Tag Archives: RBI

Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)

The Reserve Bank of India (RBI) on October 19, 2018 issued a set of guidelines for Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs). Such a framework was issued by the RBI as a measure to enhance security of the UCBs in light of the increasing number and impact of cyber security attacks on the financial sector including banks. [1]

  1. Board Approved Cyber Security Policy
  • All UCBs need to immediately put in place a Cyber Security policy, duly approved by their Board/Administrator, giving a framework and the strategy containing a suitable approach to check cyber threats depending on the level of complexity of business and acceptable levels of risk.
  • On completion of the process, confirmation of same within 3 months must be sent to the Department of Co-operative Bank Supervision.
  • The Cyber Security Policy should inter alia encapsulate the following concerns:
  • Preventing access of unauthorised software.
  • Network Management and Security.
  • Secure Configuration.
  • Anti-virus and Patch Management.
  • Secure mail and messaging systems.
  • The IT framework/framework must be reviewed periodically by the Board or its IT subcommittee in order to identify vulnerable areas and put in place a suitable cyber security system to address the issues after assessment.
  1. Cyber Crisis Management Plan
  • The Cyber Crisis Management plan, prepared by CERT-In (Computer Emergency Response Team – India maybe referred to by the UCBs for guidance.
  • UCBs should promptly detect any cyber intrusions (unauthorised entries) so as to respond/recover/contain impact of cyber-attacks, especially those offering services such as internet and mobile banking, RTGS/NEFT/SWIFT, credit and debit cards etc.
  1. Organizational Arrangements
  • UCBs should review the organisational arrangements so that the security concerns are brought to the notice of suitable/concerned officials to enable quick action.
  • UCBs should actively promote among their customers, vendors, service providers and other concerned parties an understanding of its cyber security objectives.
  • UCBs, as owners of customer sensitive data, should take appropriate steps in preserving the Confidentiality, Integrity and Availability of the same, irrespective of whether the data is stored/in transit within themselves or with the third party vendors; the confidentiality of such custodial information should not be compromised in any situation.
  • UCBs to put in place suitable systems and processes across the data/information lifecycle. UCBs may educate and create awareness among customers with regard to cyber security risks.
  1. Supervisory reporting framework
  • UCBs should report immediately all unusual cyber security incidents (whether they were successful or mere attempts) to Department of Co-operative Bank Supervision giving full details of the incident.
  • UCBs are advised to implement basic Cyber Security Controls and report the same to respective Regional Offices of Department of Co-operative Bank Supervision on or before March 31, 2019.

Source: http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11397&Mode=0

https://rbidocs.rbi.org.in/rdocs/content/pdfs/63NT19102018_A1.pdf

[1] http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11397&Mode=0.

Advertisements

Regulatory update: Prepaid Payment Instruments (PPIs) – Guidelines on Interoperability

The Reserve Bank of India (RBI) on October 16, 2018 issued a set of guidelines for interoperability of PPIs. The guidelines are issued under Section 18 read with Section 10(2) of the Payment and Settlements Act, 2007. PPI issuers who choose to adopt interoperability shall adhere to these guidelines along with the Master Direction[1].

