After 15 years: New Securitisation regulatory framework takes effect

-Financial Services Division (

[This version dated 24th September, 2021. We are continuing to develop the write-up further – please do come back]

We invite you all to join us at the Indian Securitisation Summit, 2021. The details can be accessed here

On September 24, 2021, the RBI released Master Direction – Reserve Bank of India Securitisation of Standard Assets) Directions, 2021 (‘Directions’)[1]. The same has been released after almost 15 months of the comment period on the draft framework issued on June 08, 2020[2]. This culminates the process that started with Dr. Harsh Vardhan committee report in 2019[3].

It is said that capital markets are fast changing, and regulations aim to capture a dynamic market which quite often leads the regulation than follow it. However, the just-repealed Guidelines continued to shape and support the securitisation market in the country for a good 15 years, with the 2012 supplements mainly incorporating the response to the Global Financial Crisis (GFC).

Considering the fact that securitisation, along with its regulatory alternative (direct assignment) has become a very important channel of inter-connectivity and bridging between the non-banking finance companies and the banking sector, and since the ILFS crisis, has been almost existential for NBFCs, it is very important to examine how the new regulatory framework will support securitisation market in India.

By way of highlights:

  • The bar on securitisation of purchased loans has been removed; there is a holding period requirement for acquired loans, after which the same may be securitised.
  • The risk retention requirement for residential mortgage backed transactions has been reduced to 5%.
  • Minimum holding period reduced to 6 months maximum, whereas it will be 3 months in case of loans with a tenure of upto 2 years.
  • In line with EU and other markets, there is a new framework for simple, transparent and comparable (STC) securitisations, which will qualify for lower capital requirements for investors.
  • Ratings-based risk weights introduced for securitisation transactions, adopting the ERB approach of global regulators.
  • Direct assignments continue to be subjected to the familiar criteria – no credit enhancement or liquidity facility, adherence to MHP, etc. However, risk retention criteria in case of direct assignments, called Transfer of Loan Exposures, have been removed, except where the buyer does not do a due diligence for all the loans he buys.
  • By defining who all could be permitted transferees of loans, the fledgling market for sale of loans through electronic platforms, to permit retail investors to participate in the loan market, completely nipped in its bud.

Scope of Applicability

Effective date:

The Directions are applicable with immediate effect. This should mean, any transaction done or after the date of the notification of the Directions must be in compliance therewith. Para 4 of the Directions clearly provides that any transaction of securitisation “undertaken” subsequent to the notification of the Directions will have to comply with the same. This implies that 24th September is the last date for any securitisation transaction under the erstwhile Guidelines.

The immediate implementation of the new Directions may create difficulties for transactions which are mid-way. Para 4 refers to transactions undertaken after the notification date. What is the date of “undertaking” a transaction for determining the cut-off date? Quite often, securitization transactions involve a process which may be spread over a period of time. The signing of the deed of assignment is mostly the culmination of the process. In our view, if the transaction is already mid-way, and effective term sheets have been signed with investors within the 24th September, it will be improper to disrupt that which has already been structured.

Lending entities covered:

As proposed in the Draft Directions, the Directions are applicable to banks and small finance banks (excluding RRBs), all India Term financing institutions (NABARD, NHB, EXIM Bank, and SIDBI), NBFCs and HFCs. These institutions are referred to as Lenders (or Originators) herein.

Eligible Assets

What is not eligible:

The Directions provide a negative list i.e. list of the assets that cannot be securitised. These are:

  1. Re-securitisation exposures;
  2. Structures in which short term instruments such as commercial paper, which are periodically rolled over, are issued against long term assets held by a SPE. Thus, what is globally prevalent as “asset backed commercial paper” (ABCP) has been ruled out. ABCP transactions were seen as responsible for a substantial liquidity crisis during the GFC regime, and Indian regulators seem to have shunned the same.
  3. Synthetic securitisation; and
  4. Securitisation with the following assets as underlying:
    1. revolving credit facilities
    2. Restructured loans and advances which are in the specified period; [Notably, the Directions do not seem to define what is the “specified period” during which restructured facilities will have to stay off from the transaction. It appears that the bar will stay till the facility comes out of the “substandard” tag. This becomes clear from para 8 of the Directions.
    3. Exposures to other lending institutions;
    4. Refinance exposures of AIFIs; and
    5. Loans with bullet payments of both principal and interest as underlying;

The draft guidelines did not exclude 2, 3, 4(b), (c) and (d) above. It is noteworthy that the exposure to other lending institutions has also been put in the negative list. Further, synthetic securitisation, on which several transactions are based, also seems to be disallowed.

Apart from the above, all other on-balance sheet exposures in the nature of loans and advances and classified as ‘standard’ will be eligible to be securitised under the new guidelines.

With respect to agricultural loans, there are additional requirements, as prescribed in the draft directions. Further, MHP restrictions shall not be applicable on such loans.

What is not not eligible, that is, what is eligible:

It is also important to note that the bar on securitisation of loans that have been purchased by the originator goes away. On the contrary, Explanation below para 5 (l) [definition of Originator] clearly states that that the originator need not be the original lender; loans which were acquired from other lenders may also be the part of a securitisation transaction. Further, Para 9 provides that the respective originators of the said assets transferred to the instant originator should have complied with the MHP requirements, as per the TLE Directions.

