“Any sufficiently advanced technology is indistinguishable from magic.”
Indian financial sector regulators are trying hard to keep pace with the magic.
Welcome to this month’s FinTales. If you missed our previous editions, you could read them here.
In this edition, we explore the need to balance security and convenience (in payments). Indian regulators’ approach in dealing with advancement in financial technology and Big Tech. Possible regulation of digital media intermediaries. Cooperation between regulators for efficient fintech regulation. El Salvador making bitcoin a legal tender. And RBI prohibiting Mastercard from onboarding new customers.
Let’s dive in!
Payment solutions need a fine balance between security and convenience
Security and convenience are often opposing forces. The regulator wants to make payments safe. Industry wants to make them frictionless. Or even experience-less. In fact, the best payment experience is no-payment experience. Which is why buy-now-pay-later (BNPL) products are booming. Not because users want the credit. They want the instant gratification of buying now and paying later. “I see it, I like it, I want it, I got it” as Ms. Ariana Grande would say.
But market surveys also reveal that users don’t want to compromise on security. Even if it comes at the cost of convenience. BNPL also added an additional layer of security. Customers are not required to enter their (bank or card related) details on every e-commerce website. This contributes to BNPL’s popularity.
For card payments, the balance between security and convenience may soon topple over. Merchant and payment aggregators (PAs) have been storing card details – the card on file feature. So that, users need not enter their card details every time they make a payment. But now, this will be disrupted. As the RBI has asked merchants and PAs to stop saving card details from 31 December 2021. RBI has also suggested tokenisation as a solution. Which replaces card details with a token. And makes tokenisation essential to keep the ball rolling (for card payments).
The global payment industry is showing signs of confidence in tokenisation. Samsung Pay was the first to offer tokenised card payments in India. And other payment companies are also joining-in. Last month, Google Pay partnered with Visa and leading banks like SBI to offer tokenised card payments. Besides market adoption, RBI also recognized the benefits of this technology. And allowedcard networks (like Visa and MasterCard) to offer tokenised card payments. Globally, tokenisation has mitigated fraudulent payment by 26 %. And it does not significantly change customer experience. Thus, reducing the burden on UPI.
But tokenised card payments also have challenges. Payment companies must devise a new system to tokenise and de-tokenise card details. All the stakeholders (including banks) will have to invest in infrastructure and technical know-how. So, there is a long way to go before tokenised card payments become as ubiquitous as UPI.
Bespoke approach needed to regulate Big Tech in financial services
“In God we trust. In Big Tech we antitrust?” was one of our favourite stories from last week. It was about Big Tech’s tussle with US and Indian anti-trust laws. And concerns of anti-trust regulators around Big Tech’s monopoly. It also resonated with Big Tech’s foray in India’s financial sector. Which is making financial regulators equally anxious.
Last month, RBI voiced its concerns. In its financial stability report, RBI flagged how Big Tech’s foray in India’s financial sector creates competition, operational, data privacy, and cyber security risks. RBI is fearful that Big Techs are too big to fail, which could pose systemic risks.
With these concerns in mind, RBI has proposed a sketch of regulatory framework in its report. The regulation will be two pronged: entity-based and activity-based. It will control financial risks and security-based risks.
Given the risks, regulation of Big Tech in the financial sector is inevitable. But it is equally important to remember their contribution to democratising financial services. For instance, Google Pay and PhonePe played a crucial role in the UPI success story. Which in turn promoted financial inclusion. Competition, data and financial regulators must coordinate on a national and global level to create an enabling regulatory framework. Agile technology needs agile policymaking. And the trick lies in finding the right balance (between regulation and innovation).
Is regulation of digital banking intermediaries imminent?
Despite having their foot in the door, regulation of digital intermediaries is ambiguous. RBI considers them as ‘outsourced service providers’ of the regulated entities. Their business models are not green-lit by RBI. And RBI regulates them (indirectly) through their banking partners. There is no clear line between what these entities can and cannot do.