  1. Common requirements for achieving interoperability for wallets and cards
    • Where the PPIs are issued in form of online wallets, interoperability shall be facilitated through UPI and where PPIs is issued through a card, the cards shall be affiliated to authorised card networks. Option of interoperability has also been provided to PPI issuers operating in segment of meal, gift and mass transit system (MTS).
    • The interoperability shall be facilitated to all KYC compliant PPI account and entire acceptance infrastructure.
    • Technical Requirement: While facilitating interoperability the PPI issuer shall comply and adhere to all requirements of respective card networks and UPI, including adherence to various standards, technical requirement specific to a payment system, certification, audit and etc.
    • Further the PPI issuers will have to comply with mechanism established for reconciliation, grievance redressal and consumer protection by UPI and specific card networks.
  2. Specific Requirements for achieving interoperability through card networks
    • Card networks are allowed to integrate PPI issuers on their network. Further the non-banking PPI issuers are allowed to join card networks as members or associate members.
    • Settlement: For the purpose of settlement, Non-banking PPI issuer may directly participate in the card network or through a sponsor bank arrangement while adhering to requirements of the specific card network which it is a member of.
    • Safety and Security
  3. Non-banking PPI issuers will be issuing interoperable cards for the first time and therefore they shall make sure that the cards have an EMV chip and are PIN compliant.
  4. Banks shall ensure that while issuing new PPIs and renewing the old PPIs, the cards shall have EMV and shall be PIN compliant.
  • If a PPI issuer in the meal segment intends to facilitate interoperability, it shall also issue EMV chip and PIN compliant cards, whereas it is not compulsory for PPI issuers in the gift cards and MTS segment to have EMV chip and PIN.
  1. Specific requirements for achieving interoperability through UPI
    • PPI issuers will operate as payment system providers (PSP) in the UPI network. National Payment Corporation of India (NPCI) will provide all the PPI issuers, including non-banking PPI issuers a platform for linking their respective PPI holders/users to the platform to facilitate interoperability. The platform issued will use UPI to provide such Interoperability.
    • The PPI issuers as PSPs are only allowed to integrate their PPI holders/users and shall not on board PPI holders/users of other PPI issuers or customers of banks.
    • Any interoperable transaction will be approved as per the credentials of an individual’s online wallet before the same transaction reaches UPI network.
    • Settlement: Non-banking PPI issuer can directly settle a payment though a sponsor bank. Non-banking PPI issuers shall adhere to the requirements of sponsor bank in the UPI network and shall also comply with requirements stipulated by NPCI.

Source: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11142

[1] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11142

Initial Coin Offerings – A Case for Regulatory Framework in India

Initial Coin Offerings (“ICOs”) has gained prominence in the world of crypto-currencies and startups as a relatively-easy fundraising mechanism. News about raising millions of dollars in a few seconds upon opening of the ICO is adding to the frenzy. Many of them view ICO as a disruption to the venture capital industry.

The nature of ICOs may lead to people equating them to both IPOs and crowdfunding. In an IPO an investor invests in return for a security (ownership) in a company, under highly regulated process, which gives the investors voting rights, dividend rights etc.

In an ICO, investors transfer funds, usually in the form of crypto-currencies, to the ICO organiser. In return they receive a quantity of blockchain-based coins or tokens which are created and stored in a decentralised form either on a blockchain specifically created for the ICO or through a smart contract on a pre-existing blockchain.

An ICO which provides voting or profit sharing is under high scrutiny by the regulators, since it would blur the distinction to that of an IPO.

Even though the trade in ICOs, bitcoins and other crypto-currencies has been increasing rapidly with the passage of time, there still exists a large vacuum of regulations by governments in this space, which not only increases the risk posed to investors but also disincentives some investors from entering the process at all.

ICO regulation in India:

  • Currently crypto/virtual currencies and ICO’s remain unregulated in India. The Government is yet to finalise a regulatory mechanism so as to govern and regulate crypto/virtual currencies.
  • RBI on 1 February 2017 issued a press release, cautioning the users, holders and traders of crypto / virtual currencies. The press release stated that RBI has not given any licence / authorisation to any entity / company to operate such schemes or deal with Bitcoin or any virtual currency. As such, any user, holder, investor, trader, etc. dealing with virtual currencies will be doing so at their own risk.[1] The RBI in this press release also mentioned the press release published by the RBI cautioning the users of virtual/crypto currency.[2]
  • The Ministry of Finance on 12 April 2017 constituted an Inter- Disciplinary Committee chaired by Special Secretary (Economic Affairs) to examine the existing framework with regard to virtual currencies. The Committee was constituted to provide a detailed report on (a) take stock of the present status of virtual currencies both in India and globally; (b) examine the existing global regulatory and legal structures governing virtual currencies; (c) suggest measures for dealing with such virtual currencies including issues relating to consumer protection, money laundering, etc; and (d) examine any other matter related to virtual currencies which may be relevant.
  • The Government panel is also contemplating introducing compulsory Know Your Customer (KYC) norms in order to regulate the kinds of individuals/entities who can invest in these activities, and be able to track and identify them. If cross-border payments are involved, then it will automatically fall under the scope of FEMA rules and regulations
  • As of date, there is no regulation tabled before the legislature.

