IFLR is part of the Delinian Group, Delinian Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2023

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

Navigating banking and finance in India from a fintech perspective

Sponsored by


Anu Tiwari, Anindita Bhowmik, Ritu Sajnani, Utkarsh Bhatnagar and Bharath Sridhar of Cyril Amarchand Mangaldas consider how technology has changed the sector

Technology coupled with creative business models and increased access to affordable internet is changing our experience of making payments, lending, trading, and investment making it more affordable, convenient, inclusive, and democratic.

Digital payments

Transforming India's payment infrastructure has been on the Reserve Bank of India's (RBI) agenda for a long time and RBI has been resolutely approaching this goal in the past couple of years. The RBI has taken significant regulatory measures recently to regulate payment intermediaries, payment data, tokenisation of cards and e-mandates on recurring payments.

Regulation of payment intermediaries

The RBI released a discussion paper to initiate public consultation on the regulation of intermediaries responsible for collection and settlement of digital payments between the merchants and customers in September 2019.

For the purpose of regulation, the discussion paper differentiated intermediaries that merely provided technological infrastructure for payment without actually handling funds from those that actually collected funds from consumers before transferring them to merchants. The former class of intermediaries are categorised as payment gateways (PGs), whereas, the latter were payment aggregators (PAs).

Bearing in mind the importance of regulation of these intermediaries and the role in handling funds, RBI issued the 'Guidelines on Regulation of PA and PG' dated March 17 2020, followed by a clarification issued by the RBI dated March 31 2021 (PA/PG Guidelines).

The PA/PG Guidelines regulated PAs in its entirety while only providing baseline technology related recommendations for PGs. These guidelines were a major overhaul over the previous Intermediaries Circular issued by the RBI on November 24 2009.

“The 2021 Bill allows for certain exceptions for promoting the underlying technology of cryptocurrency"

The PA/PG Guidelines initially required existing non-bank PAs to apply for authorisation to the RBI before June 30 2021, which timeline considering the ongoing pandemic, was extended to September 30 2021 vide RBI's notification dated May 21 2021. Further, e-commerce marketplaces cannot continue to provide PA services after September 30 2021, and apply for authorisation if the intention is to continue.

Notably the PA/PG Guidelines replace nodal accounts with escrow accounts. Further, it also introduces the concept of 'core amount' in escrow, which would be eligible to earn interest. Escrow accounts would be considered as a 'designated payment system' under section 23A of the Payment and Settlement Systems Act, 2007 (PSSA) such that consumers would have first charge on the balance of escrow accounts in the event of bankruptcy proceedings being initiated.

To ensure interoperability, standardisation, and security of the infrastructure, the PA/PG Guidelines have specified technology related guidelines. Unlike PGs, PAs have to mandatorily ensure compliance with these technology related guidelines.

The March 31 2021 clarification clarified that PA/PG Guidelines are not applicable to 'delivery v payment' transactions, i.e. where delivery of goods/services takes place immediately/ simultaneously on the completion of payment by the customer.

The PA/PG Guidelines along with the clarification notification has strengthened the payment architecture of India by filling critical regulatory gaps in terms of regulatory oversight; baseline technology; robust data protection, cybersecurity, and audit framework; anti-money laundering (AML) safeguards; periodic reporting to the RBI; merchant onboarding and merchant monitoring; and dispute resolution.

Further, the interest earned on the 'core amount' in escrow accounts would be a new avenue for PAs to monetise their business.

Data localisation

The RBI had prescribed data localisation requirements with respect to financial data through its circular dated April 6 2018 (DLC), which directed all payment system operators (PSOs) to ensure that data related to payment systems operated by them is stored only inside India. It includes full end-to-end transaction details which were collected/processed/carried as part of the payment instruction and message. However, a copy of the payments data can be stored in a foreign country if the transaction has a foreign leg to it.

Through FAQs dated June 26 2019, the RBI clarified that if the payment transaction is processed abroad, the related data and all its copies should be deleted from the foreign systems and such data should be brought back to India and stored here exclusively within one business day or 24 hours of the transaction, whichever is earlier.

Vide a letter dated March 26 2021, the RBI has also directed all authorised PSOs to regularly submit a compliance certificate for data localisation requirement to it at half-yearly intervals and more recently, the RBI prohibiting certain card networks from onboarding new customers due to non-compliance with the DLC.

Card data storage and tokenisation

The PA/PG Guidelines have subjected PAs to the same data storage obligations as given for PSOs under the DLC. The PA/PG Guidelines also proscribe merchants and PAs from saving customer card credentials/other related data in their databases.

The March 31 2021 clarification extended the deadline for non-bank PAs until December 31 2021, to enable PAs and participants to put in place workable technological solutions for non-storage of customer card credentials, with suggestions of 'tokenisation' of card numbers as per the RBI's circular on 'Tokenisation – Card transactions' dated January 8 2019 (tokenisation circular).

