RBI’s Regulatory Clampdown: Navigating the Paytm Saga
[By Manav Pamnani & Teesha Arora] The authors are students of NALSAR University of Law, Hyderabad and Symbiosis Law School, Pune respectively. Introduction and Background In a recent move, the Reserve Bank of India (RBI) has imposed restrictions on Paytm Payments Bank, prohibiting it from accepting fresh deposits in its accounts, facilitating credit transactions, and offering fund transfers, including the Unified Payment Interface (UPI) facility, after March 15, 2024. This has emerged in light of the multiple violations on the part of the bank to meet the regulatory requirements and directions given by the RBI. Paytm Payments Bank, an associate of One 97 Communications Limited (OCL), is an Indian Payments Bank founded in 2017. It is a part of the financial network of one of India’s largest payment companies, Paytm. In fact, on October 7, 2021, it was officially added to the second schedule of the RBI Act of 1934. In its press release on March 11, 2022, the RBI directed the Paytm Payments Bank to stop onboarding new customers. It further added a condition that such onboarding would only be permissible if the bank appointed an Information Technology (IT) audit firm to conduct a comprehensive system audit of its IT system and if, after a thorough review, the audit report seemed satisfactory. This audit report would comprise compliance checks with reference to Section 43A and Section 79 of the IT Act. The reason for ensuring compliance with the aforementioned provisions of the IT Act can be inferred from the preamble of the Act itself which lays down its objective, which is to facilitate lawful digital transactions while mitigating cybercrimes and other potential non-compliances. Since the operations of Paytm involve digital transactions and storage of data, these provisions become relevant. In this regard, Section 43A deals with compensation for failure to protect data. It requires a body corporate to uphold acceptable security standards and procedures while managing, dealing with, or having any sensitive personal data or information on a computer resource that it owns, controls, or manages, failing which, it would have to compensate the affected people who have incurred wrongful loss. On the other hand, Section 79 encompasses an exception, according to which, intermediaries may be immune from liability if they operate as mere middlemen in the transmission, storage, or exchange of third-party information or data. The audit report, however, indicated persistent non-compliance on the part of the bank coupled with material supervisory concerns. It reflected that lakhs of accounts had not followed the mandatory Know Your Customer (KYC) procedure. Adhering to KYC guidelines is non-negotiable due to the significant purpose it serves which mainly includes verifying the identities of customers in order to prevent money laundering activities. The omission on part of Paytm thus violated Section 12 of the Prevention of Money Laundering Act, 2002 which mandates the verification of the identities of clients before entering into financial transactions. The importance of the KYC procedure leads financial institutions and conventional banks to strictly follow it. In the given case, since Paytm has repeatedly violated this crucial norm, RBI’s clampdown is justified. The exacerbating factor in this case is that the transactions in the non-KYC accounts exceeded millions of rupees, far beyond the prescribed regulatory limits, as specified in the Reserve Bank of India (Know Your Customer) Directions, 2016. Moreover, over a thousand users had the same Permanent Account Number (PAN) linked to their accounts which further raised money laundering concerns. This led the RBI to utilise its power under Section 35A of the Banking Regulation Act, 1949 and issue the aforementioned directions. It also passed an order on October 10, 2023, imposing a monetary penalty of rupees 5.39 crore on Paytm Payments Bank for breaching the several regulatory requirements. Justification of the Action in light of Section 35A of the Banking Regulation Act, 1949 Section 35A of the Banking Regulation Act provides for the power of the RBI to give directions. This power extends not only to specific banking companies in cases of non-compliance but also to general guidelines or circulars issued in interest of the overarching banking framework. For example, in 2016, the RBI issued the Master Directions on Fraud to consolidate and update seven earlier circulars on the classification, reporting and monitoring of fraud. Thus, the power enshrined under this section has a wide ambit and can be utilised in any scenario right from breaches pertaining to banking norms to introducing guidelines or amendments to upkeep the integrity of the banking sector. In this regard, Section 35A states, “(1) Where the Reserve Bank is satisfied that – (a) in the public interest; or (aa) in the interest of banking policy; or (b) to prevent the affairs of any banking company being conducted in a manner detrimental to the interests of the depositors or in a manner prejudicial to the interests of the banking company; or (c) to secure the proper management of any banking company generally, it is necessary to issue directions to banking companies generally or to any banking company in particular, it may, from time to time, issue such directions as it deems fit, and the banking companies or the banking company, as the case may be, shall be bound to comply with such directions.” This implies that the RBI has the power to issue such directions if any of the three conditions specified in this Section are met. These conditions are disjunctive, and even if only one among them is fulfilled, the RBI can utilise this power. The present situation entails an overlap of all the stated requirements. Adherence to the regulatory requirements and guidelines is paramount to the effective functioning of the financial ecosystem, and any form of deviance affects the confidence of the investors and affiliated business entities, thus negatively affecting the public interest. Non-compliance also indicates that the management of the banking company is not being conducted properly. Therefore, since the conditions mentioned in this Section (at least one) are fulfilled, the utilisation of the power prescribed is
RBI’s Regulatory Clampdown: Navigating the Paytm Saga Read More »