RBI (and Google) turn their attention to digital lending apps

Welcome to MoneyRules, a fortnightly newsletter from Setu covering fintech regulatory developments in India. Financial services is arguably the most regulated sector of every economy, which means that fintech companies looking to move fast and break things are likely to find themselves on a quick collision course with a powerful regulator. Let’s face it - regulatory changes can (and often do) make or break fintech products overnight, which means keeping on top of these changes are critical to your business. We aim to alert you to these changes, provide context, and demystify where necessary.

Given this is our first edition, we’ve taken some liberties with the time frame covered, but you can usually expect us to cover developments in the previous two weeks. Let’s dive in!

RBI (and Google) turn their attention to digital lending apps#

The RBI set up a working group (WG) to determine whether digital lending apps and platforms need stronger regulation. This move comes soon after the RBI cautioned users last month against the use of ‘unauthorised’ lending platforms, and should also be seen in the backdrop of multiple recent reports about some digital lenders resorting to unscrupulous practices.

Presently, digital lending apps partnering with banks and NBFCs are not required to undergo a separate authorisation process. Their role is solely regulated through the RBI’s respective Outsourcing Guidelines for banks and NBFCs, who are expected to undertake risk assessments before engaging with digital lending apps.

The WG’s scope of work includes reviewing the activities of digital lending partners, and assessing the need for a Fair Practice Code to guide their operations, consumer protection and information security obligations.

Right on the heels of this development, Google announced a renewed effort to protect users from lending and financial services apps that violate the terms of its Play Store, resulting in the removal of dozens of apps.

SEBI suggests separating KYC and account opening#

SEBI has released a consultation paper proposing a modification in the customer onboarding processes followed by SEBI registered intermediaries (RIs). Currently each RI is required to conduct KYC verification on the commencement of any ‘account-based relationship’, and subsequently upload these KYC records with a KYC Registration Agency (KRA).

To prevent duplication of records and to save costs for RIs, the consultation paper proposes separating account opening from KYC verification, and entrusting the latter obligation to KRAs. Under the suggested process, customers would either:

1. directly approach KRAs (through an online system/KRA app) to complete their KYC verification, or

2. approach RIs, who will act as a frontend for the KRA’s app and collect KYC documents on their behalf.

The consultation paper is open for public comments until February 15, 2021.

CKYC takes a step forward#

In more (slightly arcane) KYC-related developments from the last weeks of 2020, the RBI extended the requirement for banks and NBFCs to update the CKYCR to the records of their corporate customers as well.

The CKYCR is the Central KYC Registry, an effort to make it easier for financial institutions to share KYC documents with each other, and help customers by not requiring them to submit the same documents over and over again.

With this update, now all KYC data of legal entities (such as companies or LLPs) who commence ‘account-based relationships’ with RBI-regulated entities after April 1, 2021, must be uploaded to the CKYCR in a specific format. This follows RBI’s stipulation in 2016 asking banks and NBFCs to upload KYC records of all individual customers to the CKYCR.

Crucially, the RBI also clarified that for the purposes of verification, a customer can share their KYC identifier with a financial institution and explicitly consent to the downloading of their records from the CKYCR. While the Prevention of Money-laundering (Maintenance of Records) Rules, 2005 already enabled this, this clarification will hopefully provide impetus to the CKYCR project, and actually make it possible for customers to use this very useful feature.

WhatsApp amends its privacy policy in preparation to become a business platform#

WhatsApp issued an update to its privacy policy, largely with a view to gradually opening up WhatsApp as a platform for transactions and commerce. The update has generated quite a few headlines given the renewed focus on WhatsApp sharing data with other Facebook companies. However, a deeper dive reveals most of the changes to be clarificatory, and a search of our memories reminds us that the data-sharing wall between WhatsApp and other Facebook properties actually came down in 2016. WhatsApp issued FAQs clarifying that personal messages remain unaffected, and explaining the background to the changes.

Why are we covering updates to a messaging app in a fintech newsletter? The future of WhatsApp, particularly in markets such as India, is in the use of WhatsApp as a business platform, including for financial services. And when it comes to business messages, the changes to the privacy policy telegraph some important trends. Many businesses (large and small) have started integrating with WhatsApp through API-based channels to interact with customers. The new privacy policy clarifies the status of these chats, and in particular alerts users to the fact that if a business happens to use Facebook’s secure hosting service (one of multiple options to get onto the WhatsApp API bandwagon), the content of your chats with this business could be viewed by Facebook and used by that business for advertising and other purposes.

All of this was true earlier as well, but WhatsApp taking the trouble to make this more explicit in its Privacy Policy is a clear signal that there will be fresh impetus behind WhatsApp as a transactional platform, and perhaps the rollout of new products and services to help grow this segment.

Articles we enjoyed this fortnight#

Medianama covered recent conflicting reports about the possible reintroduction of MDR for UPI payments, as well as a potential MDR reimbursement scheme.

The NewsMinute reported that Kerala is considering a law to regulate online lenders in the wake of abusive practices coming to light.

Rahul Matthan writing in Mint highlights the cross-regulator cooperation required to effectively address predatory digital lending apps.

Mint covered the RBI Governor’s statement on NPCI potentially becoming a for-profit company, and analyses the potential impact.

BQ Blue covered [paywall] what we believe is the future of fixed deposits (yes, this is a plug!). Imagine investing in FDs through a third party app, with the same ease as buying and selling mutual fund units. We’ve been working hard to make this a reality. Get in touch if you’d like to partner with us on this journey!

These are all our updates for the fortnight, folks! Both of us (Atulaa and Vinay) are on twitter, so feel free to tweet at us or DM with feedback and topics to include in the next edition. If you liked this, please share it with people interested in Indian fintech regulation!