The March 31 2021 clarification also stipulated that merchants are not allowed to store payment data irrespective of them being payment card industry data security standard (PCI-DSS) compliant, except to the extent required to tracking the transaction in compliance with applicable standards, aimed at protecting financial data of consumers, and enhancing safety and security of payment systems.

E-mandates on recurring online transactions

The RBI has laid down guidelines related to e-mandates through its circular titled 'Processing of e-mandate on cards for recurring transactions' dated August 21 2019, which is applicable for transactions performed using all types of cards – debit, credit and prepaid payment instruments (PPIs), including wallets. It also prohibited levying of charge for availing e-mandate. The circular is effective from September 1 2020.

In January 2020, the scope of the circular was extended beyond cards and wallets to cover UPI transactions as well. The RBI, through notification dated December 4 2020 increased the maximum transaction limit from 2000 rupees (approximately $27.44) to 5000 rupees. Further, processing of recurring transactions (domestic or cross-border) using cards/PPIs/UPI under arrangements or practices not compliant with the e-mandate framework should have been discontinued after March 31 2021.

However, the RBI, vide a circular dated March 31 2021 extended the deadline for compliance by six months to September 30 2021.

Digital lending

A number of digital lending platforms have spawned over the last few years providing instant collateral free loans to people with minimal to no credit history. However, some of these platforms have been found to have dealt fraudulently employed unethical means to recover money and misused personal data.

The RBI recognised the need to rein in these platforms to ensure healthy lending practices and consumer protection. Consequently, the RBI set up a working group on digital lending on January 13 2021, to review digital lending activities and devise an appropriate regulatory approach.

In June 2020, the RBI issued a circular requiring banks and non-banking financial companies (NBFCs) lending through owned or outsourced digital lending platforms to adhere to the Fair Practices Code and guidelines on outsourcing of financial and IT services.

It is imperative that the RBI devises a comprehensive regulatory framework for regulation of digital lending platforms, striking a balance between protecting consumer interests, while allowing digital lending platforms to innovate and offer services to underbanked populations.

Norms and changes around video KYC

Against the backdrop of the ongoing pandemic, the RBI eased the know your customer (KYC) requirements vide its 'May 10 2021 amendment to Master Direction on KYC' (KYC direction).

Video-based customer identification process (V-CIP) is an alternate method of customer identification with facial recognition and customer due diligence by undertaking secure and live audio-visual interaction with the customer to obtain identification information. V-CIP is treated on par with face-to-face CIP.

The KYC Direction allows banks to convert limited Aadhaar OTP based e-KYC authenticated accounts of individuals to full KYC accounts upon V-CIP. The RBI has extended the deadline for completing pending KYC to December 31 2021. It has also permitted V-CIP for customers who are small businesses, proprietorship firms, authorised signatories and beneficial owners of legal entities. Consumers have also been allowed to use DigiLockers to share the documents required for identification.


There are primarily three different types of models in neo-banking where:

  • The licensed entities are branchless and completely digital;

  • Existing licensed entity offers digital-only services under a different brand/ unit; and

  • Consumer facing non-banks (fintech companies) partner with licensed banks and financial institutions to provide a software overlay that enables availing of any banking facility by the consumer.

The last two models of neo-banking can be found in the Indian market.

At present, India does not permit digital only banks. However, the pandemic has necessitated banking services with minimal physical contact and highlighted how digital only banks is the way forward.


The RBI has been sceptical of cryptocurrencies so it published a 2018 circular prohibiting banks from dealing in cryptocurrencies and servicing entities or persons owning or transacting in cryptocurrencies.

The circular was challenged in the case of Internet and Mobile Association of India v Reserve Bank of India, wherein the Apex Court, while affirming the RBI's power to take measures in the interest of a robust monetary policy of India.

However, that respite was short-lived as the inter-ministerial committee tasked with examining cryptocurrencies, introduced the Banning of Cryptocurrency and Regulation of Official Digital Currency Bill, 2019 (2019 Bill) to ban cryptocurrencies, followed by the Cryptocurrency and Regulation of Official Digital Currency Bill, 2021 (2021 Bill).

However, the 2021 Bill allows for certain exceptions for promoting the underlying technology of cryptocurrency, i.e. distributed ledger technology (DLT) and its uses. Like the 2019 Bill, it also aims to create a facilitative framework for issuance of central bank digital currency by RBI.

The Central Economic Intelligence Bureau, an arm of the Finance Ministry, has also recently put forward a proposal to impose 18% GST, saying it could potentially gain 7,200 crore rupees annually on crypto transactions. It is considering to tax buying and selling of cryptocurrencies under the category of supply of goods, while levying tax on crypto exchanges, miners, and wallet service providers for provision of services.

The Ministry of Corporate Affairs also amended Schedule III of the Companies Act, 2013, requiring companies to disclose details of their trade and investments in cryptocurrency.

The government's stance on cryptocurrencies is uncertain and vacillating and long overdue.

