The National University of Advanced Legal Studies, (NUALS)

(A State University established by Act 27 of 2005 of the Kerala State Legislature)

Kalamassery, Kochi-683503, Kerala

Information Technology Law Assignment

FinTech Law and Policy in India

Submitted by: Liya Fathima

6th Semester
1642
Introduction
Financial technology or Fintech has undoubtedly transformed our interaction with financial
services. Let it be digital payments to online lending, fintech has assured convenience and
accessibility to millions of people around the world. The fintech industry has developed
significantly over the past few years, and the government has recognized the necessity for a
regulatory framework to govern this rapidly evolving sector. Here, we will examine the laws and
policies governing fintech in India and their influence on the industry. Moreover, the challenges
faced by the regulators in the course of ensuring safety and soundness of the financial system
while simultaneously promoting the growth and development will also be looked into.

Earlier, the industry started its operation majorly in the banking sector. With time, it has extended
and expanded its utility in the insurance, asset management, payment gateway sectors etc. With
the rapid evolution of the sector, there has been a tremendous wave of alterations in the way
business transactions are carried out and the way monetary services are performed. Moreover,
the evolution of the industry from Credit Cards in the 1950s to ATMs in the 1960 and finally
giving the market Net Banking Facilities in the 1990s. The ulterior motive of the industry is to
make financial transactions convenient for all the consumers out there.

Though there have been ample developments in the industry, the major growth took place after
the 1990s. With the establishment of applications like Paypal, Paytm, Google wallets etc. the
fintech industry has geared up and is still growing. As technology advances, there is an
increasing need to regulate the products and services that FinTech companies provide. The
primary regulatory bodies in charge of this industry are the Reserve Bank of India (RBI), the
Insurance Regulatory and Development Authority of India (IRDAI), the Securities Exchange
Board of India (SEBI), the Ministry of Corporate Affairs, and the Ministry of Electronics and
Information Technology (MEITY). The appropriate regulatory authority in charge of its products
and services would be in charge of a FinTech company's governance. For instance, the RBI
regulates FinTech companies that deal with account aggregation, peer-to-peer lending,
cryptocurrencies, payments, etc. The FinTech framework in the country is lacks a coherent
sequence and no body of law governs the FinTech services. Lacking a unified set of laws, the
sector is difficult to manage.
Few of the key regulations applicable to FinTech companies in India:

The Indian Parliament sanctioned the Payment and Settlement Systems Act, 2007, which
governs and oversees the nation's payment and settlement systems. The Act aims to establish a
legislative framework for the creation of secure, reliable, and effective payment and settlement
systems, including mobile payments, credit card transactions, and electronic payment systems.

The Payments and Settlements Systems (PSS) Act, 2007 regulates the payments in the country.
As per the PSS act, a “payment system” cannot be formed or operated without RBI’s prior
consent. Under the act, a “payment system” is defined as a “system that permits payment to be
made from one person to another.” However, the concept of stock exchange is excluded from the
Act. Payment methods include PPIs, money transfer services, smart card operating systems, debit
and credit card operating systems. Before a payment system is initiated to put into operation, the
RBI authorisation is necessary. Therefore, compliances under this enactment are requisite for the
FinTech companies to operate.

The Companies Act, 2013

A comprehensive law covering the regulation and operation of corporations in India is the 2013
corporations Act. The Act was passed to replace the outdated Companies Act of 1956, and since
then, it has undergone a number of revisions to keep up with the nation's shifting corporate
environment. As per Indian FinTech laws, the Act of 2013 is relevant as it lays down the legal
framework for the incorporation, registration and the operation of the companies in the country.
Fintech companies either private or public can be registered depending on their size and extend
of business objectives. Therefore, is compulsory for the FinTech businesses must register under
the Companies Act, 2013 and abide by all of the rules and regulations put forth by the act like
any other business taking place in the country. FinTech businesses like Paytm, PhonePe etc are
incorporated under the Act of 2013.
Peer to Peer Lending Platforms
The Peer-to-Peer Lending Platform Directions of 2017 specify the lender exposure guidelines
and borrowing caps for P2P lending platform activities in India. Peer-to-peer (P2P) lending
platforms have become a well-liked substitute for conventional banking channels in India since
they enable people and businesses to borrow and lend money without using a middleman.
However, in the early years of P2P lending, there was little regulatory control, which raised
issues with systemic risk, fraud, and investor protection. In response, the Reserve Bank of India
(RBI) announced P2P lending platform guidelines in 2017 with the intention of fostering
transparency, equity, and stability in the industry. The RBI has set forth some key provisions
regarding P2P lending as well. These guidelines have aided to improve and develop the
credibility and reliability of P2P lending platforms in India while also keeping in watch the
security of the borrowers and lenders. This has emerged as a viable alternative to traditional
banking in India as it has provided access to credit to millions of businesses and individuals in
the formal financial sector.

