Please click here to download the Prism as PDF.

What’s New?

RBI issues guidelines on default loss guarantee

The Reserve Bank of India (“RBI”) recently published the Guidelines on Default Loss Guarantee in Digital Lending (“DLG Guidelines”), which enable FinTechs to extend default loss guarantees (“DLGs”) to banks and non-banking financial companies (“NBFCs”) (collectively, “REs”). DLGs are contractual arrangements between FinTechs and REs, where the FinTech guarantees to compensate the RE for default losses up to a certain percentage of the loan portfolio of the RE.

DLG arrangements were common practice for the disbursement of digital loans until the RBI published the Guidelines on Digital Lending, which created regulatory uncertainty regarding the permissibility of such arrangements (discussed in the Eighteenth edition of our FinTech newsletter). In view of the DLG Guidelines, this regulatory uncertainty has largely been put to an end.

While the permissibility of DLG is a welcome move and demonstrates the RBI’s intent to facilitate growth of the digital lending industry, the extent of DLG which may be extended by FinTechs is limited to 5%  of the amount of the loan portfolio of an RE. While the purpose of this limit is to ensure that FinTechs can have some skin in the game while also ensuring that banks/NBFCs practice responsible lending – it is yet to be seen whether this limit will have a meaningful impact on the digital lending market in India.

Similarly, a mere arrangement to make good the default when it arises is not permitted under the DLG Guidelines – the DLG Guidelines also require DLG to be in the form of (a) cash deposited with the RE; (b) fixed deposits with a lien marked in favour of the RE; or (c) a bank guarantee in favour of the RE. The fact that FinTechs will need to set aside cash up-front to be compliant with the DLG Guidelines may not always be commercially feasible.

RBI publishes IT Outsourcing Master Direction

One year ago, in June 2022, RBI released the draft Master Direction on Outsourcing of IT Services. RBI has now finalized the draft and notified the Master Direction on Outsourcing of Information Technology Services (“IT Outsourcing MD”).

The IT Outsourcing MD ensures that information technology (“IT”) outsourcing arrangements between RBI-regulated entities and unregulated entities do not hinder the regulated entities’ ability to fulfill their obligations to customers or impede effective supervision by RBI. Overall, the IT Outsourcing MD imposes broad obligations on regulated entities, such as having in place a board-approved policy (with an exit strategy), risk management framework, grievance redressal mechanism and a legally binding agreement.

To clarify what falls within the scope of IT outsourcing, RBI has provided an indicative list of activities that are not considered IT outsourcing, including (a) information system audits; (b) maintenance services for IT infrastructure; (c) off-the-shelf subscription-based products; and (d) payroll processing. Notably, the IT Outsourcing MD also categorically calls out that FinTech firms that (a) merely offer data retrieval, data validation and verification services; or (b) provide co-branded applications – will not be considered vendors for the purposes of IT Outsourcing MD.

All regulated entities must comply with the IT Outsourcing MD by October 1, 2023.

For a detailed analysis, please refer to JSA prism dated April 24, 2023.

RBI amends KYC Master Directions

RBI has amended the Master Directions – Know Your Customer (KYC) Directions, 2016 (“KYC MD”) to bring it in line with the recent amendment to the Prevention of Money Laundering Act, 2002 (“PMLA”) and to comply with Financial Action Task Force (FATF) recommendations.

One notable change brought by RBI is the requirement for a regulated entity to implement a group-wide policy to discharge its obligations under the PMLA. In our view, this requirement will only apply to those group entities that are themselves considered ‘reporting entities’ under the PMLA. Thus, where a group entity is not a ‘reporting entity’ under the PMLA (such as an e-commerce marketplace or a social media intermediary), the requirement to implement such a policy will not arise.

Apart from that, changes have been made to customer due diligence obligations imposed by the KYC MD to bring them in line with the PMLA. These changes, again, will apply only where the regulated entity (such as a payment aggregator) maintains an account-based relationship with its customers.

