.html

[7] https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=48550

[1] Assessment of the progress of digitisation from cash to electronic – https://www.rbi.org.in/Scripts/PublicationsView.aspx?id=19417

[2] https://www.bis.org/fsi/publ/insights23.pdf

An all-embracing guide to identity verification through CKYCR

-Kanakprabha Jethani | Executive

(kanak@vinodkothari.com)

Introduction

Central KYC Registry (CKYCR) is the central repository of KYC information of customers. This registry is a one stop collection of the information of customers whose KYC verification is done once. The Master Direction – Know Your Customer (KYC) Direction, 2016 (KYC Directions)[1] defines CKYCR as “an entity defined under Rule 2(1) of the Rules, to receive, store, safeguard and retrieve the KYC records in digital form of a customer.”

The KYC information of customers obtained by Reporting Entities (REs) (including banks) is uploaded on the registry. The information uploaded by an RE is used by another RE to verify the identity of such customer. Uncertainty as to validity of such verification prevails in the market. The following write-up intends to provide a basic understanding of CKYCR and gathers bits and pieces around identity verification through CKYCR.

Identity verification through CKYCR is done using the KYC identifier of the customer. To carry out such verification, an entity first needs to be registered with the CKYCR. Let us first understand the process of registration with the CKYCR.

Registration on CKYCR

The application for registration shall be made on CKYCR portal. Presently, Central Registry of Securitisation Asset Reconstruction and Security Interest (CERSAI) has been authorized by the Government of India to carry out the functions of CKYCR. Following are the steps to register on CERSAI:

  1. A board resolution should be passed for appointment of the authorised representative. The registering entity shall be required to identify nodal officer, admin and user.
  2. Thereafter, under the new entity registration tab in the live environment of CKYCR, details of the entity, nodal officers, admin and users shall be entered.
  3. Upon submission of the details, the system will generate a temporary reference number and mail will be sent to nodal officer informing the same along with test-bed registration link.
  4. Once registered on the live environment, the entity will have to register itself on the testbed and test the application. It shall have to test all the functionalities as per the checklist provided at https://www.ckycindia.in/ckyc/downloads.html. On completion of the testing, the duly signed checklist at helpdesk@ckycindia.in shall be e-mailed to the CERSAI.
  5. The duly signed registration form along with the supporting documents shall be sent to CERSAI at – 2nd Floor, Rear Block, Jeevan Vihar Building, 3, Parliament Street, New Delhi -110001.
  6. CERSAI will verify the entered details with physical form received. Correct details would mean the CERSAI will authorize and approve the registration application. In case of discrepancies, CERSAI will put the request on hold and the system will send email to the institution nodal officer (email ID provided in Fl registration form). To update the case hyperlink would be provided in the email.
  7. After completion of the testing and verification of documents by CERSAI, the admin and co-admin/user login and password details would be communicated by it.

Obligations in relation to CKYCR

The establishment of CKYCR came with added obligations on banks and REs.  The KYC Directions require banks and REs to upload KYC information of their customers on the CKYCR portal. As per the KYC Directions – “REs shall capture the KYC information for sharing with the CKYCR in the manner mentioned in the Rules, as required by the revised KYC templates prepared for ‘individuals’ and ‘Legal Entities’ as the case may be. Government of India has authorised the Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI), to act as, and to perform the functions of the CKYCR vide Gazette Notification No. S.O. 3183(E) dated November 26, 2015.

…Accordingly, REs shall take the following steps:

  • Scheduled Commercial Banks (SCBs) shall invariably upload the KYC data pertaining to all new individual accounts opened on or after January 1, 2017 with CERSAI in terms of the provisions of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.
  • REs other than SCBs shall upload the KYC data pertaining to all new individual accounts opened on or after from April 1, 2017 with CERSAI in terms of the provisions of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.”