At the same time, a re-securitisation is still negative listed. That is, a pool may consist of loans which have been acquired from others (obviously, in compliance with TLE Directions), but may not consist of a securitisation exposure.

Another notable structure which is possible is securitisation of a single loan. This comes from proviso to para 5 (s). This proposal was there in the draft Directions too. While, going by the very economics of structured finance, a single loan securitisation does not make sense, and reminds one of the “loan sell off” transactions prior to the 2006 Guidelines, yet, it is interesting to find this clear provision in the Directions.

Rights of underlying obligors

Obligors are borrowers that owe payments to the originator/ lender. Securitisation transactions must ensure that rights of these obligors are not affected. Contracts must have suitable clauses safeguarding the same and all necessary consent from such obligors must be obtained.

MRR Requirements

Underlying Loans MRR Manner of maintaining MRR
Original maturity of 24 months or less 5% Upto 5%-

●      First loss facility, if available;

●      If first loss facility not available/ retention of the entire first loss facility is less than 5%- balance through equity tranche;

●      Retention of entire first loss facility + equity tranche  < 5%- balance pari passu in remaining tranches sold to investors


Above 5%

●      First loss facility, or

●      equity tranche or

●      any other tranche sold to investors

●      combination thereof

In essence, the MRR may be a horizontal tranche, vertical tranche and a combination of the two (L tranche]. If the first loss tranche is within 5%, the first loss tranche has to be originator-retained, and cannot be sold to external investors. However, if the first loss tranche is more than 5%, it is only 5% that needs to be regulatorily retained by the originator.



Original maturity of more than 24 months


Loans with bullet repayments
RMBS (irrespective of maturity) 5%

Para 14, laying down the MRR requirements, uses two terms – equity tranche and “first loss facility”. While the word “first loss facility” is defined, equity tranche is not. Para 5(h) defines “first loss facility” to include first level of financial support provided by the originator or a third party to improve the creditworthiness of the securitisation notes issued by the SPE such that the provider of the facility bears the part or all of the risks associated with the assets held by the SPE .

However, Explanation below para 14 may be the source of a substantial confusion as it says OC shall not be counted as a part of the first loss facility for this purpose.

What might be the possible interpretation of this (euphemistically termed as) Explanation? OC is  certainly a form of originator support to the transaction, and economically, is a part of the first loss support. However, first loss support may come in different ways, such as originator guarantee, guarantee from a third party, cash collateral, etc. Equity tranche, deriving from the meaning of the word “tranche” which includes both the notes as also other forms of enhancement. Therefore, what the Explanation is possibly trying to convey is that in capturing the equity or first loss tranche, which, upto 5%, has to be  originator-retained, the OC shall not be included.

This, however, does not mean that the OC will not qualify for MRR purposes. OC is very much a part of the originator’s risk retention; however, in constructuring the horizontal, vertical and L tranche of transactions, the OC shall not be considered.

To give examples:

  • A transaction has 15% OC, and then a AAA rated tranche: In this case, the original has the 15% OC which meets the MRR requirement. He does not need to have any share of the senior tranches. This point, looking at the language of the Explanation, may be unclear and may, therefore, reduce the popularity of OC as a form of credit enhancement.
  • A transaction as 5% OC, 5% junior tranche, and remaining 95% as senior tranche. The originator needs to hold the entire 5% junior tranche (assuming original maturity > 24 months).
  • A transaction has 5% OC, 2% junior tranche, and 98% senior tranche. The originator needs to hold the entire 2% junior tranche, and 3% of the 98% senior tranche.

Para 16 first clarifies what is though clear from the 2006 Guidelines as well – that the requirement of retention of MRR through the life of the transaction does not bar amoritisation of the MRR. However, if MRR comes in forms such as cash collateral, it cannot be reduced over the tenure, except by way of absorption of losses or by way of reset of credit enhancements as per the Directions.

Listing Requirements

The Directions specify a minimum ticket size of Rs. 1 crore for issuance of securitisation notes. This would mean an investor has to put in a minimum of Rs 1 crore in the transaction. Further, the Directions also state that in case securitisation notes are offered to 50 or more persons, the issuance shall mandatorily be listed on stock exchange.

Interestingly, the limit of 50 persons seems to be coming from the pre-2013 rules on private placements; the number, now, is 200. It is typically unlikely that securitisation transactions have 50 or more investors to begin with. However, recently, there are several portals which try to rope in non-traditional investors for investing in securitisation transactions. These portals may still do a resale to more than 50; it is just that the number of investors at the inception of the transaction cannot be more than 49. Also, if there are multiple issuances, the number applies to each issuance. The number, of course, has to be added for multiple tranches.

The Draft Directions stated a issuance size based listing requirement in case of RMBS, as against the investor group size based requirement prescribed in the Directions.

SPE requirements

SPE requirements are largely routine. There is one point in para 30 (d) which may cause some confusion – about the minimum number of directors on the board of the SPE. This is applicable only where the originator has the right of nominating a board member. If the originator has no such right, there is no minimum requirement as to the board of directors of the SPE. In any case, it is hard to think of SPEs incorporated in corporate form in India.

Accounting provisions

The Directions give primacy to accounting standards, as far as NBFCs adopting IndAs are concerned. In such cases, upfront recognition of profit, as per “gain on sale” method, is explicitly permitted now. As for other lenders too, if the gain on sale is realised, it may be booked upfront.

