Tag Archives: Fintech

Draft Enabling Framework for Regulatory Sandbox

In July 2016 the Reserve Bank of India (RBI) had setup an inter-regulatory Working Group to look into and report on various aspects relating to fintech. One of the key recommendations of the Working Group was the introduction of an appropriate framework for a regulatory sandbox. Thus on 24th April 2019, the RBI has come out with a Draft Enabling Framework for Regulatory Sandbox (“Draft Framework”).

Before we proceed with the details regarding the Draft Framework it is important to understand the concept of a regulatory sandbox.  Regulatory sandbox (RS) refers to live testing of new products or services in a controlled/ tested regulatory environment for which the regulators may permit certain relaxation in the regulations only for the limited purpose of testing. The RS allows the entities to test their product in a controlled environment before a wider-scale launch. Thus the RS at its core is a formal regulatory programme for market participants to test new products, services, business models with customers in a live environment subject to certain safeguards and oversights.  Further, RBI in its Working Group Paper also discussed the concept of an ‘innovation hub’ which provides support, advice or guidance to regulated or unregulated firms in navigating the regulatory framework or identifying the legal issues.

Eligibility criteria of an applicant

The Draft Framework lays down the eligibility criteria for participating in the RS. The target applicants for entry in the RS are fintech firms which meet the prescribed conditions of a start-up by the Government. The focus of the RS is to encourage innovation where (a) there is an absence of regulations, (b) there is a need to temporarily ease the regulations for the proposed innovation, and (c) the proposed innovation shows promise of easing the delivery of financial services.

The RS shall begin the testing process with 10-12 selected entities through a comprehensive selection process which has been detailed under the ‘Fit and Proper criteria for selection of participants in the RS’. The entities should satisfy the following conditions: (a)  the entity should be a company incorporated and registered in India and should be “Start up” , (b) the entity should have a minimum net worth of Rs 50 lakhs as per its latest audited balance sheet, (c) the promoters/ directors of the entity should be fit and proper and a declaration should be made to that effect, (d) the conduct of the bank accounts as well as the entity’s promoters/directors should be satisfactory, (e) a satisfactory CIBIL or equivalent credit score of the promoters/directors of the entity is required, (f) applicant should showcase that their product/services and ready for deployment in the broader market, (g) entity should demonstrate arrangements to ensure compliance with regulations on consumer data protection and privacy, and (h) the entity should have adequate safeguards related to the IT system to ensure safety of data and records.

The fintech solution proposed by the applicant should highlight the existing gap in the financial system and demonstrate that there is a regulatory barrier that prevents the deployment of the product/service. Additionally, the applicant should clearly define the test scenarios and the expected outcomes from the sandbox experimentation and an acceptable exit and transition strategy in case the fintech driven solutions are discontinued or deployed on a broader scale after exiting the RS. To this effect, the applicant is required to share the result of the proof of concept/ testing of use cases including any relevant prior experiences before getting admission into RS for testing.

Design features of the RS

The RS may run a few cohorts i.e. end-to-end sandbox process, with a limited number of entities in each cohort testing their products in a stipulated time. The RS shall be based on different subjects focusing on areas such as financial inclusion, payments, digital KYC, etc. Though these cohorts may run for varying time period but it should ordinarily be completed within 6 months.

The innovative products/services which could be considered for testing under RS would include retail payments, money transfer services, market places lending, digital KYC, financial advisory services, smart contract, cybersecurity products, etc. On the other hand, the innovative technology which could be considered for testing under RS would include data analytics, API services, applications using block chain, AI and machine learning applications and mobile technology applications.

Regulatory requirements for RS applicant and exclusions from RS

The regulatory requirements which shall be mandatorily adhered to by the applicant are: (a) customer privacy and data protection, (b) security of transactions, (c) KYC/ AML/ CFT requirements, (d) secure storage of and access to payment data of stakeholders, and (e) statutory requirements.

However, an entity would not be suitable for RS if the proposed financial service is similar to a product/service/technology which already is being offered in India unless the applicant can show that either a different technology is gainfully applied or the same technology is being used in a more effective and efficient manner. Accordingly, the Draft Regulations have put together an indicative negative list of products/ services/ technology which may not be accepted for testing. The list includes businesses related to credit registries, credit information, crypto-currency, initial coin offerings and chain marketing services.

