RBI to regulate operation of payment intermediaries

/1 Comment/in , , , /by
Guidelines on regulation of Payment Aggregators and Payment Gateways issued

-Mridula Tripathi (finserv@vinodkothari.com)

Background

In this era of digitalisation, the role of intermediaries who facilitate the payments in an online transaction has become pivotal. These intermediaries are a connector between the merchants and customers, ensuring the collection and settlement of payment. In the absence of any direct guidelines and adequate governance practices regulating the operations of these intermediaries, there was a need to review the existing instructions issued in this regard by the RBI. Thus, the need of regulating these intermediaries has been considered cardinal by the regulator.

RBI had on September 17, 2019 issued a Discussion Paper on Guidelines for Payment Gateways and Payment Aggregators[1] covering the various facets of activities undertaken by Payment Gateways (PGs) and Payment Aggregators (PAs) (‘Discussion Paper’). The Discussion Paper further explored the avenues of regulating these intermediaries by proposing three options, that is, regulation with the extant instructions, limited regulation or full and direct regulation to supervise the intermediaries.

In this regard, the final guidelines have been issued by the RBI on March 17, 2020 which shall be effective from April 1, 2020[2], for regulating the activities of PAs and providing technology-related recommendations to PGs (‘Guidelines’).

In this article we shall discuss the concept of Payment Aggregator and Payment Gateway. Further, we intend to cover the applicability, eligibility norms, governance practices and reporting requirements provided in the aforesaid guidelines.

Concept of Payment Aggregators and Payment Gateways

In common parlance Payment Gateway can be understood as a software which enables online transactions. Whenever the e-interface is used to make online payments, the role of this software infrastructure comes into picture. Thinking of it as a gateway or channel that opens whenever an online transaction takes place, to traverse money from the payer’s credit cards/debit cards/ e-wallets etc to the intended receiver.

Further, the role of a Payment Aggregator can be understood as a service provider which includes all these Payment Gateways. The significance of the Payment Aggregators lies in the fact that Payment Gateway is a mere technological base which requires a back-end operator and this role is fulfilled by the Payment Aggregator.

A merchant (Seller) providing goods/services to its target customer would require a Merchant Account opened with the bank to accept e-payment. Payment Aggregator can provide the same services to several merchants through one escrow account without the need of opening multiple Merchant Accounts in the bank for each Merchant.

The concept of PA and PG as defined by the RBI is reproduced herein below:

PAYMENT AGGREGATORS (PAs) means the entities which enable e-commerce sites and merchants to meet their payment obligation by facilitating various payment options without creation of a separate payment integration system of their own. These PAs aggregate the funds received as payment from the customers and pass them to the merchants after a certain time period.

PAYMENT GATEWAYS (PGs) are entities that channelize and process an online payment transaction by providing the necessary infrastructure without actual handling of funds.

The Guidelines have also clearly distinguished Payment Gateways as providers of technological infrastructure and Payment Aggregators as the entities facilitating the payment. At present, the existing PAs and PGs have a variety of technological set-up and their infrastructure also keeps changing with time given the business objective for ensuring efficient processing and seamless customer experience. Some of the e-commerce market places have leveraged their market presence and started offering payment aggregation services as well. Though the primary business of an e-commerce marketplace does not come within the regulatory purview of RBI, however, with the introduction of regulatory provisions for PAs, the entities will end up being subjected to dual regulation. Hence, it is required to separate these two activities to enable regulatory supervision over the payment aggregation business.

The extant regulations[3] on opening and operation of accounts and settlement of payments for electronic payment transactions involving intermediarieswe were applicable to intermediaries who collect monies from customers for payment to merchants using any electronic / online payment mode. The Discussion Paper proposed a review of the said regulations and based on the feedback received from market participants, the Guidelines have been issued by RBI.

Coverage of Guidelines

RBI has made its intention clear to directly regulate PAs (Bank & Non-Bank) and it has only provided an indicative baseline technology related recommendation. The Guidelines explicitly exclude Cash on Delivery (CoD) e-commerce model from its purview. Surprisingly, the Discussion Paper issued by RBI in this context intended on regulating both the PAs & PGs, however, since PGs are merely technology providers or outsourcing partners they have been kept out of the regulatory requirements.

The Guidelines come into effect from April 1, 2020, except for requirements for which a specific deadline has been prescribed, such as registration and capital requirements.

Registration requirement

Payment Aggregators are required to fulfil the requirements as provided under the Guidelines within the prescribed timelines. The Guidelines require non-bank entities providing PA services to be incorporated as a company under the Companies Act, 1956/2013 being able of carrying out the activity of operating as a PA, as per its charter documents such as the MoA. Such entities are mandatorily required to register themselves with RBI under the Payment and Settlement Systems Act, 2007 (‘PSSA, 2007’) in Form-A. However, a deadline of June 30, 2021 has been provided for existing non-bank PAs.

Capital requirement

RBI has further benchmarked the capital requirements to be adhered by existing and new PAs. According to which the new PAs at the time of making the application and existing PAs by March 31, 2021 must have a net worth of Rs 15 crore and Rs 25 crore by the end of third financial year i.e. March 31, 2023 and thereafter. Any non-compliance with the capital requirements shall lead to winding up of the business of PA.

As a matter of fact, the Discussion Paper issued by RBI, proposed a capital requirement of Rs 100 crore which seems to have been reduced considering the suggestion received from the market participants.

To supervise the implementation of these Guidelines, there is a certification to be obtained from the statutory auditor, to the effect certifying the compliance of the prescribed capital requirements.

Fit and proper criteria

The promoters of PAs are expected to fulfil fit and proper criteria prescribed by RBI and a declaration is also required to be submitted by the directors of the PAs. However, RBI shall also assess the ‘fit and proper’ status of the applicant entity and the management by obtaining inputs from various regulators.

Policy formulation

The Guidelines further require formulation and adoption of a board approved policy for the following:

  1. merchant on-boarding
  2. disposal of complaints, dispute resolution mechanism, timelines for processing refunds, etc., considering the RBI instructions on Turn Around Time (TAT)
  3. information security policy for the safety and security of the payment systems operated to implement security measures in accordance with this policy to mitigate identified risks
  4. IT policy(as per the Baseline Technology-related Recommendations)

Grievance redressal

The Guidelines have put in place mandatory appointment of a Nodal Officer to handle customer and regulator grievance whose details shall be prominently displayed on the website thus implying good governance in its very spirit. This is similar to the requirement for NBFCs who are required to appoint a Nodal Officer. Also, it is required that the dispute resolution mechanism must contain details on types of disputes, process of dealing with them, Turn Around Time (TAT) for each stage etc.

However, in this context, the Discussion Paper provided for a time period of 7 working days to promptly handle / dispose of complaints received by the customer and the merchant.

Merchant on boarding and KYC compliance

To avoid malicious intent of the merchants, PAs should undertake background and antecedent check of the merchants and are responsible to check Payment Card Industry-Data Security Standard (PCI-DSS) and Payment Application-Data Security Standard (PA-DSS) compliance of the infrastructure of the merchants on-boarded and carry a KYC of the merchants on boarded. It also provides for some mandatory clauses to be incorporated in the agreements to be executed with the merchants.

