All Things Newz
Law \ Legal

FinTech Newsletter: Recent Legal Developments And Market Updates In India (April 01, 2022 – June 30, 2022) – Fin Tech

To print this article, all you need is to be registered or login on


The recent developments and updates in the second quarter of
2022 are reflective of a potential remarkable year ahead for the
fintech industry. The quarter has witnessed the introduction and
announcement of several key initiatives and changes by the Reserve
Bank of India (“RBI“), with an aim to
drive digitisation and enhance the outreach for digital payments in
India. Some of the key updates in this sector are (1) introduction
of the “Payments Vision 2025”, – which is a document
setting out the roadmap that the RBI proposes to follow over the
next few years to bolster digital transactions and empower users
with accessible and affordable payment options in India; (2) the
launch of ‘open network digital commerce’, – which is
an initiative to develop open and interoperable infrastructure for
the e-commerce industry in India that is expected to particularly
boost businesses of small merchants; and (3) the consolidation of
the Credit Card and Debit Card – Issuance and Conduct Directions,
2022, – which has set out comprehensive instructions to card
issuers on matters involving the issuance process and safeguards,
telemarketing and strategic partnerships, among others. While some
of these developments have been hailed by the market as a step
forward in the right direction, some of the other measures
introduced during this quarter have also created uncertainties. For
instance, the recent circular issued by RBI on loading of prepaid
payment instruments (“PPIs“) through a
credit line has put the future of several marquee fintech players
in a limbo. Such measures are likely to impact the growth of this
sector which was earlier expected to grow at an estimated rate of
7.5%, this year.

This newsletter highlights these key developments and measures
as well as other developments in the Indian fintech space from
April 01, 2022 to June 30, 2022.


Indian Computer Emergency Response Team
(“CERT-In”) directions

On April 28, 2022, CERT-In issued ‘directions relating to
information security practices, procedure, prevention, response and
reporting of cyber incidents for safe & trusted internet’
(“CERT-In Directions“) pursuant to
subsection (6) of section 70B of the Information Technology Act,
2000. The CERT-In Directions have come into effect from June 27,
2022. This deadline has however been extended to September 25, 2022
for Micro, Small and Medium Enterprises

The CERT-In Directions have covered different dimensions of
cybersecurity measures and set out very extensive and onerous
compliances and reporting requirements on all service providers,
intermediaries (including financial intermediaries), data centres
and body corporates to whom it is applicable. Some of the key
provisions in the CERT-In Directions are as follows:

  • All entities are required to report any cyber incidents to
    CERT-In within 6 hours of noticing the incident or being brought to
    notice about such incidents.

  • All entities are to mandatorily enable logs of all their
    information and communication technology systems and maintain them
    securely for a rolling period of 180 days and the same must be
    maintained within Indian territorial jurisdiction.

  • Virtual asset service providers, virtual asset exchange
    providers and custodian wallet providers must mandatorily maintain
    all information obtained as part of know your customer
    (“KYC“) checks and records of financial
    transactions, for a period of 5 years.

  • All data centres, virtual private server providers, cloud
    service providers and virtual private network
    (“VPN“) providers are required to
    collect certain information in relation to customer accounts
    including contact numbers, names, etc., and store it for a period
    of 5 years even after the cancellation or withdrawal of such

  • CERT-In has the power to issue orders to entities mandating
    them to take action or provide information that assists CERT-In to
    prevent, pre-empt or address cyber incidents.

Establishment of Digital Banking Units

RBI’s guidelines on establishment of digital banking units
(“DBU Guidelines“)1 were
issued following the announcement made in the Union Budget 2022-23
for setting up 75 DBUs in 75 districts to commemorate 75 years of
independence of India. The DBU Guidelines seek to promote
digitalisation of existing banks.

A DBU is a specialised fixed point business unit or hub, housing
certain minimum digital infrastructure for delivering digital
banking products and services as well as servicing existing
financial products and services digitally, to enable customers to
have cost effective, convenient access along with an enhanced
digital experience in an efficient, paperless, secured and
connected environment with most services being available in
self-service mode at any time, all year round.2

Scheduled commercial banks with past digital banking experience
in tier 1 to tier 6 centres have been permitted to open DBUs with a
direction to deploy adequate cybersecurity measures and use various
tools and methods to create awareness about digital banking.
Additionally, these banks have been provided an option to engage
digital business facilitators or business correspondents, in
conformance with relevant regulations, to expand the virtual
footprint of DBUs.

