Category Archives: regulatory updates

Authorisation of New Retail Payment Systems : RBI’s Policy Paper

Reserve Bank of India (“RBI”) vide its press release on January 21, 2019 has invited comments on the Policy Paper on Authorisation of New Retail Payment Systems (“Policy Paper”). Earlier in June 26, 2018 RBI had released a Statement on Developmental and Regulatory Policies which aimed to minimize the concentration risk in retail payments systems and foster innovation and competition in the retail payments market. With this objective in mind RBI has placed this Policy Paper in public domain, inviting comments till February 20, 2019.

Existing retail payment services and operators in India

RBI is the regulator for payment and settlements systems under the Payment and Settlement Systems Act, 2007 and it ensures that the payment systems operate in a secure and efficient manner with regard to banks as well as non-bank entities. Banks have been the traditional gateway to payment systems but with the demand for varied payment systems and technological changes, non-bank entities have been granted access to the payment systems. These non-bank entities have been competing with the banks by providing retail electronic payment services. As a result, RBI has been issuing guidelines for various payment systems and granting the non-bank entities to setup and operate payment systems. It is to be noted that RBI had granted permission to eighty- nine (89) non-bank entities to act as payment system operators.

Analysis of the current landscape w.r.t retail payment system operators

Though there are many payment systems such as card networks, Prepaid instrument issuers (PPIs), ATM networks, etc. there are only a handful of payment operators in India. As a result of which, there are concerns around concentration and competition and its impact on the current financial of the country. Therefore there are a number of issues which need attention. The issues for discussion are as follows:

  1. a single operator having multiple and varied retail payment systems versus diversification across multiple operators;
  2. payments systems managed by a single operator such as Unified Payments Interface (UPI), Immediate Payment Service (IMPS), Aadhaar Enabled Payment System (AePS) ,etc. versus multiple systems with similar product features being offered by multiple operators;
  3. availability of a window for licensing operators of a payment system on-tap; and
  4. reviewing the criteria of licensing to foster innovation and competition and to broad base potential applicants.

RBI has classified the payment systems as follows:

Serial Number. Basis of Classification Particulars
1. Number of operators 1.    Single operator for a single or multiple retail payments systems

·         NPCI- National Financial Switch (NFS), IMPS, BHIM Aadhaar Pay, National Electronic Toll Collection (NETC), etc.

·         Empays-IMT


2.    Multiple operators for similar payment services- to name a few:

·         ATM networks- 5

·         Card Payment Networks- 5

·         Prepaid Payment Instrument (PPI) issuers- 48 non-banks and 60 banks


2. Type of payment services Classification on the payment service based on the end user as under:

1.    Fund transfer and merchant payments systems- IMPS, UPI, PPI, Aadhaar based payments, etc.

2.    Card based payments- Card networks, ATM networks

3.    Bulk and repetitive payments, utility payments- NACH, BBPS

4.    Toll collection- NETC

5.    MSME receivables’ financing- TReDs

NPCI has become pivotal to the operation of many critical retails payments systems in the country. By October 2018, NPCI was accounting for almost 48% of the retail electronic payment transactions (excluding paper) in volume to 15% of the value of the retail electronic payment transactions.

The advantages of having concentrated system operations with few entities are as follows: (a) leads to standardisation with uniform and tested payment systems; (b) less pressure on capital and infrastructure; and (c) a unity of approach by the regulators. Whereas the disadvantages of having a single operator are as follows: (a) absence of redundancy and fall-back arrangements may impact continued availability; (b) inadequate competition may lead to complacency with no upgradation and improvement in the product; and (c) increase of the prices at which the services are being offered with reduction in quality of service.

The Policy Paper also discusses a multi-pronged action for a more appropriate level of retail payment systems and operators.

The pros of having multiple entities which provide similar payment services would be to increase the competition. However, this may require additional investments, creation of a suitable infrastructure, and this may be achieved over phases. Also, the feature of adding inter-operability in the new payment systems would incur huge costs.

Open and keep-on-tap window for making applications

There can be an open and keep-on-tap window for making applications by all the payment systems in place. This window would permit the receipt of applications for all payment systems and would prescribe for a specific “point of arrival” metric which would allow the entities who are unable to achieve the desired capacity and scale to have a defined-time line exit.