Risk Management

For the purposes of risk management, apart from adoption of an IS policy, the PAs shall also have a mechanism to monitor, handle and report cyber security incidents and breaches. They are also prohibited to allow online transactions with ATM pin and store customer card credentials on the servers accessed by the merchants and are required to comply with data storage requirements as applicable to Payment System Operators (PSOs).

Reporting Requirements

The Guidelines provide for monthly, quarterly and annual reporting requirement. The annual requirement comprises of certification from a CA and IS audit report and Cyber Security Audit report. The quarterly reporting again provides for certification requirement and the monthly requirement demand a transaction statistic. Also, there shall be reporting requirement in case of any change in management requiring intimation to RBI within 15 days along with ‘Declaration & Undertaking’ by the new directors. Apart from these mainstream reporting requirements there are non-periodic requirements as well.

Additionally, PAs are required to submit the System Audit Report, including cyber security audit conducted by CERTIn empanelled auditors, within two months of the close of their financial year to the respective Regional Office of DPSS, RBI

Escrow Account Mechanism

The Guidelines clearly state that the funds collected from the customers shall be kept in an escrow account opened with any Schedule Commercial Bank by the PAs. And to protect the funds collected from customers the Guidelines state that PA shall be deemed as a ‘Designated Payment System’[4] under section 23A of PSSA, 2007.

Shift from Nodal to Escrow

The Discussion Paper proposed registration, capital requirement, governance, risk management and such other regulations along with the maintenance of a nodal account to manage the funds of the merchants. Further, it acknowledged that in case of nodal accounts, there is no beneficial interest created on the part of the PAs; the fact that they do not form part of the PA’s balance sheet and no interest can be earned on the amount held in these account. The Guidelines are more specific about escrow accounts and do not provide for maintenance of nodal accounts, which seems to indicate a shift from nodal to escrow accounts with the same benefits as nodal accounts and additionally having an interest bearing ‘core portion’. These escrow account arrangements can be with or without a tripartite agreement, giving an option to the merchant to monitor the transactions occurring through the escrow. However, in practice it may not be possible to make each merchant a party to the escrow agreement.

Timelines for settlement to avoid unnecessary delay in payments to Merchants, various timelines have been provided as below:

  1. Amounts deducted from the customer’s account shall be remitted to the escrow account maintaining bank on Tp+0 / Tp+1 basis. (Tp is the date of debit to the customer’s account against good/services purchased)
  2. Final settlement with the merchant
  3. In cases where PA is responsible for delivery of goods / services, the payment to the merchant shall be made on Ts + 1 basis. (Ts is the date of intimation by merchant about shipment of goods)
  4. In cases where merchant is responsible for delivery, the payment to the merchant shall be on Td + 1 basis. (Td is the date of confirmation by the merchant about delivery of goods)
  5. In cases where the agreement with the merchant provides for keeping the amount by the PA till expiry of refund period, the payment to the merchant shall be on Tr + 1 basis. (Tr is the date of expiry of refund period)

Also, refund and reversed transactions must be routed back through the escrow account unless as per contract the refund is directly managed by the merchant and the customer has been made aware of the same. A minimum balance requirement equivalent to the amount already collected from customer as per ‘Tp’ or the amount due to the merchant at the end of the day is required to be maintained in the escrow account at any time of the day.

Permissible debits and credits

Similar to the extant regulations, the Guidelines provide a specific list of debits and credits permissible from the escrow account:

  • Credits that are permitted
  1. Payment from various customers towards purchase of goods / services.
  2. Pre-funding by merchants / PAs.
  3. Transfer representing refunds for failed / disputed / returned / cancelled transactions.
  4. Payment received for onward transfer to merchants under promotional activities, incentives, cashbacks etc.
  • Debits that are permitted
  1. Payment to various merchants / service providers.
  2. Payment to any other account on specific directions from the merchant.
  3. Transfer representing refunds for failed / disputed transactions.
  4. Payment of commission to the intermediaries. This amount shall be at pre-determined rates / frequency.
  5. Payment of amount received under promotional activities, incentives, cash-backs, etc.

The aforesaid list of permitted deposits and withdrawals into an account operated by an intermediary is wider than those allowed under the extant regulations. The facility to pay the amount held in escrow to any other account on the direction of the merchant would now enable cashflow trapping by third party lenders or financier. The merchant will have an option to provide instructions to the PA to directly transfer the funds to its creditors.

The Guidelines expressly state that the settlement of funds with merchants will in no case be co-mingled with other business of the PA, if any and no loans shall be available against such amounts.

No interest shall be payable by the bank on balances maintained in the escrow account, except in cases when the PA enters into an agreement with the bank with whom the escrow account is maintained, to transfer “core portion”[5] of the amount, in the escrow account, to a separate account on which interest is payable. Another certification requirement to be obtained from auditor(s) is for certifying that the PA has been maintaining balance in the escrow account.

Technology-related Recommendations

Several technology related recommendations have been separately provided in the Guidelines and are mandatory for PAs but recommendatory for PGs. These instructions provide for adherence to data security standards and timely reporting of security incidents in the course of operation of a PA. It proposes involvement of Board in formulating policy and a competent pool of staff for better operation along with other governance and security parameters.

Conclusion

With these Guidelines being enforced the online payment facilitated by intermediaries will be regulated and monitored by the RBI henceforth. The prescribed timeline of April 2020 may cause practical difficulties and act as a hurdle for the operations of existing PAs. However, the timelines provided for registration and capital requirements are considerably convenient for achieving the prescribed benchmarks. Since PAs are handling the funds, these Guidelines, which necessitate good governance, security and risk management norms on PAs, are expected to be favourable for the merchants and its customers.

 

[1] https://www.rbi.org.in/scripts/PublicationReportDetails.aspx?ID=943

[2] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11822&Mode=0

[3] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=5379&Mode=0

[4] The Reserve Bank may designate a payment system if it considers that designating the system is in the public interest. The designation is to be by notice in writing published in the Gazette, as per Payment System Regulation Act, 1998

[5] This facility shall be permissible to entities who have been in business for 26 fortnights and whose accounts have been duly audited for the full accounting year. For this purpose, the period of 26 fortnights shall be calculated from the actual business operation in the account. ‘Core Portion’ shall be average of the lowest daily outstanding balance (LB) in the escrow account on a fortnightly (FN) basis, for fortnights from the preceding month 26.

 

 

Our other write ups on NBFCs to be referred here http://vinodkothari.com/nbfcs/

Our other similar articles:

http://vinodkothari.com/2017/04/overview-of-regulatory-framework-of-payment-and-settlement-systems-in-india-by-anita-baid/

Credit Cards and EMI Cards From an NBFC Viewpoint

Foreign Entities getting into Payment Systems in India

Cryptotrading’s tryst with destiny- Supreme Court revives cryptotrading, RBI’s circular struck down

/0 Comments/in , , /by

-Megha Mittal

(mittal@vinodkothari.com

April 2018, the Reserve Bank of India (RBI) issued a “Statement on Developmental and Regulatory Policies” (‘Circular’) dated 06.04.2018, thereby prohibiting RBI regulated entities from dealing in/ providing any services w.r.t. virtual currencies, with a 3-month ultimatum to those already engaged in such services. Cut to 4th March, 2020- The Supreme Court of India strikes down RBI’s circular and upheld crypto-trading as valid under the Constitution of India.