Separately, the KYC MD also imposes an obligation on regulated entities to upload all KYC-related data collected on the Central KYC Records Registry (“CKYCR”) within 10 (ten) days of commencement of an account-based relationship with the customer, to ensure all entities have access to the information collected. These entities can then conduct a non-face-to-face KYC of these individuals. However, the KYC MD clarifies that where a customer is onboarded through the CKYCR (i.e., through a non-face-to-face KYC), regulated entities must classify such customer as ‘high risk’ and undertake more stringent monitoring, until such customer undertakes video KYC or physical KYC. Thus, while the KYC MD legitimizes the CKYCR process, it reduces its credibility.

RBI publishes draft Master Directions on Cyber Resilience and Digital Payment Security Controls for PSOs

On June 2, 2023, RBI released the Draft Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators (“Draft Cyber Resilience MD”). The purpose of this draft is to establish a strong governance framework that will effectively identify, assess, monitor, and manage cybersecurity risks. Stakeholders were given until June 30, 2023 to provide comments. This signifies RBI’s commitment to incorporate diverse perspectives and ensure a comprehensive and inclusive approach to cyber resilience and digital payment security. Notably, these master directions will be implemented in a phased manner, based on payment system operator size. For a summary of the draft, please refer to JSA prism dated June 7, 2023.

RBI introduces pre-sanctioned credit lines at banks for UPI

RBI plans to significantly expand the scope of unified payment interface (“UPI”). As per its Statement on Developmental and Regulatory Policies, RBI will now allow the drawing of pre-approved credit lines on the UPI platform. Previously, UPI transactions were limited to transfers between deposit accounts or using prepaid payment instruments (“PPIs”) such as wallets and smart cards and later, credit cards. With this new provision, UPI payments can now be financed by credit from banks.

This development has the potential to expand the consumer credit market in India. While the National Payments Corporation of India (“NPCI”) had previously allowed the linking of overdraft accounts to UPI, it did not gain much traction. However, the introduction of pre-approved credit lines on UPI could have a more significant impact by bringing users into the formal credit system and promoting financial inclusion.

By enabling credit-based UPI payments, individuals will have access to funds beyond their immediate bank balances, providing them with greater flexibility in managing their finances. This move by the RBI aims to encourage the use of UPI as a channel for credit-based transactions, promoting digital payments and enhancing financial accessibility for a wider population in India.

RBI plans to impose strict rules for retail PoS and QR code payments

Reports suggest that RBI is planning to introduce strict capitalization norms and mandatory KYC requirements for FinTechs involved in offline merchant payments through point-of-sale (PoS), mobile payment and QR code terminals. Currently, offline payment players such as Pine Labs, MSwipe, Innoviti Payments, and Ezetap are all managed by banks and card networks and operate under strict mandates of their partner banks. Relatedly, RBI is also said to be considering bringing QR code deployers, such as BharatPe, Paytm, PhonePe, and Google Pay under the ambit of offline payment aggregators.

This development follows RBI’s Statement on Developmental and Regulatory Policies from September, 2022 where it indicated its intention to extend online payment aggregator guidelines to offline payments.

Request to restore MDR charges on RuPay debit cards

The absence of merchant discount rate (“MDR”) on RuPay debit cards has been a longstanding concern for banks and payment service providers. In response, multiple banks and industry associations have approached regulators, urging them to reinstate MDR charges on RuPay debit cards. Industry bodies such as the Payments Council of India (“PCI”) and the Indian Banks’ Association have written to the Finance Minister, Nirmala Sitharaman and the Finance Ministry – emphasizing the need to restore MDR on RuPay debit cards. PCI has specifically highlighted the revenue loss faced by payment aggregators in processing RuPay payments through card infrastructure.

