“Digital players will increasingly have a critical role across India’s banking sector.Effective regulation is a priority for RBI, and it should not constrain innovation in the fintech space.”
– Shaktikanta Das, RBI Governor
The RBI Governor’s message is on point. This reminds me of an adage by Stewart Brand. That once a new technology rolls over, you are either on the steamroller or the road. Digital players are critical for innovation in financial services. When fintech rolls over, the regulator would rather be on the steamroller (with digital players).
On this note, welcome to the 5th edition of FinTales! If you missed our previous editions, you could read them here. Write to us if you (or someone you know) wants to subscribe.
Last month had both highs and lows for fintech. RBI upped the ante by extending RTGS and NEFT membership to non-banks. Pre-paid instruments (PPI) are set to become completely interoperable, and cash withdrawals using PPIs will be possible. Subscription-based businesses are upset with RBI’s new rules on recurring payments. Card payments are about to become less convenient. NPCI clarified how UPI apps can adhere to the 30% market cap. And China starts trial for digital yuan.
Let’s dive in!
Fintech set to dethrone banks as RBI’s favourite child
“Banking is necessary, banks are not”
-Bill Gates (1994)
I love digging up quotes that endure the test of time. Like this Bill Gates’ quote from the 90s.
Currently, 160 million users pay digitally. And only 3 central banks in India have dedicated FinTech departments. The projected market size for digital payments by 2025 is INR 7092 trillion. Digital payment companies (and not banks) enable this growth.
RBI is taking active steps to encourage digital players’ participation in financial services. A quick look at the major changes the RBI has proposed in its latest monetary policy statement, mentioned below, makes it obvious.
Fintech companies to become a member of RTGS and NEFT club
Real Time Gross Settlement (RTGS) and National Electronics Funds Transfer (NEFT) are RBI operated centralised payment systems. RTGS is for processing of high-value transactions (above INR 2 lakhs). NEFT is for processing transactions of all denominations. Only banks could be members of these payment systems, so far. RBI is now planning to open up RTGS and NEFT memberships for non-banks too. Which includes pre-paid instruments (PPI) issuers, white-label ATM operators, card networks, etc. This will further RBI’s aim of financial outreach and inclusion. And reduce settlement risks. RBI also hopes to make digital payments cost-effective through this move.
But this will also expose fintech players to direct regulation by RBI. RBI will propose directions for use of RTGS and NEFT by fintech players soon. Now, will RBI roll-out bespoke regulations (for fintech players), which will promote innovation? We hope so.
RBI’s feeble attempt to revive PPIs
PPIs like e-wallets, which were once the digital payments poster child, have lost their sheen over time. First, RBI mandated KYC norms for PPIs. Then came the competition from UPI. The value proposition for PPIssurvived only for a few use cases. The new changes proposed by RBI for PPIs is a feeble attempt to revive the industry which has endured a few near-fatal blows.
RBI has decided to make interoperability mandatory for all PPIs with full-KYC (full KYC PPIs). In 2018, RBI allowed interoperability for PPIs. For e.g., funds from a Paytm wallet can be transferred to a PhonePay wallet. In addition, to incentivise users, RBI will also increase the amount one can hold in full KYC PPIs, from 1 lakh rupees to 2 lakhs rupees. This will place PPIs on a similar footing with UPI. Which is the gold standard for interoperability.
As a bonus, RBI will also allow cash withdrawal from all full KYC PPIs. Currently, only open PPIs (issued by banks) that have full-KYC are eligible for cash withdrawals.
But like us, are you also wondering why now? Well, it is no secret that instances of failed UPI transactionsare soaring. And the current payment infrastructure may not be mature enough to handle COVID induced increase in digital payments. So, PPIs may just have their moment in the sun.
Choice between security and convenience: the latest quandary of payments business
Are convenience and security dichotomous ideas? In one way, yes.
The bedrock for payments business for RBI is security. The recent RBI guidelines on recurring payments and storage of card details indicate that. On the other hand, payments industry aspires to make digital payments convenient. So much so that customers can complete payments by blinking their eyes (quite literally). Is there a middle ground for these two ends of the spectrum? Let’s explore.
RBI clears the air around storage of card details by payment aggregators
Most of us save our card details with online merchants like Amazon, BookMyShow, Big Basket, etc. We enter a couple of smaller details, and our OTP. And our payment is done. These details are also saved by payment aggregators (PAs) which allow merchants to accept payments through different modes from customers. It helps them to process transactions without friction. But RBI’s recent clarification on payment aggregators and payment gateways guidelines (PA/PG guidelines) states that both the PAs and merchant cannot store any card details of customers. This will become effective from December 31, 2021.
RBI’s paranoia stems from the past instances of data leaks. So, it wants to prioritise security. But, at what cost? Inability to store card details will create friction and user dropouts. Imagine entering your 16-digit card number every time you want to make a payment!
This will also create wider adoption of UPI. And it will negatively affect the adoption and use of card payments. But is the UPI infrastructure prepared to handle such huge transaction volumes? Will this not lead to concentration of risks (in UPI payments)? Frauds in UPI transactions are also on rise. Card payments help distribute the risk. And share the infrastructural load. So, this policy, in a way, hits at security too along with convenience.