Recently, bank transactions and operation of a number of cryptocurrency exchanges in India were hampered without any prior intimation. Users were unable to trade or credit money to their wallet on the exchange/withdraw money to their bank account. This is speculated to be a knee-jerk reaction on the part of the banks, in response to the non-supportive stance of the Government with respect to cryptocurrencies. This certainly does not seem like an efficient and productive method of moving forward. While recognizing that the Government’s concerns regarding cryptocurrencies are genuine, we believe that it will be in the best interests of all stakeholders if the Government releases its official rules/regulations on the matter soon.

Regulatory framework:

ICOs raise a variety of legal issues for which there is no relevant case law and no consistent legal doctrine. Given the wide variety of types of token and ICO set-ups, it is not possible to generalise. Circumstances must be considered holistically in each individual case. The minimum information requirements for organisers form the basis for these decisions.

On 16 February 2018, Swiss Financial Market Supervisory Authority, FINMA, released guidelines to support the issuance of ICO and said will base its assessment on the underlying economic purpose of an ICO, most particularly when there are indications of an attempt to circumvent existing regulations.

We believe that the first step for the regulator to understand the ICO token categories. The world-wide discomfort of the regulators has been perhaps ICOs which issues tokens which is akin to a “security”. But there are many other ICOs which are not “securities”.

FINMA’s guidelines talk about the following token categories:

Payment tokens: Payment tokens (synonymous with cryptocurrencies) are tokens which are intended to be used, now or in the future, as a means of payment for acquiring goods or services or as a means of money or value transfer. Cryptocurrencies give rise to no claims on their issuer. Utility tokens: Utility tokens are tokens which are intended to provide access digitally to an application or service by means of a blockchain-based infrastructure.

Asset tokens: Asset tokens represent assets such as a debt or equity claim on the issuer. Asset tokens promise, for example, a share in future company earnings or future capital flows. In terms of their economic function, therefore, these tokens are analogous to equities, bonds or derivatives. Tokens which enable physical assets to be traded on the blockchain also fall into this category.

The individual token classifications are not mutually exclusive. Asset and utility tokens can also be classified as payment tokens (referred to as hybrid tokens). In these cases, the requirements are cumulative; in other words, the tokens are deemed to be both securities and means of payment.

In some ICOs, tokens are already put into circulation at the point of fund-raising. This takes place on a pre-existing blockchain. In other types of ICO, investors are offered only the prospect that they will receive tokens at some point in the future and the tokens or the underlying blockchain remain to be developed. This is referred to as pre-financing. Pre-sale represents another possible permutation. In this case, investors receive tokens which entitle them to acquire other different tokens at a later date.

Should the tokens at any point in time fall under Asset tokens or SEBI’s regulatory framework on the issuance of a “security”, then SEBI should definitely have a say.

The other regulations such as Prevention of Money Laundering, Collective Investment Schemes, Deposits under Companies Act should also be taken into account as a single guidance note to the issuance of an ICO.

A regulation / guidance such as this would augur well for Indian entrepreneurs to have an ICO in India and with clarity. It also provides a good base for the tax authorities to tax the economic benefits accordingly.

