Fintech In India: An Analysis Of Current Legislation And What Lies Ahead?

By 17/10/2020May 16th, 2022No Comments

Fintech In India: An Analysis Of Current Legislation

Most would agree that since the advent of technology, human life has undergone considerable changes that may be perceived as nothing short of magic. We started with the barter system but recently we have transitioned from a cash-dependant country to a country where citizens have moved online for gold, savings, gift cards, loans, investments, etc.

This change can be attributed to the confluence of finance and technology, also known as ‘fintech’. The term is used to describe new technology that seeks to improve and automate the delivery and use of financial services. Fintech innovations have touched upon several areas including – cryptocurrencies, blockchain technology, smart contracts, open banking, cybersecurity, and Robo-advisors, to name a few.

This change can be attributed to the confluence of finance and technology, also known as ‘fintech’. The term is used to describe new technology that seeks to improve and automate the delivery and use of financial services. Fintech innovations have touched upon several areas including – cryptocurrencies, blockchain technology, smart contracts, open banking, cybersecurity, and Robo-advisors, to name a few.

Issues Surrounding Fintech

The innovative products are only the tip of the iceberg. Numerous complexities in the legal perspective crop up under the surface. Thus, the right balance should be maintained between encouraging emerging technological advancements and the need to administer them accordingly.

Cybersecurity And Data Protection

Fintech companies process large chunks of data, analyze the market demands, and customize their offerings accordingly. Hence, companies have to adhere to data protection and cyberspace laws.

Distributed Ledger Technology (DLT) and Smart Contracts

The DLT is regarded as the shared data by the users that have been circulated on various online sites and institutions which are not being administered. For instance, a contract that has been entered into by both parties through digital means may not be imposed in all jurisdictions. Here, the legal scenario will be ambiguous and unclear.

Robo-Advisors And Legal Responsibility

Robo-advisors are digital platforms that provide automated, algorithm-driven financial planning services with little to no human intervention like Aditya Birla Money’s MyUniverse, Fundsindia, and Goalwise. However, in cases where a party acts upon the opinion of a Robo-advisor and suffers an adverse outcome, who is likely to be held liable for unsound investment advice? The robot, the developer, or the financial architect?

Although there are no separate regulations for Robo-advisors, a consultation paper issued by SEBI states that under the current Investment Advisor regulations, there is no express prohibition for use of automated advice tools by SEBI registered investment advisors.

Outsourcing Core Banking System To The Public Cloud

Negotiations between a financial institution and an outsourcer should submit to absolute requirements to ensure more transparency and stricter standards for data protection and penalties thereof.

Biometric Authentication Using Fingerprint Recognition

The authentication of biometrics can give rise to security concerns although collected with customer consent from the objects that they touch every day. They are subjected to being counterfeited by unauthorized third parties for illegal and malicious purposes.

Legislation In India

The rise of innovation necessitates the need for regulation. Realizing this, the Payments and Settlement Systems Act, 2007 (PSS Act) was promulgated which provides for the regulation and supervision of financial transactions in India.

Under the PSS Act, 2007, two Regulations have been made by the RBI, namely, the Board for Regulation and Supervision of Payment and Settlement Systems Regulations, 2008 (BPSS Regulations) and the Payment and Settlement Systems Regulations, 2008 (‘PPS Regulations, 2008’).

The BPSS is empowered for authorizing, prescribing policies, and setting standards for regulating and supervising all the payment and settlement systems in the country and exercises its powers on behalf of the RBI under the PSS Act, 2007.

Further, the PPS Regulations, 2008 lays down the procedural requirements for commencing or carrying on a payment system.  It covers matters like the form of application for authorization for commencing/ carrying on a payment system and grant of authorization, payment instructions, and determination of standards of payment systems.

In furtherance of the same, RBI and SEBI have set up the Working Group on Fintech and Digital Banking and the Committee on Financial and Regulatory Technologies respectively with the task of assessing the opportunities, risks and challenges presented by the rapid growth of fintech in India.

Recent Suggestions By Steering Committee

The Steering Committee on Fintech Related Issues set up by the Ministry of Finance, recently issued its report, in which it takes stock of developments in the fintech space, globally and in India. It makes 45 recommendations to enable fintech, particularly in critical sectors of the economy, and to promote ‘ease of doing business’ in India.

Its focus areas include removing the disparity between the bank and non-bank players, supporting Micro, Small and Medium Enterprises (MSME) and the agricultural sector to promote financial inclusion, supporting the role of data in lending and enabling digitization of key processes.

KYC Reforms

The Supreme Court, in its recent ruling, held that Aadhar can no longer be used for purposes of electronic authentication by fintech companies for KYC purposes. The Committee first recommends exploring alternative KYC models, such as e-Sign, non-face-to-face boarding, use of documents in the Digi Locker, and video-based KYC.