It may be relevant to note that as recently as June, 2022, the
RBI governor discouraged the idea of operating and regulating full
stack ‘digital only banks’.3 The RBI governor
stated that there was no proposal currently to regulate neo-banks
as it was felt that existing banks and non-banks could adopt
additional technology for delivering banking services
digitally.4 The DBU Guidelines accordingly are
reflective of the sentiment shared by the RBI governor as the RBI
for the time being aims to aid existing regulated banks offer
better digital services while being disinclined about regulation of

Credit Card and Debit Card – Issuance and
Conduct Directions, 2022 (“Card Directions”)

The RBI issued the Card Directions which are applicable to every
scheduled commercial bank (excluding payments banks, state
co-operative banks, and district central co-operative banks) and
all non-banking financial companies
(“NBFCs“) operating in India, effective
from July 1, 2022.5 The Card Directions have been issued
to regulate the conduct of credit and debit payments, and to
provide an elaborate set of instructions to be followed by
card-issuers. The Card Directions have replaced the master circular
on credit card, debit card and rupee denominated co-branded
pre-paid card operations of banks and credit card issuing NBFCs
released in 2015 (“Master Circular of
“).6 The new directions are more
elaborate and have provided more clarity by explicitly providing
the scope of co-branding arrangements and the roles of card-issuers
and cobranding partners.

While most of the conditions have been reinstated from the
Master Circular of 2015, the key distinction between the Card
Directions and the Master Circular of 2015 is that the Card
Directions have also allowed NBFCs to issue credit cards in tie-up
with other banks after obtaining the approval of the RBI.
Additionally, under the Card Directions, a co-branding partner has
been restricted from accessing the customer’s transaction data
and from being involved in any of the processes or the controls
relating to the co-branded card except for being the initial point
of contact in case of grievances.

Draft guidelines on ‘processing and settlement
of small value export and import related payments’ (“Draft
OEIF Guidelines”)

As per the extant guidelines on processing and settlement of
export related receipts facilitated by online payment gateways that
were issued by the RBI in November, 2010 (“Existing
“), banks are permitted to offer a facility
of processing and settlement of import and export-related
remittances by entering into standing contracts with online payment
gateway service providers (“OPGSPs“). In
the Draft OEIF Guidelines issued by the RBI, the concept of an
OPGSP has been replaced with that of an online export-import
facilitator (“OEIF“).7 In
this context, several additional responsibilities are proposed to
be placed on an OEIF to reinforce consumer protection. For
instance, an OEIF is required to ensure that the buyer is
compensated and protected from liabilities that may arise from
cross-border imports before the delivery of goods and digital
products. It is also the responsibility of an OEIF to indicate the
exact amount that can be refunded before a purchase is made.
Additionally, an OEIF is accountable for the creation of a reserve
fund for refunds in cases of disputes.

One of the other major changes proposed through the Draft OEIF
Guidelines is an increase in the cap on the transaction limits for
the online import and export of digital goods and products, which
is now proposed to be fixed at USD 3,000 and USD 15,000,

Overall, the Draft OEIF Guidelines aim to modify the Existing
Guidelines to simplify and rationalise the process for settlement
of payment for export and import through e-commerce, given that
more than 300,000 MSME exporters already rely on OPGSP services to
collect payments.8 The additional compliance burden and
financial risk on the putative OEIFs is something the RBI will need
to navigate with stakeholders.

Open Network for Digital Commerce

ONDC is an initiative launched by the Department for Promotion
of Industry and Internal Trade with the aim of promoting open
networks for all aspects of exchange of goods and services over
digital or electronic networks.

ONDC is an open-sourced methodology which is independent of any
specific platform. The network is based on an open protocol that
will display products and services from all participating
e-commerce platforms on one single network as an aim to democratize
India’s online market. The open protocols would be used for
establishing public digital infrastructure to enable exchange of
information between providers and consumers.

ONDC protocols aim to standardize operations like cataloguing,
inventory management, order management and order fulfilment. Thus,
small businesses will be able to use any ONDC compatible
applications instead of being governed by specific platform centric
policies. Through ONDC, consumers can potentially discover any
seller (small or big), product or service by using any compatible
application or platform, thus increasing the freedom of choice for
consumers. As a result, ONDC would standardize operations, promote
inclusion of local suppliers, drive efficiencies in logistics and
lead to enhancement of value for consumers. However, the
responsibility for onboarding of sellers and buyers and the
management of the end-to-end order lifecycle will continue to
reside with the relevant digital e-commerce applications and

All existing digital e-commerce applications and platforms are
free to voluntarily choose to adopt and be a part of the ONDC
network and accordingly, it is not a mandatory direction.

Payments Vision 2025

The RBI released the ‘Payments Vision 2025’, which is a
document that sets out a roadmap outlining the vision of the RBI in
so far as the legal framework is concerned surrounding digital
payments and digital banking in India to increase the number of
digital payment transactions threefold by 2025. The core theme of
the document is “E-Payments for Everyone, Everywhere,
Everytime (4 Es)” with the vision to provide every user with
safe, secure, fast, convenient, accessible, and affordable
e-payment options (6 attributes).

