Fintech 2025

INDIA Law and Practice Contributed by: Shilpa Mankar Ahluwalia, Himanshu Malhotra and Purva Anand, Shardul Amarchand Mangaldas & Co

2.12 Review of Industry Participants by Parties Other than Regulators Besides regulators and quasi-regulatory bodies (see 2.6 Jurisdiction of Regulators ), the regu - latory framework (see 2.2 Regulatory Regime) requires REs to have in place several checks and balances that serve to review the function - ing and operations of industry participants. By way of an indicative overview: • Banks and NBFCs are subject to a detailed ongoing compliance framework that involves a review of their operations by external audi - tors/accountants. • The RBI has set up designated ombudsman offices under its management and supervi - sion, charged with receiving and considering complaints from customers relating to the deficiencies in banking or other digital pay - ment services, creating an additional, con - sumer-driven oversight mechanism on REs. These compliances represent strict regulatory requirements, deviation from which can lead to enforcement actions and/or penal consequenc - es by the RBI (see 2.10 Significant Enforcement Actions ). Thus, industry practice is fairly aligned with the regulatory mandate and there is little room for adopting alternative approaches. 2.13 Conjunction of Unregulated and Regulated Products and Services While regulated products are offered by REs (such as banks, NBFCs and PPI issuers), sev - eral intermediaries and service providers (that may not fall within the regulatory framework) have emerged to cater to gaps that may arise in the delivery of financial services and to ensure a seamless, end-to-end digital product delivery. Some of these have led to the emergence of interesting market trends in the Indian fintech space.

Credit Analysis Traditional credit information in India is collated by specialised, REs called credit information companies (CICs). Access to traditional credit information through such CICs was originally restricted only to REs. Some non-bank entities, fulfilling the criteria prescribed by the RBI, have now been allowed to access information from CICs. However, this criterion is still quite strict (including, inter alia, a net worth of at least INR20 million, Indian-owned and controlled status, at least three years of experience in data process - ing and a clean track record). Due to such restricted access to traditional cred - it information, a market space for unregulated players to undertake non-traditional “behav- ioural scoring” has grown in India. These fintech entities typically utilise data that does not strictly constitute credit data and is therefore not cur - rently subject to regulatory limitations. Such behavioural scoring may be based on social media presence of consumers, consumption patterns on e-commerce websites, etc. How - ever, the consent requirements under the DPDP Act (once enforced) will also cover such data collection and processing. Booking Services Authorised PPI issuers are also offering ticketing (railways, airlines, etc) and hotel booking ser - vices in addition to their core product offering to provide their customers with a seamless cus - tomer experience. 2.14 Impact of AML and Sanctions Rules The KYC Master Directions apply to REs (includ - ing banks, NBFCs, PPI issuers, and payment system providers). The KYC Master Directions require such entities to abide by the provisions of the PMLA and various rules framed under it. REs must file reports of suspicious transactions,

308 CHAMBERS.COM

Powered by