Fintech hub at GIFT City

Gujarat International Finance Tech City (GIFT City) is an emerging hub for innovative products, fintech solutions, and start-ups and currently the only notified International Financial Services Centre (IFSC) in India.

IFSCs are established and regulated under the International Financial Services Centres Authority Act, 2019, and supervised by the International Financial Services Centres Authority (IFSC Authority).

The IFSC Authority released a Framework for Regulatory Sandbox on October 19 2020 to facilitate enterprises working in banking and finance to test their innovative products in real time in a controlled environment. It has also released a consultation paper on Proposed International Financial Services Centre Authority (Issuance and Listing of Securities) Regulations, 2021.

It offers a model for financing innovative business models, especially those in the areas of environment, social and governance (ESG), fintech, corporate restructurings including issuance and listing of securities by start-ups, small and medium-sized enterprises (SMEs) and special purpose acquisition company (SPACs), including debt securities on ESG and smart cities.

The IFSC Authority has recently notified the IFSC Authority (Market Infrastructure Institutions) Regulations, 2021 (MII Regulations), with the objective of regulating market infrastructure institutions (MII), such as stock exchanges, clearing corporations and depositories, operating from IFSCs. The IFSC Authority has increased collaborative and cooperation efforts with international and domestic bodies.

Evolving technology

Though technology has drastically changed the financial and banking sector, the regulators have kept with the changing pace to ensure smooth regulation of the sector. Despite the admirable efforts by the regulators, there are certain pressing regulatory issues in digital lending, crowd funding, and cryptocurrencies which require attention.

The Covid-19 pandemic is having far-reaching implications on the banking sector and the pace of adoption of new technologies. It has unprecedentedly highlighted the significance of digitisation of banking and payment activities.

Click here to read all the chapters from the 6th IFLR Asia Fintech Special Focus 2021


Anu Tiwari


Cyril Amarchand Mangaldas

T: +91 86 5758 2145

E: anu.tiwari@cyrilshroff.com

Anu Tiwari is a partner and co-head of the fintech sector at Cyril Amarchand Mangaldas. He specialises in corporate and financial regulatory practice.

Anu has represented many Indian and multinational fintech, banking, broker-dealer, exchange, asset management, speciality finance and information/emerging technology companies on transactional, enforcement and regulatory matters. His transactional practice focus is on public and private M&A, capital raising, commercial agreements and activism matters.

Anu is a member of the Bar Council of Bar Council of Maharashtra and Goa, the RBI Committee on Household Finance and the SEBI Working Group on Mutual Fund Regulation.


Anindita Bhowmik


Cyril Amarchand Mangaldas

T: +91 22 2496 4455

E: anindita.bhowmik@cyrilshroff.com

Anindita Bhowmik is a partner at Cyril Amarchand Mangaldas. She specialises in corporate and financial services and has over a decade of experience and advises clients in the areas of restructuring, joint ventures, asset and business transfers, acquisitions and private equity investments, both listed and unlisted.

Anindita regularly advises on matters in relation to companies law, takeover regulations, insider trading regulations, listing and disclosure regulations, FEMA, and corporate governance.

Anindita advises financial services clients, including Indian and global fintech and technology companies on transactional and regulatory matters before the Reserve Bank of India and the Securities and Exchange Board of India.


Ritu Sajnani

Principal associate designate

Cyril Amarchand Mangaldas

T: +91 22 2496 4455

E: ritu.sajnani@cyrilshroff.com

Ritu Sajnani is a principal associate designate at Cyril Amarchand Mangaldas. She is adept at handling a wide array of corporate actions and transactions, including demergers, acquisitions, slump sales, business transfers, public issues, private placements and buy-backs.

Ritu has represented Indian and multinational fintech, banking, broker, exchange and asset management companies on transactional and regulatory matters and has been instrumental in setting up of GIFT cities, receivables exchanges, trading segments and NSE Academy Limited in the NSE Group.

Prior to working at Cyril Amarchand Mangaldas, Ritu was an in-house legal counsel for the NSE, Tata and the Reliance Group.


Utkarsh Bhatnagar

Senior associate

Cyril Amarchand Mangaldas

T: +91 22 2496 4455

E: utkarsh.bhatnagar@cyrilshroff.com

Utkarsh Bhatnagar is a senior associate at Cyril Amarchand Mangaldas. His transactional practice focus is on public & private M&A, commercial agreements and regulatory matters.

Utkarsh has represented various Indian and multinational fintech, information/emerging technology companies, and also pharmaceutical, and healthcare companies on transactional, enforcement and regulatory matters.


Bharath Sridhar

Senior associate

Cyril Amarchand Mangaldas

T: +91 22 2496 4455

E: bharath.sridhar@cyrilshroff.com

Bharath Sridhar is a senior associate at Cyril Amarchand Mangaldas. He is a member of the general corporate and financial regulatory practice.

Bharath advises Indian and multinational financial services clients on transactional (including strategic investments, private equity, M&A), corporate commercial contracts, regulatory and enforcement matters.