Amidst apprehensions of crypto-trading being a highly-volatile and risk-concentric venture, the Apex Court, in its order dated 04.03.2020 observed that RBI, an otherwise staunch critic of cryptocurrencies, failed to present any empirical evidence substantiating cryptocurrency’s negative impact on the banking and credit sector in India; and on the basis of this singular fact, the Hon’ble SC stated RBI’s circular to have failed the test of proportionality.

In this article, the author has made a humble attempt to discuss this landmark judgment and its (dis)advantages to the Indian economy.

Read more

Fintech Framework: Regulatory responses to financial innovation

/0 Comments/in , /by

Timothy Lopes, Executive, Vinod Kothari Consultants

finserv@vinodkothari.com

The world of financial services is continually witnessing a growth spree evidenced by new and innovative ways of providing financial services with the use of enabling technology. Financial services coupled with technology, more commonly referred to as ‘Fintech’, is the modern day trend for provision of financial services as opposed to the traditional methods prevalent in the industry.

Rapid advances in technology coupled with financial innovation with respect to delivery of financial services and inclusion gives rise to all forms of fintech enabled services such as digital banking, digital app-based lending, crowd funding, e-money or other electronic payment services, robo advice and crypto assets.

In India too, we are witnessing rapid increase in digital app-based lending, prepaid payment instruments and digital payments. The trend shows that even a cash driven economy like India is moving to digitisation wherein cash is merely used as a way to store value as an economic asset rather than to make payments.

“Cash is King, but Digital is Divine.”

  • Reserve Bank of India[1]

The Financial Stability Institute (‘FSI’), one of the bodies of the Bank for International Settlement issued a report titled “Policy responses to fintech: a cross country overview”[2] wherein different regulatory responses and policy changes to fintech were analysed after conducting a survey of 31 jurisdictions, which however, did not include India.

In this write up we try to analyse the various approaches taken by regulators of several jurisdictions to respond to the innovative world of fintech along with analysing the corresponding steps taken in the Indian fintech space.

The Conceptual Framework

Let us first take a look at the conceptual framework revolving in the fintech environment. Various terminology or taxonomies used in the fintech space, are often used interchangeably across jurisdictions. The report by FSI gives a comprehensive overview of the conceptual framework through a fintech tree model, which characterises the fintech environment in three categories as shown in the figure.

Source: FSI report on Policy responses to fintech: a cross-country overview

Let us now discuss each of the fintech activities in detail along with the regulatory responses in India and across the globe.

Digital Banking –

This refers to normal banking activities delivered through electronic means which is the distinguishing factor from traditional banking activities. With the use of advanced technology, several new entities are being set up as digital banks that deliver deposit taking as well as lending activities through mobile based apps or other electronic modes, thereby eliminating the need for physically approaching a bank branch or even opening a bank branch at all. The idea is to deliver banking services ‘on the go’ with a user friendly interface.

Regulatory responses to digital banking –

The FSI survey reveals that most jurisdictions apply the existing banking laws and regulations to digital banking as well. Applicants with a fintech business model must go through the same licensing process as those applicants with a traditional banking business model.

Only a handful of jurisdictions, namely Hong Kong, SAR and Singapore, have put in place specific licensing regimes for digital banks. In the euro area, specific guidance is issued on how credit institution authorisation requirements would apply to applicants with new fintech business models.

Regulatory framework for digital banking in India –

In India, majority of the digital banking services are offered by traditional banks itself, mainly governed by the Payment and Settlement Systems Act, 2007[1], with RBI being the regulatory body overseeing its implementation. The services include, opening savings accounts online even through apps, facilitating instant transfer of funds through the use of innovative products such as the Unified Payments Interface (UPI), which is governed by the National Payments Corporation of India (NPCI), facilitating the use of virtual cards, prepaid payment instruments (PPI), etc. These services may be provided not only by traditional banks alone, but also by non-bank entities.

Fintech balance sheet lending

Typically refers to lending from the balance sheet and assuming the risk on to the balance sheet of the fintech entity. Investors’ money in the fintech entity is used to lend to customers which shows up as an asset on the balance sheet of the lending entity. This is the idea of balance sheet lending. This idea, when facilitated with technological innovation leads to fintech balance sheet lending.

Regulatory responses to fintech balance sheet lending –

As per the FSI survey, most jurisdictions do not have regulations that are specific to fintech balance sheet lending. In a few jurisdictions, the business of making loans requires a banking licence (eg Austria and Germany). In others, specific licensing regimes exist for non-banks that are in the business of granting loans without taking deposits. Only one of the surveyed jurisdictions has introduced a dedicated licensing regime for fintech balance sheet lending.

Regulatory regime in India –

The new age digital app based lending is rapidly advancing in India. With the regulatory framework for Non-Banking Financial Companies (NBFCs), the fintech balance sheet lending model is possible in India. However, this required a net owned fund of Rs. 2 crores and registration with RBI as an NBFC- Investment and Credit Company.

The digital app based lending model in India works as a partnership between a tech platform entity and an NBFC, wherein the tech platform entity (or fintech entity) manages the working of the app through the use of advanced technology to undertake credit appraisals, while the NBFC assumes the credit risk on its balance sheet by lending to the customers who use the app. We have covered this model in detail in a related write up[2].

Loan & Equity Crowd funding

Crowd funding refers to a platform that connects investors and entrepreneurs (equity crowd funding) and borrowers and lenders (loan crowd funding) through an internet based platform. Under equity crowd funding, the platform connects investors with companies looking to raise capital for their venture, whereas under loan crowd funding, the platform connects a borrower with a lender to match their requirements. The borrower and lender have a direct contract among them, with the platform merely facilitating the transaction.

Regulatory responses to crowd funding –

According to the FSI survey, many surveyed jurisdictions introduced fintech-specific regulations that apply to both loan and equity crowd funding considering the similar risks involved, shown in the table below. Around a third of surveyed jurisdictions have fintech-specific regulations exclusively for equity crowd funding. Only a few jurisdictions have a dedicated licensing regime exclusively for loan crowd funding. Often, crowd funding platforms need to be licensed or registered before they can perform crowd funding activities, and satisfy certain conditions.

Table showing regulatory regimes in various jurisdictions

Fintech-specific regulations for crowd funding
Equity Crowd Funding Equity and Loan Crowd Funding Loan Crowd Funding
Argentina           Columbia

Australia             Italy

Austria                Japan

Brazil                   Turkey

China                   United States

 Belgium                Peru

Canada                 Philippines

Chile                      Singapore

European Union  Spain

France                   Sweden

Mexico                  UAE

Netherlands         UK

 Australia

Brazil

China

Italy

 

Source: FSI Survey

Regulatory regime in India

  1. In case of equity crowd funding –

In 2014, securities market regulator SEBI issued a consultation paper on crowd funding in India[3], which mainly focused on equity crowd funding. However, there was no regulatory framework subsequently issued by SEBI which would govern equity crowd funding in India. At present crowd funding platforms in India have registered themselves as Alternative Investment Funds (AIFs) with SEBI to carry out fund raising activities.