[1] https://www.rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=39435

[2] https://rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=30247

P2P LENDING IN INDIA: OLD ROADS NEW RULES

P2P LENDING IN INDIA: OLD ROADS NEW RULES

Introduction

Peer to Peer (“P2P”) lending platforms (the “Platforms”) aims to provide individuals and entities with an alternative source for fulfilling their capital requirements. Whether it is for obtaining capital to run a business, financing to complete a personal project, or to obtain a loan for any other purpose, these Platforms allow borrowers and lenders to meet and transact on mutually acceptable terms.The Platform itself typically assists the process by listing lenders and their terms and conditions, verifying the identity and initial creditworthiness of the borrowers, disbursing the loans/tranches, collecting loan repayments etc.For these services, both the borrowers and lenders pay the Platform a commission.

Most Platforms follow a ‘reverse auction model’, where the lenders bid with their own terms and conditions for a borrower’s loan proposal, and the borrower has the freedom to choose between the various bids.This gives borrowers who would typically struggle to get loans from banks/NBFCs with a variety of options. Further, the other advantage of the Platforms is that borrowers can now stay away from money lenders/the unorganized sector, as the Platform verifies all lenders and provides a streamlined and regulated process for obtaining loans. Finally, in most cases, the interest rates on loans obtained on the Platforms is also lower than what individual money lenders would usually charge.

Since the popularity of P2P Platforms in India has grown in the recent past, they remained unregulated till recently. However, with the growth of the fintech industry and the multiple use cases/benefits of these Platforms, the RBI released a consultation paper on regulating P2P Platforms, in 2016. On receipt of feedback and comments from the public and all stakeholders, the RBI released its Master Direction –Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017 (the “Directions”)– recently to officially regulate and monitor P2P Platforms. Thus, it is pertinent to understand and analyse the regulations laid down by the Directions:

Registration

The Directions provide that only corporate entities registered as a ‘company’can operate and engage in the business of P2P lending. Companies operating existing Platforms will have to obtain a certificate of Registration (“CoR”) from the RBI within a period of 3 months from the date of publication of the Directions.Additionally, the Directions provide for minimum capitalisation requirements, which need to be met before obtaining registration. This requirement is INR 2,00,00,000 (Rupees Two crore only), which is in line with the requirement for all NBFC’s in accordance with Section 45-IA of the Reserve Bank of India Act, 1934.

The Directions also provide the criteria on which registration will be determined.This includes ensuring that the Platform has the necessary technological and managerial resources, a robust IT system, fit and proper directors, a viable business plan etc. On being satisfied with an application, the RBI will first give an in-principle approval for setting up and operating a prospective NBFC-P2P platform. Within 12 months from the in-principle approval, the company must develop its technology platform as per the RBIs satisfaction, and also submit all other legal documentation as may be requested.

For a platform acting as a mere marketplace for the meeting of lenders and borrowers (one that does not provide any of the additional services described above), the capitalisation requirements contained in the Directions seem a little harsh. Additionally, the requirement may prevent start-ups from entering this space entirely, which will adversely affect innovation in this space.We recommend that the threshold should be revised downwards and can be made incremental with each year of an entity’s operations, to ensure that only companies that are growing continue to retain their license/registration.

Permitted Activities

As per the Directions, the Platforms can perform the following activities/services:

  1. Mere Aggregator

The Platform can act as a mere aggregator, intermediary or marketplace to facilitate the meeting of lenders and borrowers. While they can participate in the lending/borrowing process in certain ways (described below), and cannot raise deposits in any capacity.

  1. Principle, Return and Guarantees

The Platform cannot guarantee the return of a loan to any lender or provide guarantees of no loss. This will ensure that all lenders signing up on the Platform do so at their own risk, and will hopefully bring about transparency by reducing instances of false advertisement/lending in the name of the Platform.

  1. Nature of the Loan

The Platform can allow lenders to offer only unsecured loans. This was the original idea behind P2P Platforms, and it allows customers with little/no security to avail of loans as well.

  1. Associated Businesses

The Platform shall not cross-sell any product except for loan specific insurance products.

