On 5 December, the Reserve Bank of India (RBI) announced a slew of sops for fintech companies. These include, re-introduction of minimum KYC (know-your-customer) PPIs (prepaid payment instruments), revision of P2P (peer-to-peer) lending limits and issuance of on-tap licenses for small finance banks.
This is a part of various developmental and regulatory policy measures for strengthening regulation and supervision; broadening and deepening of financial markets; and improving payment and settlement systems, which the Central Bank announced in its Statement on Developmental and Regulatory Policies.
Key highlights of RBI’s statement pertaining to the fintech sector:
- New Pre-Paid Payment Instruments (PPI)
“PPIs have been playing an important role in promoting digital payments. To further facilitate its usage, it is proposed to introduce a new type of PPI which can be used only for purchase of goods and services up to a limit of ₹10,000,” said RBI in a statement.
The loading / reloading of such PPI will be only from a bank account and used for making only digital payments such as bill payments, merchant payments, etc. Such PPIs can be issued on the basis of essential minimum details sourced from the customer. Instructions in this regard will be issued by December 31, 2019, it added.
Currently, Semi-closed PPIs are used for purchase of goods and services, including financial services, remittance facilities, etc., at a group of clearly identified merchant locations or establishments, which have a specific contract with the issuer (or contract through a payment aggregator/payment gateway) to accept the PPIs as payment instruments. These instruments do not permit cash withdrawal.
On 30 August 2019, RBI granted six months’ extension to PPI issuers, including digital wallets, to do full KYC of its customers.
- Review of NBFC-P2P Directions- Aggregate Lender Limit and escrow accounts
The Reserve Bank had issued directions for Non-Banking Financial Company-Peer to Peer Lending platform (NBFC-P2P) on October 4, 2017. At present, the aggregate limits for both borrowers and lenders across all P2P platforms stand at ₹10 lakh, whereas exposure of a single lender to a single borrower is capped at ₹50,000 across all NBFC-P2P platforms.
A review of the functioning of the lending platforms and lending limit was carried out and it has been decided that in order to give the next push to the lending platforms, the aggregate exposure of a lender to all borrowers at any point of time, across all P2P platforms, shall be subject to a cap of ₹50 lakh, said the Central Bank.
RBI also said that it would do away with the current requirement of escrow accounts to be operated by bank promoted trustee for transfer of funds having to be necessarily opened with the concerned bank. This will help provide more flexibility in operations. Necessary instructions in this regard will be issued shortly, it said.
- On Tap Licensing of Small Finance Banks
In the Second Bi-monthly Monetary Policy Statement, 2019-20 of June 06, 2019, it was announced that the Draft Guidelines for ‘On tap’ Licensing of Small Finance Banks will be issued by the end of August 2019. Accordingly, the Draft Guidelines were placed on the RBI’s website on September 13, 2019 inviting comments from the stakeholders and members of the public.
The Central Bank said that it would issue the final guidelines on 5 December. NASSCOM also submitted its feedback to RBI on the draft guidelines.
- Baseline Cyber Security Controls for ATM Switch application service providers of RBI regulated entities
A number of commercial banks, urban cooperative banks and other regulated entities are dependent upon third party application service providers for shared services for ATM Switch applications. Since these service providers also have exposure to the payment system landscape and are, therefore, exposed to the associated cyber threats, it has been decided that certain baseline cyber security controls shall be mandated by the regulated entities in their contractual agreements with these service providers.
“The guidelines would require implementation of several measures to strengthen the process of deployment and changes in application softwares in the ecosystem; continuous surveillance; implementation of controls on storage, processing and transmission of sensitive data; building capacity for forensic examination; and making the incident response mechanism more robust,” said RBI.
Detailed guidelines in this regard will be issued by December 31, 2019, it added.