Liberal entry norms

The Policy calls for a liberal entry norm which would require reviewing the entry point capital (net worth) requirement and an analysis of the capability potential of the entities. Finally the Policy also recommends that all payment systems should have a physical presence in the country, an impeccable track record, and shall conform to the best overall standards including those pertaining to customer service and efficiency.

The Policy also makes it clear that there should be an alignment of regulatory framework to encourage enhanced participation of both bank and non-bank entities.

Further, Annexure III of this Policy Paper lays down the authorisation criteria for non-bank payment system operators which discusses the review possibility of the financials in terms of the reduction or revision of the net worth for payment systems such as WLAOs, BBPOUs, and TReDS.



Significant Beneficial Owners Rules – Disclosures

SEBI vide its circular number SEBI/HO/CFD/CMD1/CIR/P/2018/0000000149 dated December 7, 2018 issued this circular in  exercise  of  the  powers  conferred  under  Section  11  and Section  11A  of  the  Securities  and  Exchange  Board  of  India  Act,  1992  read  with Regulation 31 and Regulation 101(2) of the Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015, in the in the interest of transparency.

This circular is in furtherance to the previous circulars and notifications (SEBI Circular No.  CIR/CFD/CMD/13/2015 and Companies (Significant Beneficial Owners) Rules, 2018 notified June 2018 by the Ministry of Corporate Affairs). SEBI clarified and laid down specific disclosures with respect to the shareholding pattern to determine the significant beneficial ownership.


  • Modification: The format specified in the Annexure to the circular shall be Table V  under clause  5 of  the format of  holding  of  specified  securities specified  in  the circular No. CIR/CFD/CMD/13/2015 dated November 30, 2015.
  • Disclosure: contents of the circular to be brought to notice of all listed entities and onus on stock exchange to disseminate this information though notice and publication in website
  • Annexure contains details of-
  • (i) Significant Beneficial Owner (Name, PAN, Nationality)
  • (ii) Registered Owner (Name, PAN, Nationality)
  • (iii) Particulars of shares held by significant beneficial owner which amount to significant beneficial ownership (the quantum of shares in the form of – exact number, percentage of the total number of shares)
  • (iv) Date of creation of Significant beneficial interest (/acquisition of the shares)

The manner of disclosure, as specified in the Annexure (tabular form) to the circular, will come to force from the quarter ending 31 March 2019.


SEBI: Early warning mechanism to prevent diversion of client securities

Considering the instances where the Stockbrokers have diverted client securities, observed that these diversions were coming to light on failure of these stockbrokers to meet margin and/ or settlement obligations to Stock Exchange/ Clearing Corporation. In this regard, the Securities Exchange Board of India (SEBI), noted the thrust of these diversions towards raising loan against shares on their own account and/ or for meeting securities shortages in settlement obligations and decided on establishing an Early Warning Mechanism as well as facilitating the sharing of information between Stock Exchanges, Depositories and Clearing Corporations.

Aiming at ensuring the effective detection through the insertion of these systems which connect different platforms, SEBI left the threshold for the early warning signals to the discretion of the Stock Exchanges, Depositories and Clearing Corporations, who had to decide this threhold with mutual consultation.


SEBI suggested an indicative criteria of what these early warning signals for the prevention of such diversions could include. The early warning signals were divided into 5 categories:

1.Deterioration in financial health of the stock broker/ depository participant

The parameters for the deterioration were laid out from 3.1 a) to j) and included aspects such as a significant reduction in the net worth, losses including significant mark-to-market loss, delays in reporting requirements, both regarding its financial health and regarding related party dealings, significant activity in dormant accounts, resignation of key personnel (statutory auditors or directors).

2. Securities pledge transactions by the stock broker that are to be identified by the Depositories and shared with Stock Exchanges

Such early warning signals may include alerts for stockbrokers maintaining multiple proprietary accounts, transfer/movement/depletion of large magnitude of shares as well as invocation of pledges of securities.

3. Increase in the number of complaints on grounds of unauthorized trading/ unauthorized delivery instructions being processed and non-receipt of funds and securities.