Further, para III and IV of the Operating Guidelines of CKYCR require reporting entities (including banks) to fulfill certain obligations. Accordingly, the reporting entities shall:

  • Register themselves with CKYCR
  • Carry out due diligence and verification KYC information of customer submitting the same.
  • Upload KYC information of customers, in the KYC template provided on CKYCR portal along with scanned copy of Proof of Address (PoA) and Proof of Identity (PoI) after successful verification.
  • Communicate KYC identifier obtained from CKYCR portal to respective customer.
  • Download KYC information of customers from CKYCR, in case KYC identifier is submitted by the customer.
  • Refrain from using information downloaded from CKYCR for purposes other than identity verification.
  • In case of any change in the information, update the same on the CKYCR portal.

In and around verification

Registered entities may download the information from CKYCR portal and use the same for verification. Information can be retrieved using the KYC identifier of the customer. Before we delve into the process of verification and its validity, let us first understand what a KYC identifier is and how would a customer obtain it.

KYC identifier

A KYC Identifier is a 14 digit unique number generated when KYC verification of a customer is done for the first time and the information is uploaded on CKYCR portal. The RE uploading such KYC information on the CKYCR portal shall communicate such KYC Identifier to the customer after uploading his/her KYC information.

Obtaining KYC identifier

When a customer intends to enter into an account-based relationship with a financial institution for the very first time, such financial institution shall obtain KYC information including the Proof of Identity (PoI) and Proof of Address (PoA) of such customer and carry out verification process as provided in the KYC Master Directions. Upon completion of verification process, the financial institution will upload the KYC information required as per the common KYC template provided on the CKYCR portal, along with scanned PoI and PoA, signature and photograph of such customer within 3 days of completing the verification. Different templates are to be made available for individuals, and on the CKYCR portal. Presently, only template for individuals[2] has been made available.

Upon successful uploading of KYC information of the customer on the CKYCR portal, a unique 14 digit number, which is the KYC identifier of the customer, is generated by the portal and communicated to the financial institution uploading the customer information. The financial institution is required to communicate the KYC identifier to respective customer so that the same maybe used by the customer for KYC verification with some other financial institution.

Verification through CKYCR

When a customer submits KYC identifier, the RE, registered with CKYCR portal, enters the same on the CKYCR portal. The KYC documents and other information of the customer available on the CKYCR portal are downloaded. The RE matches the photograph and other details of customer as mentioned in the application form by the customer with that of the CKYCR portal. If both sets of information match, the verification is said to be successful.

Identity Verification through CKYCR- is it valid?

The Operating Guidelines[3] of CKYCR provide that –“Where a customer submits a KYC Identifier to a reporting entity, then such reporting entity shall download the KYC records from the Central KYC Registry by using the KYC Identifier and shall not require a customer to submit the documents again unless:

  1. There is a change in the information of the customer as existing in the records of Central KYC Registry.
  2. The current address of the client is required to be verified.
  3. The reporting entity considers it necessary in order to verify the identity or address of the client, or to perform enhanced due diligence or to build an appropriate risk profile of the client.”

Clearly, when KYC identifier is submitted by the customer, in place of identification documents, the RE shall fetch the KYC information of such customer from CKYCR portal. Since, the KYC information of such person was uploaded on CKYCR portal by another RE after conducting due diligence and undertaking complete verification process, relying on such information is considered as a successful verification process.

Benefits from CKYCR

While imposing various obligations on REs, the CKYCR portal also benefits REs by providing them with an easy way out for KYC verification of their customers. By carrying out verification through KYC Identifier, the requirement of physical interface with the borrower (as required under KYC Master Directions)[4] may be done away with. This might serve as a measure of huge cost savings for lenders, especially in the digital lending era.

Further, CKYCR portals also have de-duplication facility under which KYC information uploaded will go through de-duplication process on the basis of the demographics (i.e. customer name, maiden name, gender, date of birth, mother’s name, father/spouse name, addresses, mobile number, email id etc.) and identity details submitted. The de-dupe process uses normaliser algorithm and custom Indian language phonetics.

  • Where an exact match exists for the KYC data uploaded, the RE will be provided with the KYC identifier for downloading the KYC record.
  • Where a probable match exists for the KYC data uploaded, the record will be flagged for reconciliation by the RE.

Conclusion

Identity verification using the KYC identifier is a cost-effective way of verification and also results into huge cost saving. This method does away with the requirement of physical interface with the customer. Logic being- when the customer would have made the application for entering into account-based relationship, the entity would have obtained the KYC documents and carried out a valid verification process as per the provisions of KYC Master Directions. So, the information based on valid verification is bound to be reliable.

However, despite these benefits, only a handful of entities are principally using this method of verification presently. Lenders, especially FinTech based, should use this method to achieve pace in their flow of transactions.

 

 

[1] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11566

[2] https://rbidocs.rbi.org.in/rdocs/content/pdfs/KYCIND261115_A1.pdf

[3] https://testbed.ckycindia.in/ckyc/assets/doc/Operating-Guidelines-version-1.1.pdf

[4] Our detailed write-up on the same can also be referred-  http://vinodkothari.com/wp-content/uploads/2020/01/KYC-goes-live-1.pdf

 

Our FAQs on CKYCR may also be referred here- http://vinodkothari.com/2016/09/ckyc-registry-uploading-of-kyc-data/

Our other write-ups on KYC:

 

NBFC Account Aggregator – Consent Gateways

Timothy Lopes, Executive, Vinod Kothari Consultants Pvt. Ltd.

finserv@vinodkothari.com

The NBFC Account Aggregator (NBFC-AA) Framework was introduced back in 2016 by RBI[1]. However the concept of Account Aggregators did exist prior to 2016 as well. Prior to NBFC-AA framework several Account Aggregators (such as Perfios and Yodlee) undertook similar business of consolidating financial data and providing analysis on the same for the customer or a financial institution.

To give a basic understanding, an Account Aggregator is an entity that can pull and consolidate all of an individual’s financial data and present the same in a manner that allows the reader to easily understand and analyse the different financial holdings of a person. At present our financial holdings are scattered across various financial instruments, with various financial intermediaries, which come under the purview of various financial regulators.

For example, an individual may have investments in fixed deposits with ABC Bank which comes under the purview of RBI, mutual fund investments with XYZ AMC which comes under the purview of SEBI and life insurance cover with DEF Insurance Corporation (which comes under the purview of IRDAI.

Gathering all the scattered data from each of these investments and consolidating the same for submission to a financial institution while applying for a loan, may prove to be a time-consuming and rather confusing job for an individual.

The NBFC-AA framework was introduced with the intent to help individuals get a consolidated view of their financial holdings spread across the purview of different financial sector regulators.

Recently we have seen a sharp increase in the interest of obtaining an NBFC-AA license. Ever since the Framework was introduced in 2016, around 8 entities have applied for the Account Aggregator License out of which one has been granted the Certificate of Registration while the others have been granted in-principle[2].

Apart from the above, we have seen interest from the new age digital lending/ app based NBFCs.

In this article we wish to discuss the concerns revolving around data sharing, the reason behind going after an Account Aggregator (AA) license and the envisaged business models.

Going after AA License – The reason

New age lending mainly consists of a partnership model between an NBFC which acts as a funding partner and a fintech company that acts as a sourcing partner. Most of the fintech entities want to obtain the credit scores of the borrower when he/she applies for a loan. However, the credit scores are only accessible by the NBFC partner, since they are mandatorily required to be registered as members with all four Credit Information Companies (CICs).

This is where most NBFCs are facing an issue since the restriction on sharing of credit scores acts as a hurdle to smooth flow of operations in the credit approval process. We have elaborately covered this issue in a separate write up on our website[3].

What makes it different in the Account Aggregator route?

Companies registered as an NBFC-AA with RBI, can pull all the financial data of a single customer from any financial regulator and organise the data to show a consolidated view of all the financial asset holdings of the customer at one place. This data can also be shared with a Financial Information User (FIU) who must be an entity registered with and regulated by any financial sector regulator such as RBI, SEBI, IRDAI, etc. The AA could also perform certain data analytics and present meaningful information to the customer or the FIU.