Some of the key initiatives under the Payments Vision 2025

  • Implementing alternative authentication mechanism(s) for
    digital payment transactions in light of increasing instances of
    phishing, vishing and smishing attacks, and the vulnerabilities of
    one-time password-based authentication to such attacks;

  • Implementing a real or near real time reporting of payments
    fraud and operationalising an integrated system called the Central
    Payments Fraud Information Registry wherein all stakeholders can
    share information and initiate necessary corrective action to
    prevent frauds;

  • Given the emerging geo-political risks, exploring the
    possibility of mandating domestic processing of payment
    transactions by the payment system operators;

  • Intention to undertake a comprehensive review of different
    types of PPIs including the definition of closed-system PPIs and
    related aspects;

  • Regulation of bigtechs and fintechs in the payments space to be
    explored and a discussion paper to be published;

  • Evaluation of charges for all payment systems such as switching
    fee, interchange fee which are incurred while undertaking digital
    payments services, to ensure that such charges do not deter digital
    payments adoption;

  • A framework on internet of things device payments covering
    aspects of data security, authentication, identity validation, etc.
    is intended to be introduced;

  • Linking credit cards and credit components of banking products
    to unified payments interface

  • Contemplating the issuance of guidelines on payments involving
    ‘buy now pay later’ (“BNPL“)

  • Undertake a comprehensive review of Review of Payment and
    Settlement Systems Act and regulations keeping in view the dynamic
    nature of the payment ecosystem;

  • Expansion of inter-operability to contactless transit card
    payments in offline mode;

  • Expanding the global footprint of domestic payments systems
    like UPI by collaborating with relevant stakeholders. Furthermore,
    the feasibility of expanding real time gross settlement to settle
    transactions in major trade currencies such as USD, Pound, Euro,
    etc. is intended to be explored through bi-lateral or multi-lateral

  • To facilitate cross-border remittances using national
    electronic funds transfer, and remittance facilities as the one
    undertaken in the Indo-Nepal Remittance Facility Scheme is intended
    to be extended to other countries; and

  • Constitution of a Payments Advisory Council with experts with a
    legal background along with those with expertise in payments
    technology and banking as well as representation from consumer
    groups, fintechs and start-ups, data analysts etc.

Framework for authorization in financial
technologies on International Financial Services Centres

The International Financial Services Central Authority
(“IFSCA”) issued a framework for authorisation in
financial technologies on IFSCs on April 27, 2022 (“IFSC
Framework”) with a view to develop and regulate financial
products, financial services and financial institutions in IFSCs
and to encourage promotion of fintech across the spectrum of
banking, insurance, securities, and fund management in IFSCs. It
also aims to facilitate Indian fintechs seeking access to foreign
markets and foreign fintechs seeking entry into India.

Through the IFSC Framework, IFSCA has invited applications for
fintech Regulatory Sandbox and will accordingly grant limited use
authorisation to the eligible fintech entities. This would enable
them to apply and avail grants under the IFSCA Fintech Incentive
Scheme 2022. The IFSC Framework also incorporates the inter
operable regulatory sandbox mechanism, which is a proposed
mechanism to facilitate testing of innovative hybrid financial
products or services falling within the regulatory ambit of more
than one financial sector regulator.

Accordingly, the IFSC Framework aims to serve as a unified
regulator for banking, capital markets, insurance and funds
management in IFSC, and accordingly enable fintech firms having
innovative ideas or solutions across the banking, capital or
insurance sector to have seamless interaction with a single

Modifications to the Payments Infrastructure
Development Fund (“PIDF”) Scheme

The PIDF Scheme was operationalised by the RBI from January 01,
2021 and is being modified by enhancing the subsidy amount and
simplifying the subsidy claim process for the deployment of points
of sale (“PoS“) infrastructure (physical
and digital modes) in tier-1 to tier- 6 centres and north-eastern
states of the country.10

Click here to continue reading . . .


1. Reserve Bank of India – Notifications




5. Reserve Bank of India – Master
Directions (


7. Reserve Bank of India – Database (


9. International Financial Services
Centres Authority (

10. Reserve Bank of India – Press
Releases (

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

Source link

Related posts

Pillar Two (WTS Global ICT Newsletter) – Tax Authorities

Anti-bribery: Without Proper Due Diligence, You Can Be Held Liable For Third-party Corruption – White Collar Crime, Anti-Corruption & Fraud

Show Us The Money: Net Zero Financing For Canadian Businesses (Energy Disruptors Day 3) – Renewables