Knowledge Repository
All Issues

Fintech

In this update +

Jyotsna JayaramPartner

Akshaya ParthasarathySenior Associate

Anirudh Rao SaxenaAssociate

Key Developments

  • Reserve Bank of India introduces an omnibus framework for self-regulation by regulated entities

    Given the large number of entities operating within its regulatory purview, the Reserve Bank of India (RBI) has acknowledged the need for sector-specific, self regulatory organisations (SRO) to ensure effective regulation and compliance. To this end, RBI has recently issued an omnibus framework for its regulated entities, for recognising SROs (Omnibus Framework). The Omnibus Framework sets out a baseline for the establishment and operation of such SROs.

    SROs are expected to play a dual role. On the one hand, they will operate under the RBI’s oversight to promote a culture of compliance amongst their members. On the other hand, they will act as the voice of their members, representing the industry’s concerns in engagements with the RBI and other government authorities. SROs may also outline best practices for their members within the contours of the existing legal framework.

    The Omnibus Framework sets out the eligibility criteria for SROs, which include a net worth requirement, the ability to create requisite infrastructure, diversified shareholding, membership of a specified nature representing the relevant sector, and certain fitness criteria for the key managerial personnel. RBI will also prescribe the criteria for regulated entities to obtain membership with these SROs.

    The Omnibus Framework presents immense potential in engaging industry participation and enabling market players to voice their opinions in the development and implementation of regulations that affect them. In this context, the RBI also released a draft framework for SROs in the fintech sector for public consultation, prescribing sector-specific guidelines on data privacy and technical standards as well as recommending the role to be played by the fintech SRO in enabling effective regulation of this sector, amongst other things.

  • Credit card holders provided with the flexibility to choose the card network

    Bank and non-bank credit card issuers typically determine the card network for the cards issued by them basis their arrangements with card networks such as American Express, Diners Club, MasterCard, Rupay, and Visa. To provide cardholders with a choice in this matter, the RBI issued a circular on Arrangements with Card Networks for the Issue of Credit Cards. This circular requires credit card issuers to ensure that their arrangements with card networks do not restrict them from availing the services of other card networks. It also directs credit card issuers (other than those that have issued 10,00,000 or fewer active cards) to provide eligible customers the option to choose from multiple card networks at the time of issue or renewal from September 2024. However, card issuers issuing credit cards on their own authorised card network are excluded from the applicability of this circular.

  • Clarifications for card issuers on issuance, co-branding and data utilisation

    The RBI issued amendments to the Master Direction - Credit Card and Debit Card – Issuance and Conduct Directions, 2022, in the interest of promoting transparency, efficiency, and consumer protection. The amendments include:

    • a requirement for credit and debit card issuers to comply with the RBI’s Master Directions on Outsourcing of Information Technology Services, which is in addition to the pre-existing requirement to ensure compliance with the guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services,
    • an express prohibition on card issuers sharing card data, including transaction data, with outsourcing service providers unless such sharing is essential for the outsourcing service provider to discharge its functions, the cardholder’s explicit consent is obtained, and the storage and ownership of the card data remain with the issuer, and
    • permissibility for card transaction-related data to be drawn directly from the issuer’s system and displayed in the co-branding partner’s platform for the cardholder’s convenience, subject to the data being in an encrypted form and the adoption of robust security measures. Such information displayed on the partner’s platform must, however, be visible only to the cardholders. The partner should not access or store such information.

    The amendments were accompanied by RBI’s responses to certain frequently asked questions clarifying, amongst other things, the recourses for aggrieved customers, co-branding arrangements, queries around the issuance, activation and closure of cards, and the charges levied on cardholders.

  • Framework governing the Bharat Bill Payment System revamped

    RBI revised the framework governing the Bharat Bill Payment System (BBPS) by issuing the Master Direction – RBI (Bharat Bill Payment System) Directions, 2024. These directions clarify the supervisory role played by the National Payments Corporation of India Bharat Bill Pay Limited (NBBL) with respect to Bharat Bill Payment Operating Units (BBPOU), which are entities that, directly or through biller aggregators, onboard billers onto the BBPS platform for bill collection (Biller Operating Units or BOU) and entities that provide customers with an interface, directly or through agents, to pay bills (Customer Operating Units or COU). The directions also define and acknowledge the role played by technology service providers (TSP), which provide technology services and solutions to billers, BOUs, COUs, and agents to integrate with BBPS.

    Briefly, NBBL, being the entity payment system provider that operates BBPS, is tasked with:

    • setting the rules governing participation and technical standards,
    • providing guaranteed settlement of transactions,
    • establishing a consumer dispute redressal framework, and
    • ensuring that no funds flow through TSPs.

    BOUs are required to diligence billers and ensure that merchants are onboarded in the manner prescribed by the RBI, whereas COUs should provide customers with a system to raise disputes and take responsibility for the activities of their agents. Further, non-bank BBPOUs should set up escrow accounts with a bank solely for BBPS transactions and maintain them as per the applicable provisions of the RBI’s Guidelines on Regulation of Payment Aggregators and Payment Gateways. All BBPOUs will also need to participate in the centralised dispute resolution framework established by NBBL and resolve failed transactions within the prescribed timelines.

    The clarity and revisions introduced by these directions are welcome. However, the requirement for entities other than billers operating a system for payment of bills outside the scope of BBPS to obtain authorisation as a ‘payment system’ leaves room for interpretation.

In the coming months, we can expect an expansion of the RBI’s regulatory measures particularly in relation to the self-regulatory framework. For instance, a final version of the guidelines for SROs in the fintech sector is reported to be released soon.

More in this issue

More Quarterly Milestones

Consumer Protection and Advertising

Technology and Telecommunication

Direct Tax

Indirect Tax

International Trade

Asset Management and Funds

Corporate

Dispute Resolution

Labour and Employment

Financial Regulatory Regime

In this update

  • RBI introduces omnibus framework for self-regulation by regulated entities
  • Credit card holders provided with the flexibility to choose the card network
  • Clarifications for card issuers on issuance, co-branding and data utilisation
  • Framework governing the Bharat Bill Payment System revamped