Quick Snapshots

1. New TPAPs on UPI: The UPI ecosystem has witnessed the entry of several new players serving as third-party application providers (“TPAPs”), facilitating person-to-person (P2P) and person-to-merchant (P2M) payments. Among them are Cred and Zomato. This development aligns with NPCI’s efforts to decrease user reliance on a limited number of dominant TPAPs within the UPI ecosystem. It also supports the implementation of the market share threshold set by NPCI, promoting a more diverse and competitive landscape.
2. PhonePe launches UPI Lite: In March, 2022, NPCI introduced UPI-Lite – an on-device wallet designed for small value payments. This innovation allowed offline payment for small value transactions (below INR 200 (Indian Rupees two hundred) (approx. $2 (US Dollars two)) without the need to enter UPI PIN. PhonePe has now incorporated this feature into its platform, offering its users the convenience of making small value payments even without an internet connection. This functionality will prove particularly beneficial in smaller towns and rural areas where transaction amounts are typically lower and internet connectivity may be unreliable.
3. HDFC announces merchant fee for wallet-based UPI transactions: In the Eighteenth edition of our newsletter, we discussed NPCI’s recommendation to levy an interchange fee of up to 1.1% on merchant UPI transactions performed using PPIs. HDFC Bank has now announced its decision to introduce a MDR of up to 1.2% for UPI payments made using wallets, gift cards, vouchers and similar instruments effective June 2, 2023. It is important to note that this MDR will solely apply to UPI payments made through PPIs. This move is expected to generate a much-needed revenue stream for payment system providers who have been facing challenges in maintaining profitability due to the low transaction fees associated with UPI.
4. RuPay enables CVV-less payments for tokenized cards: RuPay recently implemented a card verification value (“CVV”) free payment experience for its debit, credit and prepaid cardholders who have tokenized their cards in merchant applications or webpages. This initiative serves 2 (two) purposes – (a) promoting the usage of RuPay cards; and (b) encouraging cardholders to tokenize their cards. By eliminating the need for CVV during transactions, RuPay aims to enhance convenience and simplify the payment process for its users, while also promoting the adoption of tokenization technology for added security. This innovative step by RuPay aligns with its objective of providing a seamless and secure payment experience to its cardholders.
5. RBI is set to launch a portal for licensing, and approval applications: As part of its bi-monthly monetary policy statement, RBI has announced its intention to launch a secure web-based centralized portal named ‘PRAVAAH’ (Platform for Regulatory Application, Validation And AutHorization). PRAVAAH will enable entities with the convenience of applying for licenses, authorization or regulatory approvals directly from RBI. PRAVAAH aims to streamline the application process and enhance efficiency in obtaining necessary approvals from the regulatory authority.
6. RuPay in Russia: External Affairs Minister of India and Deputy Prime Minister of Russia have agreed to explore the possibility of accepting each other’s payment cards – RuPay (India) and Mir (Russia). This mutual acceptance of RuPay and Mir will help Indians and Russian citizens make hassle-free payments in Indian rupees and Russian rubles in their respective countries.
7. NPCI partners up with JCB: NPCI has partnered up with Japanese international payments brand – JCB International Co. Ltd (“JCB”) to offer 40% cashback for in-store purchases in UAE, Thailand, Malaysia and Spain using RuPay JCB debit and credit cards. This offer is valid till August 15, 2023. This is the third time NPCI and JCB have launched such a campaign. This move is in furtherance of NPCI’s goal to make RuPay card network a global phenomenon.
8. New NBFC licenses granted to FinTechs: RBI has granted NBFC licenses to 2 (two) FinTech companies – GetGrowth Capital, the NBFC arm of GetVantage and Jupiter.
9. PhonePe launches account aggregator services: The PhonePe group has launched account aggregator services through PhonePe Technology Services Private Limited (PTSPL). PhonePe has currently partnered with 4 (four) banks to provide these services. This feature will enable users to share all their financial data with financial institutions or financial information users for several use cases such as applying for loan, buying new insurance, getting investment advice, etc.
10. UPI co-branding restrictions:We understand that RBI and the NPCI have issued directives to PPI issuers, instructing them to cease enabling co-branding partners from using their PPI wallets to function as de-facto UPI applications. While interoperability for PPI wallets is achieved on the UPI rails – FinTechs have been using this functionality to enable UPI transactions through applications which are not technically TPAPs. However, RBI and NPCI have now clarified that such payments models are not permitted.