4.Alerts through the Risk Based Supervision (RBS) or Enhanced Supervision to the Stock Exchanges

Failure to upload required weekly data or misreporting/wrong reporting on such uploads, significant increase in RBS score, recovery and non-recovery of the significant dues to the credit and debit balance respectively.

5.The disabling of stock broker’s terminal for certain number of days in any segment / Stock Exchange in previous quarter

Framing an internal policy: SEBI requires the Stock Exchanges and Depositories to frame internal policies/ guidelines regarding non- cooperation by stock brokers and depository participants during inspections. These policies must lay down the time period, the type of documents critical for closing the inspections. Non-submission of these can be treated as non-cooperation.

  • Mechanism to detect diversion of clients’ securities and effective sharing of information: The information shared amongst stock exchanges includes information regarding- unauthorised/fraudulent transfers, information and clarifications regarding mis-matches, diversion of pay-out securities to non-client account.
  • Alerts triggered at place shared to all other participants.
  • A non-exhaustive list of actions that can be initiated by stock exchanges includes: imposition of limits, cross-checking of details, conducting meetings, undertaking uniform action of deactivation of trading terminals, blocking certain percentage of available collateral.
  • Actions that can be taken by depositories include and are not limited to, restriction of further pledges, impositions of concurrent audits and restrictions (to the point of cessation) on uses of Power of Attorney.

The mechanism suggested in this circular is to be implemented with effect from 1 February 2019 and all Stock Exchanges, Clearing Corporations and Depositories must adopt the suggested mechanism along with preventive actions.


Proposed amendments to Cinematograph Act – Stringent penalties for copying a film

The Ministry of Information and Broadcasting (“Ministry”) vide a public notice has invited comments from the public regarding the proposed Cinematograph Act (Amendment) Bill.

The Ministry proposes stringent penalties for recording, attempting to record or abetting the recording or transmission of a film or part thereof by introducing a new sub-section, that is, sub-section (4) of section 7 in the Act which currently reads as follows:

“Notwithstanding any law for the time being in force including any provision of the Copyright Act, 1957, any person who, during the exhibition of an audiovisual work, cinematographic in an exhibition facility used to exhibit cinematograph films or audiovisual recordings and without the written authorization of the copyright owner, uses any audiovisual recording device to knowingly make or transmit or attempt to make or transmit or abet the making or transmission of a copy or visual recording or sound recording embodying a cinematograph film or audiovisual recording or any part thereof or a copy of sound recording accompanying such cinematograph film or audiovisual recording or any part thereof during subsistence of copyright in such cinematograph film or sound recording, shall be punishable with imprisonment not exceeding three years and shall also be liable to fine not exceeding Rs.10 Lakhs, or to a term of imprisonment for a term not exceeding three years or both.”

The proposed provision uses non-obstante language to over-ride any existing law including the Copyright Act, 1957. This seems unjustified as the objective of the Cinematograph Act is to regulate the certification of cinematograph films for exhibition and that of the Copyright Act is to protect copyright. Hence the piracy issue should have been dealt with by amending the Copyright Act instead of the Cinematograph Act.

Further the proposed provision prescribes a stringent penalty of imprisonment for up to three years with the possibility of an additional fine.


  1. Public notice seeking comments on the draft amendment to the Cinematograph Act-

  1. Cinematograph Act, 1952.

Tokenisation of card transactions – RBI notifies

RBI vide its notification no. RBI/2018-19/103 dated 8 January 2019 has permitted authorised card payment networks to offer card tokenisation services to any token requestor i.e. a third party application subject to certain conditions.

