The Financial Technology Law Review: India


The fintech sector in India has boomed in the last decade, alongside technology investments, falling data prices and increasing smartphone penetration. The policy approach has been largely supportive to enable this growth, with the underlying objectives to attain a 'less-cash economy' and augment financial inclusion. Several regulatory initiatives have been introduced for this sector, including market studies, regulatory sandboxes, innovation hubs, and incubation support. These have allowed stakeholders (such as regulators, incumbents and start-ups) to understand the developing technology and actively collaborate to leverage each other's strengths and experiment with new products, services and distribution methods. This, alongside the largely consultative process that regulators have been following prior to introducing any new law, has allowed for the development of a more dynamic and evidence-based regulatory framework for the fintech sector in India. The regulatory response to different fintech activities (discussed below in Section II) broadly ranges from mimicking traditional regulations to realigning such regulations to match market and technological changes in the sector.

While developments in regulatory policies to facilitate innovation have been relatively slower in the securities and insurance markets, the Reserve Bank of India (RBI) (the central bank and regulator for banking and financial services), has been fast to accommodate and operationalise new technology-driven business models in financial services, such as in digital payments and settlement, online banking and digital lending. To this extent, there has also been a shift in policy to promote customer-centric initiatives by making digital payments more affordable, strengthening grievance redressing mechanisms and easing the acceptance infrastructure for online payments across India.

At the same time, Indian regulators have been cautious and have been proactively monitoring any emerging risks in the changing fintech environment and plugging any gaps through regulatory intervention as and when needed. A growing cause of concern for regulators is that unlike many advanced economies, a large part of the fintech sector in India operates at the edge of the regulatory regime, or entirely outside of it, making it difficult to monitor and shape their activities.

Although there are no tax incentives specifically designed for fintech companies in India, start-ups that are registered under the 'Startup India' scheme of the Indian government can benefit from various incentives, such as income tax exemptions, self-certification under labour and environment laws, intellectual property rights benefits, and access to government-backed fund support.


i Licensing and marketing

There is no special fintech licence in India and the regulations governing offline banking and financial services are also applicable to fintech companies. These include the onerous licensing and operational guidelines applicable to banks and non-banking financial companies (NBFCs), and more generally, the domestic laws relating to contracts, information technology, data protection, intellectual property, consumer protection and anti-money laundering and counter-terrorism financing. With rising fintech penetration in financial services, specific regulations for different activities are now evolving, including for payment systems, online payment intermediaries, small-scale payment banks, peer-based lending platforms and account aggregators (discussed below).

The RBI is the primary regulator for most fintech activities in banking, payments and lending. The jurisdiction of other regulators may also get attracted, depending on the nature of the services being offered, including of the Securities and Exchange Board of India (SEBI) when dealing in the securities market, the Insurance Regulatory and Development Authority of India (IRDAI) for the insurance sector, as well as the Ministry of Electronics and Information Technology (MEITY) and the Ministry of Corporate Affairs (MCA), as may be applicable.

It is significant to note that a growing number of fintech entities in India operate as third-party enablers providing technology and ancillary services to licensed entities, which in turn provide the underlying regulated financial services. This gives fintech entities a distinct advantage of offering value-added services to plug any gaps in the offline ecosystem, while being at the periphery or outside the direct ambit of the regulatory framework applicable to banking and financial services. While these fintech entities are now increasingly being indirectly monitored through more onerous outsourcing guidelines, Indian regulators are at the same time studying different cases of the evolving technology to identify any emerging risks, and to assess whether a tweak in the regulatory approach is required for the increasing interplay between regulated and unregulated entities.

