The fintech industry in India is growing exponentially, with an increasing number of companies joining the bandwagon. With a fintech acceptance rate of 87%, higher than the global average of 64%, India is in the lead.

This industry, however, has brought with it certain issues relating to data security, money laundering, cyberattacks, consumer protection, and financial stability, among others. This, in turn, has attracted increased regulatory scrutiny.

As the fintech sector flourishes, so do the trials associated with increased scrutiny.

The Reserve Bank of India (RBI), the Insurance Regulatory and Development Authority of India (IRDAI), and the Securities and Exchange Board of India (SEBI) are the main regulatory authorities in India that oversee the fintech industry. However, regulatory actions and decisions bring with them certain associated challenges. Here is looking at what these are.

The first challenge faced by the fintech industry is adherence to the current laws and regulations. These companies do not always fit into the established framework of guidelines, which could result in a lack of clarity and consistency. Regulators are continually releasing and updating guidelines and directives to guarantee legal compliance and safeguard consumers. Adjusting to this dynamic regulatory environment is the second challenge faced by fintech companies. They would have to stay abreast with all changes and adhere to the law as it stands.

Fintech companies also face competition and market entry barriers. They could find it difficult to compete with large, established financial institutions that have greater resources to adhere to the required regulations. One example of this is the need to have adequate capital. Fintech companies could find it challenging to launch and maintain their businesses owing to this.

Adhering to several jurisdictional rules is one of the biggest regulatory hurdles the fintech industry faces. This necessitates that these businesses understand the laws and guidelines of different nations, as well as the specifications for diverse kinds of data. This aspect holds for fintech industries across the globe.

Data Dilemma

One of the main issues facing the Indian fintech industry as a whole – and hence calling for increased regulatory intervention – is data privacy. In the current digital landscape, companies should ensure that their client’s money and personal information are not vulnerable to cyber threats.

India has taken the required measures to aid this by imposing stringent data protection regulations. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 are among the country’s most significant data protection laws. They describe the guidelines and policies that any organization managing personal data must follow, and cover data gathering and protection, as well as sharing and storing practices.

As per an industry research analyst who requested anonymity, while these rules require fintech companies to adhere to several statutory compliances to guarantee the protection and storage of personal data, some of the criteria they put forth are unclear, making it challenging for fintech companies to understand and implement.  Also, the digital landscape has changed dramatically since these rules were announced. These guidelines were developed in an era when social media and cloud computing, two technologies that allow for the processing and sharing of data, were not as widely used as they are today.

Owing to this, there could be gaps in the security of the data processed by these technologies, as these rules do not particularly address the special difficulties and dangers connected with them. This makes it challenging for the fintech industry, as it needs to control and handle concerns of more recent and sophisticated technologies, making it vulnerable to cyber threats.

The recently-passed Digital Personal Data Protection Act, 2023 (DPDP Act), which includes a built-in multilayered grievance procedure, is another example of data protection legislation in India. With its passage, the country now has guidelines around how a person’s data can be used by private or government entities. The Act gives the Indian government the authority, upon referral from the Data Protection Board of India (DPBI), to prevent the public from accessing any information processed within India that is thought to be “in the interests of the general public.”

However, there would be challenges in the process of putting this into practice. For one, it could become very expensive for fintech companies, particularly small and medium-sized ones, to comply with. Additionally, the statute suggests fines for noncompliance up to Rs 250 crore. Furthermore, it might be difficult for some businesses to install the technological safeguards needed to protect users’ data. This entails managing consent, guaranteeing data security, classifying data, and offering procedures for data erasure and portability.

Nearly all Indian firms would be impacted by this Act as a majority would have some personal data stored in digital form. Here again, fintech companies would face the challenge of coordinating new regulations with existing ones, requiring careful consideration of legal requirements for data collection, retention, and compliance roadmap development.

Digital Domain

Another large regulatory obstacle facing India’s fintech industry is e-money. Money that may be used to pay for products and services, and is stored on a digital device or in a digital wallet is referred to as e-money. To control the usage and issuance of e-money for payment, interchange, and settlement by institutions, the RBI has released the Payment and Settlement Systems Act (PSSA). This provides for the regulation and supervision of payment systems in India, and designates the RBI as the authority for that purpose.

Anti-money laundering (AML) and Know Your Customer (KYC) regulations are among the guidelines that organizations providing digital currency services must adhere to. These rules must be followed by the industry to avoid money laundering and the funding of terrorism. Complying with these laws is another regulatory obstacle facing fintechs, as these companies must gather, retain, and authenticate consumer identity documents as part of this procedure. They are also needed to keep track of consumer behavior and notify clients of any modifications in the terms and conditions of their services.

Image by vector_corp

Never Mind the Challenges

Although regulators in the country could have issued directives and regulations to safeguard consumers and guarantee legal compliance that are not in line with the shifting regulatory environment, they can be revised as needed. This would give the fintech industry the much-needed leverage to abide by them.

____________

Written by: AArtie Rau

Share