Investments in The Fintech Sector

1. PhonePe has raised $100,000,000 (US Dollars one hundred million) in a funding round led by General Atlantic. PhonePe plans to use this fresh funding to expand its services and enhance its technology infrastructure.
2. SBFC Finance, a non-bank lender, has raised INR 150,00,00,000 (Indian Rupees one hundred fifty crore) (approx. $ 18,000,000 (US Dollars eighteen million) from Amansa Capital through pre-IPO (initial public offering) placement.
3. XFlow, a technology infrastructure company that simplifies cross-border payments for businesses, has raised $ 10,200,000 (US Dollars ten million two hundred thousand) in a pre-Series A funding round led by Square Peg Capital. XFlow plans to use this funding for product development and market expansion within India.
4. Aqex Technologies India has raised $7,500,000 (US Dollars seven million five hundred thousand) in its pre-series A funding round. Apex plans to launch a crypto trading platform- Aquarius Exchange.
5. Credit card platform Kiwi has raised $ 6,000,000 (US Dollars six million) in a pre-seed round led by Nexus Venture Partners and Stellaris Venture Partners.
6. KarmaLife, a credit solutions provider for gig workers has raised INR 44,00,00,000 (Indian Rupees forty four crore) (approx. USD 5,300,000 (US Dollars five million three hundred thousand)in an extension to its pre-Series A funding round led by Krishna Bhupal’s family office and existing investor Artha Venture Fund, among others. KarmaLife plans to use this capital to scale and expand into new geographies and launch more products.
7. Castler, a FinTech startup that offers enterprise and individual customers with fast, secure and low-cost digital escrow services, has raised pre-Series A funding of $ 5,000,000 (US Dollars five million) led by IIFL FinTech fund and Info Edge’s fund, Capital 2B. The round also saw participation from Stride Ventures, Piper Serica with existing investors Zerodha, Venture Catalyst, 9Unicorn and Faad Network. Castle plans to use this fresh capital to expand its geographical footprints and banking partnerships.
8. PYOR has raised $4,000,000 (US Dollars four million) in its seed round led by Castle Island Ventures. PYOR plans on using this funding to expand its core infrastructure and product platform, specifically by enhancing its interpretation layer for digital assets. The funds will also be allocated towards team expansion in India and hiring for various new positions.
9. ai, a pharma supply chain startup that services retailers and distributors by providing financial tools to better manage their cash flows, has raised $3,000,000 (US Dollars three million) in a seed funding round led by Accel. Fundly.ai plans to use the funding to deepen engagement with existing customers, expand into new geographies, build technology and work on newer product offerings.
10. BharatNxt, a business-to-business focused startup, has raised $ 1,200,000 (US Dollars one million two hundred thousand) in a seed round led by Inflection Point Ventures. BharatNxt plans to deploy these fresh proceeds for product development and team expansion.
11. Tech, an on-premises AI provider, has raised USD 1,000,000 (US Dollars one million) in pre-seed funding. The funding round was led by Mohan K, founder and CEO of IppoPay. HaiVE.Tech plans to use this funding to scale up its operations by expanding its engineering and marketing teams. With an increased workforce, the company aims to cater to its existing client base and those on its waitlist.
12. Jarvis, an AI-based investment platform has secured an undisclosed amount in a funding round from Bestvantage Investments and Hem Securities. Jarvis will deploy the proceeds to further develop its technology stack and scale up user base.

This Newsletter has been prepared by:

Probir Roy Chowdhury Partner

Yajas Setlur Partner

Nikhil George Associate

Moushami Nayak Associate

For more details, please contact [email protected]