NCPI Regulations on UPI Payments:

A statutory organisation called the National Payments Corporation of India (NPCI) is in charge
of governing and overseeing the nation's digital payments ecosystem. The creation and
regulation of the Unified Payments Interface (UPI), which has become a well-liked and practical
method for people and businesses to transmit and receive payments electronically, is one of the
major efforts undertaken by the NPCI. India's UPI payments are governed by the NCPI's UPI
Procedural Guidelines. This framework mandates that banks produce money transfer services
over UPI systems. Banks are permitted to work with technology suppliers to manage mobile
applications for UPI payments as long as they adhere to the NCPI's prudential standards and
eligibility requirements.

The NPCI has issued several regulations and guidelines for UPI payments in India, aimed at
promoting safety, security, and efficiency in the system. The key provisions of these regulations
are as follows:
 1. Transaction limits: The NPCI has set transaction limits for UPI payments, to ensure that
the system is not misused for large-value transactions. The current transaction limit is Rs.
1 lakh per transaction for most banks, although some banks may have lower limits.
2. Two-factor authentication: UPI payments require two-factor authentication, which
includes an amalgamation of a PIN or password and a biometric factor such as a
fingerprint or face recognition. This aids in preventing the unauthorized use and access to
UPI accounts.
3. Encryption and security: The payments are encrypted end-to-end which typically means
that the data of the transaction is secure and it cannot be intercepted to be tampered with.
It has also put for that the security protocols for the payments including firewalls,
detection system and other fraud monitoring tools.
4. Dispute resolution: A dispute resolution system has also been set up by the NPCI in the
case of disputes arising during transactions. It enables the customers to file a complaint
and seek redressal for the same. This allows the customers to not be unfairly impacted by
errors and fraudulent transactions.
5. KYC requirements: The users are asked to complete the KYC protocol, ie, Know Your
Customer. The customers are required to provide identity and proof documents which
enables to prevent the misuses of UPI accounts for illegal activities such as money
laundering etc.

NBFC Regulations

All NBFCs are governed by the Reserve Bank of India Act of 1934. Any organisation offering
fintech services in India must register with the RBI, per its requirements. No NBFC may start or
operate a non-banking financial institution without first obtaining a certificate of registration
from RBI, according to section 45-IA of the RBI Act.

Regulations Governing Payment Banks

The payment banks do conduct banking business, but on a lower scale. Both loans and credit
cards cannot be issued by it. The Banking Regulations Act of 1949's Section 22 grants these
banks licences and registration as private limited companies. The activities of the banks are
restricted by certain licencing requirements, particularly for the acceptance of demand deposits
and for payments and settlements.

Prevention of Money Laundering Act

The Prevention of Money Laundering Act of 2002 (PMLA), the Prevention of Money
Laundering Rules of 2005, and the KYC Master Directions are the main regulations that
establish anti-money laundering requirements and operational guidelines for businesses that
provide financial services in the country. According to the aforementioned legislation, banking
companies, financial institutions, and intermediaries are required to verify clients' identities, keep
records, and transmit information to the Financial Intelligence Unit - India (FIU-IND) in a
predetermined format.

Information Technology Act

The importance of safeguarding consumer privacy and data has increased as more and more user
information, particularly behavioural and financial information about individuals, is gathered and
held by FinTech platforms. India currently lacks an effective system for protecting user data. The
two primary pieces of legislation governing personal data privacy are the Information
Technology Act of 2000 (IT Act) and the Rules on IT (Reasonable Security Practises and
Procedures and Sensitive Personal Data or Information).

FinTech companies must also abide by the IT Act's rules. Businesses are responsible for damages
under Section 43A if they don't take appropriate security measures to safeguard customers'
sensitive personal data. Penalties for divulging information in violation of a legitimate contract
are established by Section 72A. Individuals' personal information is crucial to FinTech
companies. The mandatory data security laws must be followed in order to stay out of legal
trouble.

Conclusion
To conclude, FinTech has enabled increased access to financial services, innovation and
competition, regulation and consumer protection all with the collaboration of traditional financial
institutions. It has helped in increasing financial inclusion which ultimately promotes and
ensures economic growth. The sector however lacks a codified system of rules governing the
same, nevertheless it has been successful in making financial services accessible for everyone.