 

  1. In case of loan crowd funding –

The scenario for loan crowd funding, is however, already in place. The RBI has issued the Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017[4] which govern loan crowd funding platforms. Peer to Peer Lending and loan crowd funding are terms used interchangeably. These platforms are required to maintain a net owned fund of not less than 20 million and get themselves registered with RBI to carry out P2P lending activities.

 

As per the Directions, the Platform cannot raise deposits or lend on its own or even provide any guarantee or credit enhancement among other restrictions. The idea is that the platform only acts as a facilitator without taking up the risk on its own balance sheet.

Robo- Advice

An algorithm based system that uses technology to offer advice to investors based on certain inputs, with minimal to no human intervention needed is known as robo-advice, which is one of the most popular fintech services among the investment advisory space.

Regulatory responses to robo-advice –

According to the FSI survey, in principle, robo- and traditional advisers receive the same regulatory treatment. Consequently, the majority of surveyed jurisdictions do not have fintech-specific regulations for providers of robo-advice. Around a third of surveyed jurisdictions have published guidance and set supervisory expectations on issues that are unique to robo-advice as compared to traditional financial advice. In the absence of robo-specific regulations, several authorities provide somewhat more general information on existing regulatory requirements.

Regulatory regime in India –

In India, there is no specific regulatory framework for those providing robo-advice. All investment advisers are governed by SEBI under the Investment Advisers Regulations, 2013[5]. Under the regulations every investment adviser would have to get themselves registered with SEBI after fulfilling the eligibility conditions. The SEBI regulations would also apply to those offering robo-advice to investors, as there is no specific restriction on using automated tools by investment advisers.

Digital payment services & e-money

Digital payment services refer to technology enabled electronic payments through different modes. For instance, debit cards, credit cards, internet banking, UPI, mobile wallets, etc. E-money on the other hand would mostly refer to prepaid instruments that facilitate payments electronically or through prepaid cards.

Regulatory responses to digital payment services & e-money –

As per the FSI survey, most surveyed jurisdictions have fintech-specific regulations for digital payment services. Some jurisdictions aim at facilitating the access of non-banks to the payments market. Some jurisdictions have put in place regulatory initiatives to strengthen requirements for non-banks.

Further, most surveyed jurisdictions have a dedicated regulatory framework for e-money services. Non-bank e-money providers are typically restricted from engaging in financial intermediation or other banking activities.

Regulatory regime in India –

The Payment and Settlement Systems Act, 2007 (PSS) of India governs the digital payments and e-money space in India. While several Master Directions are issued by the RBI governing prepaid payment instruments and other payment services, ultimately they draw power from the PSS Act alone. These directions govern both bank and non-bank players in the fintech space.

UPI being a fast mode of virtual payment is however governed by the NPCI which is a body of the RBI.

Other policy measures in India – The regulatory sandbox idea

Both RBI and SEBI have come out with a Regulatory Sandbox (RS) regime[6], wherein fintech companies can test their innovative products under a monitored and controlled environment while obtaining certain regulatory relaxations as the regulator may deem fit.  As per RBI, the objective of the RS is to foster responsible innovation in financial services, promote efficiency and bring benefit to consumers. The focus of the RS will be to encourage innovations intended for use in the Indian market in areas where:

  1. there is absence of governing regulations;
  2. there is a need to temporarily ease regulations for enabling the proposed innovation;
  3. the proposed innovation shows promise of easing/effecting delivery of financial services in a significant way.

RBI has already begun with the first cohort[7] of the RS, the theme of which is –

  • Mobile payments including feature phone based payment services;
  • Offline payment solutions; and
  • Contactless payments.

SEBI, however, has only recently issued the proposal of a regulatory sandbox on 17th February, 2020.

Conclusion

Technology has been advancing at a rapid pace, coupled with innovation in the financial services space. This rapid growth however should not be overlooked by regulators across the globe. Thus, there is a need for policy changes and regulatory intervention to simultaneously govern as well as promote fintech activities, as innovation will not wait for regulation.

While most of regulators around the globe have different approaches to governing the fintech space, the regulatory environment should be such that there is sufficient understanding of fintech business models to enable regulation to fit into such models, while also curbing any unethical activities or risks that may arise out of the fintech business.

[1] https://rbidocs.rbi.org.in/rdocs/Publications/PDFs/86706.pdf

[2] http://vinodkothari.com/2019/09/sharing-of-credit-information-to-fintech-companies-implications-of-rbi-bar/

[3] https://www.sebi.gov.in/sebi_data/attachdocs/1403005615257.pdf

[4] https://rbidocs.rbi.org.in/rdocs/notification/PDFs/MDP2PB9A1F7F3BDAC463EAF1EEE48A43F2F6C.PDF

[5] https://www.sebi.gov.in/legal/regulations/jan-2013/sebi-investment-advisers-regulations-2013-last-amended-on-december-08-2016-_34619.html

[6] https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=938

https://www.sebi.gov.in/media/press-releases/feb-2020/sebi-board-meeting_46013.html

[7] https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=48550

[1] Assessment of the progress of digitisation from cash to electronic – https://www.rbi.org.in/Scripts/PublicationsView.aspx?id=19417

[2] https://www.bis.org/fsi/publ/insights23.pdf

An all-embracing guide to identity verification through CKYCR

/0 Comments/in , , , , /by

-Kanakprabha Jethani | Executive

(kanak@vinodkothari.com)

Updated as on January 19, 2022

Introduction

Central KYC Registry (CKYCR) is the central repository of KYC information of customers. This registry is a one stop collection of the information of customers whose KYC verification is done once. The Master Direction – Know Your Customer (KYC) Direction, 2016 (KYC Directions)[1] defines CKYCR as “an entity defined under Rule 2(1) of the Rules, to receive, store, safeguard and retrieve the KYC records in digital form of a customer.”

The KYC information of customers obtained by Reporting Entities (REs) (including banks) is uploaded on the registry. The information uploaded by an RE is used by another RE to verify the identity of such customer. Uncertainty as to validity of such verification prevails in the market. The following write-up intends to provide a basic understanding of CKYCR and gathers bits and pieces around identity verification through CKYCR.

Identity verification through CKYCR is done using the KYC identifier of the customer. To carry out such verification, an entity first needs to be registered with the CKYCR. Let us first understand the process of registration with the CKYCR.

Registration on CKYCR

The application for registration shall be made on CKYCR portal. Presently, Central Registry of Securitisation Asset Reconstruction and Security Interest (CERSAI) has been authorized by the Government of India to carry out the functions of CKYCR. Following are the steps to register on CERSAI:

  1. A board resolution should be passed for appointment of the authorised representative. The registering entity shall be required to identify nodal officer, admin and user.
  2. Thereafter, under the new entity registration tab in the live environment of CKYCR, details of the entity, nodal officers, admin and users shall be entered.
  3. Upon submission of the details, the system will generate a temporary reference number and mail will be sent to nodal officer informing the same along with test-bed registration link.
  4. Once registered on the live environment, the entity will have to register itself on the testbed and test the application. It shall have to test all the functionalities as per the checklist provided at https://www.ckycindia.in/ckyc/downloads.html. On completion of the testing, the duly signed checklist at helpdesk@ckycindia.in shall be e-mailed to the CERSAI.
  5. The duly signed registration form along with the supporting documents shall be sent to CERSAI at – 2nd Floor, Rear Block, Jeevan Vihar Building, 3, Parliament Street, New Delhi -110001.
  6. CERSAI will verify the entered details with physical form received. Correct details would mean the CERSAI will authorize and approve the registration application. In case of discrepancies, CERSAI will put the request on hold and the system will send email to the institution nodal officer (email ID provided in Fl registration form). To update the case hyperlink would be provided in the email.
  7. After completion of the testing and verification of documents by CERSAI, the admin and co-admin/user login and password details would be communicated by it.