Extending or Exiting the RS

In case the sandbox entity requires an extension of the sandbox period it shall apply to the RBI within one (1) month before the expiration of the sandbox period. Further, RBI at its discretion can discontinue the RS testing for an entity if it does not achieve the intended purpose or if the entity is unable to comply with the relevant regulatory requirements.  The sandbox entity may exit from the RS on its own by informing the RBI one week in advance.

Boundary conditions, transparency, and consumer protection

A sandbox must have a well-defined space and duration for the proposed financial services to be launched and the boundary conditions for the RS shall include the start and end date of RS, target customer type, limit the number of customers involved, transaction ceiling, and cap on customer. Further, the RBI shall communicate the entire RS process including the launch, theme of the cohort, entry and exit criteria on its website to ensure transparency. And as stated earlier before discontinuing/ exiting from the RS, the sandbox entity shall ensure that it meets all the existing obligations towards its customers and entering into an RS does not limit the liability of the entity towards its customers.

Sandbox process and stages

The end to end sandbox process, including the test of the products/ services shall be overseen by the FinTech Unit (FTU) at RBI, and the stages involved in the RS are as follows:

  • Stage 1: Preliminary Screening (4 weeks) – FTU shall ensure that the applicant clearly understands the objectives and principles of the RS, and it is in this phase the application received by the FTU are evaluated and shortlisted who meet the eligibility criteria.
  • Stage 2: Testing Design (3 weeks) – In this phase which lasts for 3 weeks the FTU finalizes the test design through an iterative engagement with the applicant and shall identify the outcome metrics for evaluating the evidence of risk or benefits.
  • Stage 3: Application Assessment (3weeks) – In this phase the FTU vets the test design and proposes regulatory modifications if any.
  • Stage 4: Testing (12 weeks) – The testing may last for a maximum tenure for 12 weeks. In this phase, the FTU generates empirical evidence to assess the test conducted.
  • Stage 5: Evaluation (4 weeks) – The final evaluation of the outcome of testing the products/ services/ technology is confirmed in this phase by RBI. The FTU shall assess the outcome report and decide whether the product/service is viable and acceptable under RS.  

Statutory and legal issues

If the applicant is allowed by the FTU into the RS, the entity would be provided by appropriate regulatory support by RBI in the form of relaxation of specific regulatory requirements during the duration of the RS. However, RBI shall not bear any liability arising from the RS process and any liability arising from the experiment has to be borne by the entity alone. Further, the sandbox entity should ensure that on exiting from the RS or on the completion of the RS process, the sandbox entity should fully comply with all the relevant regulatory requirements.

Source:

1.https://m.rbi.org.in/scripts/PublicationReportDetails.aspx?UrlPage=&ID=920#A_2

2.Report of the Working Group on FinTech and Digital Banking- https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=892

Initial Coin Offerings – A Case for Regulatory Framework in India

Initial Coin Offerings (“ICOs”) has gained prominence in the world of crypto-currencies and startups as a relatively-easy fundraising mechanism. News about raising millions of dollars in a few seconds upon opening of the ICO is adding to the frenzy. Many of them view ICO as a disruption to the venture capital industry.

The nature of ICOs may lead to people equating them to both IPOs and crowdfunding. In an IPO an investor invests in return for a security (ownership) in a company, under highly regulated process, which gives the investors voting rights, dividend rights etc.

In an ICO, investors transfer funds, usually in the form of crypto-currencies, to the ICO organiser. In return they receive a quantity of blockchain-based coins or tokens which are created and stored in a decentralised form either on a blockchain specifically created for the ICO or through a smart contract on a pre-existing blockchain.

An ICO which provides voting or profit sharing is under high scrutiny by the regulators, since it would blur the distinction to that of an IPO.

Even though the trade in ICOs, bitcoins and other crypto-currencies has been increasing rapidly with the passage of time, there still exists a large vacuum of regulations by governments in this space, which not only increases the risk posed to investors but also disincentives some investors from entering the process at all.

