FINTECH AND LAW
April 18, 2021, 10:30 p.m.
Pens of Law students
Profile of the Author: Sri Vaishnavi M.N. is a third-year student of DSNLU, Visakhapatnam. She has a keen interest in criminal law, constitutional law, human rights, and legal developments.
The fintech industry deals with all kinds of technology relating to financial services. It is defined as financial technology. The Fintech industry includes all those companies which design software or any other technology that facilitates financial services ranging from mobile payment apps such as Google Pay, PayPal, Paytm etc., to cryptocurrency. Fintech plays a vital role in this era of digital space as it helps you make e-payment at the coffee shop, buy goods online, and manage your finances.
In a recent report, it was revealed that India and China reported the highest fintech adoption rate at 87%. Although, the global average fintech adoption rate was 64%. Moreover, India’s fintech market value was INR 1920.16 billion in 2019. It is expected to rise at a compound annual growth rate of 22.7% between the years 2020-2025 and is predicted to reach INR 6,207.41 billion by 2025. 
Data Protection and Cybersecurity
With the increased usage of online financial technology, there is an augmented scope of online financial crime. Consequently, making it imperative to enact the necessary legislation to protect the public interest. Data breach, cybersecurity, etc., are major concerns as hackers can illegally access the data stored with Fintech companies. A recent study shows that there is a cyberattack every 39 seconds. 75% of these cyberattacks begin with email. 80% of them involve stolen credentials, 72% target large firms while 10% receive cryptocurrency mining malware.  Sometimes, these attacks are difficult to detect and defend against them. Fintech companies usually review the procedures to protect the data of business partners, employees, customers and the company’s networks. They also develop systems to protect them from hackers and incidents of the data breach. The delay in detection of the breach or its reporting to appropriate authorities results in negative publicity and legal consequences. The law imposes liabilities and substantial fines on these companies for breach of data in class action suits. Such actions were brought against the fintech companies by the Federal Trade Commission as the companies failed to immediately report the cases of a data breach. Some of these companies include Equifax, Adobe, eBay, Adult Friend Finder, etc. 
Payment and Settlement Systems Act, 2007
The Payment and Settlement System Act (P&SS Act)  was enacted by the Reserve Bank of India (RBI) in December 2007 to regulate and supervise the payment systems throughout India. RBI is the apex authority for all the issues related to the Act. The payment system under Section 2(1)(i) of the P&SS Act enables payment between the sender or payer and the receiver or beneficiary. It involves payment or settlement service, money transfer operations, etc., but excludes the stock exchange. The legal basis for settlement and finality are provided under Section 23 of the Act.
RBI primarily regulates the fintech industry in India. Section 4 of the P&SS Act requires RBI to authorise the commencement of a payment system. Systems that enable the operation of debit or credit cards, prepaid payment instruments, smart cards would be qualified as payment systems. The RBI is authorised under the Act to exercise its powers and perform its functions by constituting a committee known as the Board for Regulation and Supervision of Payment and Settlement Systems (BPSS). It is challenging to complete transactions in a secured manner without the policy guidelines laid down by RBI for regulating the fintech industry.
The ombudsman scheme was initiated by RBI under Section 18 of the P&SS Act. It is similar to the banking ombudsman scheme introduced by RBI in 1995. An ombudsman is a senior officer appointed by RBI to resolve or redress the complaints made against the system participants under Clause 8 of the ombudsman scheme. System participant is defined under the ombudsman scheme as any person other than a bank participating in a payment system. The definition is similar to the one under Section 2 of the P&SS Act. Currently, there are 21 ombudsmen in the state capitals under this scheme.
Prepaid Payment Instruments
Prepaid Payment Instruments (PPIs) are instruments that facilitate the purchase of goods and services. It includes financial services, remittance services, etc., against a stored value on such an instrument. PPIs in India can be either issued by banks or qualified non-bank elements such as prepaid cards or virtual wallets. It can be granted under three different classes that are
- Shut framework or closed system framework PPIs,
- Semi-shut framework or semi-closed framework PPIs
- Open-framework PPIs.
RBI issues directions regarding the issuance and operation of PPIs. It has issued certain eligibility criteria to be qualified as PPI issuers, PPI credits and PPI debits as well as guidelines to be followed by PPI issuers.
NPCI Guidelines Governing UPI Payments
The Unified Payments Interface (UPI) transactions are primarily regulated by the procedural as well as UPI operational and settlement guidelines laid down by the National Payments Corporation of India (NPCI). Only authorised banks can integrate the money transactions made with the UPI network. However, banks are permitted to engage people or companies as technology providers to facilitate UPI payment subject to certain eligibility criteria and prudential requirements prescribed under the NPCI guidelines.
Non-Banking Finance Companies (NBFC’s)
There are a set of rules and regulations governing NBFC licensing and servicing in India. NBFC’s are regulated by the RBI Act of 1934 . An organisation has to fulfil the criteria laid down by RBI to be qualified as a financial service company.
Anti-Money Laundering Regulations
The core legislation dealing with financial transactions in India are the Prevention of Money Laundering Act of 2002 (PMLA) , the Prevention of Money Laundering (Maintenance of Records) Rules of 2005 (PML Rules)  and RBI’s Master Directions or the KYC Master Directions. These are the regulations that define operational guidelines and prescribe anti-money laundering standards.
The fintech industry can be described as financial technology facilitating online payments. The legal issues involved in the Fintech industry include data protection, cybersecurity, biometric authentication using fingerprint recognition, outsourcing core banking or payment systems, etc. The core regulations governing the fintech industry in India are the Payment and Settlement System Act of 2007, Prepaid Payment Instruments, National Payments Corporation of India, Non-Banking Finance Companies, etc. To properly regulate the fintech industry in securing the interest of the public, there should be active engagement between the members such as regulators, clients, and fintech companies as highlighted by RBI.
Q1. What are the legal issues involved in the fintech industry?
A1. The legal issues involved in the fintech industry include data protection, cybersecurity, biometric authentication using fingerprint recognition, outsourcing core banking or payment system, etc.
Q2. What are the core regulations governing the fintech industry?
A2. The core regulations governing the fintech industry are the Payment and Settlement System Act of 2007, Prepaid Payment Instruments, National Payments Corporation of India, Non-Banking Finance Companies, etc.
1. Research and Markets, India's Fintech Market 2020-2025; Expected to Grow at a CAGR of 22.7%, Despite COVID-19 Disruptions (May 29, 2020). https://www.prnewswire.com/news-releases/indias-fintech-market-2020-2025-expected-to-grow-at-a-cagr-of-22-7-despite-covid-19-disruptions-301067857.html
2. The 2020 Cybersecurity stats you need to know, Fintech News (August 20, 2020). https://www.fintechnews.org/the-2020-cybersecurity-stats-you-need-to-know/
3. Dan Swinhoe, The 15 biggest data breaches of the 21st century, CSO India (April 17, 2020). https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
4. The Payment and Settlement System Act of 2007. https://rbidocs.rbi.org.in/rdocs/Publications/PDFs/86706.pdf
5. The Reserve Bank of India Act of 1934. https://rbidocs.rbi.org.in/rdocs/Publications/PDFs/RBIA1934170510.PDF
6. The Prevention of Money Laundering Act of 2002. https://enforcementdirectorate.gov.in/PreventionOfMoneyLaunderingAct2002.pdf?p1=117211488412800032
7. Prevention of Money Laundering (Maintenance of Records) Rules of 2005.