Conditions to be fulfilled

  • Tokenisation and de-tokenisation services shall only be performed by authorised card networks and the recovery of Primary Account Number (PAN) should be feasible for the authorised card networks only. Safeguards should be put in place to ensure that PAN details cannot be found from the token and vice versa.
  • The requests for tokenisation and de-tokenisation shall be logged by the card network and available for retrieval.
  • The actual card data, token, and other relevant details shall be stored in a secure mode. Token requestors shall not store PAN or any other card details.
  • Card networks shall get the token requestor certified for (a) token requestor’s systems, including hardware deployed for this purpose, (b) security of token requestor’s application, (c) features for ensuring authorised access to token requestor’s app on the identified device, and, (d) other functions performed by the token requestor, including customer on-boarding, token provisioning and storage, data storage, transaction processing, etc.
  • The card networks shall get the different entities involved in the payment transaction chain certified with respect to the changes done for processing the tokenised card transaction.
  • All the certification and the security testing by the card networks shall conform to the international best practices or globally accepted standards.
  • Additional conditions have been prescribed for the registration of card details by a customer such as: (a) the registration of card on the token requestor’s app shall only be done via taking the explicit customer consent though additional factor of authentication (“AFA”) and not by way of a forced/default/automatic selection of check box, radio button etc. (b) The AFA validation during card registration as well for authenticating any transactions shall be as per the RBI’s instructions, (c) Customers will have the option to register or deregister their card for a particular purpose i.e. contactless, QR code based, in-app payments, etc. (d) Customers will have the option to set and modify per transaction and daily transaction limit for such transactions. (e) Velocity checks may be put in place by card issuers/card networks (f) The customer shall be free to use any card registered with the token requestor app for performing a transaction.
  • Secure storage of token and associated keys should be ensured by the token requestor on successful registration of card.
  • Customer support services such as reporting the loss of an identified device or any other event which may expose the token to unauthorised usage shall be put in place by the card network along with providing for a dispute resolution process.

The permission has been granted for all channels such as near field communication (NFC), in-app payments, QR code based payments etc. or token storage mechanisms such as cloud, secure element, etc. At present the facility shall be offered through mobile phones or tablets only.

Safety mechanism

RBI issued instructions on safety and security of card transactions including the mandate for an AFA/ PIN which shall be applicable for tokenised transactions along with other instructions issued by RBI from time to time.

Service fee

RBI dictates that no charges should be recovered from the customers for availing tokenisation services.

Monitoring mechanism

Periodic system audits shall be conducted at least once a year by the authorised card payment networks. This system audit shall be undertaken by the auditors of India Computer Emergency Response Team (CERT-IN) and all the instructions with regard to system audit shall also be complied with. A copy of the audit report shall be furnished to the RBI with comments of auditors with regard to any deviations. Further, a report with certain details needs to be submitted on a monthly basis to the Chief General Manager, Reserve Bank of India.


  1. Tokenisation refers to replacement of actual card details with an(sic) unique alternate code called the “token”, which shall be unique for a combination of card, token requestor and device (referred hereafter as “identified device”)

RBI directive to limit customer liabilities

RBI issues directive limiting the liability of customers in unauthorised electronic payment transactions in Prepaid Payment Instruments issued by authorised Non-Bank Issuers.

The Reserve Bank of India (RBI) vide its Notification No. DPSS.CO.PD.No.1417/02.14.006/2018-19 dated 4 January 2019 (“the Directive”) has taken steps to limit the liability of customers in respect of unauthorized electronic payment transactions through Prepaid Payment Instruments (PPIs) issued by Authorised Non-banks. The said Directive should be read alongside with the paragraphs 15 and 16 of RBI’s Master Direction on Issuance and Operation of Prepaid Payment Instruments (“the PPI Master Direction) which already provides a framework for ‘Risk Management’ and ‘Customer Protection’. Under the present Directive, the criteria for determining customers’ liability under the extant framework have been further reviewed.

The provisions of the Directive will be applicable to all authorised non-bank PPI issuers only. Bank PPI issuers will not have to follow the provisions of the Directive. Furthermore, PPI for Mass Transit Systems (PPI-MTS) will be outside the purview of the Directive, except for cases of contributory fraud/ negligence/ deficiency on the part of the PPI-MTS.

For the purpose of the Directive, electronic payment transactions have been divided into two categories for the purpose of the Directive:

  • Remote/Online payments transactions e.g. wallets, card not present (CNP) transactions.
  • Face-to-face/Proximity payment transactions e.g. transactions at point of sale.

