Recent Trends in Crypto-Industry: India & Abroad

-Megha Mittal

(mittal@vinodkothari.com)

“Opportunity amidst tragedy” would likely be the most suitable phrase to summarise the journey of cryptos during the Global Pandemic- with disruption taking a toll on people and economies, and physical proximities massively restrictred, cryptos have outshone traditional assets, by virtue of its inherent features- easy liquidity, access and digitalisation.

Further, as countries around the globe attempt to stimulate their economies by opening floodgates of liquid funds, the ‘digital natives’ have and are expected to increasingly venture into adventure-some investments- think, cryptos. And while such adventurous investing may be short-lived, the results may infact have a long-lasting impact- it is this expected impact that has sets the ‘bull’ stage for cryptos in times to come.

In this brief note, we cover the recent highlights and developments in the crypto-industry, also discussing developments in the relatively new concepts of stablecoins, crypto-lending.

Read more

Extension of FPC on lending through digital platforms

A new requirement or reiteration by the RBI?

– Anita Baid (finserv@vinodkothari.com)

Ever since its evolution, the basic need for fintech entities has been the use of electronic platforms for entering into financial transactions. The financial sector has already witnessed a shift from transactions involving huge amount of paper-work to paperless transactions[1]. With the digitalization of transactions, the need for service providers has also seen a rise. There is a need for various kinds of service providers at different stages including sourcing, customer identification, disbursal of loan, servicing and maintenance of customer data. Usually the services are being provided by a single platform entity enabling them to execute the entire transaction digitally on the platform or application, without requiring any physical interaction between the parties to the transaction.

The digital application/platform based lending model in India works as a partnership between a tech platform entity and an NBFC. The technology platform entity or fintech entity manages the working of the application or website through the use of advanced technology to undertake credit appraisals, while the financial entity, such as a bank or NBFC, assumes the credit risk on its balance sheet by lending to the customers who use the digital platform[2].

In recent times many digital platforms have emerged in the financial sector who are being engaged by banks and NBFCs to provide loans to their customers. Most of these platforms are not registered as P2P lending platform since they assist only banks, NBFCs and other regulated AIFIs to identify borrowers[3]. Accordingly, electronic platforms serving as Direct Service Agents (DSA)/ Business Correspondents for banks and/or NBFCs fall outside the purview of the NBFC-P2P Directions. Banks and NBFCs have th following options to lend-

  1. By direct physical interface or
  2. Through their own digital platforms or
  3. Through a digital lending platform under an outsourcing arrangement.

The digitalization of credit intermediation process though is beneficial for both borrowers as well as lenders however, concerns were raised due to non-transparency of transactions and violation of extant guidelines on outsourcing of financial services and Fair Practices Code[4]. The RBI has also been receiving several complaints against the lending platforms which primarily relate to exorbitant interest rates, non-transparent methods to calculate interest, harsh recovery measures, unauthorised use of personal data and bad behavior. The existing outsourcing guidelines issued by RBI for banks and NBFCs clearly state that the outsourcing of any activity by NBFC does not diminish its obligations, and those of its Board and senior management, who have the ultimate responsibility for the outsourced activity. Considering the same, the RBI has again emphasized on the need to comply with the regulatory instructions on outsourcing, FPC and IT services[5].

We have discussed the instructions laid down by RBI and the implications herein below-

Disclosure of platform as agent

The RBI requires banks and NBFCs to disclose the names of digital lending platforms engaged as agents on their respective website. This is to ensure that the customers are aware that the lender may approach them through these lending platforms or the customer may approach the lender through them.

However, there are arrangements wherein the platform is not appointed as an agent as such. This is quite common in case of e-commerce website who provide an option to the borrower at the time of check out to avail funding from the listed banks or NBFCs. This may actually not be regarded as outsourcing per se since once the customer selects the option to avail finance through a particular financial entity, they are redirected to the website or application of the respective lender. The e-commerce platform is not involved in the entire process of the financial transaction between the borrower and the lender. In our view, such an arrangement may not be required to be disclosed as an agent of the lender.

Disclosure of lender’s name

Just like the lender is required to disclose the name of the agent, the agent should also disclose the name of the actual lender. RBI has directed the digital lending platforms engaged as agents to disclose upfront to the customer, the name of the bank or NBFC on whose behalf they are interacting with them.

Several fintech platforms are involved in balance sheet lending. Here, the lending happens from the balance sheet of the lender however, the fintech entity is the one assuming the risk associated with the transaction. Lender’s money is used to lend to customers which shows up as an asset on the balance sheet of the lending entity. However, the borrower may not be aware about who the actual lender is and sees the platform as the interface for providing the facility.

Considering the risk of incomplete disclosure of facts the RBI mandates the disclosure of the lender’s name to the borrower. In this regard, the loan agreement or the GTC must clearly specify the name of the actual lender and in case of multiple lender, the name along with the loan proportion must be specified.

Issuance of sanction letter

Another requirement prescribed by the RBI is that immediately after sanction but before execution of the loan agreement, a sanction letter should be issued to the borrower on the letter head of the bank/ NBFC concerned.

Issue a sanction letter to the borrower on the letterhead of the NBFC may seem illogical since the lending happens on the online platform. The sanction letter may be shared either through email or vide an in-app notification or otherwise. Such sanction letter shall be issued on the platform itself immediately after sanction but before execution of the loan agreement.

Further, the FPC requires lender NBFCs to display annualised interest rates in all their communications with the borrowers. However, most of the NBFCs show monthly interest rates in the name of their ‘marketing strategy’. This practice though have not been highlighted by the RBI must be taken seriously.

Sharing of loan agreement

The FPC laid down by RBI requires that a copy of the loan agreement along with a copy each of all enclosures quoted in the loan agreement must be furnished to all borrowers at the time of sanction/ disbursement of loans. However, in case of lending done over electronic platforms there is no physical loan agreement that is executed.

Given that e-agreements are generally held as valid and enforceable in the courts, there is no such insistence on execution of physical agreements. The electronic execution versions are more feasible in terms of cost and time involved. In fact in most of the cases, the loan agreements are mere General Terms and Conditions (GTC) in the form of click wrap agreements.

Usually, the terms and conditions of the loan or the GTC is displayed on the platform wherein the acceptance of the borrower is recorded. In such a circumstance, necessary arrangements should be made for the borrower to peruse the loan agreement at any time. The loan agreement may also be in the form of a mail containing detailed terms and conditions, along with an option for the borrower to accept the same.

The requirement from compliance perspective is to ensure that the borrower has access to the executed loan agreement and all the terms and conditions pertaining to the loan are captured therein.

Monitoring by the lender

Effective oversight and monitoring should be ensured over the digital lending platforms engaged by the banks/ NBFCs. As RBI does not regulate the platform entities, hence the only way to regulate the transaction is though the lenders behind these platforms.

The outsourcing guidelines require the retention of ultimate control of the outsourced activity with the lender. Further, the platform should not impede or interfere with the ability of the NBFC to effectively oversee and manage its activities nor shall it impede the RBI in carrying out its supervisory functions and objectives. These should be captured in the servicing agreement as well as be implemented practically.

Grievance Redressal Mechanism (GRM)

Much of the new-age lending is enabled by automated lending platforms of fintech companies. The fintech company is the sourcing partner, and the NBFC is the funding partner. However, the grievance of the customer may range from issue with the usage of platform to the non-disclosure of the terms of loan.

A challenge that may arise is to segregate the grievance on the basis of who is responsible for the same- the platform or the lender. There must be proper mechanism to ensure such segregation and adequate efforts shall be made towards creation of awareness about the grievance redressal mechanism.