  1. Financial don’ts for the Platform
  • The Platform cannot hold, on its own balance sheet, funds received from lenders for lending, or funds received from borrowers for servicing loans. This ensures that no money from any of the transaction on the Platform can be compromised by the Platform provider’s own financial standing as an entity;
  • The Platform cannot permit the international flow of funds. With this restriction, foreign lenders and/or borrowers have been excluded from participating directly on the Platforms in India, unless they hold a bank account within India.
  1. Duties of the Platform
  • The Platforms are required to conduct a due-diligence on all participants in the Platform. This includes a credit risk assessment and risk profiling of all borrowers registering on the Platform. This information is also required to be disclosed to the lenders, and it helps in creating a transparent environment on the Platform;
  • Platforms can render services for recovery of loans originated on the Platform;
  • Platforms can undertake the documentation of loan agreements; and
  • Platforms can provide assistance in disbursement and repayments of loans.

Prudential Requirements

  1. Permissible Thresholds of Lending and Borrowing

Any registered lender or borrower cannot lend or borrow more than INR 10,00,000/- (Rupees Ten Lakhs only) across all registered and authorised P2P Platforms. Further, no single lender can lend more than INR 50,000/- (Rupees Fifty Thousand only) to any single borrower across all Platforms. While these thresholds may seem conservative at first, considering the nascent stage of the P2P lending industry we believe that these limits are appropriate. The Platforms were anyway meant to facilitate small, unsecured loans from individual lenders, and if demand rises the limits can be revised in the future.

  1. Maturity Period: No loan provided via a Platform can have a maturity period of more than 36 (thirty-six) months. This seems apt, given the loan value is also capped at a number that is not very high.

Operational Guidelines

The Platform is required to have and implement a policy approved by the Board of Directors of the Company (the “Board”) regarding the eligibility criteria for participants, pricing of their services, and detailed rules for matching lenders with borrowers on an equitable and non-discriminatory manner, and other matters concerning the operation of the Platform. Additionally, any and all liabilities regarding the collection, storage and protection of personal data by the Platform will have to be borne by the Platform itself, even if any of these functions are outsourced to third-party service providers.

The Platforms are also required to maintain 2 escrow accounts for the transfer of funds – one for funds from lenders and the other one for funds collected from borrowers.Cash transactions are prohibited, which will help in accounting for all money being transacted via a particular Platform.

Enhanced Transparency and Disclosure Requirements

Previously, the scant availability of information regarding a borrowers’ credit history and defaults made the sheltering of defaulters easy. The Directions are aimed at rectifying this situation.They seek to introduce transparency and information symmetry between the borrowers and lenders, while simultaneously protecting the privacy of the data belonging to both parties.

  1. Disclosure to the Lenders:

Prior to accepting any loan arrangement on a Platform, the lenders should be made aware of the personal identity of the borrower, the loan amount, the credit score determined by the Platform and other details regarding the borrower.This ensures that the lenders can be made an informed decision regarding engaging with any borrower.

  1. Disclosure to the Borrower:

Borrowers are made aware of fewer details than the lender – they are informed about the lender’s proposal, repayment terms and interest rate, but are not informed of the lender’s personal identity, contact information and other personal information. This seems logical, as the borrower’s decision regarding the lender’s proposal should be based purely on the commercial terms offered, and not on the details of the particular lender.

  1. Public Disclosures:

The Platform is required to publish on its website the overview of the credit assessment methodology and factors considered; data protection and privacy measures; dispute settlement mechanism; portfolio performance including a share of non-performing assets monthly and segregation by age; and its broad business model.This is intended to give any individual/entity looking to register on the Platform the opportunity to make an informed decision.

Data Security and IT Framework

Considering the volume of personal data collected, stored and analysed on the Platform, ensuring a robust IT and data security framework is one of the foremost necessities. In light of this, the Directions lay down some robust standards:

  1. All Platforms are required to have “adequate safeguards” in their IT systems to protect against unauthorized access, destruction, modification, utilization etc. of the data. While the Directions do not lay down any specific minimum standard for maintaining these safeguards since the Platforms deal with personal data it can be assumed that they fall within the stipulations of the IT Reasonable Security Practice Rules, 2011;
  2. All Platforms are required to have a Board approved Business Continuity Plan in place for safekeeping of information and documents and servicing of loans for full tenure in case of closure of the Platform;
  3. The Platform has to carry out a yearly information system audit, as well adhere to all requirements under the Master Direction on Information Technology Framework for the NBFC Sector, June 8, 2017.

Conclusion

With India marching towards the aim of being a paperless, cashless and consent-secured data sharing economy, these Directions are expected to open up new avenues for obtaining capital for individuals and small businesses, while simultaneously maintaining transparency and accountability in the process.Perhaps the only clause missing from the Directions is one on penalties, describing the repercussions if a Platform fails to adhere to any of the given guidelines. Yet overall, the Directions seem to be apt for P2P Platforms and well-thought through, especially considering that the industry around such Platforms is still nascent in India. As these Platforms gain more prominence the Directions can be modified accordingly, but for now, they seem to be a good starting point.

 

Author: Ayushi Singh; Reviewed by Madhav Rangrass

Startup India – announcements of many initiatives

Action Plan on Startup India: A Brief Overview

Startup India Action Plan (“Action Plan”), launched by Prime Minister Narendra Modi on 16 January 2016, is part of a flagship initiative of the Government of India for boosting the startup ecosystem in India that will drive sustainable economic growth, generate large scale employment opportunities. It aims to accelerate spreading the startup movement in existing tier 1 cities to tier 2 / tier 3 cities, semi urban and rural areas, in a wide range of sectors, varying from digital/technology sector to agriculture, manufacturing, social sector, healthcare, education, etc. In the recent years, India has witnessed a dynamic trend of people with no or little business background emerging to be the new age entrepreneurs.  The upsurge has had a massive outreach and the impact has been the launch of the “Startup India: Stand up India” campaign, followed by the detailed 19 point Action Plan that interestingly is an unprecedented move even in comparison to other strong startup ecosystems of the world and as pointed out by Masayoshi Son, Chairman and CEO of Softbank, “this is the beginning of a Big Bang for India”.

The word ‘startup’ has been around for quite some time now and it comes as a relief that the Action Plan, for the first time, defines ‘startup’, albeit for the purpose of government schemes only. The definition reads as follows:-

“Startup means an entity, incorporated or registered in India not prior to five years, with annual turnover not exceeding INR 25 crore in any preceding financial year, working towards innovation, development, deployment or commercialization of new products, processes or services driven by technology or intellectual property.

Provided that such entity is not formed by splitting up, or reconstruction, of a business already in existence.

Provided also that an entity shall cease to be a Startup if its turnover for the previous financial years has exceeded INR 25crore or it has completed 5 years from the date of incorporation/registration.

Provided further that a Startup shall be eligible for tax benefits only after it has obtained certification from the Inter-Ministerial Board, setup for such purposes.” (Emphasis supplied)

The definition is important in order to understand the eligibility criteria for the various benefits that the Action Plan talks about. However, what remains to be seen is how the definition gets formalized by way of a statute or notification and how the concerned authorities, for example the Inter-Ministerial Board, interprets “working towards innovation, development, deployment or commercialization of new products, processes or services driven by technology or intellectual property” for the purposes of certification. Usage of words such as “new” may open up dialogues on what may be considered as new and what should be the criteria for determining “new”.

Broadly, the Action Plan talks about schemes and initiatives to be undertaken in four major categories:-

(a) Ease of doing business: For easing operational aspects of the workings of a newly incorporated company

  • compliance regime based on self-certification with labour laws and environment laws;
  • no suo motu inspection with respect to labour law compliances for the first 3 years
  • only random checks in ‘white category’ startups with respect to environmental law compliances;
  • mobile app to provide on-going accessibility for registering startups, tracking the status of the registration application, filing for compliances and obtaining information, etc.;
  • legal support and fast tracking patent examinations; 80% waiver of patent filing fees;
  • relaxed norms for public procurement;
  • faster exits,
  • income tax exemption for a period of 3 years,
  • extension of capital gains tax exemption to ‘computer or computer software’)

(b) Funding: For enhancing funding support through a Fund of Funds with an initial corpus of INR 2,500 crore and a total corpus of INR 10,000 crore and through credit guarantee fund via National Credit Guarantee Trust Company/SIDBI with a budgetary corpus of INR 500 crore per year for the next four years; extension of exemption from Section 56(2)(viib) of the Income Tax Act 1961 to investments made by incubators above fair market value; seed funding to potentially successful and high growth startups;

(c)  For promoting visibility through national and international fests and encouraging innovation through national and state level awards; and

(d) Programs and Centres: For structuring and enhancing the startup ecosystem through various programs such as Atal Innovation Mission (AIM), Self-Employment and Talent Utilization (SETU), Innovation core program in schools and establishment of Startup India Hub, 500 tinkering labs, incubators, innovation centers and Research Parks.

In the inaugural speech, the Prime Minister has also made special mention of the lack of patent experts/lawyers as the patent protection remains one of the biggest concern of newly incorporated companies working in the fields of innovation and technology. As such, the Action Plan talks about fast tracking mechanisms to exclusively cater to startup patent applications in order to protect the intellectual property rights of startups at an early stage. Another key highlight of the Action Plan is the panel of facilitators and lawyers to assist startups in filing and disposal of patent applications. Government shall bear the entire fees of the facilitators for any number of patents, trademarks or designs that a startup may file.

Overall, the Action Plan goes a long way in identifying the various problems persistent in the startup ecosystem today and aims to bring thousands of entrepreneurs from across India into this discourse and force the growth of a transformed, diversified and inclusive economy.

Introduction of the Insolvency and Bankruptcy Bill, 2015 (Read more at https://novojuris.com/2015/12/28/bankruptcy-bill-2015/) and recent announcements by the Reserve Bank of India of incentives to ease business norms and drive growth in the ecosystems, which inter alia include:

  • creation of a dedicated mailbox to provide assistance and guidance to the startup sector,
  • permitting receipt of deal value on a deferred basis in case of a transfer of ownership of a startup,
  • accessing rupee loans under the External Commercial Borrowing framework with relaxations, etc., indicate the Government’s existing and ongoing commitment to actualizing the Action Plan.

However, it leaves one wanting for more answers with respect to how the various actions points will be formalized and implemented by the concerned authorities and the timelines that we are looking at, amongst other things. The nuances that may be associated with ‘simple’ form for registering startups and the practical aspects of uploading documents for registration through a Mobile App; executing faster exits in 90 days; allocating funds for the announced rebates; effective management of the Fund of Funds and strategizing rollover of its profits are some of the questions that loom large. However, ambitious times call for ambitious ventures and the Action Plan certainly has opened up a whole new horizon.

RBI to Relax Two-Step Authentication Rule for NFC Enabled Small Card Transactions

In the last year, much was made of the 2 step authentication process mandated by the RBI for all card transactions. Uber, the mobile marketplace for cabs, was in the eye of the storm with its one touch credit card payment mechanism which did not involve the additional step of authentication. Eventually after rounds of discussion and an extension period granted by the RBI, Uber tied up with Paytm, moving from credit card transactions to mobile wallets in India. Famously, Uber called this requirement “an antiquated solution that is cumbersome for consumers and stifling for businesses across India.”

money

In the meantime, we had seen the introduction of the NFC technology which was gradually being adopted by different players, most notably ICICI. NFC or Near Field Communication technology enables short wave high frequency radio communication between devices making it simpler to make transactions, exchange content and connect devices when they are in proximity or with a touch. A lingering issue remained as to how the transaction would be made any simpler and speedier with the additional pin authentication step mandated by RBI. In November, 2014, RBI had indicated relaxing the norms for small transactions, and true to its promise, it has come out with a draft circular inviting comments, allowing transactions up to INR 2000/- without the additional authentication steps.

The circular makes a specific reference to NFC and, if notified, shall only apply to card transactions which use this technology. Further, this relaxation would apply to credit present transactions only (CP) and not to card not present transactions (CNP). Taking into account the risks that accompany this ease of use, the banks would be advised to clearly explain usage and liabilities to the customer and put into place mechanisms for seamless reporting of loss of cards through different channels. While this relaxation may not make a difference to the payment processes employed by companies like Uber, it is definitely a step in providing more flexibility and ease to card transactions.

The draft circular can be accessed here.

E-Wallets and Mobile Wallets

What are mobile wallets?

The widespread use of smart phones and mobile technologies has gradually begun to affect not only our use of products and services, but also how we pay for them. What we are witnessing is the beginning of technologies that aggregate payment methods on mobile. One of the recent developments is mobile wallets, often mistaken for mobile banking. Rather than providing mobile communications merely as means to do transaction through conventional modes of payments like net-banking and credit cards, mobile wallets seek to use mobile phones as a prepaid accounts where you may store money which can be used for transactions. Currently, mostly telecom services providers are providing mobile wallet services, with other kinds of players from e-commerce and dedicated payment services providers looking to increase their presence in this segment. Given that more number of people have access to mobile technologies, than even basic things like proper sanitation, let alone internet banking and physical debit and credit cards, it stands to reason that mobile wallets offer a segment with great potential.

Laws governing mobile wallets in India

The Payments and Settlement Systems Act, 2007 is the primary law governing payments systems in India, with the RBI as the body to supervise related matters. Section 18 of the Act empowers the RBI to make such regulations as may be required, from time to time, to regulate payments systems in India. In exercise of the same, the RBI has laid down guidelines for the issuance and operation of Pre-paid Payment Instruments. A Master Circular consolidating all regulations on the same was notified on July1, 2014.

The circular defines different kinds of payment instruments that one may create. In our experience, the most common form of payment instrument that can be used as mobile wallet is a Semi-Closed System Payment Instrument, as only Banks are permitted to offer Open System Payment Instruments.  These can be used for purchase of services and goods from a set of identified merchants and services providers, but do not allow for withdrawal of the currency from the instrument. Non Banking Finance Companies (NBFC) and companies incorporated in India are eligible to apply for license to issue these instruments.

Additionally, a company (that which is not a bank or a NBFC) seeking RBI’s authorization should have a minimum paid-up capital of INR 5 crores and a minimum positive networth of INR 1 crore at all times.

The Circular specifies anti-fraud mechanisms/standards and the level of Customer Due Diligence required based on the quantum of transactions involved. KYC norms and Anti Money Laundering norms, as relevant would continue to apply to pre-paid instruments. Importantly, these regulations do not cover any cross border transaction and do not extend to any foreign exchange pre-paid instruments allowed by RBI under FEMA.

FDI in applicant Companies for mobile wallets

Companies which proposes to have foreign investment has to ensure prior government approval (FIPB approval). The FDI Circular classifies e-wallet / mobile wallets as credit cards (“Credit Card” business includes issuance, sales, marketing & design of various payment products such as credit cards, charge cards, debit cards, stored value cards, smart card, value added cards etc.) which is under the classification of NBFC and should meet capitalization requirements as a fund-based activity.

With the recent Master Circular consolidating the policy guidelines on issuance and operations of pre-paid instruments it has made the regulatory terrain easier to navigate not only in terms of eligibility requirements to obtain a license to issue pre-paid payment instruments but also the on-going compliances required by law. It is important to note that mobile wallets exist in a space which does not attract the restrictions under the RBI notifications from November, 2010 to regulate online payment gateway service providers, which affects a service provider like PayPal. This may also be an attractive payment system for parties to consider in light of the furore over the payment system used by Uber which bypassed the two step authentication which the RBI recently cracked down upon.