BANKING AND TECHNOLOGY: TECH-FRIENDLY REGULATION IS IN!

ARTIFICIAL INTELLIGENCE

The Reserve Bank of India (“RBI”) announced the formation of a committee to develop a framework for the responsible and ethical use of artificial intelligence (“AI”) in the financial sector. The committee will propose a governance framework to ensure the responsible and ethical implementation of AI models and applications within India’s financial sector.  This move comes after the RBI has cautioned regulated entities (“REs”) to ensure the responsible use of AI. 

RISK MANAGEMENT

1. Given the dependency on third parties, the RBI released a ‘Guidance Note on Operational Risk Management and Operational Resilience’, which provides internal lines of defences that REs ought to implement while engaging with third-party vendors.
2. To combat financial fraud, the RBI issued ‘Master Directions on Fraud Risk Management’, which superseded the previous guidelines and emphasised a multi-pronged approach.
3. The RBI mandated that all REs adopt an integrated tool to monitor compliance requirements and manage compliance risk – this would be undertaken through a process of identifying, assessing, monitoring and managing compliance requirements.
4. The RBI issued guidance on internal risk assessment for money laundering/ terrorist financing risks that provide principles and methodology for risk assessment, risk factors, and guidance on managing residuary risk and risk mitigation measures.

CLOUD SERVICE PROVIDER

The RBI is set to launch a pilot programme in 2025 to offer affordable local cloud data storage to financial institutions. This initiative will see the RBI collaborate with domestic IT firms to compete with major international cloud service providers.

SELF REGULATORY ORGANISATIONS (SROS) 

1. The RBI issued a regulatory framework for Self-Regulatory Organisations (“SRO”) for REs and fintechs. The framework provides broad parameters viz., objectives, responsibilities, eligibility criteria, governance standards, application process and other basic conditions for grant of recognition, which will be common for any SRO proposed to be recognised by RBI.
2. The Fintech Association for Consumer Empowerment (“FACE”) was recognised as the first SRO under this framework. 

LENDING: BALANCING HEIGHTENED REGULATORY SCRUTINY AND INNOVATION

CONSUMER PROTECTION

1. RBI has increased emphasis on transparency in loan terms, with the mandatory disclosure of key fact statements (“KFS”) for various loan products, including bank loans, digital loans, and retail loans. 
2. REs and Credit Information Companies (“CICs”) are now mandated to implement a strict 30-day grievance redressal framework for complaints regarding inaccuracies in credit information reporting.  
3. Credit information reporting timelines for REs have been shortened from monthly to fortnightly to ensure timely and accurate credit information updates. 
4. To prevent data gaps, the RBI mandated continued reporting of customer repayments by REs even after license cancellation. 
5. The RBI has barred regulated entities from charging interest from customers before loan disbursement and has issued guidelines to standardise the practice of charging interest on loans by REs.

STRICTER REGULATORY FRAMEWORK FOR P2P LENDING 

In furtherance of its goal for consumer protection, the RBI overhauled the ‘Master Directions on Peer-to-Peer (“P2P”) Lending’. This overhaul includes prohibiting practices that promote P2P platforms as investment vehicles, charging collection-linked fees to lenders and facilitating the back-end transfer of loans between lenders. 

FINANCIAL STABILITY

With regard to ensuring the stability and resilience of the financial ecosystem – RBI has taken several important steps.

1. Given the unregulated growth of consumption-based loans, the RBI increased risk weights for unsecured consumer lending and credit card receivables. Resultantly, consumption-based lending growth declined by approximately 2-3% year-on-year.
2. The RBI also increased risk weights on bank loans to Non-Banking Financial Companies (“NBFC”) for on-lending of consumption-based loans. Naturally, bank credit to the NBFC sector declined and NBFCs moved to alternative sources of finance.

