The financial technology sector, or the ‘FinTech’ sector has become one of the fastest-growing sectors in India over the past decade. While the FinTech sector has reshaped and redefined financial services; the unique nature of the sector itself provides difficulty in regulating the sector. Areas such as grievance redressal, data privacy and cyber security are key areas of concern where the ever-evolving and dynamic FinTech sector has proven difficult to regulate.
The Reserve Bank of India (“RBI”) has sought to present a solution to this issue by introducing self-regulation. This article provides an outline on the draft self-regulation framework developed by the RBI and what it may bring to the FinTech sector.
Self-Regulatory Organisation
The RBI has introduced a framework in the form of a Self-Regulatory Organization (“SRO”). The SRO is expected to operate objectively, with credibility and responsibility under the oversight of the regulator and shall have the following characteristics[1]: (i) true representative of the fintech sector; (ii) development-oriented; (iii) independence from influence; (iv) legitimate arbiter of disputes; (v) encouraging members for adherence to regulatory priorities; and (vi) repository of information.
An applicant for SRO should be set up as a not-for-profit company under section 8 of the Companies Act, 2013[2]. Other general requirements include (i) the memorandum of association of such company must state operation as an SRO as a primary objective; (ii) it should have sufficient net worth and demonstrate the capability of establishing the necessary infrastructure to fulfil the responsibilities of SRO effectively, and consistently; (iii) it should have a robust IT infrastructure and (iv) it cannot set up entities/offices overseas without prior approval from the RBI.[3]
Membership of the SRO should comprise of members who are FinTechs, and membership should be voluntary.[4] The SRO should be an entity domiciled/registered in India, but it can have FinTech members domiciled anywhere.[5] The membership fee structure developed by the SRO should be reasonable, and non-discriminatory.[6] The SRO should derive authority through the membership agreements to set rules, standards, codes of conduct, etc., for the members.[7]
In addition to laying down the criteria, the RBI has also set out application requirements[8] and criteria for appointing a board of directors and key managerial persons in a SRO.[9] Where an applicant is deemed suitable based on the requirements, the RBI shall issue a ‘Letter of Recognition’ to such applicant, thus making such applicant an SRO.[10]
The SRO should guide the conduct of its members, ensure that they adhere to industry standards, comply with relevant laws and regulations, and maintain high ethical standards.[11] This involves establishing and enforcing guidelines for consumer protection, data security, data privacy, etc. Broadly, the RBI has outlined four main functions and responsibilities of SRO: (i) setting and establishing rules, benchmarks, technology and industry standards; (ii) establishing a framework for oversight and enforcement; (iii) developmental functions, including encouraging a culture of research and development and organising training programs; and (iv) establishing a grievance redressal mechanism.[12] In addition to this, the SRO shall also have obligations toward the RBI, broadly, to relay sector-specific insights, address regulatory concerns, and to collaboratively work towards the overall development of the FinTech sector.[13]
The SRO shall adhere to the highest standards of governance and uphold transparency, accountability, integrity, fairness, responsiveness, and compliance with all relevant laws and regulations, in addition to developing a robust conflict management system.[14]
What the SRO framework may mean for FinTechs
While the draft framework provides a good overall outline on regulation of the FinTech sectors, certain challenges may be faced in the overall implementation of the framework. For instance, since the suggestion is to have a voluntary membership, suitable incentives for the involvement of unregulated FinTech companies can become a challenge. Similarly, some FinTech entities are partly regulated for a portion of their activities. If such a FinTech entity is a member of the SRO, then there may be a conflict in the overall regulation pattern for such a FinTech entity. Yet another challenge would be the number of SROs that can be granted recognition by the RBI for this purpose. As the FinTech sector is very diverse, one SRO will not be adequate; but the introduction of several SROs can lead to a dilution in responsibilities and in turn, lead to more responsibility on the RBI.
That being said, in the absence of a formal written regulation, self-regulation in the form of SRO can definitely aid in balancing discipline and governance while maintaining the flexibility to adapt to technological innovations, thus contributing to an organised development of the FinTech sector overall.
[1] Point 4, RBI’s Draft Framework for Self-Regulatory Organisation(s) in the FinTech Sector, January 15, 2024, https://rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=1260#CH4, last accessed on January 19, 2024 at 7 PM.
[2]Ibid at point 5.
[3] Supra note 1, at point 5.
[4] Supra note 1, at point 6 (ii).
[5] Supra note 1, at point 6 (iii).
[6] Supra note 1, at point 6 (iv).
[7] Supra note 1, at point 6 (v).
[8] Supra note 1, at point 9.
[9] Supra note 1, at point 7.
[10] Supra note 1, at point 10.
[11] Supra note 1, at point 12.
[12] Ibid.
[13] Supra note 1, at point 13.
[14] Supra note 1, at point 14.