[1] Read our detailed write up here- http://vinodkothari.com/2020/03/moving-to-contactless-lending/

[2] Read our detailed write up here- http://vinodkothari.com/2020/03/fintech-regulatory-responses-to-finnovation/

[3] RBI’s FAQs on P2P lending platform- https://www.rbi.org.in/Scripts/FAQView.aspx?Id=124

[4] Read our detailed write up here- http://vinodkothari.com/2019/09/the-cult-of-easy-borrowing/

[5] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11920&Mode=0

 

 

The Rise of Stablecoins amidst Instability

-Megha Mittal

(mittal@vinodkothari.com

The past few years have witnessed an array of technological developments and innovations, especially in Fintech; and while the world focused on Bitcoins and other cryptos, a new entrant ‘Stablecoin’ slowly crept its way into the limelight. With the primary motive of shielding its users from the high volatility associated with cryptos, and promises of boosting cross-border payments and remittance, ‘Stablecoins’ emerged in 2018, and now have become the focal point of discussion of several international bodies including the Financial Standards Board (FSB), G20, Financial Action Task Force (FATF) and International Organization of Securities Commission (IOSCO).

Additionally, the widespread notion that the desperate need of cross-border payments and remittances during the ongoing COVID-crisis may prove to be a defining moment for stablecoins, has drawn all the more attention towards the need of establishing regulations and legal framework pertaining to Stablecoins.

In this article, we shall have an insight as to what Stablecoins, (Global Stable Coinss) are, its modality, its current status of acceptance by the international bodies, and how the ongoing COVID crisis, may act as a catalyst for its rise.

Read more

Moving to contactless lending, in a contact-less world

-Kanakprabha Jethani (kanak@vinodkothari.com)

Background

With the COVID-19 disruption taking a toll on the world, almost two billion people – close to a third of the world’s population being  restricted to their homes, businesses being locked-down and work-from home becoming a need of the hour; “contactless” business is what the world is looking forward to. The new business jargon “contactless” means that the entire transaction is being done digitally, without requiring any of the parties to the transaction interact physically. While it is not possible to completely digitise all business sectors, however, complete digitisation of certain financial services is well achievable.

With continuous innovations being brought up, financial market has already witnessed a shift from transactions involving huge amount of paper-work to paperless transactions. The next steps are headed towards contactless transactions.

The following write-up intends to provide an introduction to how financial market got digitised, what were the by-products of digitisation, impact of digitisation on financial markets, specifically FinTech lending segment and the way forward.

Journey of digitisation

Digitisation is preparing financial market for the future, where every transaction will be contactless. Financial entities and service providers have already taken steps to facilitate the entire transaction without any physical intervention. Needless to say, the benefits of digitisation to the financial market are evident in the form of cost-efficiency, time-saving, expanded outreach and innovation to name a few.

Before delving into how financial entities are turning contactless, let us understand the past and present of the financial entities. The process of digitisation leads to conversion of anything and everything into information i.e. digital signals. The entire process has been a long journey, having its roots way back in 1995, when the Internet was first operated in India followed by the first use of the mobile phones in 2002 and then in 2009 the first smartphones came into being used. It is each of these stages that has evolved into this all-pervasive concept called digitisation.

Milestones in process of digitisation

The process of digitization has seen various phases. The financial market, specifically, the NBFCs have gone through various phases before completely guzzling down digitization. The journey of NBFCs from over the table executions to providing completely contactless services has been shown in the figure below:

From physical to paperless to contactless: the basic difference

Before analysing the impact of digitisation on the financial market, it is important to understand the concept of ‘paperless’ and ‘contactless’ transactions. In layman terms, paperless transactions are those which do not involve execution of any physical documents but physical interaction of the parties for purposes such as identity verification is required. The documents are executed online via electronic or digital signature or through by way of click wrap agreements.

In case of contactless transactions, the documents are executed online and identity verification is also carried out through processes such as video based identification and verification. There is no physical interaction between parties involved in the transaction.

The following table analyses the impact of digitisation on financial transactions by demarcating the steps in a lending process through physical, paperless and contactless modes:

 

Stages Physical process Paperless process Contactless process
Sourcing the customer The officer of NBFC interacts with prospective applicants The website, app or platform (‘Platform’) reaches out to the public to attract customers or the AI based system may target just the prospective customers Same as paperless process
Understanding needs of the customer The authorised representative speaks to the prospects to understand their financial needs The Platform provides the prospects with information relating to various products or the AI system may track and identify the needs Same as paperless process
Suggesting a financial product Based on the needs the officer suggests a suitable product Based on the analysis of customer data, the system suggests suitable product Same as paperless process
Customer on-boarding Customer on-boarding is done upon issue of sanction letter The basic details of customer are obtained for on-boarding on the Platform Same as paperless process
Customer identification The customer details and documents are identified by the officer during initial meetings Customer Identification is done by matching the details provided by customer with the physical copy of documents Digital processes such as Video KYC are used carry out customer identification
Customer due-diligence Background check of customer is done based on the available information and that obtained from the customer and credit information bureaus Information from Credit Information Agencies, social profiles of customer, tracking of communications and other AI methods etc. are used to carry out due diligence Same as paperless process
Customer acceptance On signing of formal agreement By clicking acceptance buttons such as ‘I agree’ on the Platform or execution through digital/electronic signature Same as paperless process
Extending the loan The loan amount is deposited in the customer’s bank account The loan amount is credited to the wallet, bank account or prepaid cards etc., as the case may be Same as paperless process
Servicing the loan The authorised representatives ensures that the loan is serviced Recovery efforts are made through nudges on Platform. Physical interaction is the last resort Same as paperless process. However, physical interaction for recovery may not be desirable.
Customer data maintenance After the relationship is ended, physical files are maintained Cloud-based information systems are the common practice Same as paperless process

The manifold repercussions

The outcome of digitisation of the financial markets in India, was a land of opportunities for those operating in financial market, it has also wiped off those who couldn’t keep pace with technological growth. Survival, in financial market, is driven by the ability to cope with rapid technological advancements. The impact of digitisation on financial market, specifically lending related services, can be analysed in the following phases:

Payments coming to online platforms

With mobile density in India reaching to 88.90% in 2019[1], the adoption of digital payments have accelerated in India, showing a rapid growth at a CAGR of 42% in value of digital payments. The value of digital payments to GDP rose to 862% in the FY 2018-19.

Simultaneously, of the total payments made up to Nov 2018, in India, the value of cash payments stood at a mere 19%. The shift from cash payments to digital payments has opened new avenues for financial service providers.

Need for service providers

With everything coming online, and the demand for digital money rising, the need for service providers has also taken birth. Services for transitioning to digital business models and then for operating them are a basic need for FinTech entities and thus, there is a need for various kinds of service providers at different stages.

Deliberate and automatic generation of demand

When payments system came online, financial service providers looked for newer ways of expanding their business. But the market was already operating in its own comfortable state. To disrupt this market and bring in something new, the FinTech service providers introduced the idea of easy credit to the market. When the market got attracted to this idea, digital lending products were introduced. With time, add-ons such as backing by guarantee, indemnity, FLDG etc. were also introduced to these products.

Consequent to digital commercialization, the need for payment service providers also generated automatically and thus, leading to the demand for digital payment products.

Opportunities for service providers

With digitization of non-banking financial activities, many players have found a place for themselves in financial markets and around. While the NBFCs went digital, the advent of digitization also became the entry gate to other service providers such as:

Platform service providers:

In order to enable NBFCs to provide financial services digitally, platform service providers floated digital platforms wherein all the functions relating to a financial transaction, ranging from sourcing of the customer, obtaining KYC information, collating credit information to servicing of the customer etc.

Software as a Service (SaaS) providers:

Such service providers operate on a business model that offers software solutions over the internet, charging their customers based on the usage of the software. Many of the FinTech based NBFCs have turned to such software providers for operating their business on digital platforms. Such service providers also provide specific software for credit score analysis, loan process automation and fraud detection etc.

Payment service providers:

For facilitating transactions in digital mode, it is important that the flow of money is also digitized. Due to this, the demand for payment services such as payments through cards, UPI, e-cash, wallets, digital cash etc. has risen. This demand has created a new segment of service providers in the financial sector.

