FinTales Issue 22: September 2022

“In a diverse market like India, key is to match right-priced borrower risk to investor/lender risk” -Fintech Founder (State of India Fintech Union 2022)


That’s what Indian fintech does best. Matching the right borrower with the right lender.

RBI’s new digital lending guidelines aim to rid fintech matchmaking from meddlesome interlopers. Or, at the very least, diminish their role. The RBI wants borrowers and lenders to interact with each other directly.

But are fintech platforms meddlesome interlopers? What if we got rid of them? What if borrowers and lenders were left to find each other? I wonder, dear reader, would an advertisement in this dystopia look like this:

Borrower wanted: Reputed cash rich NBFC seeks attractive, young, thin or thick (file) borrower. Credit score no bar. Open to new-to-credit. Cultured phone book contacts required. Share social media profiles, phonebook contacts, SMS history and photo gallery to check if stars align.

Lender wanted: Credit-worthy borrower seeks eligible lender. Must hold valid RBI license, provide interest free credit till salary arrives and offer cashback. Banks preferred but open to NBFCs. To apply, send targeted ads to mobile number, email ID and social media profiles.

Shudder. Maybe we do need those slick fintech apps and algorithms after all. More on this development in our main-course story.

In this edition, we return with our four course FinTales menu.

Appetizers: snackable updates about recent fintech developments.

Main-course: deep dives into the impact of the digital lending guidelines and the debate over payment charges.

Dessert: sweet news about the Ethereum merge.

Takeaway: insightful reads till the next FinTales meal.


Appetizers ?

? Making CBDC a reality

The RBI plans to launch a central bank digital currency (CBDC) for India by end of FY 22-23. Initially, the use of CBDC will be limited to financial institutions and these transactions won’t be anonymous. The use of CBDC will be extended to retail users later and the RBI is still deciding whether to permit anonymity for this segment. Interestingly, the RBI is working with fintechs like US based FIS Global to understand and experiment with different CBDC designs. CBDC is the most high-stakes project in RBI’s history. It can disrupt credit supply and erode financial privacy. But also foster inclusion and reduce crime. Striking the right balance won’t be easy and the RBI certainly has its work cut out.

? Insurtech’s moment in the sun

Last month, IRDAI proposed an amendment to its regulatory sandbox framework. The amendment will increase the experimental period under the sandbox from 6 to 36 months. IRDAI also recently announced its first hackathon – Bima Manthan 2022. The themes for the hackathon include automated death claim settlements, tech-based distribution of insurance products, and fraud mitigation in motor insurance. The winner of the hackathon will receive entry into IRDAI’s regulatory sandbox and cash rewards. With RBI and SEBI offering more sticks than carrots lately, IRDAI’s welcoming attitude may encourage fintechs to set their sights on insurance. And insurtech being the fastest growing fintech segment in India with a CAGR of 57% certainly sweetens the deal.

? ED turns the heat on PAs and crypto exchanges

The Enforcement Directorate (ED) has raided several payment aggregators (PAs) and crypto-exchanges as part of its investigation into the Chinese loan apps scam. The affected parties include Cashfree, Razorpay, Paytm and PayU among the PAs and WazirX among the crypto-exchanges.

??‍⚖️ It’s Gary

No one evokes stronger reactions from the crypto community than Gary Gensler, the US SEC chair. In a recent speech, Gensler expressed his belief that most crypto tokens are investment contracts (and consequently securities). He added that nothing about the crypto markets is incompatible with securities laws and rejected the crypto-industry’s demand for clear regulatory guidance. According to him, the SEC has made its stance clear and the crypto-industry “not liking the message isn’t the same thing as not receiving it.” Yikes, those are some strong words. And they aren’t just words because the SEC is actively investigating and prosecuting several crypto-projects.


Main-course  ?

?️ RBI’s digital lending guidelines: before and after

The RBI issued the digital lending guidelines (Guidelines) this month. The recurring theme in the Guidelines – reducing the influence of unregulated fintech players in the lender-borrower relationship.

The Guidelines prohibit pass-through accounts, impose stricter data protection norms, and mandate reporting of all loans to credit bureaus.  The Guidelines also provide these key clarifications. First, all loans disbursed on or after 2 September 2022 must comply with the Guidelines from that date itself. Loans disbursed before 2 September 2022 must become compliant by 30 November 2022. Second, loans for a specific end-use can be disbursed in the end-beneficiary’s account. This allows disbursal of the loan amount to merchants for buy-now-pay-later (BNPL) products if there’s a specific end-use. Third, synthetic securitization, which involves transfer of credit risk for a loan residing on the lender’s balance sheet through derivatives or guarantees, is prohibited. This has created doubts about the permissibility of first-loan-default-guarantee (FLDG) arrangements.

The Guidelines mark the beginning of a new world order in the digital lending industry. The birth of Christ divided the Gregorian calendar into Before Christ (BC) and anno Domini (AD). The Guidelines too divide the eras of digital lending in India into Before Guidelines (BG) and After Guidelines (AG). To understand how the experience of customers and fintechs will change as we move from BG to AG, here’s a walk through.

The customer’s perspective

Before Guidelines: You see a pay-later option on the check-out page of a grocery delivery app. You download the pay-later app on your device and verify your mobile number via OTP. You notice that by submitting the OTP, you’re agreeing to the app’s terms. But like 77% fintech users, you don’t read the terms and just click next. You fill in basic details like name, age, gender and email ID. The app asks for several phone permissions – contact list, location, SMS, media etc. It doesn’t explain why it needs these many permissions. But since it’s a take-it-or-leave-it, you concede. And voila! You receive instant credit of Rs.2000. It’s not much but it’s enough to buy what you need. Unfortunately, you forget to repay the bill.  And one day you receive a call from a rude recovery agent demanding immediate repayment of your loan taken from an NBFC. You don’t remember taking any loan. And you’ve never even heard the NBFC’s name. What you remember is ordering groceries by using a ‘pay-later’ service. You immediately repay the bill and pray that this oversight hasn’t damaged your credit score. You swear to stay away from the ‘pay-later’ button.

After Guidelines: You see a pay-later option on the check-out page of a grocery delivery app. You download the pay-later app on your device and verify your mobile number via OTP. You tick a box to agree to the app’s terms, you still don’t read them. You fill in basic details like name, age, gender, and email ID. But this time, the app also seeks your income and occupation details.  The app also seeks permission to check your credit score. You consent by ticking another box. The app then seeks several phone permissions – contact list, location, SMS, media etc. And each permission mentions a purpose – KYC, credit-risk assessment, tailored offers etc. Some permissions are essential, others aren’t. You decide to only grant essential permissions and opt-out of the rest. Next, you see a Key Fact Statement pop-up. It says you’re taking a loan from an NBFC. It also lists penal charges in case of default and details of grievance officers and recovery agents. Yikes, this sounds serious. After some thought, you decide to go ahead anyway. But you set multiple reminders to repay the amount because you understand a default could damage your credit score.

The fintech’s perspective

Now let’s see what the story looks like from the fintech’s perspective. How does your experience change as we move from BG to AG era? Imagine you’re a start-up hoping to capitalize on India’s massive credit gap. You’ve built a slick app which allows customers to avail an instant credit line from your partner NBFCs. You’ve also tied up with a payment aggregator (PA) to gain access to its merchant network. The alternative is acquiring merchants on your own – which is too expensive. Through the PA’s infrastructure, your customers can use the credit line from the NBFC to pay any of the PA’s merchants.

Before Guidelines: After approving the loan, your partner NBFC transfers the loan amount to the PA’s account. When the customer makes a purchase using your BNPL facility, the PA transfers the funds to the merchant. When the customer repays her dues, the funds are similarly transferred to the partner NBFC via the PA. So, what’s your role in this fund flow? Well, you’re the conductor of this orchestra. It’s your job to harmonize the activities of multiple lenders, merchants, and customers. For instance, each time a payment is made to a merchant or a repayment is made by a customer, you update the balance on the app. You also decide settlement timelines to merchants to account for returns and refunds. In this manner, you reduce the operational burden of your partner NBFCs and merchants. And make it easier for customers to track all payments and dues in one place.

After Guidelines: After approving the loan, your partner NBFC must transfer the loan amount directly to the customer. And while repaying the loan, the customer must transfer the funds directly to the partner NBFC. The law now prohibits using pass-through accounts of any third-party. It’s unclear whether this prohibition extends to the regulated escrow account of a PA and in which cases the loan amount can be credited directly to the merchant (instead of the customer). For their part, PAs have requested the RBI for permission to act as intermediaries in digital lending transactions. You hope the RBI green-lights this model soon. Because your partner NBFCs and customers can’t deal with each other directly.

Your growth has also slowed down. More customers are dropping-off due to the longer onboarding process and the need for explicit and specific consent. Considering the RBI’s confusing stance on FLDG, your partner NBFC is reluctant to continue its FLDG arrangement with you. Which also makes it reluctant to extend loans to your new-to-credit and thin-file customers. Your job is to underwrite these customers using alternative data and AI. You’re the matchmaker who’s supposed to determine if the borrower and lender are compatible. If you don’t do this job well, the lender will suffer losses. So, the lender wants you to have skin-in-the-game. If customers you’ve recommended fail to repay their loans, the lender wants you to cover part of the losses. As this disincentivizes you from recommending customers who aren’t credit-worthy. If you can’t provide FLDG, the lender can’t trust your underwriting skills and it becomes risk-averse. This also reduces the pool of credit available to underserved customers. You hope the RBI clarifies the conundrum around FLDG soon so you can finally figure out how to adapt to this new world order.

? The hidden cost of a free lunch

Last month, the RBI released a discussion paper on payment charges. For fintech players, the paper’s observations about UPI are particularly relevant. The RBI has sought public comments on whether charges should be (a) levied on UPI transactions, (b) based on transaction value, and (c) fixed by regulation or market forces?

Before we answer these questions, a quick primer on how peer-to-merchant (P2M) payments work in India. Customers typically pay merchants through debit cards, credit cards, prepaid payment instruments (PPIs) and UPI. To accept payments from customers, merchants pay a fee to their bank or payment aggregator (PA). This fee is called Merchant Discount Rate (MDR). The MDR varies depending on the payment method used. For e.g., the MDR for debit cards is capped between 0.3-0.9% depending on the merchant’s turnover and the payment channel. There is no cap on MDR for credit cards and PPIs. And the MDR charged for these modes is around 2-3%. Since January 2020, there is no MDR for UPI and Rupay debit cards. So, merchants don’t pay anything to accept payments through these modes.

The RBI has consistently opposed the zero MDR policy for UPI and Rupay debit cards. But the Finance Ministry has refused to budge. The release of RBI’s latest discussion paper sparked speculation about whether the zero MDR policy would be rolled-back. But the Finance Ministry again refused. It stated that UPI is a “digital public good” and “concerns of the service providers for cost recovery have to be met through other means.” This begs the question: what is a “public good”? During the peak of the COVID-19 pandemic, the Supreme Court recognized vaccines as a public good. And it directed the Central Government to negotiate the price with vaccine manufacturers to procure vaccines for all age-groups. Following this logic, it makes sense for the Finance Ministry to negotiate the MDR for UPI transactions or even set a cap on MDR. But it’s a stretch to argue that merely because something is a public good, private entities must provide it for free.

To be fair, the Finance Ministry provided Rs.1300 crores to banks to cover the cost of UPI and Rupay debit card transactions. But the compensation amount is a fraction of the Rs.8000 crore loss estimated by the industry. Banks are also allegedly pocketing the entire compensation and refusing to share it with payment service providers. These service providers include payment aggregators (PAs) like PayU and Razorpay and Third-Party Application Providers (TPAPs) like Google Pay and Phone Pe.

Payment service providers have done the heavy-lifting in popularizing UPI. They’ve painstakingly distributed QR codes to merchants, conducted KYC of merchants, built user-friendly apps, and funded rewards. So far, payment service providers have been using their own money to fund these activities. But with the value of tech stocks plummeting and a funding winter facing start-ups, that’s not viable anymore.

Payment service providers are also in a uniquely disadvantaged position compared to banks. For e.g., banks will save on physical currency handling costs thanks to higher adoption of UPI. RBI and banks spend around Rs.21,000 crores on currency management annually. Banks can also use the income earned on current and savings account balances to cover the cost of free UPI transactions. Banks don’t pay any interest to current account holders and the interest paid to savings account holders is lower than the interest banks receive from the RBI (known as reverse-repo rate). For e.g., most banks currently pay < 3% to savings account holders whereas the reverse repo rate is 3.35%.  But these benefits and revenue streams aren’t available to payment service providers.

We spoke to Deepak Abbot, Co-founder, India Gold about the problems caused by the zero MDR policy and potential solutions. While the government has declared UPI as a public utility, we need more innovation and merchant adoption which can be done by leading TPAPs if they have monetary incentive linked to it” he explained. “All low-ticket transactions below Rs.1000/2000 can remain free and only large ticket transactions which are generally done on ecommerce platforms or large retail stores can be charged. This takes care of smaller merchants and helps foster growth too” he suggested.

If we want continued innovation in digital payments, the zero MDR policy needs to change. Unless this happens, banks and payment service providers won’t have the ability or incentive to reduce transaction failure rates and improve dispute resolution and fraud prevention. A potential solution is to limit free UPI transactions only to small merchants and levy MDR on large merchants. This can be achieved in different ways. MDR can be levied based on transaction value. Alternatively, MDR can be levied if the merchant’s turnover exceeds a prescribed threshold. The turnover reported by merchants to tax authorities can be used as the basis for classification. The MDR regime for debit cards follows this model with higher MDR for merchants with turnover over Rs.20 lakh.    

Another reason why a tiered MDR regime for UPI makes sense is because processing high-value payments to large merchants costs more. In the UPI system, a small number of high-value payments make up most of the total transaction value. For e.g., in February 2022, 78% P2M payments via UPI were below Rs.500. But 70% transaction value for P2M payments came from payments over Rs.2000. To understand why high-value payments cost more to process, we must consider different components of the payment processing cost. Some of these components remain the same regardless of transaction value but others vary. For e.g., the cost of transmitting and processing data doesn’t change based on transaction value. But the costs relating to settlement guarantee and fraud risk management do. So, processing a high-value payment to a large merchant costs more than a low-value payment to a small merchant. And levying MDR only on large merchants who account for most high-value payments processed through UPI seems reasonable. Without UPI, large merchants will also spend more on cash handling. So, overall, facilitating UPI payments may still be a net gain for them.


Dessert ?

?The Ethereum merge: what’s at stake?  

Ethereum ‘merge’ will change crypto forever. This isn’t clickbait. It’s the title Fortune chose for its piece on Ethereum merge. So, what’s the ‘merge’? And why is everyone talking about it?  

Ethereum is one of the most popular blockchains in the world. It’s home to hundreds of web 3 applications and layer 2 chains. But Ethereum has faced one constant criticism – it hurts the environment. Reports suggest that a single Ethereum transaction has a carbon footprint equivalent to 257,094 Visa card transactions. This is because decentralised systems like Ethereum typically validate transactions through ‘proof of work’. In this, people (you know them as miners) solve complex puzzles using heavy machinery (read computers). By solving these puzzles, miners help validate transactions and get rewarded. Proof of work guzzles energy – by design – to ensure security.  

To solve for this, Ethereum’s been planning to move away from proof of work for years. The merge does exactly this. With it, Ethereum moves to an alternative known as ‘proof of stake’. While proof of stake has the same outcome (as proof of work), it takes a different route. Instead of needing energy guzzling computers, validators need tokens (in Ethereum’s case, its native token ETH). These tokens are locked-up (or ‘staked’) by validators to get a chance to validate transactions. The stake ensures that validators have skin in the game and don’t go rogue. If they do, they lose their stake. Like in proof of work, these validators are duly rewarded for their work.  

Now, since proof of stake can do what proof of work does, without the heavy machinery, it’s environmentally friendly. The Ethereum Foundation believes that this alone will reduce Ethereum’s energy consumption by a massive 99.95% (Claps!). This is a huge relief for the crypto ecosystem, which has otherwise had a horrible year.  

While you process this, here’s why it’s called a ‘merge’. Technically, the primary Ethereum blockchain (which uses proof of work) will merge with a parallel chain, the Beacon Chain (which uses proof of stake). This merger will result in a combined system based on proof of stake.

Here’s Ethereum Foundation’s explanation: imagine Ethereum is a spaceship that isn’t quite ready for an interstellar voyage. With the Beacon Chain, the community has built a new engine and a hardened hull. After significant testing, it’s almost time to hot-swap the new engine for the old mid-flight. This will merge the new, more efficient engine into the existing ship, ready to travel lightyears and take on the universe.   

Right then, fasten your seatbelts. And turn off those mining rigs.   


Takeaway ?

  • An examination of why unauthorised investment advisers thrive in India [Morning Context]
  • A discussion on when data privacy provides diminishing returns for your organisation [Harvard Business Review]
  • A brief explainer on how tech may affect the US Dollar’s clout [Economist]
  • A report on where ESG investments are going wrong [Economist]
  • An exploration of what matrimonial ads say about our society [Live Mint]


That’s it from us. We’d love to hear from you. Tell us what you think about the stories we covered. You can write to us at

See you in October.

If you enjoyed this edition, do share it with friends and colleagues.

the status quo

Bringing what's next...