Rules for marketing

The field of advertising is generally subject to a multiplicity of laws and codes in India to achieve fair practices aligned with antitrust principles, prohibit misleading or inaccurate statements, and restrict obscene, immoral or objectionable content from being published in any advertisement or marketing collateral. The RBI has also issued specific guidelines on similar lines to protect the customers' right to transparency, fair and honest dealings by financial service providers (directly and under outsourcing arrangements). In addition, the RBI has recently cautioned against the levy of hidden and excessive rates of interests on digital lending platforms as well. Separately, advertisements for public offers or sale of stock-market instruments must provide accurate, detailed and current information about such instruments, including the risks involved, and without any exaggerated claims regarding profits. Similarly, advertisements for insurance products must contain accurate information about the coverage, exclusions and applicable premiums. Advertisements for both stock-market instruments and insurance products must also include specific disclaimers prescribed under law.

Digital advisory and asset management services

The traditional mutual funds industry in India (discussed below in Section IV) is increasingly relying on fintech solutions for distributing its products, including online platforms to transact seamlessly. Further, many fintech start-ups are innovating in the financial advisory space through automated tools and algorithms for aiding in analytics and investment decisions (with reduced human intervention). Depending on the nature of services, investment advisers, asset management and mutual fund companies in India are required to comply with the securities regulations of the SEBI for investment advisers (IA Regulations) and mutual funds (MF Regulations), as amended from time to time, and which apply uniformly to both traditional and automated service models. The SEBI has been in a consultative process of proposing to introduce special requirements for automated tools used in investment advisory services, to make such tools subject to audit and inspection, and with the ultimate responsibility being that of the investment advisers using the tools. Further, depending on the level of automation and customisation in providing stock-specific recommendations, advice or research reports could fall within the regulatory ambit of the SEBI (Research Analysts) Regulations as well.

Credit information services

The business of providing credit information services is regulated in India under the Credit Information Companies (Regulations) Act, which provides a framework to facilitate efficient distribution of credit, including a registration requirement for such companies.

ii Cross-border issues

India does not have a regulatory regime designed for foreign licences to be directly passported from another jurisdiction and used in India for providing financial services. Foreign licensed entities looking to provide similar regulated services in India need to separately seek the relevant authorisation under the applicable law in India for such activities. Although, practically, entities with an existing licence in some foreign jurisdictions may find it easier to seek the relevant authorisation in India. To this extent, the foreign direct investment (FDI) policy in India for financial services is broadly conducive, generally allowing for FDI of up to 100 per cent under the automatic route (i.e., without the approval of the Indian government) for most financial services that are regulated by the RBI and the SEBI, and for activities of insurance intermediaries. This is subject to compliance with prescribed FDI-linked conditions and the sector-specific regulations.

Any restriction on offering fintech services or products from abroad without a physical presence or a local licence in India is largely dependent on whether and to what extent such activity is regulated in India. For instance, under the extant regulatory framework, many fintech services and products, such as payment wallets, peer-based lending platforms and investment advisory services, can only be provided by entities incorporated and registered in India. Similarly, foreign entities proposing to provide payment and settlement services in India need to obtain a prior authorisation from the RBI. Cross-border payments and transactions in India are strictly regulated, and only an RBI-authorised entity can deal in foreign exchange or in foreign securities as an authorised dealer, money changer or off-shore banking unit. To this extent, the jurisdiction of the SEBI is limited to the Indian securities markets, and services to Indian investors in relation to global markets may fall outside the SEBI's regulatory ambit.

An important cross-border issue for foreign entities providing fintech services in India is the requirement of localisation of financial data for various services on servers or hardware located in India, including by payment system providers, payment intermediaries, and peer-based lending platforms. For cross-border payment transactions, financial data may temporarily be transferred abroad for the purpose of processing the transaction but would thereafter need to be deleted from the systems abroad and stored only in India. These requirements inevitably restrict the hosting of financial data on a cloud or server outside India.

A foreign company may also be required to comply with certain provisions of the Indian Companies Act where it has a 'place of business' in India (directly or through an agent), physically or through an electronic mode, and conducts any business activity in India. Further, the recently amended consumer protection regulation in India, namely the Consumer Protection Act 2019 and the Consumer Protection (E-Commerce) Rules, 2020, includes specific provisions for 'e-commerce', defined broadly to include buying or selling of goods or services including digital products over digital or electronic networks. These regulations also apply to foreign-owned e-commerce entities that are not established in India, but 'systematically' offer goods or services to consumers in India, including in connection with banking, finance and insurance.

Digital identity and onboarding

India has the world's largest human digital identification number scheme. Known as 'Aadhaar', this digital identity is issued by the Indian government under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (Aadhaar Act) through a centralised agency called the Unique Identification Authority of India (UIDAI). Aadhaar is a 12-digit random number issued by the UIDAI to duly verified Indian residents.

Any resident of India, upon submitting the requisite demographic and biometric information, is eligible for Aadhaar. Foreign nationals can obtain the Aadhaar identity on residing in India for a continuous period of 182 days. Aadhaar is used as a strategic policy tool for social and financial inclusion by linking it to several government initiatives.

UIDAI has eased the process to satisfy know-your-customer (KYC)-related regulatory norms by launching the electronic KYC (e-KYC) process that allows banks, insurers and other regulated entities to digitally onboard customers. Instead of furnishing a multitude of documents to confirm demographic information, customers can now use their biometric details through Aadhaar to complete the KYC process. However, the process is not fully automated as banks insist on in-person verification of their customers, conducted through video conferencing.

Moreover, other financial service providers prefer using the e-KYC process used by banks as a foundational KYC, allowing customers to open accounts with them through second-factor authentication over the phone using a one-time-password. However, such use is subject to prescribed limitations under the applicable laws.

The SEBI set up the KYC Registration Agency (KRA) to maintain KYC records of investors centrally, where on undergoing the KYC process only once, relevant information of the investor is then shared with other registered intermediaries as required. However, in-person verification is required through video. Further, broadening the scope from solely intermediaries, the government has placed the Central Registry of Securitisation Asset Reconstruction and Security Interest of India in charge of the Central KYC Record Registry that caters to data sharing between reporting entities of all major financial regulators, and has eased the process of financial transactions, in a similar manner to the KRA.

However, Aadhaar is accompanied by a host of challenges relating to data privacy, security, false identities and sale of pirated software in the black markets.

Digital markets, payment services and funding

i Collective investment vehicles

A 'mutual fund' is a highly regulated mechanism for pooling money from the public. The pooled fund is further invested into a diversified selection of asset classes and instruments in the capital market (including equity and debt securities) by a professional fund manager. Mutual funds (including agents and distributors) are strictly regulated and supervised by the SEBI under the MF Regulations and by the Association of Mutual Funds in India. Recently, the SEBI has relaxed the profit track record eligibility, paving the way for venture-backed fintech start-ups to sponsor and launch mutual funds as well.

An alternative investment fund (AIF) is a lightly regulated pooled investment vehicle of relatively significant financial commitments from sophisticated investors. AIFs are governed by the SEBI under its AIF Regulations, which prescribe general and specific set of investment restrictions for AIFs, including in relation to AIF managers. AIFs can be structured in the form of a trust, a limited liability partnership or a company, and under various defined categories depending on their investment criteria.

A residual category exists in India in the form of collective investment schemes (CIS), which are defined by the SEBI as arrangements managed by any company under which contributions by public investors are pooled and utilised for the purposes of the scheme with a view to receive profits, income, produce or property, and are strictly regulated by the SEBI under its CIS Regulations. To this extent, any pooling of funds under a scheme or arrangement involving a corpus size of approximately US$13.75 million or more, and which is not registered with the SEBI, is deemed to be a CIS. Cooperative societies, deposits by NBFCs, public deposits under the Indian Companies Act, contracts of insurance, pension schemes and mutual fund contributions, do not qualify as CIS.

ii Crowdfunding and peer-to-peer lending

Alternative forms of capital raising, such as crowd-lending and crowdfunding activities, have recently gained prominence in India.

Crowd-lending platforms that facilitate peer-to-peer (P2P)-based lending activities are now regulated as NBFCs in India by the RBI under specific regulations (P2P Regulations). These regulations, which provide the registration and operational guidelines for P2P platforms, are less onerous than those applicable to other categories of NBFCs, given that P2P platforms are perceived to pose relatively less systemic risk. The role of P2P platforms is limited to act as intermediaries or marketplace platforms, that provide loan facilitation services between the participants. Several restrictions apply to such platforms, including prohibitions to (1) lend on their own; (2) provide or arrange credit enhancement or guarantee; (3) facilitate secured lending; (4) hold funds received from the participants; (5) permit international fund flow; or (6) allow lending beyond the caps provided for the maturity period and exposure to a single borrower.

While crowdfunding initiatives based on rewards or donations are generally permitted in India with limited regulatory oversight, the legal position for equity-based crowdfunding is unclear. The SEBI is yet to formulate any law or its conclusive stance with respect to equity-based crowdfunding, but in the interim has issued a public statement to investors, cautioning them against online platforms facilitating fund raising. It has further stated that these digital platforms are neither authorised nor recognised under any law in India, and that dealings on such platforms would be in contravention with applicable securities law and the Indian Companies Act. Angel investor networks and start-up funding platforms currently operating quasi equity-based models in accordance with private placement norms have also been directed by the SEBI to specifically disclaim that they are neither stock exchanges nor authorised by the SEBI to solicit investments. Accordingly, in the absence of regulatory clarity and an enabling framework for equity-based crowdfunding, such activities remain in a regulatory grey space in India, erring on the side of being prohibited under law.

iii Payment services

Payment services (defined as clearing, payment or settlement services) are regulated in India by the RBI under the Payment and Settlement Systems Act (PSSA). Certain services of payment system operators, such as those providing prepaid payment instruments, ATM networks, clearing and settlement infrastructure, money transfers, and card network operations, are required to obtain an authorisation under the PSSA and comply with the operational directions prescribed therein. However, as discussed above, a bulk of the fintech innovation in the payments space in India is taking place on the technology side, falling outside the direct regulatory ambit of the PSSA.

iv Trading in debt securities and assignment of debt

Public issue and listing of debt securities are regulated in India under the SEBI (Issue and Listing of Debt Securities) Regulations. Trading in debt securities in a secondary market is permitted after such securities are listed on one or more recognised stock exchanges, and subject to compliance with the conditions prescribed in the relevant listing agreement and as specified by the SEBI from time to time. Moreover, fintech companies enabling assignment of receivables, or facilitating lending against the security of receivables, may trigger the Factoring Regulation Act, and may need to register as NBFCs.

v Data sharing

Financial institutions are generally required to adhere to the extant legal framework on information technology, cybersecurity and data confidentiality, including in outsourcing arrangements. To this extent, the RBI has issued specific restrictions with respect to sharing credit information of customers by banks and non-banking lenders to non-regulated entities (such as unregulated fintech companies), without seeking the explicit consent of customers. Under the Information Technology Act (IT Act) and the rules issued according to this, there is also a general requirement to seek the consent of data subjects prior to collection and disclosure of their sensitive personal data.

With respect to mandatory data sharing, institutions in India are only obliged to share customer information where such disclosure is required pursuant to an order of the court or a government body as prescribed under law. However, to balance data privacy concerns with the industry's increasing need for open data sharing, the RBI has recently operationalised a new category of NBFCs called 'account aggregators' (AAs). AAs are regulated data-access intermediaries that facilitate secure and consent-based sharing of financial data through an interoperable and technology-agnostic framework with entities providing financial services.

Cryptocurrencies, initial coin offerings (ICO) and security tokens

Currently, blockchain technologies and cryptocurrencies operate in a realm of legal uncertainty in India as there are no specific regulations governing them. In 2018, the RBI had issued a circular directing regulated entities not to deal in virtual currencies, nor provide services for facilitating, dealing with, or settling virtual currencies, and to exit relationships where such services were already being provided. In 2020, the Supreme Court of India (Supreme Court) struck down this circular on the constitutional ground of proportionality, observing that the RBI's consistent stand is that it has not banned virtual currencies, and the RBI has failed to show how regulated entities have suffered any loss on account of their interface with virtual currency exchanges. In its judgment, the Supreme Court did not give its own opinion on whether virtual currencies are or should be prohibited but deferred that to the regulators and the Parliament. Following the Supreme Court's decision, a draft bill titled 'The Cryptocurrency and Regulation of Official Digital Currency Bill, 2021' has been proposed for introduction and passing in the Parliament, through which the government intends to ban private cryptocurrencies (i.e., currency not having been issued by the government) and make way for an official digital currency issued by the RBI.

Moreover, the Supreme Court observed that although virtual currencies are not considered 'legal tender', they can perform most functions of real currency, and accordingly, certain virtual currencies can qualify as payment, securities or commodity. India's Ministry of Finance has come up with a report to address the lacunae in regulating virtual currencies, including tokens, where it notes that categorising tokens based on its characteristics is imperative from a regulatory standpoint. Accordingly, tokens can be grouped into utility tokens (used to grant access to a company's products) and security tokens (representations of investment in a company). Further, to determine whether tokens can be treated as securities, and thus fall within the purview of regulators, the report suggests employing the use of the Howey's Test. However, the report does not detail any proposed regulatory measures to govern the finer aspects such as the linking of tokens to underlying assets or the nature of assets to which tokens can be linked.

Cryptocurrencies have also not been specifically addressed by the tax and money laundering regimes in India. Depending on whether cryptocurrency is used for trading or the generation of wealth as an investment, the gains from such transactions may be treated as profits from business activities or profits from capital gains, respectively. Further, facilitators of transactions in cryptocurrencies may be subject to applicable service taxes. The Ministry of Finance, in the same report, has also recommended criminalising of activities connected with cryptocurrencies in India, including the facilitation of such activities.

Meanwhile, the cryptocurrency industry has formulated a code of conduct, shortly to be submitted to the RBI, covering norms pertaining to anti-money laundering standards, within it. Regarding the issue involving cross-border cryptocurrency transactions, the Supreme Court has clarified that cryptocurrencies can be considered legal tender. However, as the RBI has not notified the same as official currency, ascertaining whether cryptocurrency will be a permitted capital account transaction, or a current account transaction will be difficult under applicable laws.

Other new business models

i Self-executing contracts

In India, several corporate entities are experimenting with the use of self-executing contracts for routine transactions; however, these contracts operate in a regulatory grey area. Self-executing contracts are governed by the pre-existing legal framework, particularly the Indian Contract Act, the IT Act, and the Indian Evidence Act. While such contracts fulfil the basic requirements of being a consensual agreement entered into for consideration, a lacuna exists with regard to their authentication and admissibility. One such issue is that the IT Act only authorises digital signatures issued by the government (and not self-generated digital signatures) and the Indian Evidence Act only allows the admission of those documents that are authorised by the IT Act.

Separately, the MEITY has released a report, while assessing the cases for blockchain technology underlying smart contracts, where it contemplates potential blockchain applications, which include using it for the transfer of land records and the e-Notary service, among others. Further, there is no tailor-made dispute resolution mechanism in India for disputes arising out of smart contracts.

ii Artificial intelligence (AI) in financial products

Currently, AI is used for several financial services, including for credit scoring, risk management, wealth management, algorithmic trading, and transactions. Further, third-party administrators in the health insurance arena employ the use of AI for automated risk assessment and claim adjudication, while technology service providers are developing smart contracts for health insurance settlements. However, there are no dedicated policies or governance structures regarding AI in India. To address the same, consultation papers have been issued by regulators in the space of robotic financial advisers, consumer protection, data privacy and security. In this regard, it is pertinent to note that there are specific risks attracted when third-party websites carry out detailed comparisons and host advertisements of robo-advisers, in the domain of investment and trading advice, as this practice could potentially lead to the contravention of competition, consumer protection and intellectual property laws of India.

iii Other new business models

Fintech players see huge potential in the Indian market, owing to the large population and proliferation of cheap internet services. An untapped market for these players is that of the lower-income groups that require financial services but cannot avail the same from traditional banks on account of poor credit scores or lack of access. This has given rise to new fintech models such as Toffee Insurance's bite-sized insurance cover for dengue or GramCover's insurance to farmers. These models are built around financial inclusion through the provision of flexible payment models. However, these ventures currently operate in a realm of legal uncertainty.

Neo-banks are a new category of banks that operate entirely online (i.e., without any physical branches). However, the RBI does not currently recognise online-only banks in India and insists on physical infrastructure. In the absence of virtual banking licences, neo-bank entities now offer various banking services by partnering with traditional banks and are thereby indirectly within the RBI's regulatory oversight.

In the interest of financial inclusion, the RBI has permitted the operation of 'payments banks' which are small-scale banks that offer certain services, such as accepting deposits, issuing ATM cards but are disallowed from issuing credit cards or advancing loans.

The National Payments Corporation of India (NPCI) has issued regulatory and technical guidelines for each of its products (such as the Unified Payments Interface (UPI) and RuPay). The UPI is a payment system that powers multiple bank accounts into a single mobile application, thus merging several banking features. This payment system can be integrated with third-party applications such as Google Pay and WhatsApp Pay, for digital transactions.

Intellectual property and data protection

i Intellectual property

Intellectual property protection for software is mainly sought under copyright and patent laws in India. From a copyright perspective, fintech software solutions can be protected under the Copyright Act, as 'literary work', which includes computer programs and computer databases. Registration for copyright protection is not mandatory but is recommended from an enforcement point of view.

When it comes to copyright, the author of the work is considered as the first owner of the copyright. However, in case of software or business models developed by the employee during the course of his or her employment under a contract of service, the employer of the establishment will be the first owner of such software in the absence of any agreement to the contrary. There is no separate compensation owed to the employee in this respect, as a general industry practice.

While 'business methods' and 'computer programs per se' are explicitly prohibited from being patented in accordance with Indian patent laws, there is a slight leeway given to computer programs that are attached to inventions and are components of such inventions. Therefore, if computer programs are claimed in conjunction with a novel functionality, there is a high likelihood that it will be granted a patent. However, as compared to copyright laws, there is no corresponding provision under patent laws that provide employers the right to the inventions created by their employees during the course of employment.

Further, the government has provided myriad relaxations to technology start-ups in the intellectual property space. For instance, a start-up engaged in an eligible business, which includes innovation of new products, is entitled to tax exemptions under applicable laws, subject to fulfilment of certain criteria. The government has also launched the Support for International Patent Protection in Electronics & IT scheme to provide financial aid to technology start-ups to strengthen their competitiveness through innovation and its protection, while also separately offering specific intellectual property benefits to start-ups that include fast tracking of patent applications and 80 per cent rebate in filing patents, among others.

ii Data protection

The IT Act governs data protection and security practices in India according to which 'sensitive personal information' is characterised as personal information relating to passwords, financial information, and so on. Entities that collect, receive, possess, or handle such sensitive personal information are required to provide a privacy policy and while collecting or disclosing such information, consent will have to be obtained from the relevant user or data subject, which can be later withdrawn. Transferring such information to an entity or person within or outside India is allowed, subject to certain conditions.

Under the extant data protection and privacy framework, an entity is only required to obtain the active consent of a user in relation to the collection or usage of data, pursuant to which the entity may carry out digital profiling. However, the government has been working towards introducing new legislation in the form of the Personal Data Protection Bill, 2019 (PDP Bill), to bring the data protection regime in India up to par with more robust international standards, such as the European Union's General Data Protection Regulation. In its current form, subject to future changes, the PDP Bill envisages a much more rigorous approach, where it outlines the scope and controls in relation to digital profiling by entities. Once the PDP Bill is finally enacted, fintech companies in India may be required to invest additional resources and time to be compliant with the new regime.

Year in review

Set out below are some of the key regulatory developments in the fintech sector over the past 18 months.

To address concentration risk with the NPCI dominating the growing digital payments space, the RBI has introduced a framework for authorisation of a 'new umbrella entity' (NUE). The NUE will primarily focus on new payment systems, methods and technologies (especially in the retail space), as an alternative to the NPCI.

Recognising the crucial role of intermediaries in online payments (in particular their involvement in handling of funds in the transaction flow), the RBI has introduced a new framework to regulate in entirety the activities of 'payment aggregators' (PA) in India, which are intermediaries that facilitate merchants to accept various payment instruments from their customers. Going forward, non-bank entities providing PA services would need to comply with the authorisation, operational and prudential norms prescribed under the new guidelines. Further, e-commerce marketplace platforms can only provide PA services through a separate business from their marketplace business.

Regulatory sandboxes have been operationalised for live testing of new products and services in a controlled regulatory environment in the financial, securities and insurance markets. The SEBI-regulated entities have been permitted to engage third-party fintech entities to experiment with fintech solutions on a limited set of real customers. The RBI's regulatory sandbox has also initiated with the first cohort of entities having started testing their mobile and offline payment solutions. Further cohorts have also been announced to spur innovation in cross-border payments and lending to small and medium businesses.

The RBI has welcomed the growth of online lending platforms and digital delivery in credit intermediation in India. However, it has been wary of the wider systemic implications emanating from non-transparency of transactions and violation of extant guidelines on such platforms. Against this backdrop, the RBI has initiated a study to evaluate all aspects of digital lending activities (both by regulated and unregulated entities) so that a suitable regulatory approach to this extent can be put in place.

NBFCs in India have traditionally been subject to less rigorous regulations as compared to banks. However, in the backdrop of NBFCs' increased contribution and interconnectedness as a supplementary channel of credit intermediation, the RBI has proposed a re-orientation of the regulatory framework for NBFCs with a new scale-based regulatory approach linked to their systemic risk contribution in the financial sector.

Fintech entities in India have recently been subject to judicial scrutiny under writ and public interest litigation on issues such as violation of authorisation requirements, data localisation and data misuse. The petitions broadly seek judicial intervention to prohibit operations of fintech entities in India without a local presence and to direct regulators to develop a more comprehensive and stricter legal framework for technology and e-commerce companies operating in the financial sector in India.

Outlook and conclusions

Fintech innovation in India is now expanding beyond payments to cover other financial services, including banking, lending, insurance, broking and investment advisory. The growing strength of this sector is evident from the evolving collaborative relationship between traditional financial institutions and fintech entities, where the former are increasingly adopting technology-enabled products and delivery channels to expand market reach, gain operational efficiencies, strengthen data analytics and improve customer experience. The covid-19 pandemic accelerated trends that were already occurring in the sector, including increased fintech adoption among various stakeholders such as consumers, small and medium businesses, government bodies, banks and other financial institutions, including first-time user cohorts that were previously resistant to fintech.

In addition to the goal of a 'less-cash' economy, there is now an increased market and regulatory focus on other aspects such as business-to-business product offerings, contactless payments, offline transaction capabilities, interoperability in payment systems and development of cross-border digital payments infrastructure. Given India's large underbanked demographic with unmet financial needs and recent changes in consumer behaviour towards e-commerce, online streaming, tele-medicine and distance learning, the fintech sector presents further growth opportunities in India.


1 Avimukt Dar is a senior partner, Namita Viswanath is a partner, Shreya Suri is a principal associate and Priyanka Ashok and Shantanu Mukul are associates at IndusLaw.

Get unlimited access to all The Law Reviews content