NBFCs usually enter into partnerships with platform service providers or purchase software from SaaS providers to digitize their business.

Heads-up from the regulator

The recent years have witnessed unimaginable developments in the FinTech sector. Innovations introduced in the recent times have given birth to newer models of business in India. The ability to undertake paperless and contactless transactions has urged NBFCs to achieve Pan India presence. The government has been keen in bringing about a digital revolution in the country and has been coming up with incentives in forms of various schemes for those who shift their business to digital platforms. Regulators have constantly been involved in recognising digital terminology and concepts legally.

In Indian context, innovation has moved forward hand-in-hand with regulation[2]. The Reserve Bank of India, being the regulator of financial market, has been a key enabler of the digital revolution. The RBI, in its endeavor to support digital transactions has introduced many reforms, the key pillars amongst which are – e-KYC (Know Your Customer), e-Signature, Unified Payment Interface (UPI), Electronic NACH facility and Central KYC Registry.

The regulators have also introduced the concept of Regulatory Sandbox[3] to provide innovative business models an opportunity to operate in real market situations without complying with the regulatory norms in order to establish viability of their innovation.

While these initiatives and providing legal recognition to electronic documents did bring in an era of paperless[4] financial transactions, the banking and non-banking segment of the market still involved physical interaction of the parties to a transaction for the purpose of identity verification. Even the digital KYC process specified by the regulator was also a physical process in disguise[5].

In January 2020, the RBI gave recognition to video KYC, transforming the paperless transactions to complete contactless space[6].

Further, the RBI is also considering a separate regime for regulation of FinTech entities, which would be based on risk-based regulation, ranging from “Disclosure” to “Light-Touch Regulation & Supervision” to a “Tight Regulation and Full-Fledged Supervision”.[7]

Way forward

2019 has seen major revolutions in the FinTech space. Automation of lending process, Video KYC, voice based verification for payments, identity verification using biometrics, social profiling (as a factor of credit check) etc. have been innovations that has entirely transformed the way NBFCs work.

With technological developments becoming a regular thing, the FinTech space is yet to see the best of its innovations. A few innovations that may bring a roundabout change in the FinTech space are in-line and will soon be operable. Some of these are:

  • AI-Driven Predictive Financing, which has the ability to find target customers, keep track on their activities and identify the accurate time for offering the product to the customer.
  • Enabling recognition of Indian languages in the voice recognition feature of verification.
  • Introduction of blockchain based KYC, making KYC data available on a permission based-decentralised platform. This would be a more secure version of data repository with end-to-end encryption of KYC information.
  • Introduction of Chatbots and Robo-advisors for interacting with customers, advising suitable financial products, on-boarding, servicing etc. Robots with vernacular capabilities to deal with rural and semi-urban India would also be a reality soon.

Conclusion

Digital business models have received whole-hearted acceptance from the financial market. Digitisation has also opened gates for different service providers to aid the financial market entities. Technology companies are engaged in constantly developing better tools to support such businesses and at the same time the regulators are providing legal recognition to technology and making contactless transactions an all-round success. This is just the foundation and the financial market is yet to see oodles of innovation.

 

 

[1] https://www.rbi.org.in/Scripts/PublicationsView.aspx?id=19417

[2] https://www.bis.org/publ/bppdf/bispap106.htm

[3] Our write on Regulatory Sandboxes can be referred here- http://vinodkothari.com/2019/04/safe-in-sandbox-india-provides-cocoon-to-fintech-start-ups/

[4] Paperless here means paperless digital financial transactions

[5] Our write-up on digital KYC process may be read here- http://vinodkothari.com/2019/08/introduction-of-digital-kyc/

[6]Our write-up on amendments to KYC Directions may be read here: http://vinodkothari.com/2020/01/kyc-goes-live-rbi-promotes-seamless-real-time-secured-audiovisual-interaction-with-customers/

[7] https://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/WGFR68AA1890D7334D8F8F72CC2399A27F4A.PDF

 

RBI to regulate operation of payment intermediaries

Guidelines on regulation of Payment Aggregators and Payment Gateways issued

-Mridula Tripathi (finserv@vinodkothari.com)

Background

In this era of digitalisation, the role of intermediaries who facilitate the payments in an online transaction has become pivotal. These intermediaries are a connector between the merchants and customers, ensuring the collection and settlement of payment. In the absence of any direct guidelines and adequate governance practices regulating the operations of these intermediaries, there was a need to review the existing instructions issued in this regard by the RBI. Thus, the need of regulating these intermediaries has been considered cardinal by the regulator.

RBI had on September 17, 2019 issued a Discussion Paper on Guidelines for Payment Gateways and Payment Aggregators[1] covering the various facets of activities undertaken by Payment Gateways (PGs) and Payment Aggregators (PAs) (‘Discussion Paper’). The Discussion Paper further explored the avenues of regulating these intermediaries by proposing three options, that is, regulation with the extant instructions, limited regulation or full and direct regulation to supervise the intermediaries.

In this regard, the final guidelines have been issued by the RBI on March 17, 2020 which shall be effective from April 1, 2020[2], for regulating the activities of PAs and providing technology-related recommendations to PGs (‘Guidelines’).

In this article we shall discuss the concept of Payment Aggregator and Payment Gateway. Further, we intend to cover the applicability, eligibility norms, governance practices and reporting requirements provided in the aforesaid guidelines.

Concept of Payment Aggregators and Payment Gateways

In common parlance Payment Gateway can be understood as a software which enables online transactions. Whenever the e-interface is used to make online payments, the role of this software infrastructure comes into picture. Thinking of it as a gateway or channel that opens whenever an online transaction takes place, to traverse money from the payer’s credit cards/debit cards/ e-wallets etc to the intended receiver.

Further, the role of a Payment Aggregator can be understood as a service provider which includes all these Payment Gateways. The significance of the Payment Aggregators lies in the fact that Payment Gateway is a mere technological base which requires a back-end operator and this role is fulfilled by the Payment Aggregator.

A merchant (Seller) providing goods/services to its target customer would require a Merchant Account opened with the bank to accept e-payment. Payment Aggregator can provide the same services to several merchants through one escrow account without the need of opening multiple Merchant Accounts in the bank for each Merchant.

The concept of PA and PG as defined by the RBI is reproduced herein below:

PAYMENT AGGREGATORS (PAs) means the entities which enable e-commerce sites and merchants to meet their payment obligation by facilitating various payment options without creation of a separate payment integration system of their own. These PAs aggregate the funds received as payment from the customers and pass them to the merchants after a certain time period.

PAYMENT GATEWAYS (PGs) are entities that channelize and process an online payment transaction by providing the necessary infrastructure without actual handling of funds.

The Guidelines have also clearly distinguished Payment Gateways as providers of technological infrastructure and Payment Aggregators as the entities facilitating the payment. At present, the existing PAs and PGs have a variety of technological set-up and their infrastructure also keeps changing with time given the business objective for ensuring efficient processing and seamless customer experience. Some of the e-commerce market places have leveraged their market presence and started offering payment aggregation services as well. Though the primary business of an e-commerce marketplace does not come within the regulatory purview of RBI, however, with the introduction of regulatory provisions for PAs, the entities will end up being subjected to dual regulation. Hence, it is required to separate these two activities to enable regulatory supervision over the payment aggregation business.

The extant regulations[3] on opening and operation of accounts and settlement of payments for electronic payment transactions involving intermediarieswe were applicable to intermediaries who collect monies from customers for payment to merchants using any electronic / online payment mode. The Discussion Paper proposed a review of the said regulations and based on the feedback received from market participants, the Guidelines have been issued by RBI.

Coverage of Guidelines

RBI has made its intention clear to directly regulate PAs (Bank & Non-Bank) and it has only provided an indicative baseline technology related recommendation. The Guidelines explicitly exclude Cash on Delivery (CoD) e-commerce model from its purview. Surprisingly, the Discussion Paper issued by RBI in this context intended on regulating both the PAs & PGs, however, since PGs are merely technology providers or outsourcing partners they have been kept out of the regulatory requirements.