FINANCIAL DIGITAL STACK 

The RBI embraced technological advancements in parallel to expanding its regulatory reach by developing a ‘financial digital stack’ – i.e. enabling public technologies that facilitate innovation in the financial sector. Major developments include:

1. PRAVAAH (Platform for Regulatory Application, VAlidation and AutHorisation) portal: This allows individuals and entities to apply for various regulatory approvals and simplifies the application process, provides status tracking, and facilitates communication with the RBI.
2. Retail Direct Mobile App: This app empowers retail investors to conveniently buy and sell government securities (G-Secs). 
3. FinTech Repository: This repository serves as a central hub for information on the Indian fintech sector. Both regulated and unregulated fintech entities can register and provide details about their activities and technologies. 
4. EmTech Repository: This repository aims to collect data on the adoption of emerging technologies such as artificial intelligence, machine learning, and cloud computing by entities like banks, NBFCs, insurance companies, capital market entities, etc.
5. Unified Lending Interface (“ULI”): This platform streamlines credit processes and enables seamless and secure exchange of digital information relating to a borrower, such as land records, financial information, repayment behaviour, etc. 

AGAINST IRREGULAR PRACTICES

1. The RBI prohibited the practice of offering default loss guarantees on revolving credit lines.
2. The year also saw the RBI raising concerns about certain revolving credit line products that tend to mimic the features of credit cards.
3. Service fee structures where the lending service providers take a larger chunk of the interest, over and above a fixed pay-out to the RE were also questioned. 
4. The RBI voiced its discomfort with the over-reliance on lending service providers or business correspondents for credit operations.
5. Driven by its experience during inspections of REs, the RBI clarified that any structures or transactions that tend to result in evergreening, such as allowing renewal of loans several times, transfer of loan portfolios between two REs to avoid NPA classification, etc., violate the spirit of the regulations.  
6. The gold lending industry faced major scrutiny from the regulator for their valuation practices, LTV classification, lack of end-use monitoring procedures, disbursal of loans in cash, non-categorisation of gold loans as NPA in the system, etc.

DISCIPLINED CREDIT BEHAVIOUR

With an intent to ensure that the borrowers understand the importance of disciplined credit behaviour, the RBI issued ‘Master Directions on Treatment of Wilful Defaulters and Large Defaulters’ that aim to put in place a system to disseminate credit information about wilful defaulters for cautioning other REs.

HARMONISATION

With an intent to harmonise the regulatory framework for various players in the lending industry, the RBI has issued the following guidelines:

1. Master Direction – Reserve Bank of India (Filing of Supervisory Returns) Directions – 2024 dated February 27, 202415; and
2. Review of the regulatory framework for HFCs and harmonisation of regulations applicable to HFCs and NBFCs dated August 12, 202416.

ENFORCEMENT TREND

Enforcement actions in the last year shed light on key focus themes and concern areas of the regulator. 

PAYMENTS: SECURITY, INTEROPERABILITY, AND REGULATION OVERHAUL

1. DRAFT REGULATIONS: 

  a. The RBI issued a draft circular with the following key changes:

• Recognition and regulation of offline payment aggregators, i.e., entities that facilitate face-to-face/proximity payment for delivery versus payment transactions.
• New and heightened KYC requirements for payment aggregators.
• Framework on engagement of agents by payment aggregators.
• Framework on involvement of multiple payment aggregators in a transaction.
• Restriction on storage of card data for face-to-face/proximity payment transactions. 

  b. The RBI issued a draft framework on alternative authentication mechanisms for digital payment transactions, nudging regulated entities to explore additional factor of authentication (“AFA”) measures other than OTP and attempted to align the Indian AFA framework with globally accepted standards.

2. A NEW FRAMEWORK FOR THE REGULATION OF BHARAT BILL PAYMENT SYSTEM (“BBPS”):

The new law attempts to streamline the bill payments ecosystem across the country and provides comprehensive guidance on the players within the BBPS ecosystem. It clarifies the operation of Bharat Bill Payment Operating Units (“BBPOU”) as payment system operators and the handling of monies by the BBPOUs. 

3. MASTER DIRECTIONS ON CYBER RESILIENCE AND DIGITAL PAYMENT SECURITY CONTROLS FOR NON-BANK PAYMENT SYSTEM OPERATORS (“PSOS”):

Recognising the importance of the safety of payment systems operated in India, the RBI released a framework for the governance of payment systems operated by non-bank payment system operators. The RBI proposed controls to be implemented in the following key sectors: (i) governance; (ii) baseline information security; and (iii) digital payment security.

4. INTEROPERABILITY FOR PREPAID PAYMENT INSTRUMENT HOLDERS:

In a key move to enable the Unified Payment Interface (“UPI”) on a prepaid instrument (“PPI”) interoperability, the RBI has now enabled PPI Issuers to allow the discovery of full-KYC PPIs on third-party UPI applications.

5. CHANGES TO THE FRAMEWORK ON CREDIT AND DEBIT CARDS:

The RBI has made, inter alia, the following key changes in relation to the issuance and operation of credit cards and debit cards:

• Imposed restrictions on the role of co-branding partners in terms of functions that can be undertaken by them and the data that can be accessed by these entities.
• Provided clarity on the roles and responsibilities of third-party service providers  engaged by card issuers and the data that can be accessed by them.

WEALTH-TECH: 2025 IS FOR LEAN AND DECENTRALISED REGULATION

MOVING TO DECENTRALISED REGULATION

  1. Supervisory authority: The Securities and Exchange Board of India (“SEBI”) recognised the Bombay Stock Exchange (“BSE”) as the supervisory authority to monitor the operations of investment advisers (“IA”) and research analysts (“RA”). It will be referred to as Research Analyst Administration and Supervisory Body (“RAASB”) and Investment Adviser Administration and Supervisory Body (“IAASB”) for respective functions.

  2. Key functions:

• Approve fresh IA and RA applications, 
• Post-registration approvals such as change in name, change of control, etc., 
• disciplinary and enforcement actions, 
• ensuring grievance redressal.                                                             

3. Mandatory enlisting: Enlisting with BSE is made mandatory to receive registration as IA or RA. 

4. Half-yearly reporting: RAs and IAs are required to submit half-yearly reports to RAASB and IAASB.

OPERATIONAL CLARITY

  1. Prior approval: IAs and RAs are required to obtain prior approval of IAASB or RAASB for any change in control. SEBI clarified the following with respect to the applicability of this requirement:

• If IA or RA is an unlisted corporate body, shareholding transfers among immediate relatives or via transmission do not constitute a change in control.
• In case of a proprietary firm, transmission or transfer of ownership results in a change of control, requiring prior approval and fresh registration for the new owner or legal heir.
• For partnership firms, transfer of ownership interest among partners does not amount to a change in control unless new partners are inducted or a two-partner firm dissolves due to a partner’s death. Partnership deeds allowing legal heirs of deceased partners to join do not require fresh registration.

  2. Advertisement: SEBI clarified that an RA research report is not considered an advertisement unless it promotes the RA’s products or services. 

HARMONISATION

In line with the requirements for non-individual IAs, now RAs are also required to submit a half-yearly compliance audit report to BSE.   

INSUR-TECH: INSURANCE FOR ALL

The insurance sector saw several regulatory prescriptions in 2024 that address a wide range of contemporary issues faced by market participants and customers.

CUSTOMER-CENTRIC APPROACH 

The year saw several regulatory initiatives that promoted consumer protection. 

1. Insurance Regulatory and Development Authority (“IRDAI”) issued comprehensive guidelines on insurance products, including their pricing approval processes, product structures and categories, guidelines on charges, etc. 
2. The guidelines on policyholders’ protection were updated to streamline claim settlement processes.
3. Ayurveda, Yoga & Naturopathy, Unani, Siddha, Sowa Rigpa and Homoeopathy (“AYUSH”) treatment was recognised for claiming insurance coverage. 
4. To curb unsolicited marketing and commercial calls and communications, all insurers and intermediaries were directed to comply with Telecom Regulatory Authority of India’s (“TRAI’s”) guidelines on unsolicited commercial communication. 

EASE OF OPERATIONS

1. IRDAI consolidated its circulars on varied topics in the form of master circulars – a practice that aligns with other regulators such as RBI and SEBI. 
2. IRDAI encouraged insurers to invest in the infrastructure by investing in NBFC-IDFs without any prior approval requirements. 
3. Guidelines on corporate governance were also issued to improve the internal processes of insurance sector participants, which clearly laid down the responsibilities of the board of directors and risk management and compliance functions.

INSURANCE FOR ALL

A significant regulatory update for the Indian insurance sector was issued in March 2024 when IRDAI notified the regulations for Bima Sugam – Insurance Electronic Marketplace. It is proposed as a one-stop solution for democratising insurance for India and marks a significant step in fulfilling the ‘Insurance for all by 2047’ vision. While the marketplace has yet to be fully operational, it will be interesting to see if Bima Sugam emerges as a key driver for the insurance sector, much like UPI did for the payments ecosystem and the RBI’s plans for ULI in the credit industry. 

REFERENCES