ICO regulation in India:

  • Currently crypto/virtual currencies and ICO’s remain unregulated in India. The Government is yet to finalise a regulatory mechanism so as to govern and regulate crypto/virtual currencies.
  • RBI on 1 February 2017 issued a press release, cautioning the users, holders and traders of crypto / virtual currencies. The press release stated that RBI has not given any licence / authorisation to any entity / company to operate such schemes or deal with Bitcoin or any virtual currency. As such, any user, holder, investor, trader, etc. dealing with virtual currencies will be doing so at their own risk.[1] The RBI in this press release also mentioned the press release published by the RBI cautioning the users of virtual/crypto currency.[2]
  • The Ministry of Finance on 12 April 2017 constituted an Inter- Disciplinary Committee chaired by Special Secretary (Economic Affairs) to examine the existing framework with regard to virtual currencies. The Committee was constituted to provide a detailed report on (a) take stock of the present status of virtual currencies both in India and globally; (b) examine the existing global regulatory and legal structures governing virtual currencies; (c) suggest measures for dealing with such virtual currencies including issues relating to consumer protection, money laundering, etc; and (d) examine any other matter related to virtual currencies which may be relevant.
  • The Government panel is also contemplating introducing compulsory Know Your Customer (KYC) norms in order to regulate the kinds of individuals/entities who can invest in these activities, and be able to track and identify them. If cross-border payments are involved, then it will automatically fall under the scope of FEMA rules and regulations
  • As of date, there is no regulation tabled before the legislature.

Recently, bank transactions and operation of a number of cryptocurrency exchanges in India were hampered without any prior intimation. Users were unable to trade or credit money to their wallet on the exchange/withdraw money to their bank account. This is speculated to be a knee-jerk reaction on the part of the banks, in response to the non-supportive stance of the Government with respect to cryptocurrencies. This certainly does not seem like an efficient and productive method of moving forward. While recognizing that the Government’s concerns regarding cryptocurrencies are genuine, we believe that it will be in the best interests of all stakeholders if the Government releases its official rules/regulations on the matter soon.

Regulatory framework:

ICOs raise a variety of legal issues for which there is no relevant case law and no consistent legal doctrine. Given the wide variety of types of token and ICO set-ups, it is not possible to generalise. Circumstances must be considered holistically in each individual case. The minimum information requirements for organisers form the basis for these decisions.

On 16 February 2018, Swiss Financial Market Supervisory Authority, FINMA, released guidelines to support the issuance of ICO and said will base its assessment on the underlying economic purpose of an ICO, most particularly when there are indications of an attempt to circumvent existing regulations.

We believe that the first step for the regulator to understand the ICO token categories. The world-wide discomfort of the regulators has been perhaps ICOs which issues tokens which is akin to a “security”. But there are many other ICOs which are not “securities”.

FINMA’s guidelines talk about the following token categories:

Payment tokens: Payment tokens (synonymous with cryptocurrencies) are tokens which are intended to be used, now or in the future, as a means of payment for acquiring goods or services or as a means of money or value transfer. Cryptocurrencies give rise to no claims on their issuer. Utility tokens: Utility tokens are tokens which are intended to provide access digitally to an application or service by means of a blockchain-based infrastructure.

Asset tokens: Asset tokens represent assets such as a debt or equity claim on the issuer. Asset tokens promise, for example, a share in future company earnings or future capital flows. In terms of their economic function, therefore, these tokens are analogous to equities, bonds or derivatives. Tokens which enable physical assets to be traded on the blockchain also fall into this category.

The individual token classifications are not mutually exclusive. Asset and utility tokens can also be classified as payment tokens (referred to as hybrid tokens). In these cases, the requirements are cumulative; in other words, the tokens are deemed to be both securities and means of payment.

In some ICOs, tokens are already put into circulation at the point of fund-raising. This takes place on a pre-existing blockchain. In other types of ICO, investors are offered only the prospect that they will receive tokens at some point in the future and the tokens or the underlying blockchain remain to be developed. This is referred to as pre-financing. Pre-sale represents another possible permutation. In this case, investors receive tokens which entitle them to acquire other different tokens at a later date.

Should the tokens at any point in time fall under Asset tokens or SEBI’s regulatory framework on the issuance of a “security”, then SEBI should definitely have a say.

The other regulations such as Prevention of Money Laundering, Collective Investment Schemes, Deposits under Companies Act should also be taken into account as a single guidance note to the issuance of an ICO.

A regulation / guidance such as this would augur well for Indian entrepreneurs to have an ICO in India and with clarity. It also provides a good base for the tax authorities to tax the economic benefits accordingly.

[1] https://www.rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=39435

[2] https://rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=30247

P2P LENDING IN INDIA: OLD ROADS NEW RULES

P2P LENDING IN INDIA: OLD ROADS NEW RULES

Introduction

Peer to Peer (“P2P”) lending platforms (the “Platforms”) aims to provide individuals and entities with an alternative source for fulfilling their capital requirements. Whether it is for obtaining capital to run a business, financing to complete a personal project, or to obtain a loan for any other purpose, these Platforms allow borrowers and lenders to meet and transact on mutually acceptable terms.The Platform itself typically assists the process by listing lenders and their terms and conditions, verifying the identity and initial creditworthiness of the borrowers, disbursing the loans/tranches, collecting loan repayments etc.For these services, both the borrowers and lenders pay the Platform a commission.