Unrealised gains, if any, should be accounted for in the following manner:

  1. The unrealised gains should not be recognised in Profit and Loss account; instead the lenders shall hold the unrealised profit under an accounting head styled as “Unrealised Gain on Loan Transfer Transactions”.
  2. The profit may be recognised in Profit and Loss Account only when such unrealised gains associated with expected future margin income is redeemed in cash. However, if the unrealised gains associated with expected future margin income is credit enhancing (for example, in the form of credit enhancing interest-only strip), the balance in this account may be treated as a provision against potential losses incurred.
  3. In the case of amortising credit-enhancing interest-only strip, a lender would periodically receive in cash, only the amount which is left after absorbing losses, if any, supported by the credit-enhancing interest-only strip. On receipt, this amount may be credited to Profit and Loss account and the amount equivalent to the amortisation due may be written-off against the “Unrealised Gain on Loan Transfer Transactions” account bringing down the book value of the credit-enhancing interest-only strip in the lender’s books.
  4. In the case of a non-amortising credit-enhancing interest-only strip, as and when the lender receives intimation of charging-off of losses by the SPE against the credit-enhancing interest-only strip, it may write-off equivalent amount against “Unrealised Gain on Loan Transfer Transactions” account and bring down the book value of the credit-enhancing interest-only strip in the lender’s books. The amount received in the final redemption value of the credit-enhancing interest-only strip received in cash may be taken to the Profit and Loss account.

STC securitisations

Having a simple, transparent and comparable (STC) label for a securitisation transaction is a very important factor, particularly for investors’ acceptability of the transaction. Securitisation transactions are structured finance transactions –the structure may be fairly complicated. The transaction may be bespoke – created with a particular investor in mind; hence, the transaction may not be standard. Also, the transaction terms may not have requisite transparency.[4]

Simple transparent and comparable securitisations qualify for relaxed capital requirements. STC structures are currently prevalent and recognised for lower capital requirements in several European countries. The transactions are required to comply with specific guidelines in order to obtain a STC label. The Basel III guidelines set the STC criteria for the purpose of alternative capital treatment.

The STC criteria inter-alia provides for conditions based on asset homogeneity, past performance of the asset, consistency of underwriting etc.The Para 37 of the Directions provides that securitisations that additionally satisfy all the criteria laid out in Annex 1 of the Directions can be subject to the alternative capital treatment. The criteria mentioned in the Directions are at par with requirements of Basel III regulations.

Investors to the STC compliant securitisation are allowed relaxed risk-weights on the investment made by them.

The Directions further require, originator to disclose to investors all necessary information at the transaction level to allow investors to determine whether the securitisation is STC compliant.

STC criteria need to be met at all times. Checking the compliance with some of the criteria might only be necessary at origination. .In cases where the criteria refer to underlying, and the pool is dynamic, the compliance with the criteria will be subject to dynamic checks every time that assets are added to the pool.

Facilities supporting securitisation structures

A securitisation transaction may have multiple elements – like credit enhancement, liquidity support, underwriting support, servicing support. These are either provided by the originator itself or by third parties. The Directions aim to regulate all such support providers (“Facility Providers”).  The Directions require the Facility Providers to be regulated by at least one financial sector regulator. For this purpose, in our view, RBI, IRDAI, NHB, SEBI etc. may be considered as financial sector regulators.

Common conditions for all Facilities

For provision of any of the aforesaid facilities, the facility provider must fulfill the following conditions:

  • Proper documentation of the nature, purpose, extent of the facility, duration, amount and standards of performance
  • Facilities to be clearly demarcated from each other
  • On arm’s length basis
  • The fee of the Facility Provider should not be subject to subordination/waiver
  • No recourse to Facility Provider beyond the obligations fixed in the contract
  • Facility Provider to obtain legal opinion that the contract does not expose it to any liability to the investors

Credit Enhancement Facilities

In addition to the above mentioned conditions, following conditions must be fulfilled by the Facility Provider:

  • To be provided only at initiation of transaction
  • Must be available to SPV at all times
  • Draw downs to eb immediately written-off

Liquidity facilities

The provisions about liquidity facilities are substantially similar to what they have been in the 2006 Guidelines. However, the provisions of 2006 Guidelines and the Draft Directions requiring co-provision of liquidity facility to the extent of 25% by an independent party have been omitted. This would mean, the originator itself may now be able to provide for the liquidity facility if an independent party could not be identified or in any other case.

Underwriting facilities

Underwriting is hardly common in case of securitisations, as most issuances are done on bespoke, OTC basis. Again, most of the provisions in the Directions relating to underwriting are similar to the 2006 Guidelines with one difference. The 2006 Guidelines required Originators (providing underwriting facilities) to reduce Tier 1 and Tier 2 capital by the amount of holdings (if it is in excess of 10% of the issue size) in 50-50 proportion.

The Directions are silent on the same.

Servicing facilities

Third party service providers have started emerging in India, particularly by way of  necessity (forced by events of default  of certain originators) rather than commercial expediency.

The provisions of the Directions in para 59-60 are applicable even to proprietary servicing, that is, the originator acting as a servicer, as well as a third party servicer.

It is important to note that arms’ length precondition [Para 45 (b) ] is applicable to originator servicing too. Hence, if the servicing fees are on non-arms’ length terms, this may certainly amount to a breach of the Directions. The other requirement of para 45 (e) seems also critical – the payment of servicing fee should not be subordinated. There should not be any bar on structuring a servicing fee in two components – a fixed and senior component, and an additional subordinated component. This is common in case of third party servicers as well.

Lenders who are investors

The meaning of “lenders” who are investors, in Chapter V, should relate to the entities covered by the Directions, that is, banks, NBFCs, HFCs and term lending institutions, who are investing money into securitisation notes. Obviously, the RBI is not meant to regulate other investors who are outside RBI’s regulatory ambit. The part relating to stress testing was there in the earlier Guidelines too – this finds place in the Directions.

It is also made clear that the investors’ exposure is not on the SPE, but on the underlying pools. Hence, the see-through treatment as given in Large Exposures Framework applies in this case.

Capital requirements

Capital has to be maintained in all securitisation exposures, irrespective of the nature of the exposure an entity is exposed to. If the securitisation transaction leads to any realised or unrealised gain, the same must be excluded from the Common Equity Tier 1 or Net owned Funds, and the same must be deferred till the maturity of the assets.

Further, if an entity has overlapping exposures, and if one exposure precludes the other one by fulfilment of obligations of the former, then the entity need not maintain capital on the latter. For example, if an entity holds a junior tranche which provides full credit support to a senior tranche, and also holds a part of the senior tranche, then its exposure in the junior tranche precludes any loss from the senior tranche. In such a situation, the entity does not have to assign risk-weights to the senior tranche.

Liquidity facilities

For the liquidity facilities extended in accordance with Chapter IV of the Directions, capital can be maintained as per the External Rating Based Approach (which has been discussed later on). For liquidity facilities not extended in accordance with Chapter IV of the Directions, capital charge on the actual amount after applying a 100% CCF will have to be considered.

Derecognition of transferred assets for the purpose of Capital Adequacy

 The Directions has laid down clear guidelines on derecognition of transferred assets for capital adequacy, and has no correlation with accounting derecognition under Ind AS 109. Therefore, irrespective of whether a transaction achieves accounting derecognition or not, the originator will still be able to enjoy regulatory capital relief so long as the Directions are complied with.

There is a long list of conditions which have to be satisfied in order achieve derecognition, which includes:

  1. There should complete surrender of control over the transferred exposures. The originator shall be deemed to have retained effective control over the exposures if:
    • It is able to repurchase the exposures from the SPE in order to realise the benefits, or
    • It is obligated to retain the risk of the transferred exposures.
  2. The originator should not be able to repurchase the exposure, except for clean-up calls.
  3. The transferred exposures are legally taken isolated such that they are put beyond the reach of the creditors in case of bankruptcy or otherwise.
  4. The securitisation notes issued by SPE are not obligations of the originator.
  5. The holders of the securitisation notes issued by the SPE against the transferred exposures have the right to pledge or trade them without any restriction, unless the restriction is imposed by a statutory or regulatory risk retention requirement
  6. Clean-up call
    • The threshold at which clean-up calls become exercisable shall not be more than 10% of the original value of the underlying exposures or securitisation notes.
    • Exercise of clean-up calls should not be mandatory.
    • The clean-up call options, if any, should not be structured to avoid allocating losses to credit enhancements or positions held by investors or otherwise structured to provide credit enhancements
  7. The originators must not be obligated to replace loans in the pool in case of deterioration of the underlying exposures to improve the credit quality
  8. The originator should not be allowed to increase the credit enhancement provided at the inception of the transaction, after its commencement.
  9. The securitisation does not contain clauses that increase the yield payable to parties other than the originator such as investors and third-party providers of credit enhancements, in response to a deterioration in the credit quality of the underlying pool
  10. There must be no termination options or triggers to the securitisation exposures except eligible clean-up call options or termination provisions for specific changes in tax and regulation

Further, a legal opinion has to be obtained confirming the fulfilment of the aforesaid conditions.

The draft directions issued some quantitative conditions as well, which have been dropped from the final Directions.

Securitisation External Ratings Based Approach

 The Directions require the lenders to maintain capital as per the ERBA methodology. Where the exposures are unrated, capital charge has to be maintained in the actual exposure.

Para 85 signifies that the maximum capital computed as per the ERBA methodology will still be subject to a cap of the capital against the loan pool, had the pool not been securitised.

The maximum risk weight prescribed in the ERBA approach is 1250%, which holds good for banks, as they are required to maintain a capital of 8%. For NBFCs, the capital required is 15%, so the maximum risk weight should not have been more that 667%. However, para 85 should take care of this anomaly which limits the capital charge to the capital against the loan pool, had the pool not been securitised.

Investor disclosures

Disclosures, both at the time of the issuance, and subsequent thereto, form an important part of the Directions. A complete Chapter (Chapter VII) is dedicated to the same. The disclosures as laid in Annexure 2 are to be made at least on half yearly basis throughout the tenure of the transaction.

This includes substantial pool- level data- such as a matrix of % of the pool composition and corresponding maturities, weighted average, minimum and maximum MHP, MRR and its composition broken down into types of retention, credit quality of the pool (covering overdue, security related details, rating, distribution matrix of LTVs, Debt-to-Income ratios, prepayments etc.), distribution of underlying loan assets based on industry, geography etc.





[4] Our write-up on STC criteria can be viewed here;


Refer our write-up on guidelines for transfer of loan exposures here-

NBFCs licensed for KYC authentication: Guide to the new RBI privilege for Aadhaar e-KYC Authentication

-Kanakprabha Jethani (


On September 13, 2021, the RBI issued a notification[1] (‘RBI Notification’) permitting all NBFCs, Payment System Providers and Payment System Participants to carry out authentication of client’s Aadhaar number using e-KYC facility provided by the Unique Identification Authority of India (UIDAI), subject, of course, to license being granted by MoF. The process involves an application to the RBI, onward submission after screening of the application by the RBI, then a further screening by UIDAI, and final grant of authentication by the MoF,

We discuss below the underlying requirements of the PMLA, Aadhaar Act and regulations thereunder (defined below) and other important preconditions for this new-found authorisation for NBFCs.

Understanding the difference between authentication and verification

As per section 2(c) of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (‘Aadhaar Act’)[2] “authentication” means the process by which the Aadhaar number along with demographic information or biometric information of an individual is submitted to the Central Identities Data Repository for its verification and such Repository verifies the correctness, or the lack thereof, on the basis of information available with it;

Further, Section 2(pa) defines offline verification as the process of verifying the identity of the Aadhaar number holder without authentication, through such offline modes as may be specified by regulations.

Authentication is a process of authenticity of aadhaar information using the authentication facility provided by the UIDAI. The same may be done in any of the following ways:

  • Use of demographic authentication: The Aadhaar number and demographic information of the customer is obtained and matched with the demographic information of the Aadhaar number holder in the CIDR[3].
  • Using one-time pin based authentication: Aadhaar number of customer is obtained. OTP is sent to the registered mobile number and/ or e-mail address. Aadhaar is authenticated when customer shares OTP and is shared with the same generated by UIDAI
  • Using biometric information: The Aadhaar number and biometric information submitted by the customer are matched with the biometric information stored in the CIDR.

Essentially, aadhaar authentication requires the Regulated Entity (RE) to obtain the aadhaar number of the customer. However, owing to the Supreme Court Verdict on Aadhaar, aadhaar number could be obtained only by banks or specific notified entities. Eventually, the concept of offline verification was introduced by virtue of which verification can be done using XML file or QR code which carries minimum details of the customer. RE is not required to obtain aadhaar number in this case.

Understanding the concept of AUA and KUA

The Aadhaar (Authentication) Regulations, 2016 provide the following definitions:

“Authentication User Agency” or “AUA” means a requesting entity that uses the Yes/ No authentication facility provided by the Authority;  

 “e-KYC User Agency” or “KUA” shall mean a requesting entity which, in addition to being an AUA, uses e-KYC authentication facility provided by the Authority;  

 “e-KYC authentication facility” means a type of authentication facility in which the biometric information and/or OTP and Aadhaar number securely submitted with the consent of the Aadhaar number holder through a requesting entity, is matched against the data available in the CIDR, and the Authority returns a digitally signed response containing e-KYC data along with other technical details related to the authentication transaction; 

 To Summarise:

  • AUA’s rights are limited and it gets only a yes or no as a response of aadhaar authentications, i.e. response to whether the aadhaar is authentic or not.
  • KUA’s rights are comparatively broader. It shall receive eKYC details of the customer upon utilising the authentication facility.

Further, there is a concept of sub-AUA and sub-KUA, which utilise the facility of licensed AUAs or KUAs for aadhaar authentication.

Application for AUA/KUA License


The power of granting permission for use of aadhaar authentication facility by entities other than banks is derived from section 11A of the Prevention of Money Laundering Act, 2002[4] (‘PMLA’). It states-

(1) Every Reporting Entity shall verify the identity of its clients and the beneficial owner, by—

(a) authentication under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016) if the reporting entity is a banking company; or

(b) offline verification under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016); or


Provided that the Central Government may, if satisfied that a reporting entity other than banking company, complies with such the standards of privacy and security under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016), and it is necessary and expedient to do so, by notification, permit such entity to perform authentication under clause (a):


In exercise of powers under the above mentioned provisions, the Ministry of Finance (MoF) issued a notification on May 9, 2019[5], providing the process for permitting entities other than banks for using authentication facilities of the UIDAI. The notification provides for the following process:

  • Step1: Application to be made to the concerned regulator
  • Step 2: Examination of the application by concerned regulator
    • To ensure conditions of section 11A of PMLA and other security and IT related requirements are met
  • Step 3: Examination by UIDAI of applications recommended by the regulator
    • To check standards of privacy and security set out by UIDAI are complied with
    • UIDAI to then send notification to the Department of Revenue, MoF
  • Step 4: Notification as AUA/KUA by MoF
  • Step 5: UIDAI to issue authorisation to use UIDAI’s authentication facility

The Reserve Bank of India, being the financial sector regulator, has issued the notification permitting all NBFCs, Payment System Providers and Payment System Participants to carry out authentication of client’s Aadhaar number using e-KYC facility. The Application form seeks various details about the applicant, including a confirmation that the entity is meeting the standards of complying with the Data Security Regulations 2016 of UIDAI and other related guidance / circular issued by UIDAI from time to time with regard to the privacy and security norms.


The most crucial aspect of eligibility for availing AUA/KUA license is the capability of meeting the standards of privacy and security set out by UIDAI. The requirement for meeting the said standards arises from section 4(4) of the Aadhaar Act[6], which states-

(4) An entity may be allowed to perform authentication, if the Authority is satisfied that the requesting entity is—

(a) compliant with such standards of privacy and security as may be specified by regulations; and

(b) (i) permitted to offer authentication services under the provisions of any other law made by Parliament; or

(ii) seeking authentication for such purpose, as the Central Government in consultation with the Authority, and in the interest of State, may prescribe.

 Additionally, the Aadhaar (Authentication) Regulations, 2016[7] provide for the eligibility criteria for appointment as AUA/KUA. As per the said regulations, the following requirements must be met by the applicant:

  • Backend infrastructure, such as servers, databases etc. of the entity, required specifically for the purpose of Aadhaar authentication, should be located within the territory of India.

  • Entity should have IT Infrastructure owned or outsourced capable of carrying out minimum 1 Lakh Authentication transactions per month.

  • Organisation should have a prescribed Data Privacy policy to protect beneficiary privacy.

  • Organisation should have adopted data security requirements as per the IT Act 2000.

Understanding standards of privacy and security

The regulations surrounding data protection and privacy issued by the UIDAI are:

  • Aadhaar (Data Security) Regulations, 2016
  • Aadhaar (Sharing of Information) Regulations, 2016
  • Miscellaneous circulars issued by the UIDAI from time to time

Major requirements under the said regulations are as follows:

  • Applicant to adopt an information security policy outlining information security framework of the applicant developed in line with applicable guidelines issued by UIDAI;
  • Applicant to designate an officer as Chief Information Security Officer (CISO) for ensuring compliance with information security policy and other security-related programmes and initiatives of UIDAI
  • Operations of applicant to be audited by information systems auditor
  • Applicant to ensure that biometric information is not stored, except for buffer during authentication;
  • Applicant to ensure identity information is not shared with anyone else except with prior approval


Pursuant to the said notification, the NBFCs or Payment System Providers or Payment System Participants shall be eligible to make application with the RBI, subject to compliance with the privacy and security norms issued by UIDAI. The notification is a much-awaited relaxation for the eligible non-banking entities to undertake Aadhaar authentication of their customers. However, the criteria for granting approval have not been laid down specifically and may be based on the evaluation conducted by the RBI along with UIDAI. For those who receive the approval, this would be an addition to the modes in which CDD of a customer can be conducted.



[3] Central Identities Data Repository (CIDR) means a centralised database containing all Aadhaar numbers issued to Aadhaar number holders along with the corresponding demographic information and biometric information of such individuals and other information related thereto




[7] Refer Schedule A to Aadhaar (Authentication) Regulations, 2016 (Page 19)-


Related articles:


Registration under Money-Lending Laws

Our other articles on the topic can be accessed through below link:

  1. Registration under money-lending laws
  2. Inapplicability of money lending laws to regulated entities


Workshop on Effective Regulatory interface: Preparing for and handling RBI’s NBFC inspections

Registeration for the workshop have been closed. You may register your interest for a repeat workshop here here:


VKCPL – team profile

Are financial leases subjected to TDS?

Yutika Lohia 


In today’s time, leasing has become an indispensable element of businesses – Any and every asset movable or immovable, equipment or software can be taken on lease. Colloquially, lease refers to an arrangement where a property owned by one is given for use by another, against regular rentals. In India, there are two types of lease transactions-financial lease and operating lease. Typically, a financial lease is a disguised financial transaction whereas operating lease is akin to rental contracts.

While leasing has gained much importance and relevance over the years, its feasibility and viability depends a major deal on its tax implications – they could easily make or break the deal. The technical aspects with respect to taxation on implementation makes it all the more significant.   Issues like depreciation, lease rentals, tax deduction at source and exposure to GST are key concerns. Further, though leases are classified as finance or operating, it is important to note that such distinction is essentially from an accounting perspective – the Income Tax Act, 1961, however, does not distinguish between the two.

A rather significant but overlooked aspect of leasing is the ‘tax deduction at source’ (‘TDS’). As is known TDS is a key element of the Indian taxation framework which aims to collect tax at the source of generation of income. In case of a lease transaction, the lessee is required to deduct tax under 194-I of the Income Tax Act at the time of payment of lease rentals to the lessor.

While there are several judicial precedents dealing with TDS vis-à-vis lease transactions, the Hon’ble High Court of Karnataka in a recent order, in the case of Commissioner of Income Tax vs. Texas Instruments India Pvt Ltd (2021),[1] concluded that in case of a financial lease, the lease financing company did not provide any particular service as a driver or otherwise for the purpose of usage of the car. The only transaction entered between the assessee and the lease financing company was to make payments of the amount due to the company. To say there was a mere financing arrangement and therefore section 194-I of the IT Act shall not be applicable in case of a financial lease transaction.

In this article we shall discuss the above stated ruling in detail.

The case of Texas Instruments India Pvt Ltd

The Assessee, Texas Instruments India Pvt Ltd being in the business of manufacture and export of computer software had taken motor vehicle on finance lease for its employees. It considered the lease rentals as business expenditure and claimed deduction of the same under the head income from business and profession. TDS was not deducted on the finance lease rentals as the assessee contested that the same did not fall under the provision of section 194-I or 194-C of the IT Act.

However, the Assessing Officer disallowed the claimed expenditure on the grounds that the lease rentals were being paid to the vendor under the contract and therefore the payment/ expenses would be attracting the provisions of section 194-C.

Aggrieved by the order of the A.O., the Assessee preferred an appeal before to the CIT(A). Upon such appeal, the CIT(A) overturned the A.O’s order and held that the payments made by assessee were not in the nature of service rendered by the leasing company for the carriage of goods or passengers. The CIT(A) also held that the assets were in the disposition of the Assessee.

Following such order, the matter was appealed before the Income tax Appellate Tribunal (ITAT) where it was held that provisions of Section 194-C will not be applicable on lease rentals.

Once again, the matter was taken for appeal before the Hon’ble Karnataka High Court where it was held that the leasing financing company did not provide any particular service as a driver or otherwise for the purpose of usage of car. The maintenance was carried by the employees of the assessee. The only transaction entered between the assessee and the leasing company was to make payments of the amount due to the company. Since no services were being provided by the leasing company and is a mere financing agreement, provisions of section 194-C and 194-I shall not be applicable.

Understanding the Provisions of Law

Section 194-I of the Income Tax Act, 1961: TDS on Rent

Section 194-I of the IT Act 1961 governs tax deduction at source in case of lease rentals. As already mentioned, Income Tax Act does not draw any line of distinction between financial lease and operating lease, let us understand whether TDS needs to deducted on lease rentals in case of both financial lease and operating lease.

Section 194-I of the IT Act explains rent as follows:

“rent” means any payment, by whatever name called, under any lease, sub-lease, tenancy or any other agreement or arrangement for the use of (either separately or together) any

(a)  land; or

 (b)  building (including factory building); or

 (c)  land appurtenant to a building (including factory building); or

 (d)  machinery; or

 (e)  plant; or

 (f)  equipment; or

 (g)  furniture; or

 (h)  fittings,

whether or not any or all of the above are owned by the payee;

Rent has been broadly defined under section 194-I and shall be applicable when asset is given for use for any payment under lease, sub lease, tenancy, or any other arrangement or agreement.

Section 194-C of the Income Tax Act, 1961: Payment to contractors

(1) Any person responsible for paying any sum to any resident (hereafter in this section referred to as the contractor) for carrying out any work (including supply of labour for carrying out any work) in pursuance of a contract between the contractor and a specified person shall, at the time of credit of such sum to the account of the contractor or at the time of payment thereof in cash or by issue of a cheque or draft or by any other mode, whichever is earlier, deduct an amount equal to—

 (i)  one per cent where the payment is being made or credit is being given to an individual or a Hindu undivided family;

(ii)  two per cent where the payment is being made or credit is being given to a person other than an individual or a Hindu undivided family,

of such sum as income-tax on income comprised therein.



The judgement highlights that by virtue of the fact that no services were provided by the leasing company and that it was a mere financing agreement, section 194-C and 194-I would not be applicable in the given case.

Therefore, it seeks attention on the fact whether TDS has to be deducted on financial lease rentals.

Also, one must contemplate whether TDS should have been deducted under section 194-A of the IT Act as the lease transaction was considered as a mere finance agreement. This remains unanswered.









De-novo Master Directions on PPIs

I. Introduction

The Reserve Bank of India (RBI) on August 27, 2021, issued the Master Directions on Prepaid Payment Instruments[1] (‘Master Directions’) repealing the Master Directions on Issuance and Operation of Prepaid Payment Instruments[2] (‘Erstwhile Master Directions’) with immediate effect. These Master Directions have been issued keeping in mind the recent updates to the Erstwhile Master Directions.

In this write-up we aim to cover the major regulatory changes brought about by the Master Directions.

II. Overview of key changes

1.  Classification of PPIs instruments

The Erstwhile Master Directions classified PPIs into three categories namely closed ended PPIs which could be issued by anyone and required no RBI approval, semi-closed PPIs and open ended PPIs which could be issued only by Banks. The new Master Directions have also classified PPIs in three categories i.e. Closed-ended PPI, Small PPIs and Full-KYC PPIs. However, since closed-ended PPIs are not a part of the payment and settlement system, they are not regulated by the RBI. A brief snapshot of the nature of the other two types of PPIs is presented below:

Basis Small PPI Full KYC PPIs
With cash loading facility Without cash loading facility
Issuer Banks and non-banks after obtaining minimum details of PPI holder (mobile number verified with OTP; self-declaration of name and unique identity/identification number of any OVD) Banks and non-banks after completing KYC of holder
Identification Process Verification of mobile number through an OTP

Self-declaration of name and unique identify number of any OVD as recognized in KYC Master Directions

Video-based Customer Identification Process
Nature of PPI Reloadable and can be issued in electronic form.


Electronic payment transactions have been divided into two categories- transactions that do not require physical PPIs and those which require. Hence, even cards could be issued.

Reloadable and can be issued in card or electronic form.


Loading/Reloading shall be from a bank account / credit card / full-KYC PPI.


Reloadable and can be issued in electronic form.


Electronic payment transactions have been divided into two categories- transactions that do not require physical PPIs and those which require. Hence, even cards could be issued.

Maximum amount that can be loaded In a month: INR 10,000

In a year: INR 120,000

No maximum limits
Maximum outstanding amount at any point of time INR 10,000 INR 200,000
Limit on debit during a month INR 10,000 per month No limit No limit
Usage of funds For purchase of goods and services only.

