The RBI has informed the Delhi High Court that operations of techfin firms such as Facebook, Google and Amazon in India’s financial sector space are being regulated under the relevant laws and they have been permitted to function only after necessary compliances.
A similar stand has been taken by markets regulator Sebi which said that there are already adequate provisions in place providing mandatory registration for any entity entering into the securities market.
The Securities and Exchange Board of India (Sebi) has also said that it has constituted a Market Data Advisory Committee “to recommend appropriate policy for access to securities market data, identify segment wise data perimeters, data needs and gaps, recommend data privacy and data access regulations, etc”.
The submission by Sebi and Reserve Bank of India have been made in response to a PIL seeking a detailed legal framework for regulating operations of techfin companies such as Facebook, Google and Amazon in India’s financial sector space.
RBI said the decision to allow an entity to operate on Unified Payments Interface (UPI) is solely taken by the National Payments Corporation of India (NPCI) which has framed the system rules, guidelines and procedures governing the UPI payment system
“NPCI has, accordingly, allowed Amazon under the single sponsor bank model of UPI, Google and WhatsApp under the multi-bank model to operate as Third Party App Providers (TPAPs),” RBI said in its affidavit filed in response to the petition by Resmi P Bhaskaran.
Bhaskaran, in her plea filed through advocate Deepak Prakash, has alleged that the “lackadaisical approach” of Indian financial regulators permits unregulated operation of techfin firms and claims that this could adversely affect the financial stability of the country.
Opposing the claims in the petition, RBI has said it also has authorised various non-bank companies over a period of time to issue and operate semi-closed prepaid payment instruments (PPls) in India in accordance with its powers under the Payment and Settlement Systems (PSS) Act, 2007.
“Amazon was one such non-bank company which was authorised on March 22, 2017 to issue and operate a semi-closed prepaid payment instrument in India. Thus, in addition to being a TPAP under UPI, Amazon also operates a digital wallet (a form of PPI),” it said.
RBI has further said that “with the increase in intermediation and rapid adoption of technology, there were growing concerns about the un-regulated players (payment gateways, payment aggregators, technology service providers, etc.) capturing personal information of the customers while carrying the payment transaction messages”.
Therefore, RBI considered it important to have unfettered supervisory access to data stored with the system providers as also with their service providers, intermediaries, TPAPs and other entities in the payment ecosystem and issued a circular on April 6, 2018, “mandating all system providers to ensure that the entire data relating to payment systems operated by them is stored in a system only in India”.
“This data should include the full end-to-end transaction details, information collected, carried, processed as part of the message or payment instruction,” it has said.
RBI has further said that according to communications received from NPCI, Amazon complied with its 2018 circular in November 2018 itself, while Google Pay had complied by January 2020 and WhatsApp by June 2020.
The top bank of the country has also said that while it regulates and supervises NPCI and PPI issuers like Amazon, it does not give approval or authorisation to TPAPs who are governed by the rules and guidelines framed by NPCI for the UPI payments system.
“The statement made by the petitioner that techfins, despite being unregulated, are providing core banking activities by partnering with financial institutions, is totally baseless and unfounded.
“Such entities do not provide any core banking activity other than acting as an authorized payment system operator or providing interface to customers for linking to UPI system or acting as co-branding partner to an existing regulated entity,” RBI has said.
It has also said that it has also taken steps recently to bring the payment aggregators also under the regulatory fold.
“As payment aggregators handle funds, full-fledged mandatory guidelines were issued to them. On the other hand, as payment gateways do not handle funds, baseline technology related measures that are recommendatory in nature were prescribed,” it has said in its affidavit.
Bhaskaran, in her plea, has claimed that unregulated operation of techfin entities in the financial sector can lead to financial crisis and leakage of personal data.
It has claimed that these companies have a “deep well of data and an established international network” which gives them an advantage in the financial sector.
However, they are “neither subject to client/ customer/investor protection rules nor regulatory measures that ensure functioning of financial markets and prevent build-up of systemic risk”, the petition has contended.