Obligations in relation to CKYCR

The establishment of CKYCR came with added obligations on banks and REs.  The KYC Directions require banks and REs to upload KYC information of their customers on the CKYCR portal. As per the KYC Directions – “REs shall capture the KYC information for sharing with the CKYCR in the manner mentioned in the Rules, as required by the revised KYC templates prepared for ‘individuals’ and ‘Legal Entities’ as the case may be. Government of India has authorised the Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI), to act as, and to perform the functions of the CKYCR vide Gazette Notification No. S.O. 3183(E) dated November 26, 2015.

…Accordingly, REs shall take the following steps:

  • Scheduled Commercial Banks (SCBs) shall invariably upload the KYC data pertaining to all new individual accounts opened on or after January 1, 2017 with CERSAI in terms of the provisions of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.
  • REs other than SCBs shall upload the KYC data pertaining to all new individual accounts opened on or after from April 1, 2017 with CERSAI in terms of the provisions of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.”

Further, para III and IV of the Operating Guidelines of CKYCR require reporting entities (including banks) to fulfill certain obligations. Accordingly, the reporting entities shall:

  • Register themselves with CKYCR
  • Carry out due diligence and verification KYC information of customer submitting the same.
  • Upload KYC information of customers, in the KYC template provided on CKYCR portal along with scanned copy of Proof of Address (PoA) and Proof of Identity (PoI) after successful verification.
  • Communicate KYC identifier obtained from CKYCR portal to respective customer.
  • Download KYC information of customers from CKYCR, in case KYC identifier is submitted by the customer.
  • Refrain from using information downloaded from CKYCR for purposes other than identity verification.
  • In case of any change in the information, update the same on the CKYCR portal.

In and around verification

Registered entities may download the information from CKYCR portal and use the same for verification. Information can be retrieved using the KYC identifier of the customer. Before we delve into the process of verification and its validity, let us first understand what a KYC identifier is and how would a customer obtain it.

KYC identifier

A KYC Identifier is a 14 digit unique number generated when KYC verification of a customer is done for the first time and the information is uploaded on CKYCR portal. The RE uploading such KYC information on the CKYCR portal shall communicate such KYC Identifier to the customer after uploading his/her KYC information.

Obtaining KYC identifier

When a customer intends to enter into an account-based relationship with a financial institution for the very first time, such financial institution shall obtain KYC information including the Proof of Identity (PoI) and Proof of Address (PoA) of such customer and carry out verification process as provided in the KYC Master Directions. Upon completion of verification process, the financial institution will upload the KYC information required as per the common KYC template provided on the CKYCR portal, along with scanned PoI and PoA, signature and photograph of such customer within 3 days of completing the verification. Different templates are to be made available for individuals, and on the CKYCR portal. Presently, only template for individuals[2] has been made available.

Upon successful uploading of KYC information of the customer on the CKYCR portal, a unique 14 digit number, which is the KYC identifier of the customer, is generated by the portal and communicated to the financial institution uploading the customer information. The financial institution is required to communicate the KYC identifier to respective customer so that the same maybe used by the customer for KYC verification with some other financial institution.

Verification through CKYCR

When a customer submits KYC identifier, the RE, registered with CKYCR portal, enters the same on the CKYCR portal. The KYC documents and other information of the customer available on the CKYCR portal are downloaded. The RE matches the photograph and other details of customer as mentioned in the application form by the customer with that of the CKYCR portal. If both sets of information match, the verification is said to be successful.

Identity Verification through CKYCR- is it valid?

The process of CKYCR is not a complete process in itself and is merely a means to obtain documents from the central registry. In the very essence, the registry acts as a storehouse of the documents to facilitate the verification process without having the customer to produce the KYC documents every time he interacts with a regulated entity. Para 56(j) provides that Regulated entities are not required to ask the customer to submit KYC documents, if he/she has submitted KYC Identifier, unless:

(i) there is a change in the information of the customer as existing in the records of CKYCR;
(ii) the current address of the customer is required to be verified;
(iii) the RE considers it necessary in order to verify the identity or address of the customer, or to perform enhanced due diligence or to build an appropriate risk profile of the client.

The above specification is for obtaining the documents from the customer and not for verification of the same. Verification can be done only through physical, digital or V-CIP modes of CDD.

Furthermore, V-CIP as a manner of CDD was introduced through an amendment to KYC Directions introduced on 9th January, 2019[5]. Para 18(b) of the KYC Directions prescribes that documents for V-CIP procedure may be obtained from the CKYCR portal. Logically, if the CKYCR procedure was to be complete in itself, the same would not have been indicated in conjunction with the V-CIP mode of due diligence.

Benefits from CKYCR

While imposing various obligations on REs, the CKYCR portal also benefits REs by providing them with an easy way out for KYC verification of their customers. By carrying out verification through KYC Identifier, the requirement of physical interface with the borrower (as required under KYC Master Directions)[4] may be done away with. This might serve as a measure of huge cost savings for lenders, especially in the digital lending era.

Further, CKYCR portals also have de-duplication facility under which KYC information uploaded will go through de-duplication process on the basis of the demographics (i.e. customer name, maiden name, gender, date of birth, mother’s name, father/spouse name, addresses, mobile number, email id etc.) and identity details submitted. The de-dupe process uses normaliser algorithm and custom Indian language phonetics.

  • Where an exact match exists for the KYC data uploaded, the RE will be provided with the KYC identifier for downloading the KYC record.
  • Where a probable match exists for the KYC data uploaded, the record will be flagged for reconciliation by the RE.

Conclusion

Identity verification using the KYC identifier is a cost-effective way of verification and also results into huge cost saving. This method does away with the requirement of physical interface with the customer. Logic being- when the customer would have made the application for entering into account-based relationship, the entity would have obtained the KYC documents and carried out a valid verification process as per the provisions of KYC Master Directions. So, the information based on valid verification is bound to be reliable.

However, despite these benefits, only a handful of entities are principally using this method of verification presently. Lenders, especially FinTech based, should use this method to achieve pace in their flow of transactions.

[1] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11566

[2] https://rbidocs.rbi.org.in/rdocs/content/pdfs/KYCIND261115_A1.pdf

[3] https://testbed.ckycindia.in/ckyc/assets/doc/Operating-Guidelines-version-1.1.pdf

[4] Our detailed write-up on the same can also be referred-  http://vinodkothari.com/wp-content/uploads/2020/01/KYC-goes-live-1.pdf

[5] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11783&Mode=0

Our FAQs on CKYCR may also be referred here- http://vinodkothari.com/2016/09/ckyc-registry-uploading-of-kyc-data/

Our other write-ups on KYC:

Revised Guidelines on KYC & Anti-Money Laundering Measures for HFCs

RBI amends the KYC Master Directions

Analysis of amendments to KYC Master Directions, 2016

Introduction of Digital KYC

NBFC Account Aggregator – Consent Gateways

/2 Comments/in , , /by

Timothy Lopes, Executive, Vinod Kothari Consultants Pvt. Ltd.

finserv@vinodkothari.com

The NBFC Account Aggregator (NBFC-AA) Framework was introduced back in 2016 by RBI[1]. However the concept of Account Aggregators did exist prior to 2016 as well. Prior to NBFC-AA framework several Account Aggregators (such as Perfios and Yodlee) undertook similar business of consolidating financial data and providing analysis on the same for the customer or a financial institution.