And RBI wants to step in. Reportedly, RBI will soon draw a clear framework for intermediaries. It will define what these entities are. And prescribe compliance yardsticks. RBI is also mulling over a light-touch regulatory approach. And rightly so. Putting these entities in the same bucket as banks and NBFCs is an overkill. RBI will also re-align regulations for banks, NBFCs and other regulated entities. A proposal for self-regulation is also on the table.
A consultative approach and self-regulation will get the best minds in the industry on-board for policy making. Industry bodies like IAMAI and iSPIRIT have already expressed interest to be self-regulatory organisation for digital payments. And can contribute to policy making and self-regulation of the digital intermediaries too.
Inter-regulator panel formed to solve fintech’s regulatory dilemma
Most fintech platforms started by scaling one (or two) products. Paytm championed wallets. Google Pay and PhonePe led UPI. And now fintech platforms want to offer a bouquet of financial products. Especially since payment products work on low or zero margins. So, payments data is crucial to cross-sell other more lucrative products – like lending, insurance and instant credit.
Offering multiple financial products on a single platform is a powerful value proposition. But it makes regulating these platforms challenging. SEBI governs mutual funds. IRDAI regulates insurance. And RBI oversees payments and lending. So, these regulators must work in harmony to regulate platforms that offer multiple financial products regulated by different regulators.
A lack of harmony between regulators can hurt consumer interest. Like mutual fund investors were left in a state of flux because of settlement delays at NPCI’s end. NPCI upgradation of NACH coincided with SEBI’s new regulations, which stated that (net asset) value of mutual fund will be the value on the date of settlement. As settlement were delayed, investors using NACH auto-mandate feature missed out on gains they expected. Better communication between SEBI and NPCI could have prevented this.
Anticipating these challenges, the Financial Stability and Development Council (FSDC) formed an inter-regulator panel last month. The panel includes officials from RBI, SEBI, IRDAI and finance ministry. And is tasked to set up processes for inter-regulator communication. This will certainly help. Regulators will be able to strike the desired balance between regulation and innovation. By avoiding overlapping regulations and overregulation. At the same time, fintech companies will have more clarity on compliances. This will also introduce proper checks and balances in the system. Seems like a win-win.
Bitcoin becomes legal tender
Before you are startled, we are not talking about India. Here we are talking about El Salvador – the first country in the world to makebitcoin a ‘legal tender’.
This changes a few things – for El Salvador and the world. Immediately after El Salvador’s announcement, Paraguay and Panama initiated conversations to join the bandwagon. For El Salvador, while using bitcoin was not illegal before, making it a legal tender gives it the government’s backing. One can no longer refuse to accept bitcoin as a form of payment. The mandatory nature of acceptance may however cripple citizens that lack the appetite for bitcoin’s volatility. On the flip side, it also remains to be tested how many people actually use bitcoin for payments. Bitcoin’s price moved by 50% in May. Many see bitcoin as an asset for investment, and not as a form of payment.
Making bitcoin a ‘legal tender’ might make sense for a country like El Salvador – which gave up its own currency in 2001 and adopted the US dollar. But whether other countries (especially major economies) will follow suit is yet to be seen. Maybe El Salvador presents the world a proof of concept. And guides other economies of what lies ahead if they choose bitcoin (or any other crypto-currency) as a legal tender.
RBI prohibits Mastercard Asia from onboarding new customers
In last month’s FinTales, we wrote about RBI’s tough stance on non-compliance with data localisation norms by global players. Now, after American Express and Diners Club, RBI has restricted Mastercard from onboarding any new customers from 22 July 2021. Because Mastercard failed to comply with data localisation norms and submit related audit reports. With this, it appears that global players have no option but to comply with RBI’s data localisation norms.
Tell us what you think about the developments we covered. Or if you’d like us to cover any other development in the next edition.
Write to us at contact@ikigailaw.com
See you in August!
Yours,
Ikigai Fintech Team