In order to further reduce costs, the Committee also suggests enabling the Central KYC (‘C-KYC’) registry to take off, such as via keeping upload of KYC data free and download chargeable based on the user pays principle, and by naming a deadline for making the C-KYC registry operational.

Open Banking

A large focus of the report is to enable open, real-time, and equal access to data. The Committee thus suggests that open and equal access APIs of relevant datasets be created, such that fintech solutions can be built using them. Data here must be anonymized or included with consent.

An interesting recommendation which borrows from the European concept of open banking is that financial sector regulators study the potential of open data access, to enable better competition in financial services.

The Committee recommends that open banking commences with, for example, opening up rejected credit applications (referral pools) with banks, available on a consent-basis to a neutral marketplace of alternate lenders. Similarly, it suggests that the RBI opens up bank data available to fintech firms this way.

Dematerialisation Of Financial Instruments

To give fintech a boost, it also suggests that regulatory changes be introduced to dematerialize financial instruments, such as those for fixed deposits, small savings certificates, sovereign gold bonds, and so on.

Similarly, it suggests that amendments be introduced to allow paperless legal alternatives for all legal processes having a bearing on financial services, such as permitting alternatives to wet signatures, digital alternatives for power-of-attorneys, wills, cheques, etc.

Inter-Regulatory Coordination On Fintech

The Committee recommends that in addition to the creation of a regulatory sandbox by each regulator, there is a need for inter-regulatory coordination to support hybrid financial products and common distribution, where licensing or regulatory requirements of more than one regulator may have to be complied with, development of common standards on RegTech and SupTech, consumer protection measures, sandboxes, etc.

Regulatory Overhauls To Support Innovative Business Models

As hybrid models emerge, traditional regulations and divides of regulatory authority need a relook. Therefore, SEBI is in the process of implementing two sandboxes under the guidance of the Committee on Financial and Regulatory Technologies (CFRT):

  • Regulatory sandbox for limited purpose testing of innovative fintech products and business models in a live test environment on real customers
  • Industry sandbox where fintech firms can test their solutions isolated from the live market. The purpose of industry sandbox is to provide a collaborative space accessible to all the fintech participants including the regulators. SEBI envisages the Industry Sandbox Framework as a platform of shared knowledge and data developed, operated, and maintained by the industry wherein fintech firms can test their innovations before rolling out into the live market or approach regulatory sandbox.

Global Framework


AML Regulations are helpful in detecting and reporting suspicious activities and also for predicting offenses in money laundering and terrorist financing. Bank Payment obligations are a new payment method that is being developed based on data matching, for tackling the problems of risk mitigations and other financial payment obligations. It is an irrevocable initiative that has been undertaken which are conditioned to the rules by the International Chamber of Commerce.

Intraday Liquidity Standards have been introduced by the Basel Committee on Banking Supervision which monitors the data and ensures that they comply with the norms and regulations. P2P Lending Regulations have been designed with a regulatory framework for additional consumer protection.

This mainly deals with transparency and the availability of information in relation to customer protection. Electronic Identification and Trusted Services are a set of regulatory standards for electronic identification and for digital transactions in the European markets.

United Kingdom

There is no particular framework that governs FinTech firms in the UK. The regulation of such firms mainly depends on the nature of the activities that are being conducted by the firms, their nature, and the scale of the business.

The Financial Services and Markets Act, 2000 established the FCA and PRA as the main regulators of the UK for service businesses which provide them with statutory powers to generate rules under the Act. The rules in the FCA and PRA are technologically neutral, the increase in the number of FinTech firms have led to rising in more regulatory developments. It has greater clarity on the regulatory approach to crypto-assets and the second is in the forthcoming changes in the UK’s anti-money laundering regime.

United States of America

All fintech industries in the USA are not subject to a fintech-specific regulatory framework by any single federal or state regulator. Rather, it is based on the various activities undertaken by a fintech company that may be subject to laws and regulations at the federal and state level. The number and complexity of potentially applicable U.S. regulations to any single fintech firm have drawn some criticism as a potential barrier to entry and hindrance to the growth of U.S. fintech.

As regulators work to develop regulations that will govern that fintech space, the uncertainty behind the evolution of fintech regulations remains. Fintech companies have to undergo a rigorous and hold a heavy burden of undergoing licensing and registration with multiple state regulators, subjecting such fintech companies to regulation and supervision by the laws and regulations of each such regulator.


Berkshire Hathaway Inc. invested over $300 Mn for a 3-4% stake in Paytm along with other investors such as Softbank and Alibaba demonstrates the promise of the fintech industry at large. India is on the cusp of the fintech revolution, accelerated in part by the Government’s policy initiatives and development of the Indian Stack.

Sonam Chandwani

Sonam Chandwani

Sonam Chandwani is the Managing Partner at KS Legal & associates and heads the firm’s Corporate Litigation Practice.

Leave a Reply