To give a basic understanding, an Account Aggregator is an entity that can pull and consolidate all of an individual’s financial data and present the same in a manner that allows the reader to easily understand and analyse the different financial holdings of a person. At present our financial holdings are scattered across various financial instruments, with various financial intermediaries, which come under the purview of various financial regulators.

For example, an individual may have investments in fixed deposits with ABC Bank which comes under the purview of RBI, mutual fund investments with XYZ AMC which comes under the purview of SEBI and life insurance cover with DEF Insurance Corporation (which comes under the purview of IRDAI.

Gathering all the scattered data from each of these investments and consolidating the same for submission to a financial institution while applying for a loan, may prove to be a time-consuming and rather confusing job for an individual.

The NBFC-AA framework was introduced with the intent to help individuals get a consolidated view of their financial holdings spread across the purview of different financial sector regulators.

Recently we have seen a sharp increase in the interest of obtaining an NBFC-AA license. Ever since the Framework was introduced in 2016, around 8 entities have applied for the Account Aggregator License out of which one has been granted the Certificate of Registration while the others have been granted in-principle[2].

Apart from the above, we have seen interest from the new age digital lending/ app based NBFCs.

In this article we wish to discuss the concerns revolving around data sharing, the reason behind going after an Account Aggregator (AA) license and the envisaged business models.

Going after AA License – The reason

New age lending mainly consists of a partnership model between an NBFC which acts as a funding partner and a fintech company that acts as a sourcing partner. Most of the fintech entities want to obtain the credit scores of the borrower when he/she applies for a loan. However, the credit scores are only accessible by the NBFC partner, since they are mandatorily required to be registered as members with all four Credit Information Companies (CICs).

This is where most NBFCs are facing an issue since the restriction on sharing of credit scores acts as a hurdle to smooth flow of operations in the credit approval process. We have elaborately covered this issue in a separate write up on our website[3].

What makes it different in the Account Aggregator route?

Companies registered as an NBFC-AA with RBI, can pull all the financial data of a single customer from any financial regulator and organise the data to show a consolidated view of all the financial asset holdings of the customer at one place. This data can also be shared with a Financial Information User (FIU) who must be an entity registered with and regulated by any financial sector regulator such as RBI, SEBI, IRDAI, etc. The AA could also perform certain data analytics and present meaningful information to the customer or the FIU.

All of the above is possible only and only with the consent of the customer, for which the NBFC-AA must put in place a well-defined ‘Consent Architecture’.

This data would be a gold mine for NBFCs, who would act as FIUs and obtain the customer’s financial data from the NBFC-AA.

Say a customer applies for a loan through a digital lending app. The NBFC would then require the customer’s financial data in order to do a credit evaluation of the potential borrower and make a decision on whether to sanction the loan or not. Instead of going through the process of requesting the customer to submit all his financial asset holdings data, the customer could provide his consent to the NBFC-AA (which could be set up by the NBFC itself), which would then pull all the financial data of the customer in a matter of seconds. This would not only speed up the credit approval and sanction process but also take care of the information sharing hurdle, as sharing of information is clearly possible through the NBFC-AA route if customer consent is obtained.

The above model can be explained with the following illustration –

What about the Fintech Entity?

Currently the partnership is between the fintech company (sourcing partner) and the NBFC (funding partner). With the introduction of an Account Aggregator as a new company in the group, what would be the role of the fintech entity? Can the information be shared with the fintech company as well as the NBFC?

The answer to the former would be that firstly the fintech company could itself apply for the NBFC-AA license, considering that the business of an NBFC-AA is required to be completely IT driven. However, the fintech company would require to maintain a Net Owned Fund (NOF) of Rs. 2 crores as one of the pre-requisites of registration.

Alternatively the digital lending group could incorporate a new company in the group, who would apply for the NBFC-AA license to solely carry out the business of an NBFC-AA. This would leave the fintech entity with the role of maintaining the app through which digital lending takes place.

The above structures could be better understood with the illustrations below –

To answer the latter question as to whether the information can be shared by the NBFC-AA with the fintech entity as well? The answer is quite clearly spelt out in the Master Directions.

As per the Master Directions, the NBFC-AA can share the customers’ information with a FIU, of course, with the consent of the customer. A FIU means an entity registered with and regulated by any financial sector regulator. Regulated entities are other banks, NBFCs, etc. However, fintech companies are not FIUs as they are not registered with and regulated by any financial sector regulator. An NBFC-AA cannot therefore, share the information with the fintech company.

How to register as an NBFC-AA?

Only a company having NOF of Rs. 2 crores can apply to the RBI for an AA license. However there is an exemption to AAs regulated by other financial sector regulators from obtaining this license from RBI, if they are aggregating only those accounts relating to the financial information pertaining to customers of that particular sector.

Further the following procedure is required to be followed for obtaining the NBFC-AA license –

Consent Architecture

Consent is the most important factor in the business of an NBFC-AA. Without the explicit consent of the customer, the NBFC-AA cannot retrieve, share or transfer any financial data of the customer.

The function of obtaining, submitting and managing the customer’s consent by the NBFC-AA should be in accordance with the Master Directions. As per the Master Directions, the consent of the customer obtained by the NBFC-AA should be a standardized consent artefact containing the following details, namely:-

  1. Identity of the customer and optional contact information;
  2. The nature of the financial information requested;
  • Purpose of collecting such information;
  1. The identity of the recipients of the information, if any;
  2. URL or other address to which notification needs to be sent every time the consent artefact is used to access information
  3. Consent creation date, expiry date, identity and signature/ digital signature of the Account Aggregator; and
  • Any other attribute as may be prescribed by the RBI.

This consent artefact can also be obtained in electronic form which should be capable of being logged, audited and verified.

Further, the customer also has every right to revoke the consent given to obtain information that is rendered accessible by a consent artefact, including the ability to revoke consent to obtain parts of such information. Upon revocation a fresh consent artefact shall be shared with the FIP.

The requirement of consent is essential to the business of the NBFC-AA and the manner of obtaining consent is also carefully required to be structured. Account Aggregators can be said to be consent gateways for FIPs and FIUs, since they ultimately benefit from the information provided.

Conclusion

There are several reasons for the new age digital lending NBFCs to go for the NBFC-AA license, as this would amount to a ‘value added’ to their services since every step in the loan process could be done without the customer ever having to leave the app.

However the question as to whether this model fits into the current digital lending model of the NBFC and Fintech Platform should be given due consideration. The revenue model should be structured in a way that the NBFC-AA reaps benefits out of its services provided to the NBFC.

