Consultation paper on the proposed IFSCA (Payment Services) Regulations, 20XX: An Analysis

By Anirudh Grover, Executive, finserv@vinodkothari.com

The International Financial Services Centre Authority in an attempt to restructure the regulatory overview of the Payment Services segment in GIFT IFSC has issued a Consultation Paper dated June 13, 2023 (‘CP’), along with the draft regulations that will be applicable to the payment services market in GIFT IFSC. The aim of this write-up is to critically analyze the same with comparisons with the current RBI framework and similar guidelines practiced by regulators globally.  

Background:

The evolution of money has paved the way for new modes of payments. These developments have had a significant impact in the retail segment, in India even the smallest of the transactions like grocery shopping now involve digital payments; and this is getting strengthened day by day, with more or more innovation in the space. As a measured response to such developments, there has been a discourse to modernize the retail payments sector globally. This premise can be substantiated by the entry of non-banks in the payment sector, and the action of having a regulatory oversight based on the principles of risk parameters and consumer protection. However, as the payments sector evolves, there is a need to have a forward-looking approach. Coming to the online payment services market, India is considered one of the leading countries when it comes to digitization of payment system, as depicted in the graph issued by the RBI in its report.^[1]

Limitations of the Payment System Law in India

Despite this significant growth, the regulatory tool for overlooking payments in India is a piece of legislation i.e. the Payment and Settlement Systems Act, 2007 (“PSS Act”) which was enacted more than a decade back when the digital payments market in India was at its nascent stage. The purport of the said legislation was primarily restricted to confer necessary regulatory powers to RBI and to have a systemic perspective for regulating payments systems. Hence, it can be stated that the PSS Act was never based on the principles of risk management or consumer protection which are considered to be crucial for the operations of retail payments.

These limitations in the principal legislation have forced RBI to bridge the regulatory gap by taking recourse to its delegated legislations powers. While this may assist in responding to the changes however such an approach is contrary to the payment systems laws of many countries where it is seen that the substantive provisions and obligations on payment service are provided in the principal legislation with delegated powers being resorted to for the purposes of giving clarifications or giving effect to such substantive obligations set out in the primary statute. This has led to a situation where the entire regulatory framework for payment systems in India has evolved through subordinate legislation. While regulatory flexibility is necessary for an evolving market, the entire regulatory framework cannot be carved out of subordinate legislation. Such an approach often leads to uncertainty for businesses, which may be a disincentive for businesses to innovate.

Taking a cue from the above limitations the International Financial Services Centre Authority in the GIFT City, which is intended to be a hub of investments for the purposes of global investors, has proposed a regulatory framework vide CP..

Key Highlights

A. Payment Systems and Payment Services

• First and foremost, the CP clearly distinguishes between Payment Services and Payment systems with the former being defined as a service related to fund transfer transactions realized with or without payment accounts, which includes the operation of payment accounts, issuance or acceptance of payment instruments and mobile payments and is provided by Payment Service Provider to a payment service user whereas, on the other hand, the latter is referred to as as the specialized infrastructure used for interbank money transfers.

• This clarification is undoubtedly of great importance,   the PSS Act gave a  broad definition of ‘payment system’ along with an indicative list of activities that may fall within the definition, which failed to  recognize the role & risk associated with  each player. Moreover, the approach of concretely defining the said terms can also be seen in jurisdictions such as Singapore and the United Kingdom. In the Singapore Payment Services Act 2019 (“Singapore PS Act”) Payment service providers” are defined to mean any person who provides such “payment services” that are specified in the Singapore PS Act. These services are – account issuance, domestic money transfer, cross-border money transfer, merchant acquisition, e-money issuance, digital payment token, and money-changing.^[2] On the other hand, a “payment system” means a “funds transfer system or other system that facilitates the circulation of money, and includes any instruments and procedures that relate to the system.^[3] Likewise, the UK Payment Services Regulations  2017 (“UK PS Act”) also defines a “payment system” to mean a funds transfer system with formal and standardized arrangements and common rules for the processing, clearing, and settlement of payment transactions.^[4]

B. Authorization Framework

• Coming to regulatory oversight the IFSCA has proposed that for any Payment Service Provider^[5] (“PSP”)to function in GIFT IFSC it shall apply for authorization which essentially means licensing, registration, or any other type of approval granted.

