RBI Deputy Governor warns of fintech risks
While fintech platforms offer immense benefits such as accessibility and hyper-personalisation, they also heighten the risk of misuse and fraud, cautioned RBI Deputy Governor Swaminathan J.
“They can expose consumers to risk of cyberattacks, data breaches, and often times, some financial harm. Consumers may struggle to resolve disputes or obtain compensation due to lack of transparency on the part of such players,” the Deputy Governor said in recent a speech at the Global Money Week 2024 in Paris.
- Also read: Fintech loans jump 46% in Q3: Report
He emphasised that these new risks must be addressed through robust regulatory frameworks, enhanced cybersecurity measures and increased consumer awareness initiatives.
Swaminathan noted that despite regulatory and supervisory measures, instances of unauthorised transactions due to compromised credentials from phishing attacks or customer negligence are not uncommon.
RBI, therefore, makes concerted efforts to foster a culture of financial prudence and resilience through customer awareness and education campaigns.
“As we focus on safeguarding the young, let us not forget the vulnerability of our senior citizens to financial frauds and cybercrime. It is incumbent upon us to extend our efforts to ensure their financial security and well-being as well,” he said.
Swaminathan observed that it is imperative that the financial sector players remain vigilant and proactive in addressing the emerging risks and challenges.
“By implementing robust regulatory frameworks, enhancing cybersecurity measures, and promoting consumer awareness and financial literacy, we can mitigate the risks associated with digitalisation and protect consumers from exploitation and fraud,” he said.
The Deputy Governor said one of the notable initiatives of the Government of India is the Indian Cyber Crime Co-ordination Centre (I4C) for better coordination amongst law enforcement agencies.
Under this initiative a National Cyber Crime Reporting Portal has been set up with a 24x7x365 national helpline number to allow victims of cyber-fraud to report such crimes, he added.
Regulatory measures
Among the regulatory and supervisory measures that RBI has put in place include implementation of multi-factor authentication for all payments through electronic modes and fund transfers; and security controls for internet banking, mobile payments application and card payments security.
Further regulated entities (REs/ financial intermediaries) are required to conduct risk assessment of the safety of digital payment products as well as suitability and appropriateness of the same vis-a-vis the target users, both prior to establishing the service and regularly thereafter.
They are also required to have systems to identify suspicious transaction behaviour and mechanisms in place to alert customers of the same.
To protect customers, the Deputy Governor said regulations provide for zero liability for customers for losses due to negligence by the bank or a third-party breach. Where it is due to customer negligence, the liability is limited to the point of reporting.
RBI has also issued guidelines on digital lending which require regulated entities to provide a key fact statement (KFS) to the borrower before the execution of the contract.
This statement must disclose the annual percentage rate, the recovery mechanism, the grievance redressal mechanism, etc. Any fees or charges, including penal charges, which are not mentioned in the KFS cannot be charged to the borrower.
Swaminathan said regulatory requirements are backed by a strong supervisory framework that inter-alia evaluates business conduct and IT system controls. Where warranted, RBI takes appropriate supervisory actions including imposition of business restrictions.