All of the above is possible only and only with the consent of the customer, for which the NBFC-AA must put in place a well-defined ‘Consent Architecture’.

This data would be a gold mine for NBFCs, who would act as FIUs and obtain the customer’s financial data from the NBFC-AA.

Say a customer applies for a loan through a digital lending app. The NBFC would then require the customer’s financial data in order to do a credit evaluation of the potential borrower and make a decision on whether to sanction the loan or not. Instead of going through the process of requesting the customer to submit all his financial asset holdings data, the customer could provide his consent to the NBFC-AA (which could be set up by the NBFC itself), which would then pull all the financial data of the customer in a matter of seconds. This would not only speed up the credit approval and sanction process but also take care of the information sharing hurdle, as sharing of information is clearly possible through the NBFC-AA route if customer consent is obtained.

The above model can be explained with the following illustration –

What about the Fintech Entity?

Currently the partnership is between the fintech company (sourcing partner) and the NBFC (funding partner). With the introduction of an Account Aggregator as a new company in the group, what would be the role of the fintech entity? Can the information be shared with the fintech company as well as the NBFC?

The answer to the former would be that firstly the fintech company could itself apply for the NBFC-AA license, considering that the business of an NBFC-AA is required to be completely IT driven. However, the fintech company would require to maintain a Net Owned Fund (NOF) of Rs. 2 crores as one of the pre-requisites of registration.

Alternatively the digital lending group could incorporate a new company in the group, who would apply for the NBFC-AA license to solely carry out the business of an NBFC-AA. This would leave the fintech entity with the role of maintaining the app through which digital lending takes place.

The above structures could be better understood with the illustrations below –

To answer the latter question as to whether the information can be shared by the NBFC-AA with the fintech entity as well? The answer is quite clearly spelt out in the Master Directions.

As per the Master Directions, the NBFC-AA can share the customers’ information with a FIU, of course, with the consent of the customer. A FIU means an entity registered with and regulated by any financial sector regulator. Regulated entities are other banks, NBFCs, etc. However, fintech companies are not FIUs as they are not registered with and regulated by any financial sector regulator. An NBFC-AA cannot therefore, share the information with the fintech company.

How to register as an NBFC-AA?

Only a company having NOF of Rs. 2 crores can apply to the RBI for an AA license. However there is an exemption to AAs regulated by other financial sector regulators from obtaining this license from RBI, if they are aggregating only those accounts relating to the financial information pertaining to customers of that particular sector.

Further the following procedure is required to be followed for obtaining the NBFC-AA license –

Consent Architecture

Consent is the most important factor in the business of an NBFC-AA. Without the explicit consent of the customer, the NBFC-AA cannot retrieve, share or transfer any financial data of the customer.

The function of obtaining, submitting and managing the customer’s consent by the NBFC-AA should be in accordance with the Master Directions. As per the Master Directions, the consent of the customer obtained by the NBFC-AA should be a standardized consent artefact containing the following details, namely:-

  1. Identity of the customer and optional contact information;
  2. The nature of the financial information requested;
  • Purpose of collecting such information;
  1. The identity of the recipients of the information, if any;
  2. URL or other address to which notification needs to be sent every time the consent artefact is used to access information
  3. Consent creation date, expiry date, identity and signature/ digital signature of the Account Aggregator; and
  • Any other attribute as may be prescribed by the RBI.

This consent artefact can also be obtained in electronic form which should be capable of being logged, audited and verified.

Further, the customer also has every right to revoke the consent given to obtain information that is rendered accessible by a consent artefact, including the ability to revoke consent to obtain parts of such information. Upon revocation a fresh consent artefact shall be shared with the FIP.

The requirement of consent is essential to the business of the NBFC-AA and the manner of obtaining consent is also carefully required to be structured. Account Aggregators can be said to be consent gateways for FIPs and FIUs, since they ultimately benefit from the information provided.