Most Platforms follow a ‘reverse auction model’, where the lenders bid with their own terms and conditions for a borrower’s loan proposal, and the borrower has the freedom to choose between the various bids.This gives borrowers who would typically struggle to get loans from banks/NBFCs with a variety of options. Further, the other advantage of the Platforms is that borrowers can now stay away from money lenders/the unorganized sector, as the Platform verifies all lenders and provides a streamlined and regulated process for obtaining loans. Finally, in most cases, the interest rates on loans obtained on the Platforms is also lower than what individual money lenders would usually charge.

Since the popularity of P2P Platforms in India has grown in the recent past, they remained unregulated till recently. However, with the growth of the fintech industry and the multiple use cases/benefits of these Platforms, the RBI released a consultation paper on regulating P2P Platforms, in 2016. On receipt of feedback and comments from the public and all stakeholders, the RBI released its Master Direction –Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017 (the “Directions”)– recently to officially regulate and monitor P2P Platforms. Thus, it is pertinent to understand and analyse the regulations laid down by the Directions:

Registration

The Directions provide that only corporate entities registered as a ‘company’can operate and engage in the business of P2P lending. Companies operating existing Platforms will have to obtain a certificate of Registration (“CoR”) from the RBI within a period of 3 months from the date of publication of the Directions.Additionally, the Directions provide for minimum capitalisation requirements, which need to be met before obtaining registration. This requirement is INR 2,00,00,000 (Rupees Two crore only), which is in line with the requirement for all NBFC’s in accordance with Section 45-IA of the Reserve Bank of India Act, 1934.

The Directions also provide the criteria on which registration will be determined.This includes ensuring that the Platform has the necessary technological and managerial resources, a robust IT system, fit and proper directors, a viable business plan etc. On being satisfied with an application, the RBI will first give an in-principle approval for setting up and operating a prospective NBFC-P2P platform. Within 12 months from the in-principle approval, the company must develop its technology platform as per the RBIs satisfaction, and also submit all other legal documentation as may be requested.

For a platform acting as a mere marketplace for the meeting of lenders and borrowers (one that does not provide any of the additional services described above), the capitalisation requirements contained in the Directions seem a little harsh. Additionally, the requirement may prevent start-ups from entering this space entirely, which will adversely affect innovation in this space.We recommend that the threshold should be revised downwards and can be made incremental with each year of an entity’s operations, to ensure that only companies that are growing continue to retain their license/registration.

Permitted Activities

As per the Directions, the Platforms can perform the following activities/services:

  1. Mere Aggregator

The Platform can act as a mere aggregator, intermediary or marketplace to facilitate the meeting of lenders and borrowers. While they can participate in the lending/borrowing process in certain ways (described below), and cannot raise deposits in any capacity.

  1. Principle, Return and Guarantees

The Platform cannot guarantee the return of a loan to any lender or provide guarantees of no loss. This will ensure that all lenders signing up on the Platform do so at their own risk, and will hopefully bring about transparency by reducing instances of false advertisement/lending in the name of the Platform.

  1. Nature of the Loan

The Platform can allow lenders to offer only unsecured loans. This was the original idea behind P2P Platforms, and it allows customers with little/no security to avail of loans as well.

  1. Associated Businesses

The Platform shall not cross-sell any product except for loan specific insurance products.

  1. Financial don’ts for the Platform
  • The Platform cannot hold, on its own balance sheet, funds received from lenders for lending, or funds received from borrowers for servicing loans. This ensures that no money from any of the transaction on the Platform can be compromised by the Platform provider’s own financial standing as an entity;
  • The Platform cannot permit the international flow of funds. With this restriction, foreign lenders and/or borrowers have been excluded from participating directly on the Platforms in India, unless they hold a bank account within India.
  1. Duties of the Platform
  • The Platforms are required to conduct a due-diligence on all participants in the Platform. This includes a credit risk assessment and risk profiling of all borrowers registering on the Platform. This information is also required to be disclosed to the lenders, and it helps in creating a transparent environment on the Platform;
  • Platforms can render services for recovery of loans originated on the Platform;
  • Platforms can undertake the documentation of loan agreements; and
  • Platforms can provide assistance in disbursement and repayments of loans.

