Pressure rising on fintechs as RBI amps up compliance norms
Payments services providers and fintechs are facing the heat from heightened compliance requirements as the Reserve Bank of India intensifies scrutiny of their processes and security management. This move aims to prevent potential disruptions and maintain stability in the financial sector.
The central bank is not only delaying the granting of licenses, but is also conducting audits of companies after they receive their licenses to ensure they adhere to compliance requirements.
Industry officials have noted that this represents an additional layer of scrutiny imposed on them.
More than 20 fintech companies including Amazon Pay, Groww, PayU and Worldline have been granted payment aggregator licenses in 2024.
A fintech company, which recently received its payment aggregator license from RBI, is preparing for an audit of its systems and processes. “We are going through our first audit after getting the license,” a senior official in the company, who did not wish to be named, said.
He pointed out that RBI had ratcheted up its compliance requirements to the next level, especially after the DPDP (digital personal data protection) Act.
The Chief Technology Officer at another newly licensed payment aggregator said, “Most of our time now goes in compliance and security management. We have to submit to additional rounds of audit from RBI now that we are a licensed entity.”
The RBI is closely monitoring the processes established by fintechs to ensure they are effective and ongoing. This includes verifying that security systems are robust, KYC norms are adhered to, customer onboarding is transparent, settlements are smooth, and the companies have the capability to scale up.
“RBI is assessing whether we are doing innovations and adequate investments, and whether we are able to take the load,” said the first official quoted.
RBI did not respond to the email seeking clarification on the developments.
The heightened scrutiny is part of RBI’s larger crackdown not only on fintechs but also on banks, violations in respect of customer acquisition through online and digital channels, issuance of credit cards and outages that disrupt banking and payments services.
In February this year, RBI’s strict action against Paytm Payments Bank halting deposits, credits and top-up transactions came as a jolt for the fintech as well as the industry. The stringent curbs came after several crackdowns on the entity over the years following several violations, including even filing false compliance reports.
In April RBI barred Kotak Mahindra Bank from onboarding new customers through online and mobile channels and issuance of fresh credit cards. The bank was found to be not compliant with IT risk and information security management.
In 2020, RBI had put curbs on HDFC Bank from sourcing new credit card customers and new digital offerings, as it found that there were incidents of outages in its internet and mobile banking facilities.