Conclusion

There are several reasons for the new age digital lending NBFCs to go for the NBFC-AA license, as this would amount to a ‘value added’ to their services since every step in the loan process could be done without the customer ever having to leave the app.

However the question as to whether this model fits into the current digital lending model of the NBFC and Fintech Platform should be given due consideration. The revenue model should be structured in a way that the NBFC-AA reaps benefits out of its services provided to the NBFC.

The ultimate benefit would be a speedy and easier credit approval and sanction process for the digital lending business. Data coupled with consent of the customer would prove more efficient for the new age digital lending model if all the necessary checks and systems are in place.

Links to related write ups –

Account Aggregator: A class of NBFCs without any financial assets – http://vinodkothari.com/2016/09/account-aggregator-a-class-of-nbfc-without-any-financial-assets/

Financial Asset Aggregators: RBI issues draft regulatory directions – http://vinodkothari.com/wp-content/uploads/2017/03/Financial_asset_aggregators_RBI-1.pdf

[1] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10598

[2] Source: Sahamati FAQs (Sahamati is a collective of the Account Aggregator System)

[3] http://vinodkothari.com/2019/09/sharing-of-credit-information-to-fintech-companies-implications-of-rbi-bar/

Marketplace lending: Legal issues around “true lender” and “valid when made” doctrines

-Vinod Kothari (vinod@vinodkothari.com)

 

Marketplace lending, P2P lending, or Fintech credit, has been growing fast in many countries, including the USA. It is estimated to have reached about $ 24 billion in 2019[1] in the USA.

However, there are some interesting legal issues that seem to be arising.  The issues seem to be emanating from the fact that P2P platforms essentially do pairing of borrowers and lenders. In the US practice, it is also commonplace to find an intermediary bank that houses the loans for a few days, before the loan is taken up by the “peer” or crowd-sourced lender.

USA, like many other countries, has usury laws. However, usury laws are not applicable in case of banks. This comes from sec 85 of National Bank Act, and sec. 27 (a) of the Federal Deposit Insurance Act.

In P2P structure, the loan on the platform may first have been originated by a bank, and then assigned to the buyer. If the loan carries an interest rate, which is substantially high, and such high interest rate loan is taken by the “peer lender”, will it be in breach of the usury laws, assuming the rate of interest is excessive?

One of the examples of recent legal issues in this regard is Rent-Rite Superkegs West, Ltd., v. World Business Lenders, LLC, 2019 WL 2179688[2]. In this case, a loan of $ 50000 was made to a corporation by a local bank, at an interest rate of 120.86% pa. The loan-note was subsequently assigned to a finance company. Upon bankruptcy of the borrower, the bankruptcy court refused to declare the loan as usurious, based on a time-tested doctrine that has been prevailing in US courts over the years – called valid-when-granted doctrine.

Valid-when-granted doctrine

The valid-when-granted doctrine holds that if a loan is valid when it is originally granted, it cannot become invalid because of subsequent assignment. Several rulings in the past have supported this doctrine: e.g., Munn v. Comm’n Co., 15 Johns. 44, 55 (N.Y. Sup. Ct. 1818); Tuttle v. Clark, 4 Conn. 153, 157 (1822); Knights v. Putnam, 20 Mass. (3 Pick.) 184, 185 (1825)

However, there is a ruling that stands out, which is 2015 ruling of the Second Circuit court in Madden v. Midland Funding, LLC  (786 F.3d 246). In Madden, there was an assignment of a credit card debt to a non-banking entity, who charged interest higher than permitted by state law. The court held that the relaxation from interest rate restrictions applicable to the originating bank could not be claimed by the non-banking assignee.

The ruling in Madden was deployed in a recent [June 2019] class action suit against JP Morgan Chase/Capital One entities, where the plaintiffs, representing credit card holders, allege that buyers of the credit card receivables (under credit card receivables securitization) cannot charge interest higher than permitted in case of non-banking entities. Plaintiffs have relied upon the “true sale” nature of the transaction, and contend that once the receivables are sold, it is the assignee who needs to be answerable to the restrictions on rate of interest.