• The two principal types of authorization have a key difference in the way IFSCA would perceive them as depicted in the table below:

“Licensing” is a type of authorization which requires the Payment Service Provider to comply with specified organizational, financial, and risk management requirements and to be prudentially supervised by the Authority

“Registration” is a type of authorization that requires the Payment Service Provider to satisfy certain conditions for being included in a register but on which no ongoing supervision is conducted by the Authority

• Thus, it can be construed that in a licensed authorization, there will be regulatory supervisory whereas when a registration has been granted there will be no ongoing supervision conducted by the authority. Globally if we see the Authorization framework of regulatory oversight is mostly followed. For instance, the UK PS Act requires a payment service provider to either apply for authorization as an authorized payment institution or registered as a small payment institution or get registered as an account information service provider, or get registered an agent of the entities referred above.^[6] However, unlike other jurisdictions that envisage an authorization requirement for payment service providers, the PSS Act mandates the registration of  an operator of a payment system irrespective of the nature of activities it intends to perform
• Therefore, it can be argued that it became all the more necessary for the IFSCA to have in place a regulatory framework that is favoring the foreign investors who are willing to set up their shop in GIFT IFSC.

C. Governance Requirements

• The Proposed Regulations have also proposed a governance framework for licensed PSPs intending to function in GIFT IFSC. It has been proposed that the PSPs shall have in place governance arrangements which at the minimum should include the following components:
  • role and composition of the Board and any board committees;
  • senior management structure;
  • reporting lines between management and the board;
  • ownership structure;
  • internal governance policy;
  • design of risk management and internal controls;
  • procedures for the appointment of board members and senior management;
  • processes for ensuring performance accountability

• Further PSPs have also not been permitted to undertake any other activity other than payment services unless specific approval has been granted.

D. Risk Management Framework

• Given that the PSS Act was not based on a risk-based approach therefore the IFSCA in its proposal has mandated PSPs to put in place a management framework consisting of risk management policies, procedures, and systems that enable it to identify, measure, monitor, and manage the range of risks that arise in or are borne by it while providing the payment service

E. Other Requirements

• Other than the above, the PSPs have been mandated to safeguard their applicable funds by clearly segregating them from any other type of funds it intends to hold. Additionally, it shall regularly be mandated to submit returns, furnish their financial statements and comply with  International Financial Services Centres Authority (Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022, and other provisions of the Prevention of Money Laundering Act, 2002 and the Rules made thereunder

Concluding Remarks

The proposed regulations can be considered a step in the right direction for GIFT IFSC as the same is largely based on the principles followed by regulators around the world which may attract and motivate foreign investors to set up their base in GIFT IFSC.

---

^[1] RBI Annual Report 2020-21    

^[2] Section 2 r/w Part 1 of the Schedule 1 of the Payment Services Act 2019, https://sso.agc.gov.sg/Acts-Supp/2-2019/Published/20190220?DocDate=20190220

^[3] Section 2  of the Payment Services Act 2019, https://sso.agc.gov.sg/Acts-Supp/2-2019/Published/20190220?DocDate=20190220

^[4] Regulation 2(1) of the Payment Services Regulations, 2017,https://www.legislation.gov.uk/uksi/2017/752/regulation/2/made

^[5] Payment Systems Provider means any person that provides payment services as a principal business and who has been duly authorised by the Authority to provide such payment service.

^[6] Regulation 4 of the Payment Services Regulations, 2017, https://www.legislation.gov.uk/uksi/2017/752/regulation/4/made