The Guidelines come into effect from April 1, 2020, except for requirements for which a specific deadline has been prescribed, such as registration and capital requirements.

Registration requirement

Payment Aggregators are required to fulfil the requirements as provided under the Guidelines within the prescribed timelines. The Guidelines require non-bank entities providing PA services to be incorporated as a company under the Companies Act, 1956/2013 being able of carrying out the activity of operating as a PA, as per its charter documents such as the MoA. Such entities are mandatorily required to register themselves with RBI under the Payment and Settlement Systems Act, 2007 (‘PSSA, 2007’) in Form-A. However, a deadline of June 30, 2021 has been provided for existing non-bank PAs.

Capital requirement

RBI has further benchmarked the capital requirements to be adhered by existing and new PAs. According to which the new PAs at the time of making the application and existing PAs by March 31, 2021 must have a net worth of Rs 15 crore and Rs 25 crore by the end of third financial year i.e. March 31, 2023 and thereafter. Any non-compliance with the capital requirements shall lead to winding up of the business of PA.

As a matter of fact, the Discussion Paper issued by RBI, proposed a capital requirement of Rs 100 crore which seems to have been reduced considering the suggestion received from the market participants.

To supervise the implementation of these Guidelines, there is a certification to be obtained from the statutory auditor, to the effect certifying the compliance of the prescribed capital requirements.

Fit and proper criteria

The promoters of PAs are expected to fulfil fit and proper criteria prescribed by RBI and a declaration is also required to be submitted by the directors of the PAs. However, RBI shall also assess the ‘fit and proper’ status of the applicant entity and the management by obtaining inputs from various regulators.

Policy formulation

The Guidelines further require formulation and adoption of a board approved policy for the following:

  1. merchant on-boarding
  2. disposal of complaints, dispute resolution mechanism, timelines for processing refunds, etc., considering the RBI instructions on Turn Around Time (TAT)
  3. information security policy for the safety and security of the payment systems operated to implement security measures in accordance with this policy to mitigate identified risks
  4. IT policy(as per the Baseline Technology-related Recommendations)

Grievance redressal

The Guidelines have put in place mandatory appointment of a Nodal Officer to handle customer and regulator grievance whose details shall be prominently displayed on the website thus implying good governance in its very spirit. This is similar to the requirement for NBFCs who are required to appoint a Nodal Officer. Also, it is required that the dispute resolution mechanism must contain details on types of disputes, process of dealing with them, Turn Around Time (TAT) for each stage etc.

However, in this context, the Discussion Paper provided for a time period of 7 working days to promptly handle / dispose of complaints received by the customer and the merchant.

Merchant on boarding and KYC compliance

To avoid malicious intent of the merchants, PAs should undertake background and antecedent check of the merchants and are responsible to check Payment Card Industry-Data Security Standard (PCI-DSS) and Payment Application-Data Security Standard (PA-DSS) compliance of the infrastructure of the merchants on-boarded and carry a KYC of the merchants on boarded. It also provides for some mandatory clauses to be incorporated in the agreements to be executed with the merchants.

Risk Management

For the purposes of risk management, apart from adoption of an IS policy, the PAs shall also have a mechanism to monitor, handle and report cyber security incidents and breaches. They are also prohibited to allow online transactions with ATM pin and store customer card credentials on the servers accessed by the merchants and are required to comply with data storage requirements as applicable to Payment System Operators (PSOs).

Reporting Requirements

The Guidelines provide for monthly, quarterly and annual reporting requirement. The annual requirement comprises of certification from a CA and IS audit report and Cyber Security Audit report. The quarterly reporting again provides for certification requirement and the monthly requirement demand a transaction statistic. Also, there shall be reporting requirement in case of any change in management requiring intimation to RBI within 15 days along with ‘Declaration & Undertaking’ by the new directors. Apart from these mainstream reporting requirements there are non-periodic requirements as well.

Additionally, PAs are required to submit the System Audit Report, including cyber security audit conducted by CERTIn empanelled auditors, within two months of the close of their financial year to the respective Regional Office of DPSS, RBI

Escrow Account Mechanism

The Guidelines clearly state that the funds collected from the customers shall be kept in an escrow account opened with any Schedule Commercial Bank by the PAs. And to protect the funds collected from customers the Guidelines state that PA shall be deemed as a ‘Designated Payment System’[4] under section 23A of PSSA, 2007.

Shift from Nodal to Escrow

The Discussion Paper proposed registration, capital requirement, governance, risk management and such other regulations along with the maintenance of a nodal account to manage the funds of the merchants. Further, it acknowledged that in case of nodal accounts, there is no beneficial interest created on the part of the PAs; the fact that they do not form part of the PA’s balance sheet and no interest can be earned on the amount held in these account. The Guidelines are more specific about escrow accounts and do not provide for maintenance of nodal accounts, which seems to indicate a shift from nodal to escrow accounts with the same benefits as nodal accounts and additionally having an interest bearing ‘core portion’. These escrow account arrangements can be with or without a tripartite agreement, giving an option to the merchant to monitor the transactions occurring through the escrow. However, in practice it may not be possible to make each merchant a party to the escrow agreement.

Timelines for settlement to avoid unnecessary delay in payments to Merchants, various timelines have been provided as below:

  1. Amounts deducted from the customer’s account shall be remitted to the escrow account maintaining bank on Tp+0 / Tp+1 basis. (Tp is the date of debit to the customer’s account against good/services purchased)
  2. Final settlement with the merchant
  3. In cases where PA is responsible for delivery of goods / services, the payment to the merchant shall be made on Ts + 1 basis. (Ts is the date of intimation by merchant about shipment of goods)
  4. In cases where merchant is responsible for delivery, the payment to the merchant shall be on Td + 1 basis. (Td is the date of confirmation by the merchant about delivery of goods)
  5. In cases where the agreement with the merchant provides for keeping the amount by the PA till expiry of refund period, the payment to the merchant shall be on Tr + 1 basis. (Tr is the date of expiry of refund period)

Also, refund and reversed transactions must be routed back through the escrow account unless as per contract the refund is directly managed by the merchant and the customer has been made aware of the same. A minimum balance requirement equivalent to the amount already collected from customer as per ‘Tp’ or the amount due to the merchant at the end of the day is required to be maintained in the escrow account at any time of the day.

Permissible debits and credits

Similar to the extant regulations, the Guidelines provide a specific list of debits and credits permissible from the escrow account:

  • Credits that are permitted
  1. Payment from various customers towards purchase of goods / services.
  2. Pre-funding by merchants / PAs.
  3. Transfer representing refunds for failed / disputed / returned / cancelled transactions.
  4. Payment received for onward transfer to merchants under promotional activities, incentives, cashbacks etc.
  • Debits that are permitted
  1. Payment to various merchants / service providers.
  2. Payment to any other account on specific directions from the merchant.
  3. Transfer representing refunds for failed / disputed transactions.
  4. Payment of commission to the intermediaries. This amount shall be at pre-determined rates / frequency.
  5. Payment of amount received under promotional activities, incentives, cash-backs, etc.

The aforesaid list of permitted deposits and withdrawals into an account operated by an intermediary is wider than those allowed under the extant regulations. The facility to pay the amount held in escrow to any other account on the direction of the merchant would now enable cashflow trapping by third party lenders or financier. The merchant will have an option to provide instructions to the PA to directly transfer the funds to its creditors.

The Guidelines expressly state that the settlement of funds with merchants will in no case be co-mingled with other business of the PA, if any and no loans shall be available against such amounts.

No interest shall be payable by the bank on balances maintained in the escrow account, except in cases when the PA enters into an agreement with the bank with whom the escrow account is maintained, to transfer “core portion”[5] of the amount, in the escrow account, to a separate account on which interest is payable. Another certification requirement to be obtained from auditor(s) is for certifying that the PA has been maintaining balance in the escrow account.