The ultimate benefit would be a speedy and easier credit approval and sanction process for the digital lending business. Data coupled with consent of the customer would prove more efficient for the new age digital lending model if all the necessary checks and systems are in place.

Links to related write ups –

Account Aggregator: A class of NBFCs without any financial assets – http://vinodkothari.com/2016/09/account-aggregator-a-class-of-nbfc-without-any-financial-assets/

Financial Asset Aggregators: RBI issues draft regulatory directions – http://vinodkothari.com/wp-content/uploads/2017/03/Financial_asset_aggregators_RBI-1.pdf

[1] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10598

[2] Source: Sahamati FAQs (Sahamati is a collective of the Account Aggregator System)

[3] http://vinodkothari.com/2019/09/sharing-of-credit-information-to-fintech-companies-implications-of-rbi-bar/

KYC goes live!

/0 Comments/in , , , , /by

Loader Loading...
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download as PDF [796.86 KB]

[

Marketplace lending: Legal issues around “true lender” and “valid when made” doctrines

/0 Comments/in , , , /by

-Vinod Kothari (vinod@vinodkothari.com)

 

Marketplace lending, P2P lending, or Fintech credit, has been growing fast in many countries, including the USA. It is estimated to have reached about $ 24 billion in 2019[1] in the USA.

However, there are some interesting legal issues that seem to be arising.  The issues seem to be emanating from the fact that P2P platforms essentially do pairing of borrowers and lenders. In the US practice, it is also commonplace to find an intermediary bank that houses the loans for a few days, before the loan is taken up by the “peer” or crowd-sourced lender.

USA, like many other countries, has usury laws. However, usury laws are not applicable in case of banks. This comes from sec 85 of National Bank Act, and sec. 27 (a) of the Federal Deposit Insurance Act.

In P2P structure, the loan on the platform may first have been originated by a bank, and then assigned to the buyer. If the loan carries an interest rate, which is substantially high, and such high interest rate loan is taken by the “peer lender”, will it be in breach of the usury laws, assuming the rate of interest is excessive?

One of the examples of recent legal issues in this regard is Rent-Rite Superkegs West, Ltd., v. World Business Lenders, LLC, 2019 WL 2179688[2]. In this case, a loan of $ 50000 was made to a corporation by a local bank, at an interest rate of 120.86% pa. The loan-note was subsequently assigned to a finance company. Upon bankruptcy of the borrower, the bankruptcy court refused to declare the loan as usurious, based on a time-tested doctrine that has been prevailing in US courts over the years – called valid-when-granted doctrine.

Valid-when-granted doctrine

The valid-when-granted doctrine holds that if a loan is valid when it is originally granted, it cannot become invalid because of subsequent assignment. Several rulings in the past have supported this doctrine: e.g., Munn v. Comm’n Co., 15 Johns. 44, 55 (N.Y. Sup. Ct. 1818); Tuttle v. Clark, 4 Conn. 153, 157 (1822); Knights v. Putnam, 20 Mass. (3 Pick.) 184, 185 (1825)

However, there is a ruling that stands out, which is 2015 ruling of the Second Circuit court in Madden v. Midland Funding, LLC  (786 F.3d 246). In Madden, there was an assignment of a credit card debt to a non-banking entity, who charged interest higher than permitted by state law. The court held that the relaxation from interest rate restrictions applicable to the originating bank could not be claimed by the non-banking assignee.

The ruling in Madden was deployed in a recent [June 2019] class action suit against JP Morgan Chase/Capital One entities, where the plaintiffs, representing credit card holders, allege that buyers of the credit card receivables (under credit card receivables securitization) cannot charge interest higher than permitted in case of non-banking entities. Plaintiffs have relied upon the “true sale” nature of the transaction, and contend that once the receivables are sold, it is the assignee who needs to be answerable to the restrictions on rate of interest.

While these recent suits pose new challenges to consumer loan securitization as well as marketplace lending, it is felt that much depends on the entity that may be regarded as “true lender”. True lender is that the entity that took the position of predominant economic interest in the loan at the time of origination. Consider, however, the following situations:

  1. In a marketplace lending structure, a bank is providing a warehousing facility. The platform disburses the loan first from the bank’s facility, but soon goes to distribute the loan to the peer lenders. The bank exits as soon as the loan is taken by the peer lenders. Will it be possible to argue that the loan should be eligible for usurious loan carve-out applicable to a bank?
  2. Similarly, assume there is a co-lending structure, where a bank takes a portion of the loan, but a predominant portion is taken by a non-banking lender. Can the co-lenders contend to be out of the purview of interest rate limitations?
  3. Assume that a bank originates the loan, and by design, immediately after origination, assigns the loan to a non-banking entity. The assignee gets a fixed, reasonable rate of return, while the spread with the assignee’s return and the actual high interest rate paid by the borrower is swept by the originating bank.

Identity of the true lender becomes an intrigue in cases like this.

Securitization transactions stand on a different footing as compared to P2P programs. In case of securitization, the loan is originated with no explicit understanding that it will be securitized. There are customary seasoning and holding requirements when the loan is incubated on the balance sheet of the originator. At the time of securitization, whether the loan will get included in the securitization pool depends on whether the loan qualifies to be securitized, based on the selection criteria.

However, in case of most P2P programs, the intent of the platform is evidently to distribute the loan to peer-lenders. The facility from the bank is, at best, a bridging facility, to make it convenient for the platform to complete the disbursement without having to wait for the peer-lenders to take the portions of the loan.

US regulators are trying to nip the controversy, by a rule that Interest on a loan that is permissible under 12 U.S.C. 85 shall not be affected by the sale, assignment, or other transfer of the loan. This is coming from a proposed rule by FDIC /OCC in November, 2019[3].

However, the concerns about the true lender may still continue to engage judicial attention.

Usurious lending laws in other countries

Usurious lending, also known as extortionate credit, is recognised by responsible lending laws as well as insolvency/bankruptcy laws. In the context of consumer protection laws, usurious loans are not regarded as enforceable. In case of insolvency/bankruptcy, the insolvency professional has the right to seek avoidance of a usurious or extortionate credit transaction.

In either case, there are typically carve-outs for regulated financial sector entities. The underlying rationale is that the fairness of lending contracts may be ensured by respective financial sector regulator, who may be imposing fair lending standards, disclosure of true rate of interest, etc. Therefore, judicial intervention may not be required in such cases. However, the issue once again would be – is it justifiable that the carve-out available to regulated financial entities should be available to a P2P lender, where it is predesigned that the loan will get transferred out of the books of the originating financial sector entity?

Conclusion

P2P lending or fintech credit is the fastest growing part of non-banking financial intermediation, sometimes known as shadow banking. A lot of regulatory framework is designed keeping a tightly-regulated bank in mind. However, P2P is itself a case of moving out of banking regulation. Banking laws and regulations cannot be supplanted and applied in case of P2P lending.

Further research

We have been engaged in research in the P2P segment. Our report[4] on P2P market in India describes the basics of P2P lending structures in India and demonstrates development of P2P market in India.

Our other write-ups on P2P lending may also be referred:

Peer to Peer Lending: Business Models

FAQs on RBI Regulations on P2P Lending Platforms

RBI’s P2P Regulations: A step forward or backward?