The Directive brings forth the following two important changes:

Reporting of unauthorised payment transactions by customers to PPI issuers:

PPI issuers will have to comply with the following conditions:

  1. PPI issuers must ensure that their customers mandatorily register for SMS alert or e-mail alerts (wherever available), and that mandatory SMS or e-mail alert is sent to the customers, and the transaction alert has a contact number and / or e-mail id on which the customer can report unauthorised transactions or notify the objection. Customers must also have 24´7 access via website, SMS, e-mail, or a dedicated toll-free helpline number.
  2. Customers must be advised by the PPI issuers to notify the PPI issuer of any unauthorized electronic payment transaction at the earliest, and that the longer the customer takes to notify the PPI issuer, the higher will be liability of the customer.

A direct link for lodging complaints, with a specific option to report unauthorized transactions, must be provided by PPI issuers on their mobile app, home page of website, or any other evolving acceptance mode. PPI issuers must ensure to resolve the complaint within 90 days from the receipt of the complaint.

  1. PPI issuers should have in place a loss/ fraud reporting system to send immediate response (including auto-response) to customers acknowledging the complaint. All the relevant data pertaining to time and date of deliveries and receipt of customer response must also be recorded within the PPI issuers’ systems.
  1. Limited Liability of a customer:

The Directive limits the liability of customers in stipulated cases based on the number of days the customer takes to report the issue, the longer time the customer takes to report, the higher is his/her liability. The classification of liability is broken down as follows:

  • In case of contributory fraud/negligence/deficiency on part of the PPI issuer, there is no liability of customer.
  • In case of a third-party breach, i.e. neither the customer nor the PPI issuer being responsible for the deficiency, the customer liability will depend upon the number of days lapsed between receipt of transaction communication and the reporting of unauthorised transaction by the customer-
  • If within three days, then no customer liability.
  • If within four to seven days then customer will be liable for the transaction value or Rs. 10,000 per transaction, whichever is lower
  • Beyond seven days the customer liability will be as per the approved policy of the board of directors of the PPI issuer.
  • In case where the loss is due to the negligence of the customer, i.e. cases where customer shares the payment credentials themselves, the customer will bear the entire loss until the customer reports the unauthorised transaction to the PPI issuer. If any loss occurs after the reporting of the unauthorized transaction, it shall be borne by the PPI issuer.

PPI issuers may also decide to waive off any customer liability at their own discretion even if it involves customer’s negligence.

Even in cases where customers are sought to made liable, the burden of proof of negligence/deficiency/liability shall at all times lie with the PPI issuers. Further, the Directive requires the PPI issuer to credit the amount involved in unauthorized transaction within 10 days from the date when customer notifies the PPI issuer about unauthorised electronic payment. This should be done even if such reversal breaches the maximum permissible limit applicable to that type / category of PPI.

The Directive also imposes important compliances in the form of requirement for a board approved policy for customer protection, reporting and monitoring of compliances.


National Medical Devices Promotion Council under the Department of Industrial Policy and Promotion (DIPP)

The Union Minister of Commerce and Industry and Civil Aviation, Suresh Prabhu, on 14 December 2018, announced the setting up of a National Medical Devices Promotion Council (“Council”). Though the medical devices industry has been growing steadily, it is primarily import driven. Thus, the setting up of the Council would perhaps spur domestic manufacture in the sector.

This is an announcement and we look forward to information / notification when the Council is  set up and the processes announced are implemented.

The Council would be headed by the Secretary of the DIPP. Further, it would have representatives from the health care industry and quality control institutions. Institutions such as Andhra Pradesh MedTech Zone, Visakhapatnam would provide technical support to the Council.

The Council will have the following objectives:

  • Act as a facilitation, promotion and developmental body for the Indian medical device industry.
  • Hold periodic seminars, workshops to garner views of the industry and understand the best global practices in the sector.
  • Simplify the approval processes for the medical device industry.
  • Enable the entry of emerging interventions and support certificates for manufacturers to reach levels of global trade norms and facilitate India to become an export driven market.
  • Support the dissemination and documentation of international norms and standards for medical devices by capturing the best practices in the global industry.
  • Drive a robust and dynamic Preferential Market Access (PMA) policy by identifying the strengths of the domestic manufactures and discouraging unfair trade practices in imports.
  • Undertake validation of Limited Liability Partnerships (LLPs) and such other entities within MDI sector which would add value to the industry strengths in manufacturing to gain foothold for new entrants.
  • Make recommendations to government based on industry feedback and global practices.

Available at: