[By Manvi Khanna]
The author is a student at National Law University Odisha, Cuttack.
Introduction
Technological innovation in the financial sector is transforming the way financial services are provided across the globe. The Indian financial sector is similarly on the cusp of change, as evidenced by the runaway success of the National Payments Corporation of India’s United Payments Interface (UPI) which recently crossed the hundred million user threshold to become the fastest adopted payments system in the world. It is important that this change, which comes with attendant risks, is accompanied by meaningful regulatory intervention, particularly for financial technology companies (fintechs) operating in the payments sphere. Against this backdrop, the recent fall of the once-successful payment processing German fintech, Wirecard AG (Wirecard), has some important lessons for India’s payments regulation.
Fall of Wirecard: Factual Background
Precipitated by an accounting report, Wirecard’s meteoric collapse saw the firm acknowledge balance sheet fiction and file for insolvency within a short span of two weeks. The multilayered scandal has sent shockwaves through the industry, with implications for all stakeholders. In particular, the German financial regulator, the BaFin, has faced heavy criticism in the aftermath of the scandal for failing to perform its supervisory duties, by ignoring multiple red flags raised against the company. The first raised in 2016 by short-sellers and the second in 2019 through investigative reports by the Financial Times.
Wirecard was one of the world’s leading providers of outsourcing solutions in relation to electronic payments and had a customer base of more than 25,000 across various industries. However, as a fintech that owned a bank, it was not always clear which regulator Wirecard fell under and who was responsible for its supervision– for instance, the BaFin insisted that it was responsible for the oversight of Wirecard’s banking arm and not its payment processing business. Illustrative of the harms of failed regulatory oversight and legal uncertainties, this loophole is being used to pass the blame amongst regulators in an effort to avoid accountability.
Complexities in the Current Arrangement
The scandal has also highlighted the complexities in regulating hybrid business models or “outsourcing arrangements” that are mushrooming at a pace quicker than the law. Outsourcing is an umbrella term that broadly denotes the practice of regulated financial entities outsourcing some of their functions to third parties, which may or may not be regulated. The frailty of these agreements, caused by interdependence and the severity of repercussions that arise from contractual breach, lead to more worrying issues of effective regulatory scrutiny. It is still unclear where these arrangements fit within the regulatory framework.
These regulatory blind spots may pose a challenge to a sound fintech ecosystem. For instance, smaller fintechs outsourced functions such as card issuance to Wirecard, as they lacked the capacity to issue these products on their own. However, the negative experience with Wirecard could be the driving force behind business entities – both fintech and banks–becoming critical of outsourcing their core functions to payment processing fintechs due to the accompanying operational risks, causing great inconvenience as well as damage to the reputation of fintechs in general. There is a lesson here for Indian fintechs: interdependency between entities in a payments value chain as well as outsourced information technology functions are potential sources of vulnerability. It is therefore essential that these interlinked entities adopt resilient operational models, with viable business continuity and contingency plans in place.
Indian Fintech Regulatory Framework
Unlike traditional banks that have a defined set of regulators and are working directly under the supervision of the Reserve Bank of India, Fintechs are still functioning under a fragmented regulatory regime. The Payment System Participants are regulated by the Payment and Settlement Systems Act, 2007 and the Reserve Bank of India’s Prepaid Payment Instruments (PPIs) – Guidelines for Interoperability, 2018; NPCI Guidelines govern UPI Payments; Payment Banks function under RBI’s Guidelines for licensing of Payment Banks, 2014 and Operating Guidelines for Payment Banks, 2016 and Payment Intermediaries are regulated by RBI Guidelines on Regulation of Payment Aggregators and Payment Getaways, 2020. Additionally, the Anti Money Laundering Regulations and Data Privacy Laws are also applicable to them. In cases where a digital lender in India is licensed as an NBFC, key regulations governing NBFCs in turn become applicable to them. A lot of work is required to be done for providing requisite clarity and assistance to the fintechs in relation to regulatory compliance, which is otherwise complex and unclear.
With regard to outsourcing, there is a compliance requirement in form of Guidelines on Outsourcing of Financial Services by Banks, 2006 and RBI Directions on Managing Risks and Code of Conduct in Outsourcing of Financial Services by Non-Banking Financial Companies, 2017 when they outsource their noncore activities and it provides for flexibility so that intervention can be made, however, the law for fintech, licensed neither as banks nor NBFCs is unclear, when they outsource any of their functions The Wirecard collapse demonstrates the dangers firms face that fall between regulatory cracks. It is important for us to tight seal the new laws we are coming up within a way such that the defaulters cannot bypass it.
The Way Forward
In the wake of the scandal, the UK has revamped rules governing its international payment sector and now requires careful scrutiny before third party providers are selected, in addition to requiring periodic reviews. Moreover, payments providers and e-money issuers in the UK, besides maintaining a record of funds received are also now required to maintain a “safeguarding account” for the customer money. The rapid advancement of diverse fintech products offered along with the government’s support for digital payments has caused the Indian fintech space to flourish in the last few years. Insofar as regulation is concerned, it is necessary for the law to balance the risks arising from these new fintech entrants, alongside the need for innovation and competition. India does not have a consolidated set of guidelines tailored to fintechs but follows a more generic approach, making it a challenge for companies to navigate these regulations. Moreover, the complexity of new business arrangements, commonly observed in increasing collaborations between banks and fintechs, may pose regulatory challenges, echoing the Wirecard model
As India gears up for the ‘new normal’, it is important for us to have a full-fledged regulatory framework catering to the specific needs of fintechs rather than a fragmented set of laws, guidelines, and notifications – an unambiguous law clarifies accountability and supervision. Considering the increasing importance of digital transformation, mitigating these risks in the payments sector will not only make the consumers less skeptical about the modern modes of transactions but will also go a long way in ensuring the development of a sound fintech ecosystem in the country.