Fintech 2025

INDIA Law and Practice Contributed by: Shilpa Mankar Ahluwalia, Himanshu Malhotra and Purva Anand, Shardul Amarchand Mangaldas & Co

a capability that is not extended to non-bank players (like NBFCs). This discrepancy imposes additional compliance costs on non-bank play - ers. Nevertheless, the RBI has taken steps to address this issue by allowing non-bank play - ers to obtain authorisations to conduct Aadhaar- based E-KYC authentication, enabling them to utilise the services provided by the Unique Identification Authority of India (UIDAI) for E-KYC purposes. Further, the RBI’s impetus on CKY - CR may potentially reduce disparity in costs between bank and non-bank players. Access to credit information is another area where there was a significant discrepancy between REs and certain “specified entities” (which fulfil the criteria prescribed by the RBI), as against other third-party entities. (see 2.13 Conjunction of Unregulated and Regulated Products and Services ) However, the RBI’s recent Master Directions on Credit Information Reporting now expressly allow third-party enti - ties to access the credit information of persons from CICs, as the authorised representative of such persons, with their consent. The RBI has coupled this access with robust security, due diligence and monitoring measures. 2.5 Regulatory Sandbox RBI Framework and eligibility The RBI issued a Regulatory Sandbox Enabling Framework in August 2019 permitting eligible fintech companies to live-test their products in a controlled/ modified regulatory environment, provided that such product is compliant with the designated theme for the sandbox cohort. Entities that satisfy the following eligibility criteria may approach the RBI for testing their products in a sandbox:

• net worth of at least INR1 million; • satisfactory credit score/history of promoters and directors; • promoters and directors of the applicant entity meeting the prescribed “fit and proper” criteria; • demonstrated ability to comply with personal data protection laws; and • adequate IT infrastructure and safeguards to protect against unauthorised access, destruc - tion and disclosure. The framework outlines the five stages of the sandbox process for a single cohort involving preliminary screening, finalising test designs, application assessment, closely monitored test - ing and lastly, assessment of the final output by the RBI. The end-to-end sandbox process prac - tically takes more than 1.5 years for each cohort. To date, the RBI has announced five cohorts – on retail payments (February 2021), cross-bor - der payments (December 2020), micro, small, and medium-sized enterprise lending (October 2021), prevention and mitigation of financial frauds (June 2022) and a fifth “theme-neutral” cohort (October 2023). Of these, the successful exit of 18 applicants from the first four cohorts has led to innovations such as a purely digital cash flow-based credit underwriting process for MSMEs and a voice-based UPI payment solu - tion that supports local languages and offline use. IRDAI and SEBI Similar to the regulatory sandboxes implement - ed by the RBI for fintech products, the Insurance Regulatory and Development Authority of India (IRDAI) and the Securities and Exchange Board of India (SEBI) have proposed similar regulatory sandbox products in the insurtech space, and

305 CHAMBERS.COM

Powered by