Technology-related Recommendations

Several technology related recommendations have been separately provided in the Guidelines and are mandatory for PAs but recommendatory for PGs. These instructions provide for adherence to data security standards and timely reporting of security incidents in the course of operation of a PA. It proposes involvement of Board in formulating policy and a competent pool of staff for better operation along with other governance and security parameters.

Conclusion

With these Guidelines being enforced the online payment facilitated by intermediaries will be regulated and monitored by the RBI henceforth. The prescribed timeline of April 2020 may cause practical difficulties and act as a hurdle for the operations of existing PAs. However, the timelines provided for registration and capital requirements are considerably convenient for achieving the prescribed benchmarks. Since PAs are handling the funds, these Guidelines, which necessitate good governance, security and risk management norms on PAs, are expected to be favourable for the merchants and its customers.

 

[1] https://www.rbi.org.in/scripts/PublicationReportDetails.aspx?ID=943

[2] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11822&Mode=0

[3] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=5379&Mode=0

[4] The Reserve Bank may designate a payment system if it considers that designating the system is in the public interest. The designation is to be by notice in writing published in the Gazette, as per Payment System Regulation Act, 1998

[5] This facility shall be permissible to entities who have been in business for 26 fortnights and whose accounts have been duly audited for the full accounting year. For this purpose, the period of 26 fortnights shall be calculated from the actual business operation in the account. ‘Core Portion’ shall be average of the lowest daily outstanding balance (LB) in the escrow account on a fortnightly (FN) basis, for fortnights from the preceding month 26.

 

 

Our other write ups on NBFCs to be referred here http://vinodkothari.com/nbfcs/

Our other similar articles:

http://vinodkothari.com/2017/04/overview-of-regulatory-framework-of-payment-and-settlement-systems-in-india-by-anita-baid/

Cryptotrading’s tryst with destiny- Supreme Court revives cryptotrading, RBI’s circular struck down

-Megha Mittal

(mittal@vinodkothari.com

April 2018, the Reserve Bank of India (RBI) issued a “Statement on Developmental and Regulatory Policies” (‘Circular’) dated 06.04.2018, thereby prohibiting RBI regulated entities from dealing in/ providing any services w.r.t. virtual currencies, with a 3-month ultimatum to those already engaged in such services. Cut to 4th March, 2020- The Supreme Court of India strikes down RBI’s circular and upheld crypto-trading as valid under the Constitution of India.

Amidst apprehensions of crypto-trading being a highly-volatile and risk-concentric venture, the Apex Court, in its order dated 04.03.2020 observed that RBI, an otherwise staunch critic of cryptocurrencies, failed to present any empirical evidence substantiating cryptocurrency’s negative impact on the banking and credit sector in India; and on the basis of this singular fact, the Hon’ble SC stated RBI’s circular to have failed the test of proportionality.

In this article, the author has made a humble attempt to discuss this landmark judgment and its (dis)advantages to the Indian economy.

Read more

Fintech Framework: Regulatory responses to financial innovation

Timothy Lopes, Executive, Vinod Kothari Consultants

finserv@vinodkothari.com

The world of financial services is continually witnessing a growth spree evidenced by new and innovative ways of providing financial services with the use of enabling technology. Financial services coupled with technology, more commonly referred to as ‘Fintech’, is the modern day trend for provision of financial services as opposed to the traditional methods prevalent in the industry.

Rapid advances in technology coupled with financial innovation with respect to delivery of financial services and inclusion gives rise to all forms of fintech enabled services such as digital banking, digital app-based lending, crowd funding, e-money or other electronic payment services, robo advice and crypto assets.

In India too, we are witnessing rapid increase in digital app-based lending, prepaid payment instruments and digital payments. The trend shows that even a cash driven economy like India is moving to digitisation wherein cash is merely used as a way to store value as an economic asset rather than to make payments.

“Cash is King, but Digital is Divine.”

  • Reserve Bank of India[1]

The Financial Stability Institute (‘FSI’), one of the bodies of the Bank for International Settlement issued a report titled “Policy responses to fintech: a cross country overview”[2] wherein different regulatory responses and policy changes to fintech were analysed after conducting a survey of 31 jurisdictions, which however, did not include India.

In this write up we try to analyse the various approaches taken by regulators of several jurisdictions to respond to the innovative world of fintech along with analysing the corresponding steps taken in the Indian fintech space.

The Conceptual Framework

Let us first take a look at the conceptual framework revolving in the fintech environment. Various terminology or taxonomies used in the fintech space, are often used interchangeably across jurisdictions. The report by FSI gives a comprehensive overview of the conceptual framework through a fintech tree model, which characterises the fintech environment in three categories as shown in the figure.

Source: FSI report on Policy responses to fintech: a cross-country overview

Let us now discuss each of the fintech activities in detail along with the regulatory responses in India and across the globe.

Digital Banking –

This refers to normal banking activities delivered through electronic means which is the distinguishing factor from traditional banking activities. With the use of advanced technology, several new entities are being set up as digital banks that deliver deposit taking as well as lending activities through mobile based apps or other electronic modes, thereby eliminating the need for physically approaching a bank branch or even opening a bank branch at all. The idea is to deliver banking services ‘on the go’ with a user friendly interface.

Regulatory responses to digital banking –

The FSI survey reveals that most jurisdictions apply the existing banking laws and regulations to digital banking as well. Applicants with a fintech business model must go through the same licensing process as those applicants with a traditional banking business model.

Only a handful of jurisdictions, namely Hong Kong, SAR and Singapore, have put in place specific licensing regimes for digital banks. In the euro area, specific guidance is issued on how credit institution authorisation requirements would apply to applicants with new fintech business models.

Regulatory framework for digital banking in India –

In India, majority of the digital banking services are offered by traditional banks itself, mainly governed by the Payment and Settlement Systems Act, 2007[1], with RBI being the regulatory body overseeing its implementation. The services include, opening savings accounts online even through apps, facilitating instant transfer of funds through the use of innovative products such as the Unified Payments Interface (UPI), which is governed by the National Payments Corporation of India (NPCI), facilitating the use of virtual cards, prepaid payment instruments (PPI), etc. These services may be provided not only by traditional banks alone, but also by non-bank entities.

Fintech balance sheet lending

Typically refers to lending from the balance sheet and assuming the risk on to the balance sheet of the fintech entity. Investors’ money in the fintech entity is used to lend to customers which shows up as an asset on the balance sheet of the lending entity. This is the idea of balance sheet lending. This idea, when facilitated with technological innovation leads to fintech balance sheet lending.

Regulatory responses to fintech balance sheet lending –

As per the FSI survey, most jurisdictions do not have regulations that are specific to fintech balance sheet lending. In a few jurisdictions, the business of making loans requires a banking licence (eg Austria and Germany). In others, specific licensing regimes exist for non-banks that are in the business of granting loans without taking deposits. Only one of the surveyed jurisdictions has introduced a dedicated licensing regime for fintech balance sheet lending.

Regulatory regime in India –

The new age digital app based lending is rapidly advancing in India. With the regulatory framework for Non-Banking Financial Companies (NBFCs), the fintech balance sheet lending model is possible in India. However, this required a net owned fund of Rs. 2 crores and registration with RBI as an NBFC- Investment and Credit Company.

The digital app based lending model in India works as a partnership between a tech platform entity and an NBFC, wherein the tech platform entity (or fintech entity) manages the working of the app through the use of advanced technology to undertake credit appraisals, while the NBFC assumes the credit risk on its balance sheet by lending to the customers who use the app. We have covered this model in detail in a related write up[2].

Loan & Equity Crowd funding

Crowd funding refers to a platform that connects investors and entrepreneurs (equity crowd funding) and borrowers and lenders (loan crowd funding) through an internet based platform. Under equity crowd funding, the platform connects investors with companies looking to raise capital for their venture, whereas under loan crowd funding, the platform connects a borrower with a lender to match their requirements. The borrower and lender have a direct contract among them, with the platform merely facilitating the transaction.