While these recent suits pose new challenges to consumer loan securitization as well as marketplace lending, it is felt that much depends on the entity that may be regarded as “true lender”. True lender is that the entity that took the position of predominant economic interest in the loan at the time of origination. Consider, however, the following situations:

  1. In a marketplace lending structure, a bank is providing a warehousing facility. The platform disburses the loan first from the bank’s facility, but soon goes to distribute the loan to the peer lenders. The bank exits as soon as the loan is taken by the peer lenders. Will it be possible to argue that the loan should be eligible for usurious loan carve-out applicable to a bank?
  2. Similarly, assume there is a co-lending structure, where a bank takes a portion of the loan, but a predominant portion is taken by a non-banking lender. Can the co-lenders contend to be out of the purview of interest rate limitations?
  3. Assume that a bank originates the loan, and by design, immediately after origination, assigns the loan to a non-banking entity. The assignee gets a fixed, reasonable rate of return, while the spread with the assignee’s return and the actual high interest rate paid by the borrower is swept by the originating bank.

Identity of the true lender becomes an intrigue in cases like this.

Securitization transactions stand on a different footing as compared to P2P programs. In case of securitization, the loan is originated with no explicit understanding that it will be securitized. There are customary seasoning and holding requirements when the loan is incubated on the balance sheet of the originator. At the time of securitization, whether the loan will get included in the securitization pool depends on whether the loan qualifies to be securitized, based on the selection criteria.

However, in case of most P2P programs, the intent of the platform is evidently to distribute the loan to peer-lenders. The facility from the bank is, at best, a bridging facility, to make it convenient for the platform to complete the disbursement without having to wait for the peer-lenders to take the portions of the loan.

US regulators are trying to nip the controversy, by a rule that Interest on a loan that is permissible under 12 U.S.C. 85 shall not be affected by the sale, assignment, or other transfer of the loan. This is coming from a proposed rule by FDIC /OCC in November, 2019[3].

However, the concerns about the true lender may still continue to engage judicial attention.

Usurious lending laws in other countries

Usurious lending, also known as extortionate credit, is recognised by responsible lending laws as well as insolvency/bankruptcy laws. In the context of consumer protection laws, usurious loans are not regarded as enforceable. In case of insolvency/bankruptcy, the insolvency professional has the right to seek avoidance of a usurious or extortionate credit transaction.

In either case, there are typically carve-outs for regulated financial sector entities. The underlying rationale is that the fairness of lending contracts may be ensured by respective financial sector regulator, who may be imposing fair lending standards, disclosure of true rate of interest, etc. Therefore, judicial intervention may not be required in such cases. However, the issue once again would be – is it justifiable that the carve-out available to regulated financial entities should be available to a P2P lender, where it is predesigned that the loan will get transferred out of the books of the originating financial sector entity?

Conclusion

P2P lending or fintech credit is the fastest growing part of non-banking financial intermediation, sometimes known as shadow banking. A lot of regulatory framework is designed keeping a tightly-regulated bank in mind. However, P2P is itself a case of moving out of banking regulation. Banking laws and regulations cannot be supplanted and applied in case of P2P lending.

Further research

We have been engaged in research in the P2P segment. Our report[4] on P2P market in India describes the basics of P2P lending structures in India and demonstrates development of P2P market in India.

Our other write-ups on P2P lending may also be referred:

 

 

 

[1] https://www.statista.com/outlook/338/109/marketplace-lending–consumer-/united-states#market-revenue

[2] https://www.docketbird.com/court-documents/Rent-Rite-Super-Kegs-West-LTD-v-World-Business-Lenders-LLC/Corrected-Written-Opinion-related-document-s-44-Written-Opinion-48-Order-Dismissing-Adversary-Proceeding/cob-1:2018-ap-01099-00049

[3] https://www.occ.gov/news-issuances/news-releases/2019/nr-occ-2019-132a.pdf

[4] http://vinodkothari.com/2017/10/india-peer-to-peer-lending-report/