“Overall, on behalf of Paytm, I can say that it is more of a big speed bump, but we believe that with the partnership of other banks and the capabilities that we have already developed, we’ll be able to see through in the next few days or quarters…..”
- Vijay Shekhar Sharma, CEO Paytm & Promoter Paytm Payments Bank Limited
On 31 January 2024, the RBI imposed a series of restrictions on Paytm Payments Bank Limited. Starting 29 February, Paytm Bank cannot offer customers any banking and payment services, including wallets, UPI facility, bill payments, fund transfers etc. It must also terminate the nodal accounts of two of its group companies. Much has been said and written about RBI’s action and only time will tell whether it’s a speed bump or a head-on collision in Paytm’s journey.
Largely, two reasons emerged for the action against Paytm Bank:
First, KYC/AML violations: lapses in KYC/AML checks and inadequate KYC infrastructure.
Second, dependency on One97 Communications Limited (One97): One97 is the listed promoter company which owns the platform through which Paytm Bank distributes its banking/payment products. The bank’s co-dependency on One97 made the RBI uncomfortable.
Whether or not the regulator’s wrath is justified is speculative and futile at this point. The fact is that it has happened. Paytm must deal with the aftermath and the industry must deal with the second order effects of this action. A few learnings (from Paytm’s ordeal) are:
a. The obvious bit – KYC/AML compliance: Nothing new here. No interesting angle. No novel lesson. Just do your KYC and keep pushing it – which to be fair is akin to an ‘eat your vegetables’ sermon to the industry. Anyone in the business of moving or holding public money already knows how important robust KYC/AML systems are. But vegetables suck. So do endless KYC checks. KYC bumps up customer acquisition cost (especially if it’s in-person), making it more expensive and even unviable for small ticket financial products. It also bugs the customer. Many of us just give-up mid-KYC (a sort of ‘for the love of cake just take my damn documents and be gone’). As fintech lawyers, we’ve also fielded many a ‘cute’ interpretations of the RBI KYC guidelines. In the end we’d say, when it comes to KYC/AML checks – err, dear industry, on the side of caution. Digital financial safety is not only crucial to the regulator, it is also becoming a political hot-potato. Resist the honey-trap of ‘frictionless’ on-boarding. KYC, by definition, adds friction to the user experience. Let it.
b. The daunting part - detangling regulated and unregulated functions: This is a tricky one. Most fintech businesses offer multiple regulated and unregulated products/features through a single umbrella platform. The platform (and the brand) is owned by a parent company where the core value vests. The platform may not on its own operate a regulated financial services business. Instead, these regulated businesses/products may be housed in group companies. Inevitably, there may be dependency and overlap between the regulated and unregulated businesses - where the group companies rely on the unregulated parent company for marketing, distribution, customer acquisition etc. This dependency between One97 and Paytm Payments Bank seems to have irked the regulator. So, should financial services platforms consider restructuring their offerings? Yes, we think so. The best case is to unbundle all regulated and unregulated activities - house them in separate apps/platforms. If that’s not doable, then at the very least, these are a few principles to consider:
Arms-length distance (both, in form and substance) between group companies: Don’t engage in any activity with your group entity, that you wouldn’t with a third-party. Create sufficient distance between functions of group companies. This is basic hygiene and good governance.
Data-sharing hygiene: In a platform play, there may be bi-directional data flow between unregulated (platform-owning) entity and regulated entity. Data may be collected at two levels: First, the platform-owing entity (that acquires users) generates and collects ‘user data’. Second, the regulated entity generates and collects ‘customer data’ to offer its financial product to platform users (that avail these products). Now, the platform-owning entity may share user data with the regulated entity and the regulated entity may share customer data with the platform. This data sharing must not be unfettered. Data should not be porous across group entities. Creating data-sharing hygiene within the group is important. Of course, data-flow from the regulated entity to the unregulated group entity is a far more slippery territory than the other way round.
Extent of control and co-dependency: If regulated entity excessively depends on the platform to steer its business operations (like marketing, product distribution, access to the brand name, sourcing capital etc.), it could be problematic. It should retain a demonstrable degree of independence and control over its business activities. In other words, if the platform is hit by a storm, the regulated entity should be able to weather it.
Separate employees: Have a separate set of personnel/employees oversee the regulated and unregulated products/functions/features. So that the segregation (of both entities) exists functionally (not just optically).
A cleaner UI/UX: The customer is often unaware that there is another entity behind the platform that offers the regulated product. This happens when the brand of the platform-owning entity becomes synonymous with all the products and services offered through that platform. This is a red flag for the RBI. We saw this concern pop-up in the context of digital lending, when the RBI said that the borrower must know that the loan is offered by a regulated entity (and not a service provider of the entity). To sum-up, the platform’s unregulated features and regulated product should not be co-mingled. So, consider structuring your UI/UX in a way that the customer can discern that the entity offering the regulated product and the one powering the platform, differ.
(This post has been authored by the fintech team at Ikigai Law. It was originally published in the February 2024 edition of our monthly fintech newsletter, FinTales.)