Regulatory responses to crowd funding –

According to the FSI survey, many surveyed jurisdictions introduced fintech-specific regulations that apply to both loan and equity crowd funding considering the similar risks involved, shown in the table below. Around a third of surveyed jurisdictions have fintech-specific regulations exclusively for equity crowd funding. Only a few jurisdictions have a dedicated licensing regime exclusively for loan crowd funding. Often, crowd funding platforms need to be licensed or registered before they can perform crowd funding activities, and satisfy certain conditions.

Table showing regulatory regimes in various jurisdictions

Fintech-specific regulations for crowd funding
Equity Crowd Funding Equity and Loan Crowd Funding Loan Crowd Funding
Argentina           Columbia

Australia             Italy

Austria                Japan

Brazil                   Turkey

China                   United States

Belgium                Peru

Canada                 Philippines

Chile                      Singapore

European Union  Spain

France                   Sweden

Mexico                  UAE

Netherlands         UK

Australia

Brazil

China

Italy

 

Source: FSI Survey

Regulatory regime in India

  1. In case of equity crowd funding –

In 2014, securities market regulator SEBI issued a consultation paper on crowd funding in India[3], which mainly focused on equity crowd funding. However, there was no regulatory framework subsequently issued by SEBI which would govern equity crowd funding in India. At present crowd funding platforms in India have registered themselves as Alternative Investment Funds (AIFs) with SEBI to carry out fund raising activities.

 

  1. In case of loan crowd funding –

The scenario for loan crowd funding, is however, already in place. The RBI has issued the Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017[4] which govern loan crowd funding platforms. Peer to Peer Lending and loan crowd funding are terms used interchangeably. These platforms are required to maintain a net owned fund of not less than 20 million and get themselves registered with RBI to carry out P2P lending activities.

 

As per the Directions, the Platform cannot raise deposits or lend on its own or even provide any guarantee or credit enhancement among other restrictions. The idea is that the platform only acts as a facilitator without taking up the risk on its own balance sheet.

Robo- Advice

An algorithm based system that uses technology to offer advice to investors based on certain inputs, with minimal to no human intervention needed is known as robo-advice, which is one of the most popular fintech services among the investment advisory space.

Regulatory responses to robo-advice –

According to the FSI survey, in principle, robo- and traditional advisers receive the same regulatory treatment. Consequently, the majority of surveyed jurisdictions do not have fintech-specific regulations for providers of robo-advice. Around a third of surveyed jurisdictions have published guidance and set supervisory expectations on issues that are unique to robo-advice as compared to traditional financial advice. In the absence of robo-specific regulations, several authorities provide somewhat more general information on existing regulatory requirements.

Regulatory regime in India –

In India, there is no specific regulatory framework for those providing robo-advice. All investment advisers are governed by SEBI under the Investment Advisers Regulations, 2013[5]. Under the regulations every investment adviser would have to get themselves registered with SEBI after fulfilling the eligibility conditions. The SEBI regulations would also apply to those offering robo-advice to investors, as there is no specific restriction on using automated tools by investment advisers.

Digital payment services & e-money

Digital payment services refer to technology enabled electronic payments through different modes. For instance, debit cards, credit cards, internet banking, UPI, mobile wallets, etc. E-money on the other hand would mostly refer to prepaid instruments that facilitate payments electronically or through prepaid cards.

Regulatory responses to digital payment services & e-money –

As per the FSI survey, most surveyed jurisdictions have fintech-specific regulations for digital payment services. Some jurisdictions aim at facilitating the access of non-banks to the payments market. Some jurisdictions have put in place regulatory initiatives to strengthen requirements for non-banks.

Further, most surveyed jurisdictions have a dedicated regulatory framework for e-money services. Non-bank e-money providers are typically restricted from engaging in financial intermediation or other banking activities.

Regulatory regime in India –

The Payment and Settlement Systems Act, 2007 (PSS) of India governs the digital payments and e-money space in India. While several Master Directions are issued by the RBI governing prepaid payment instruments and other payment services, ultimately they draw power from the PSS Act alone. These directions govern both bank and non-bank players in the fintech space.

UPI being a fast mode of virtual payment is however governed by the NPCI which is a body of the RBI.

Other policy measures in India – The regulatory sandbox idea

Both RBI and SEBI have come out with a Regulatory Sandbox (RS) regime[6], wherein fintech companies can test their innovative products under a monitored and controlled environment while obtaining certain regulatory relaxations as the regulator may deem fit.  As per RBI, the objective of the RS is to foster responsible innovation in financial services, promote efficiency and bring benefit to consumers. The focus of the RS will be to encourage innovations intended for use in the Indian market in areas where:

  1. there is absence of governing regulations;
  2. there is a need to temporarily ease regulations for enabling the proposed innovation;
  3. the proposed innovation shows promise of easing/effecting delivery of financial services in a significant way.

RBI has already begun with the first cohort[7] of the RS, the theme of which is –

  • Mobile payments including feature phone based payment services;
  • Offline payment solutions; and
  • Contactless payments.

SEBI, however, has only recently issued the proposal of a regulatory sandbox on 17th February, 2020.

Conclusion

Technology has been advancing at a rapid pace, coupled with innovation in the financial services space. This rapid growth however should not be overlooked by regulators across the globe. Thus, there is a need for policy changes and regulatory intervention to simultaneously govern as well as promote fintech activities, as innovation will not wait for regulation.

While most of regulators around the globe have different approaches to governing the fintech space, the regulatory environment should be such that there is sufficient understanding of fintech business models to enable regulation to fit into such models, while also curbing any unethical activities or risks that may arise out of the fintech business.

[1] https://rbidocs.rbi.org.in/rdocs/Publications/PDFs/86706.pdf

[2] http://vinodkothari.com/2019/09/sharing-of-credit-information-to-fintech-companies-implications-of-rbi-bar/

[3] https://www.sebi.gov.in/sebi_data/attachdocs/1403005615257.pdf

[4] https://rbidocs.rbi.org.in/rdocs/notification/PDFs/MDP2PB9A1F7F3BDAC463EAF1EEE48A43F2F6C.PDF

[5] https://www.sebi.gov.in/legal/regulations/jan-2013/sebi-investment-advisers-regulations-2013-last-amended-on-december-08-2016-_34619.html

[6] https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=938

https://www.sebi.gov.in/media/press-releases/feb-2020/sebi-board-meeting_46013.html

[7] https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=48550

[1] Assessment of the progress of digitisation from cash to electronic – https://www.rbi.org.in/Scripts/PublicationsView.aspx?id=19417

[2] https://www.bis.org/fsi/publ/insights23.pdf

An all-embracing guide to identity verification through CKYCR

-Kanakprabha Jethani | Executive

(kanak@vinodkothari.com)

Updated as on January 19, 2022

Introduction

Central KYC Registry (CKYCR) is the central repository of KYC information of customers. This registry is a one stop collection of the information of customers whose KYC verification is done once. The Master Direction – Know Your Customer (KYC) Direction, 2016 (KYC Directions)[1] defines CKYCR as “an entity defined under Rule 2(1) of the Rules, to receive, store, safeguard and retrieve the KYC records in digital form of a customer.”

The KYC information of customers obtained by Reporting Entities (REs) (including banks) is uploaded on the registry. The information uploaded by an RE is used by another RE to verify the identity of such customer. Uncertainty as to validity of such verification prevails in the market. The following write-up intends to provide a basic understanding of CKYCR and gathers bits and pieces around identity verification through CKYCR.

Identity verification through CKYCR is done using the KYC identifier of the customer. To carry out such verification, an entity first needs to be registered with the CKYCR. Let us first understand the process of registration with the CKYCR.