Is there any middle ground? Possibly.
Industry has been advocating to let the PCI-DSS compliant merchants and PAs store card data. And not measure all the industry players against the same yardstick. The recent RBI clarification manifest that RBI has not bought this argument.
So, is tokenisation the next alternative? In tokenisation, actual card details are saved by card networks. And merchants or PAs are issued a token to identify the unique combination of card, merchant/PAs and device used for transaction. Now, this may be the middle ground. If adopted, merchants/PA will be able to offer the same convenience to customers (of not entering card details for every transaction). Without storing card details.
But, tokenisation is a new and nuanced technology. The entire payment ecosystem (merchants, payment aggregators, card networks, issuing bank, acquiring bank etc.) will have to be readied for adoption. Which will take time. Saving card details only by banks and card networks may also lead to concentration of risks. So, stress-testing the tokenisation model, and allowing sufficient time for implementation may be the way ahead.
Recurring payments face a road bump
The payments industry and RBI seem to be at loggerheads over the issue of recurring payments.
Recurring payments are crucial for subscription based digital products. Be it a payment for Netflixsubscription, monthly electricity bills, or insurance premiums – all a consumer needs to do is set an auto-debit instruction. Consumers need not keep a track of due dates, and merchants receive their payments timely. This will change.
RBI’s 2019 notification requires banks to notify their customers before and after any recurring debit. For registration and first transaction, additional factor authentication (AFA) (like an OTP) is required. For transactions above INR 5000 too, an AFA is required. This requirement is agnostic of the payment mode. And applies to card payments, UPI and PPIs alike. Industry players are clearly not happy. This might need mean major changes in the way banks and merchants operate. User dropouts are also expected.
This notification was to become effective from April 01, 2021. But banks and merchants couldn’t meet this deadline. So RBI extended the deadline till September 30, 2021. With a stern warning that action will be taken against non-compliant entities.
We agree that this stance will secure customers. But is the cost for security (in terms of convenience) too high? Will it drive away foreign service providers from India? Payment ecosystem is clearly not ready for this change yet.
On a separate note, this will not impact the Bharat Bills Payment System (BBPS) or the National Automated Clearing House (NACH) – both NPCI products. Which will lead to their greater adoption.
How will the 30 % market-cap on UPI transactions work?
2020 was a milestone year for UPI. It consistently clocked over 2 billion transactions per month in October, 2020 to December, 2020. And became the go-to-choice for short-ticket digital payments. Dominant players for processing of UPI transactions also emerged. PhonePe and Google Pay collectively process over 70% of all UPI transactions. NPCI saw this as a concentration risk. And introduced a 30% cap for UPI transactions processed by third-party UPI app (TPAP) (on a quarterly basis).
NPCI has now release a detailed SOP for calculation of the 30 % cap. TPAPs which breach the prescribed cap have until end of December, 2022 to comply with the cap. TPAPs may do so by controlling new customer acquisition, and reducing transaction volumes. NPCI may also penalise TPAPs for non-compliance.
But will NPCI achieve its goal for promoting competition with this policy? Will this move be counterproductive for UPI adoption – where users and TPAPs shy away from UPI due to lack of open model and easy choices? Also, why is this cap limited to TPAPs, and not extended to banks who facilitate these UPI transactions? After all, they are also exposed to similar risks.
Many players see this as a move of NPCI to promote home-grown players over bigger foreign players. What if a user prefers to use a particular TPAPs, because it enjoys certain benefits, or finds the interface of the TPAP engaging? This also hits at the democratisation of the best TPAPs for consumers.
Is India ready for a crypto-Rupee?
GoI is working on a draft of the Cryptocurrency and Regulation of Official Digital Currency Bill, 2021 (Cryptocurrency Bill) to ban ‘private cryptocurrencies’ in India, and introduce a centrally-backed digital currency (CBDC) as an alternative to private cryptocurrencies.
Is a CBDC for India a good idea: Yes
Is a CBDC an alternative to private cryptocurrencies: No
An Indian CBDC will allow our central bank to control cash supply more efficiently, and track it in perpetuity. This has the potential to make a dent on India’s large shadow economy. It can help the RBI increase financial inclusion and directly access any user with a phone and internet, without relying on intermediaries.
Now India is not alone in realising the potential of CBDCs. Last month, the People’s Bank of China started trials, and many believe that China has larger ambitions for its digital yuan, i.e. to challenge the dominance of the USD and “bypass the Western banking system.” Sweden, Singapore and the United Kingdom are also planning pilots or evaluating proposals for their CBDCs. While it is important for India to not be left behind, a CBDC is not an alternative to private cryptocurrencies. The primary use case of a CBDC is as currency, whereas private cryptocurrencies such as bitcoin and ether are employed as an investment asset or utility tokens. CBDCs and private cryptocurrencies serve different purposes and should co-exist.
Tell us what you think about the developments we covered. Or if you’d like us to cover any other development in our next edition.
Write to us at contact@ikigailaw.com.
See you in May!
Yours,
Ikigai Fintech Team