Prudential Requirements

  1. Permissible Thresholds of Lending and Borrowing

Any registered lender or borrower cannot lend or borrow more than INR 10,00,000/- (Rupees Ten Lakhs only) across all registered and authorised P2P Platforms. Further, no single lender can lend more than INR 50,000/- (Rupees Fifty Thousand only) to any single borrower across all Platforms. While these thresholds may seem conservative at first, considering the nascent stage of the P2P lending industry we believe that these limits are appropriate. The Platforms were anyway meant to facilitate small, unsecured loans from individual lenders, and if demand rises the limits can be revised in the future.

  1. Maturity Period: No loan provided via a Platform can have a maturity period of more than 36 (thirty-six) months. This seems apt, given the loan value is also capped at a number that is not very high.

Operational Guidelines

The Platform is required to have and implement a policy approved by the Board of Directors of the Company (the “Board”) regarding the eligibility criteria for participants, pricing of their services, and detailed rules for matching lenders with borrowers on an equitable and non-discriminatory manner, and other matters concerning the operation of the Platform. Additionally, any and all liabilities regarding the collection, storage and protection of personal data by the Platform will have to be borne by the Platform itself, even if any of these functions are outsourced to third-party service providers.

The Platforms are also required to maintain 2 escrow accounts for the transfer of funds – one for funds from lenders and the other one for funds collected from borrowers.Cash transactions are prohibited, which will help in accounting for all money being transacted via a particular Platform.

Enhanced Transparency and Disclosure Requirements

Previously, the scant availability of information regarding a borrowers’ credit history and defaults made the sheltering of defaulters easy. The Directions are aimed at rectifying this situation.They seek to introduce transparency and information symmetry between the borrowers and lenders, while simultaneously protecting the privacy of the data belonging to both parties.

  1. Disclosure to the Lenders:

Prior to accepting any loan arrangement on a Platform, the lenders should be made aware of the personal identity of the borrower, the loan amount, the credit score determined by the Platform and other details regarding the borrower.This ensures that the lenders can be made an informed decision regarding engaging with any borrower.

  1. Disclosure to the Borrower:

Borrowers are made aware of fewer details than the lender – they are informed about the lender’s proposal, repayment terms and interest rate, but are not informed of the lender’s personal identity, contact information and other personal information. This seems logical, as the borrower’s decision regarding the lender’s proposal should be based purely on the commercial terms offered, and not on the details of the particular lender.

  1. Public Disclosures:

The Platform is required to publish on its website the overview of the credit assessment methodology and factors considered; data protection and privacy measures; dispute settlement mechanism; portfolio performance including a share of non-performing assets monthly and segregation by age; and its broad business model.This is intended to give any individual/entity looking to register on the Platform the opportunity to make an informed decision.

Data Security and IT Framework

Considering the volume of personal data collected, stored and analysed on the Platform, ensuring a robust IT and data security framework is one of the foremost necessities. In light of this, the Directions lay down some robust standards:

  1. All Platforms are required to have “adequate safeguards” in their IT systems to protect against unauthorized access, destruction, modification, utilization etc. of the data. While the Directions do not lay down any specific minimum standard for maintaining these safeguards since the Platforms deal with personal data it can be assumed that they fall within the stipulations of the IT Reasonable Security Practice Rules, 2011;
  2. All Platforms are required to have a Board approved Business Continuity Plan in place for safekeeping of information and documents and servicing of loans for full tenure in case of closure of the Platform;
  3. The Platform has to carry out a yearly information system audit, as well adhere to all requirements under the Master Direction on Information Technology Framework for the NBFC Sector, June 8, 2017.

Conclusion

With India marching towards the aim of being a paperless, cashless and consent-secured data sharing economy, these Directions are expected to open up new avenues for obtaining capital for individuals and small businesses, while simultaneously maintaining transparency and accountability in the process.Perhaps the only clause missing from the Directions is one on penalties, describing the repercussions if a Platform fails to adhere to any of the given guidelines. Yet overall, the Directions seem to be apt for P2P Platforms and well-thought through, especially considering that the industry around such Platforms is still nascent in India. As these Platforms gain more prominence the Directions can be modified accordingly, but for now, they seem to be a good starting point.

 

Author: Ayushi Singh; Reviewed by Madhav Rangrass