Registration on CKYCR

The application for registration shall be made on CKYCR portal. Presently, Central Registry of Securitisation Asset Reconstruction and Security Interest (CERSAI) has been authorized by the Government of India to carry out the functions of CKYCR. Following are the steps to register on CERSAI:

  1. A board resolution should be passed for appointment of the authorised representative. The registering entity shall be required to identify nodal officer, admin and user.
  2. Thereafter, under the new entity registration tab in the live environment of CKYCR, details of the entity, nodal officers, admin and users shall be entered.
  3. Upon submission of the details, the system will generate a temporary reference number and mail will be sent to nodal officer informing the same along with test-bed registration link.
  4. Once registered on the live environment, the entity will have to register itself on the testbed and test the application. It shall have to test all the functionalities as per the checklist provided at https://www.ckycindia.in/ckyc/downloads.html. On completion of the testing, the duly signed checklist at helpdesk@ckycindia.in shall be e-mailed to the CERSAI.
  5. The duly signed registration form along with the supporting documents shall be sent to CERSAI at – 2nd Floor, Rear Block, Jeevan Vihar Building, 3, Parliament Street, New Delhi -110001.
  6. CERSAI will verify the entered details with physical form received. Correct details would mean the CERSAI will authorize and approve the registration application. In case of discrepancies, CERSAI will put the request on hold and the system will send email to the institution nodal officer (email ID provided in Fl registration form). To update the case hyperlink would be provided in the email.
  7. After completion of the testing and verification of documents by CERSAI, the admin and co-admin/user login and password details would be communicated by it.

Obligations in relation to CKYCR

The establishment of CKYCR came with added obligations on banks and REs.  The KYC Directions require banks and REs to upload KYC information of their customers on the CKYCR portal. As per the KYC Directions – “REs shall capture the KYC information for sharing with the CKYCR in the manner mentioned in the Rules, as required by the revised KYC templates prepared for ‘individuals’ and ‘Legal Entities’ as the case may be. Government of India has authorised the Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI), to act as, and to perform the functions of the CKYCR vide Gazette Notification No. S.O. 3183(E) dated November 26, 2015.

…Accordingly, REs shall take the following steps:

  • Scheduled Commercial Banks (SCBs) shall invariably upload the KYC data pertaining to all new individual accounts opened on or after January 1, 2017 with CERSAI in terms of the provisions of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.
  • REs other than SCBs shall upload the KYC data pertaining to all new individual accounts opened on or after from April 1, 2017 with CERSAI in terms of the provisions of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.”

Further, para III and IV of the Operating Guidelines of CKYCR require reporting entities (including banks) to fulfill certain obligations. Accordingly, the reporting entities shall:

  • Register themselves with CKYCR
  • Carry out due diligence and verification KYC information of customer submitting the same.
  • Upload KYC information of customers, in the KYC template provided on CKYCR portal along with scanned copy of Proof of Address (PoA) and Proof of Identity (PoI) after successful verification.
  • Communicate KYC identifier obtained from CKYCR portal to respective customer.
  • Download KYC information of customers from CKYCR, in case KYC identifier is submitted by the customer.
  • Refrain from using information downloaded from CKYCR for purposes other than identity verification.
  • In case of any change in the information, update the same on the CKYCR portal.

In and around verification

Registered entities may download the information from CKYCR portal and use the same for verification. Information can be retrieved using the KYC identifier of the customer. Before we delve into the process of verification and its validity, let us first understand what a KYC identifier is and how would a customer obtain it.

KYC identifier

A KYC Identifier is a 14 digit unique number generated when KYC verification of a customer is done for the first time and the information is uploaded on CKYCR portal. The RE uploading such KYC information on the CKYCR portal shall communicate such KYC Identifier to the customer after uploading his/her KYC information.

Obtaining KYC identifier

When a customer intends to enter into an account-based relationship with a financial institution for the very first time, such financial institution shall obtain KYC information including the Proof of Identity (PoI) and Proof of Address (PoA) of such customer and carry out verification process as provided in the KYC Master Directions. Upon completion of verification process, the financial institution will upload the KYC information required as per the common KYC template provided on the CKYCR portal, along with scanned PoI and PoA, signature and photograph of such customer within 3 days of completing the verification. Different templates are to be made available for individuals, and on the CKYCR portal. Presently, only template for individuals[2] has been made available.

Upon successful uploading of KYC information of the customer on the CKYCR portal, a unique 14 digit number, which is the KYC identifier of the customer, is generated by the portal and communicated to the financial institution uploading the customer information. The financial institution is required to communicate the KYC identifier to respective customer so that the same maybe used by the customer for KYC verification with some other financial institution.

Verification through CKYCR

When a customer submits KYC identifier, the RE, registered with CKYCR portal, enters the same on the CKYCR portal. The KYC documents and other information of the customer available on the CKYCR portal are downloaded. The RE matches the photograph and other details of customer as mentioned in the application form by the customer with that of the CKYCR portal. If both sets of information match, the verification is said to be successful.

Identity Verification through CKYCR- is it valid?

The process of CKYCR is not a complete process in itself and is merely a means to obtain documents from the central registry. In the very essence, the registry acts as a storehouse of the documents to facilitate the verification process without having the customer to produce the KYC documents every time he interacts with a regulated entity. Para 56(j) provides that Regulated entities are not required to ask the customer to submit KYC documents, if he/she has submitted KYC Identifier, unless:

(i) there is a change in the information of the customer as existing in the records of CKYCR;
(ii) the current address of the customer is required to be verified;
(iii) the RE considers it necessary in order to verify the identity or address of the customer, or to perform enhanced due diligence or to build an appropriate risk profile of the client.

The above specification is for obtaining the documents from the customer and not for verification of the same. Verification can be done only through physical, digital or V-CIP modes of CDD.

Furthermore, V-CIP as a manner of CDD was introduced through an amendment to KYC Directions introduced on 9th January, 2019[5]. Para 18(b) of the KYC Directions prescribes that documents for V-CIP procedure may be obtained from the CKYCR portal. Logically, if the CKYCR procedure was to be complete in itself, the same would not have been indicated in conjunction with the V-CIP mode of due diligence.

Benefits from CKYCR

While imposing various obligations on REs, the CKYCR portal also benefits REs by providing them with an easy way out for KYC verification of their customers. By carrying out verification through KYC Identifier, the requirement of physical interface with the borrower (as required under KYC Master Directions)[4] may be done away with. This might serve as a measure of huge cost savings for lenders, especially in the digital lending era.

Further, CKYCR portals also have de-duplication facility under which KYC information uploaded will go through de-duplication process on the basis of the demographics (i.e. customer name, maiden name, gender, date of birth, mother’s name, father/spouse name, addresses, mobile number, email id etc.) and identity details submitted. The de-dupe process uses normaliser algorithm and custom Indian language phonetics.

  • Where an exact match exists for the KYC data uploaded, the RE will be provided with the KYC identifier for downloading the KYC record.
  • Where a probable match exists for the KYC data uploaded, the record will be flagged for reconciliation by the RE.

Conclusion

Identity verification using the KYC identifier is a cost-effective way of verification and also results into huge cost saving. This method does away with the requirement of physical interface with the customer. Logic being- when the customer would have made the application for entering into account-based relationship, the entity would have obtained the KYC documents and carried out a valid verification process as per the provisions of KYC Master Directions. So, the information based on valid verification is bound to be reliable.

However, despite these benefits, only a handful of entities are principally using this method of verification presently. Lenders, especially FinTech based, should use this method to achieve pace in their flow of transactions.

[1] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11566

[2] https://rbidocs.rbi.org.in/rdocs/content/pdfs/KYCIND261115_A1.pdf

[3] https://testbed.ckycindia.in/ckyc/assets/doc/Operating-Guidelines-version-1.1.pdf

[4] Our detailed write-up on the same can also be referred-  http://vinodkothari.com/wp-content/uploads/2020/01/KYC-goes-live-1.pdf

[5] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11783&Mode=0

Our FAQs on CKYCR may also be referred here- http://vinodkothari.com/2016/09/ckyc-registry-uploading-of-kyc-data/

Our other write-ups on KYC:

NBFC Account Aggregator – Consent Gateways

Timothy Lopes, Executive, Vinod Kothari Consultants Pvt. Ltd.

finserv@vinodkothari.com

The NBFC Account Aggregator (NBFC-AA) Framework was introduced back in 2016 by RBI[1]. However the concept of Account Aggregators did exist prior to 2016 as well. Prior to NBFC-AA framework several Account Aggregators (such as Perfios and Yodlee) undertook similar business of consolidating financial data and providing analysis on the same for the customer or a financial institution.

To give a basic understanding, an Account Aggregator is an entity that can pull and consolidate all of an individual’s financial data and present the same in a manner that allows the reader to easily understand and analyse the different financial holdings of a person. At present our financial holdings are scattered across various financial instruments, with various financial intermediaries, which come under the purview of various financial regulators.

For example, an individual may have investments in fixed deposits with ABC Bank which comes under the purview of RBI, mutual fund investments with XYZ AMC which comes under the purview of SEBI and life insurance cover with DEF Insurance Corporation (which comes under the purview of IRDAI.

Gathering all the scattered data from each of these investments and consolidating the same for submission to a financial institution while applying for a loan, may prove to be a time-consuming and rather confusing job for an individual.

The NBFC-AA framework was introduced with the intent to help individuals get a consolidated view of their financial holdings spread across the purview of different financial sector regulators.

Recently we have seen a sharp increase in the interest of obtaining an NBFC-AA license. Ever since the Framework was introduced in 2016, around 8 entities have applied for the Account Aggregator License out of which one has been granted the Certificate of Registration while the others have been granted in-principle[2].

Apart from the above, we have seen interest from the new age digital lending/ app based NBFCs.

In this article we wish to discuss the concerns revolving around data sharing, the reason behind going after an Account Aggregator (AA) license and the envisaged business models.

Going after AA License – The reason

New age lending mainly consists of a partnership model between an NBFC which acts as a funding partner and a fintech company that acts as a sourcing partner. Most of the fintech entities want to obtain the credit scores of the borrower when he/she applies for a loan. However, the credit scores are only accessible by the NBFC partner, since they are mandatorily required to be registered as members with all four Credit Information Companies (CICs).

This is where most NBFCs are facing an issue since the restriction on sharing of credit scores acts as a hurdle to smooth flow of operations in the credit approval process. We have elaborately covered this issue in a separate write up on our website[3].

What makes it different in the Account Aggregator route?

Companies registered as an NBFC-AA with RBI, can pull all the financial data of a single customer from any financial regulator and organise the data to show a consolidated view of all the financial asset holdings of the customer at one place. This data can also be shared with a Financial Information User (FIU) who must be an entity registered with and regulated by any financial sector regulator such as RBI, SEBI, IRDAI, etc. The AA could also perform certain data analytics and present meaningful information to the customer or the FIU.

All of the above is possible only and only with the consent of the customer, for which the NBFC-AA must put in place a well-defined ‘Consent Architecture’.

This data would be a gold mine for NBFCs, who would act as FIUs and obtain the customer’s financial data from the NBFC-AA.

Say a customer applies for a loan through a digital lending app. The NBFC would then require the customer’s financial data in order to do a credit evaluation of the potential borrower and make a decision on whether to sanction the loan or not. Instead of going through the process of requesting the customer to submit all his financial asset holdings data, the customer could provide his consent to the NBFC-AA (which could be set up by the NBFC itself), which would then pull all the financial data of the customer in a matter of seconds. This would not only speed up the credit approval and sanction process but also take care of the information sharing hurdle, as sharing of information is clearly possible through the NBFC-AA route if customer consent is obtained.

The above model can be explained with the following illustration –

What about the Fintech Entity?

Currently the partnership is between the fintech company (sourcing partner) and the NBFC (funding partner). With the introduction of an Account Aggregator as a new company in the group, what would be the role of the fintech entity? Can the information be shared with the fintech company as well as the NBFC?

The answer to the former would be that firstly the fintech company could itself apply for the NBFC-AA license, considering that the business of an NBFC-AA is required to be completely IT driven. However, the fintech company would require to maintain a Net Owned Fund (NOF) of Rs. 2 crores as one of the pre-requisites of registration.

Alternatively the digital lending group could incorporate a new company in the group, who would apply for the NBFC-AA license to solely carry out the business of an NBFC-AA. This would leave the fintech entity with the role of maintaining the app through which digital lending takes place.

The above structures could be better understood with the illustrations below –

To answer the latter question as to whether the information can be shared by the NBFC-AA with the fintech entity as well? The answer is quite clearly spelt out in the Master Directions.

As per the Master Directions, the NBFC-AA can share the customers’ information with a FIU, of course, with the consent of the customer. A FIU means an entity registered with and regulated by any financial sector regulator. Regulated entities are other banks, NBFCs, etc. However, fintech companies are not FIUs as they are not registered with and regulated by any financial sector regulator. An NBFC-AA cannot therefore, share the information with the fintech company.

How to register as an NBFC-AA?

Only a company having NOF of Rs. 2 crores can apply to the RBI for an AA license. However there is an exemption to AAs regulated by other financial sector regulators from obtaining this license from RBI, if they are aggregating only those accounts relating to the financial information pertaining to customers of that particular sector.

Further the following procedure is required to be followed for obtaining the NBFC-AA license –

Consent Architecture

Consent is the most important factor in the business of an NBFC-AA. Without the explicit consent of the customer, the NBFC-AA cannot retrieve, share or transfer any financial data of the customer.

The function of obtaining, submitting and managing the customer’s consent by the NBFC-AA should be in accordance with the Master Directions. As per the Master Directions, the consent of the customer obtained by the NBFC-AA should be a standardized consent artefact containing the following details, namely:-

  1. Identity of the customer and optional contact information;
  2. The nature of the financial information requested;
  • Purpose of collecting such information;
  1. The identity of the recipients of the information, if any;
  2. URL or other address to which notification needs to be sent every time the consent artefact is used to access information
  3. Consent creation date, expiry date, identity and signature/ digital signature of the Account Aggregator; and
  • Any other attribute as may be prescribed by the RBI.

This consent artefact can also be obtained in electronic form which should be capable of being logged, audited and verified.

Further, the customer also has every right to revoke the consent given to obtain information that is rendered accessible by a consent artefact, including the ability to revoke consent to obtain parts of such information. Upon revocation a fresh consent artefact shall be shared with the FIP.

The requirement of consent is essential to the business of the NBFC-AA and the manner of obtaining consent is also carefully required to be structured. Account Aggregators can be said to be consent gateways for FIPs and FIUs, since they ultimately benefit from the information provided.

Conclusion

There are several reasons for the new age digital lending NBFCs to go for the NBFC-AA license, as this would amount to a ‘value added’ to their services since every step in the loan process could be done without the customer ever having to leave the app.

However the question as to whether this model fits into the current digital lending model of the NBFC and Fintech Platform should be given due consideration. The revenue model should be structured in a way that the NBFC-AA reaps benefits out of its services provided to the NBFC.

The ultimate benefit would be a speedy and easier credit approval and sanction process for the digital lending business. Data coupled with consent of the customer would prove more efficient for the new age digital lending model if all the necessary checks and systems are in place.

Links to related write ups –

Account Aggregator: A class of NBFCs without any financial assets – http://vinodkothari.com/2016/09/account-aggregator-a-class-of-nbfc-without-any-financial-assets/

Financial Asset Aggregators: RBI issues draft regulatory directions – http://vinodkothari.com/wp-content/uploads/2017/03/Financial_asset_aggregators_RBI-1.pdf

[1] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10598

[2] Source: Sahamati FAQs (Sahamati is a collective of the Account Aggregator System)

[3] http://vinodkothari.com/2019/09/sharing-of-credit-information-to-fintech-companies-implications-of-rbi-bar/