[By Ansh Chaurasia & Mudrika Jha]
The authors are students of Dr. Ram Manohar Lohiya National Law University, Lucknow.
INTRODUCTION
The Reserve Bank of India (hereinafter, ‘RBI’) has released the final Framework for Self-Regulatory Organisations (SROs) for FinTech Sector (hereinafter, ‘Framework’) on May 30, 2024, after releasing the draft for the same on January 15, 2024. The principle underlying the proposed Framework can be traced back to 2018 when the Report of the Working Group on FinTech and Digital Banking suggested the principles for regulatory intervention in the FinTech industry. These principles were centered on fostering healthy competition, ensuring impartial treatment, systemic stability, and user protection. The Framework issued by the RBI lays down the eligibility and membership criteria, functions, and governance norms for the proposed SRO-FT(s) and their responsibility towards the RBI. A FinTech SRO (hereinafter, ‘SRO-FT’) has been proposed to be an industry-led entity responsible for, inter alia, the establishment and enforcement of regulatory standards within the FinTech sector, dispute resolution, market intelligence and promoting transparency, ethical conduct and accountability among its members.
This blog puts forth an analysis of the idea of establishing an SRO and its desirability in the FinTech industry, a critical evaluation of the proposed framework, and the way ahead.
SROs FOR FINTECH: REGULATING ON THEIR OWN ACCORD
A. The FinTech Story
Globally, FinTech evolved in the aftermath of the economic crisis of 2008, which challenged the traditional banking system and paved the way for a resilient financial infrastructure. Due to its ubiquitous nature and automation of services, FinTech has lived up to its touted potential. It has been instrumental in expanding and expediting the rendering of financial services, making it an indispensable component of a developing economy. In India, FinTech has played a crucial role in revolutionizing digital payments and lending, making India the house of 22 FinTech unicorns. It has made financial services in India accessible to those who otherwise would have remained deprived of such services.
B. Locating Consumer’s Interest
As formidable as it may seem, the FinTech paradigm raises regulatory concerns. Processing personal data is a function of rendering services by a FinTech entity, which poses a significant risk to the user. Any uninformed choice made by the users of FinTech platforms exposes them to a potential risk of breach of privacy and data security. Several consequential risks, such as fraud and unethical usage of user data, emanate from the breach of privacy. Risks arising out of services available on FinTech platforms have already been acknowledged by RBI when unethical practices in digital lending came to the fore. The Working Group constituted by RBI reasoned that reliance on third parties by the lending entity created unethical practices such as mis-selling to unsuspecting customers, breach of data, and illegitimate operations. Consequently, RBI had to issue Guidelines to deal with this specific issue.
The ease and fast-paced nature of services provided by FinTech platforms jeopardise the interest of consumers who may fall prey to impulsive purchasing behaviour. Such consumers are likely to be affected by ‘bounded rationality’, a situation where an individual’s rationality for decision-making is constrained by a lack of information, the individual’s cognitive limitation, and the limited time to make the decision. Even the abundance of information about any transaction may not serve well to ensure favourable conditions for the consumer or to eliminate any potential unethical practice on the part of the service provider. India’s abysmal financial and digital literacy rates further aggravate the vulnerability to which a consumer of such platforms is already exposed. With the FinTech industry poised to expand, regulatory concerns are of much more significance than ever.
The rationale behind introducing this Framework is to attempt a balancing act between promoting innovation within the FinTech industry and minimising the risks it poses. The experience and expertise of FinTech companies underlying self-regulation can be a relatively better response to the complexities of this industry than a traditional legislative intervention. Obligations drafted by the subject of the regulation ensure a greater degree of compliance. Further, the cost of information, supervision, and enforcement gets lowered in a self-regulatory framework.
In its pursuit of increasing profits, the industry’s adherence to norms that further social interest is unlikely. Instead, they have a strong incentive to adhere to socially undesirable norms. Self-regulation is likely more effective when adherence to norms and best business practices are concomitant and when there is a concurrence in public and private interest. Therefore, to wane off the potential shortcomings of the SRO and achieve the desired outcomes, the RBI’s oversight plays an important role.
ANALYSING THE FRAMEWORK
The Framework is in line with the ‘Twin Peaks Model’ of financial services regulation. As per this model, two distinct supervisory bodies should be operational in a sector, one for overseeing conduct of business activities, and the other for overseeing financial stability and prudential regulation. This is done to separate market conduct regulation (ethics and consumer protection) and prudential regulation (for management of systemic risks, monitoring capital and liquidity requirements in the sector), the rationale for the same being, risks of varying nature necessitate varying expertise and approaches to regulation. Several jurisdictions, such as Australia, Belgium, France, the Netherlands, and the United Kingdom, have adopted this model. One such example is the distribution of regulatory functions within the financial sector in England. The Bank of England’s Financial Policy Committee (FPC) is the reform regulator of England’s financial system, focused on managing systemic risks, whereas the Financial Conduct Authority (FCA) is the conduct regulator, ensuring healthy competition among market participants and consumer protection. The Framework delineates the scope of SRO’s operations, conforming to the international standard of distinguishing between prudential and conduct-based regulation. Public interest, market conduct and market intelligence, i.e. overall market conduct regulation, are the key responsibilities underpinning the SRO-FT Framework whereas RBI would continue performing prudential regulation of the FinTech sector.
However, the intended self-regulation comes with its peculiar shortcomings. When considering sectoral dynamics within the FinTech sector, the Framework encourages FinTech entities to have membership of at least one SRO-FT and also allows them to have membership of more than one SRO-FT. Now, unless there exists a commonality of code of conduct among the SROs, pertinent forum shopping concerns exist, as was also highlighted when the presently discarded idea of introducing a self-regulatory mechanism in the gaming sector was contemplated by the Ministry of Electronics and Information Technology (MeitY).
A long-standing argument against the idea of self-regulation is that it is highly susceptible to bias and the influence of a select few players. The more prominent industry players are capable of exploiting SROs, which, instead of augmenting the regulatory framework of RBI, can be deployed as a smokescreen to conceal the potential wrongdoings of its members. Resultantly, what is often observed with SROs is the phenomenon of ‘Regulatory Capture’, i.e. a situation where the working of bodies created in furtherance of public interest is skewed because dominant industry players unduly influence the regulatory regime to pursue their commercial interests in the garb of public interest. The challenge to maintain parity among its members also impinges on the SRO-FT’s ability to discharge its duty of being the ‘legitimate arbiter of disputes’, calling both public trust in SRO-FTs and their ability to implement their functions prescribed by the Framework into question.
With the probability of bias and influence playing out, the threat to the independence of SROs looms at large. Although the Framework attempts to resolve this by mandating it for SROs to themselves implement a robust conflict of interest management system and follow the principles of good governance. RBI does play the role of a watchdog over the SROs, as is evident from the Framework, which mentions that RBI may nominate/depute observers on the Board of the SRO-FTs, subject to RBI’s discretion. However, it is suggested to change this discretion to a mandate, to enable RBI to closely monitor the working of SRO-FT since its inception.
WAY AHEAD
As the FinTech sector continues to expand and innovate, the need for a structured and cohesive regulatory approach becomes increasingly vital. The establishment of SRO-FTs appears to be a strategic initiative in this direction, an attempt to regulate industry participants and define the contours of benchmark standards and code of conduct to be followed by its constituents.
However, the idea of establishing SRO-FTs and the Framework enabling the same possesses shortcomings such as forum shopping concerns, conflict of interest, bias, the possibility of regulatory capture and other associated risks that accompany a facile approach to self-regulation. The transparency of an SRO’s operations has been questioned in the past, with respect to the Microfinance Industry Network (MFIN) SRO under RBI, where the lack of evidence in the public domain on actions taken by the SRO against its norm-violating members created a doubt on its impartial functioning and transparency. In such a scenario, it is suggested that the RBI mandates the appointment of permanent observers in SRO-FTs and that consistent vigilance over SRO-FTs’ code of conduct and operations becomes indispensable.
In conclusion, self-regulation can be a relatively better approach than legislative intervention, as it increases the likelihood of better compliance, reduces overall costs and that industry participants would possess a better understanding of the idiosyncratic risks affecting the FinTech industry. Despite its advantages, if the aforementioned regulatory concerns are left unnoticed, it might skew the SRO-FTs away from their intended objectives.