 

 

 

[1] https://www.statista.com/outlook/338/109/marketplace-lending–consumer-/united-states#market-revenue

[2] https://www.docketbird.com/court-documents/Rent-Rite-Super-Kegs-West-LTD-v-World-Business-Lenders-LLC/Corrected-Written-Opinion-related-document-s-44-Written-Opinion-48-Order-Dismissing-Adversary-Proceeding/cob-1:2018-ap-01099-00049

[3] https://www.occ.gov/news-issuances/news-releases/2019/nr-occ-2019-132a.pdf

[4] http://vinodkothari.com/2017/10/india-peer-to-peer-lending-report/

RBI introduces another minimum details PPI

/0 Comments/in , , , /by

BACKGROUND

The Reserve Bank of India (RBI) has vide its notification[1] dated December 24, 2019, introduced a new kind of semi-closed Prepaid Instrument (PPI) which can only be loaded from a bank account and used for purchase of goods and services and not for funds transfer. This PPI has been introduced in furtherance of Statement on Developmental and Regulatory Policies[2] issued by the RBI. The following write-up intends to provide a brief understanding of the features of this instrument and carry out a comparative analysis of features of existing kinds of PPIs and the newly introduced PPI.

BASIC FEATURES

The features of the newly introduced PPIs has to be clearly communicated to the PPI holder by SMS / e-mail / post or by any other means at the time of issuance of the PPI / before the first loading of funds. Following shall be the features of the newly introduced PPI:

  • Issuer can be banks or non-banks.
  • The PPI shall be issued on obtaining minimum details, which shall include a mobile number verified with One Time Pin (OTP) and a self-declaration of name and unique identity / identification number of any ‘mandatory document’ or ‘officially valid document’ (OVD) listed in the KYC Direction.
  • The new PPI shall not require the issuer to carry out the Customer Due Diligence (CDD) process, as provided in the Master Direction – Know Your Customer (KYC) Direction (‘KYC Directions)[3].
  • The amount loaded in such PPIs during any month shall not exceed ₹ 10,000 and the total amount loaded during the financial year shall not exceed ₹ 1,20,000.
  • The amount outstanding at any point of time in such PPIs shall not exceed ₹ 10,000.
  • Issued as a card or in electronic form.
  • The PPIs shall be reloadable in nature. Reloading shall be from a bank account only.
  • Shall be used only for purchase of goods and services and not for funds transfer.
  • Holder shall have an option to close the PPI at any time and the outstanding balance on the date of closure shall be allowed to be transferred ‘back to source.’

COMPARATIVE ANALYSIS

The Master Direction on Issuance and Operation of Prepaid Payment Instruments[4] contain provisions for two other kinds of semi-closed PPIs having transaction limit of ₹10,000. The features of these PPIs seem largely similar. However, there are certain differences as shown in the following table:

 

Basis PPIs upto ₹ 10,000/- by accepting minimum details of the PPI holder

(Type 1)

 PPIs upto ₹ 1,00,000/- after completing KYC of the PPI holder 

(Type 2)

 PPIs upto ₹ 10,000/- with loading only from bank account

(Type 3)
Issuer Banks and non-banks Banks and non-banks Banks and non-banks
PPI holder identification procedure Based on minimum details (mobile number verified with One Time Pin (OTP) and self-declaration of name and unique identification number of any of the officially valid document (OVD) as per PML Rules 2005[5]) KYC procedure as provided in KYC Directions Based on minimum details (mobile number verified with One Time Pin (OTP) and a self-declaration of name and unique identity / identification number of any ‘mandatory document’[6] or OVD as per KYC Directions[7]
Reloading Allowed Allowed Allowed (only from a bank account)
Form Electronic Electronic Card or electronic
Limit on outstanding balance ₹ 10,000 ₹ 1,00,000 ₹ 10,000
Limit on reloading ₹ 10,000 per month and ₹ 1,00,000 in the entire financial year Within the overall PPI limit ₹ 10,000 per month and ₹ 1,20,000 during a financial year
Transaction limits ₹ 10,000 per month ₹ 1,00,000 per month in case of pre-registered beneficiaries and  ₹ 10,000 per month in all other cases ₹ 10,000 per month
Utilisation of amount Purchase of goods and services Purchase of goods and services and transfer to his bank account or ‘back to source’ Purchase of goods and services
Conversion Compulsorily be converted into Type 2 PPIs (KYC compliant) within 24 months from the date of issue No provisions for conversion Type 1 PPIs maybe converted to Type 3, if desired by the holder
Restriction on issuance to single person Cannot be issued to same person using the same mobile number and same minimum details more than once No such provision No such provision
Closure of PPI Holder to have option to close and transfer the outstanding balance to his bank account or ‘back to source’ Holder to have option to close and transfer the outstanding balance to his bank account or ‘back to source’ or to other PPIs of the holder Holder to have option to close and transfer the outstanding balance ‘back to source’ (i.e. the bank account of the holder only)
Pre-registered Beneficiary Facility not available Facility available Facility not available

THE UPPER HAND

Based on the aforesaid comparative analysis, it is clear that for issuance of the newly introduced PPI or the Type 3 PPI, the issuer is not required to undertake the CDD process as provided in the KYC Directions. Only authentication through mobile number and OTP supplemented with a self-declaration regarding of details provided in the OVD shall suffice. This implies that the issuer shall not be required to “Originally See and Verify” the KYC documents submitted by the customer. This would result into digitisation of the entire transaction process and cost efficiency for the issuer.

Compared to the other 2 kinds of PPIs, one which requires carrying out of the KYC process prescribed in the KYC Directions and the other, which can be issued without carrying out the prescribed KYC process but has to be converted into Type 2 PPI within 24 months, this new PPI can be a good shot aiming at ease of business and digital payments upto a certain transaction limit.

CONCLUSION

The newly issued PPI will ensure seamless flow of the transaction. As compared to other PPIs, it will be easier to obtain such PPIs. Further, the limitations such as reloading only from the bank account, restriction of transfer of money from PPI etc. are some factors that shall regulate the usage of such PPIs. These may, however, pull back their acceptance in the digital payments space.

 

 

[1] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11766&Mode=0

[2] https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=48803

[3] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11566

[4] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11142

[5] “officially valid document” means the passport, the driving licence, the Permanent Account Number (PAN) Card, the Voter’s Identity Card issued by the Election Commission of India or any other document as may be required by the banking company, or financial institution or intermediary

[6] Permanent Account Number (PAN)

[7] “Officially Valid Document” (OVD) means the passport, the driving licence, proof of possession of Aadhaar number, the Voter’s Identity Card issued by the Election Commission of India, job card issued by NREGA duly signed by an officer of the State Government and letter issued by the National Population Register containing details of name and address.

 

Our other write-ups relating to PPIs can be viewed here:

RBI’s Interoperability guidelines for PPIs- A move to promote Digitalization

Ombudsman Scheme for PPI issuers

MPC meeting – New type of PPI and more

Regulations on Prepaid Payment Instruments -Comparing the Master Circular and Master Directions

Stringent norms ahead for the issuers of Pre-paid Payment Instruments (PPIs) in India, Kirti Sharma

Getting a licence for Pre-paid Payment Instruments in India.

RBI takes measures to boost MFI lending and regulate PPI issuers

 

Our other resources can be referred to here:

Financial Services