Cash withdrawal or fund transfer not permitted


Transfer to source or bank account of PPI holder, other PPIs, debit or credit card permitted subject to:


Pre-registered benefit – maximum INR 200,000 per month per beneficiary


Other cases – maximum INR 10,000

Cash Withdrawal Not permitted Permitted subject to limits:


INR 2000 per transaction and

INR 10,000 per month

Conversion To be converted into full-KYC PPIs within a period of 24 months from the date of issue of the PPI. Small PPI with cash loading can be converted into Small PPI without cash loading, if desired by the PPI holder. Not applicable
Restriction on issuance to a single person Cannot be issued to same person using the same mobile number and same minimum details more than once. No such restriction No such restriction
Closure Funds transferred back to source or Holders bank account after complying with KYC norms


Funds transferred to pre-designated bank account or


PPIs of the same issuer


The concept of ‘Small PPI’ and ‘Full-KYC PPI’ cannot be said to be a new introduction, rather, it is more of a merger of the existing variety of semi closed PPIs in Small PPI and the open ended PPI to Full KYC PPI. However, an important change that has been inserted is the recognition of non-bank PPI issuers to issue Full KYC PPI, who were earlier not allowed to issue open ended PPIs.

2. Validity of Registration

Earlier, the Certificate of Authorisation was valid for five years unless otherwise specified and was subject to review including cancellation of the same. However, under the Master Directions, the authorisation is granted for perpetuity (even for existing authorisation which becomes due for renewal) subject to compliance with the following conditions:

  1. Full compliance with the terms and conditions subject to which authorisation was granted;
  2. Fulfilment of entry norms such as capital, net worth requirements, etc.;
  3. No major regulatory or supervisory concerns related to operations, as observed during onsite and / or offsite monitoring;
  4. Efficacy of customer grievance redressal mechanism;
  5. No adverse reports from other departments of RBI / regulators / statutory bodies, etc.

Also, the concept of ‘cooling period’ was introduced in December 2020[3], for effective utilisation of regulatory resources. PPI issuer whose CoA is revoked or not-renewed for any reason; or CoA is voluntarily surrendered for any reason; or application for authorisation has been rejected by RBI; or new entities that are set-up by promoters involved in any of the above categories; will have a one year cooling period. During the said cooling period, entities shall be prohibited from submission of applications for operating any payment system under the PSS Act.

3. Cross border transactions in Indian denomination

The Erstwhile Master Directions provided that Cross Border Transactions in INR denominated PPIS was allowed only by way of KYC compliant semi-closed and open PPIs which met the conditions specified therein. However, under the Master Directions, such issuances have been permitted only in the form of Full-KYC PPI and other conditions as prescribed earlier have not been altered.

4. Maintenance of Current Account

Apart from maintaining an escrow account with a scheduled commercial bank, non-bank PPI issuer that is a member of the Centralised Payment Systems operated by RBI i.e. non-bank issuers as covered under Master Directions on Access Criteria for Payment Systems[4] which have been allowed to access Real Time Gross Settlement (RTGS) System and National Electronic Fund Transfer (NEFT) Systems and any other such systems as provided by RBI, shall also be required to maintain a current account with the RBI.

Transfer from and to such current account is permitted to be credited or debited from the escrow account maintained by the PPIs.

5. Ensuring additional safety norms

  • To ensure safety and security, PPIs issuers are now required to put in place a Two Factor Authentication (2FA) in place for all wallet transactions involving debit to wallet transactions including cash withdrawals. However, it is not mandatory in case of PPI-MTS and gift PPIs.
  • The Erstwhile Master Directions required PPI issuers to put in place a mechanism to send alerts to the PPI holder regarding debit/credit transactions, balance available /remaining in the PPI. In addition to the same, the Master Directions now require issuers to send alerts to the holder even in case of offline transactions. The issuer may send a common alert for all transactions as soon as the issuer receives such information. Separate alerts for each transaction shall not be required.

6. Miscellaneous

  • In case of co-branding, additionally it has been specified that the co-branding partner can also be a Government department / ministry.
  • The Erstwhile Master Directions provided banks and non-banks a period of 45 days to apply to the Department of Payment and Settlement Systems (DPSS) after obtaining the clearance under the Payment and Settlement Systems Act, 2007. The same has now been reduced to 30 days from obtaining such clearance.
  • In addition to the satisfactory system audit report and net worth certificate, RBI also requires issuers to submit a due diligence report for granting final Certificate of Authorisation (CoA).
  • Transfer of funds back to source account in case of Gift PPIs has been allowed after receiving the consent of the PPI holder.
  • To improve customer protection and grievance redressal, the Master Directions have provided customers of non-bank PPI issuers to have recourse to the Ombudsman Scheme for Digital Transactions.

7. Effect on existing issuers

The timeline for complying with the minimum positive net-worth of 15 crores by non-bank PPI issuers has been extended and shall now be met with by September 30, 2021 instead of March 31, 2020. Non-bank issuers shall submit the provisional balance sheet indicating the positive net-worth and CA certificate to the RBI on or before October 30, 2021, failing which they may not be permitted to carry on their business.

III. Conclusion

In this write-up we have aimed to cover the gist of changes introduced in the Master Directions as compared to the Erstwhile Master Directions. The changes made in the regulatory framework for the PPIs have created a level playing field for banks and non-banks, especially, with respect to issuance of full KYC PPIs. Comparatively, the new directions are way more liberal than the earlier one, which only indicates how bullish the regulator must be with respect to PPIs.





[4] MD51170116C65788DE8A564165B74D5FECE0626A73.PDF (

Credit Default Swaps (Global and Indian Scenario)

Credit default swaps (what is happening in global markets and the recommendations of the working group)

Other ‘I am the best’ presentations can be viewed here

Our other resources on related topics –