Digital Payment and InsurTech Law in India
Updated: Mar 17
We will now delve into how each type of FinTech Company is regulated under the current legal regime. It shall involve the regulatory compliance aspects as well as the laws that are crucial to their existence in the market. We shall also discuss the concept of Regulatory Sandbox utilized by these companies to try out new financial products and services under the different heads:
In PART II, we shall discuss the existing legal framework behind digital payment and InsurTech companies.
Digital Payment (FinTech) Companies:
General Mode of operation: These companies do not charge the users any fee or any commissions when they pay their bills. They make their money through the commissions it get gets from service providers and Bill payments. These companies also promote certain other services on their app as a “marketplace” to make users buy more and more products/services.
Moreover, these payment systems have adapted alternate business models.
For example, RazorPay, a company launched in 2014, focuses on payment scheduling and streamlining for its clients. Many start-ups currently use their services to pay their wage bills and other operational costs.
Digital payment systems have also lead to an exponential growth in consumer spending in the E-commerce sphere. The same goes for wealth management FinTech services where, one can directly transfer funds from their bank account to their DMAT (Dematerialized) Account via UPI.
The legal framework:
The Payment & Settlement Systems Act 2007 (P&SS) :
It is the principal legislation, governing the payments regulation in India. This act prohibits the initiation and operation of any ‘payment system’ in India without prior assent of the RBI [Section 4]. Payment mechanisms include credit and debit card operations, smart card operations, money transfers, and Prepaid Payment Instruments [PPI] (except closed-system PPIs).
Under Section 2(i) “Payment System” is defined as a system that enables payment to be effected between a payer and a beneficiary, involving clearing, payment or settlement service of all of them, but does not include a stock exchange”
The aforementioned Act designates RBI as the authority for supervision of payment systems and also provides for the constitution of the Board for Regulation and Supervision of Payment and Settlement Systems comprising of the RBI Governor, Deputy Governor, at least 3 Directors from the RBI Board under [Section 3] of the P&SS Act.
Any person (also juridical persons) desirous of commencing or carrying on a payment system can apply to the RBI under Section 5. After an application is submitted, the RBI may make such inquiries as it may consider necessary for the purpose of satisfying itself about the genuineness of the particulars furnished by the applicant, his capacity to operate the payment system, the credentials of the participants or for any other reason under Section 6. If it is satisfied, it may authorize the same under Section 7 (subject to certain considerations).
However, under Section 8, if a system provider-
Contravenes any provisions of this Act, or
Does not comply with the regulations, or
Fails to comply with the orders or directions issued by the designated authority, or
Operates the payment system contrary to the conditions subject to which the authorization was issued,
The Reserve Bank may, by order, revoke the authorization given to such system provider under this Act.
Under Section 11, no payment system provider change the structure or operation of payments without the prior approval of the RBI. After approval, they have to issue a 30 day notice prior to making such structural changes to the system.
Section 12, 13, 14: The RBI has the power to call for documents and other relevant information to be furnished before it, the system participants also have to provide unfettered access to RBI. Under Section 14 especially, the RBI holds the power to enter and inspect the premise where such payment system is hosted to ensure regulatory compliance. All such information passed to or collected by the RBI shall remain confidential under Section 15. Under Section 16, the RBI is empowered to conduct audits (cooperation from the system providers is mandatory).
Upon commission of an offence under this Act, no court can take cognizance of the same unless the RBI makes a written complaint to a court (not lower than the Judicial Magistrate of the first class) under Section 27.
National Payments Corporation of India (NPCI) was set up, with guidance and support of RBI and the Indian Banks' Association (IBA), as an umbrella organisation for retail payments system in India.
It was incorporated in December 2008 as a Section 25 company (not-for-profit company) under Companies Act, 1956 (now Section 8 of Companies Act, 2013) with the aim to operate for the benefit of all member banks and their customers, create infrastructure for operating pan-India systems with high availability and scalability to process increasing volumes of retail electronic payments, etc. NPCI is the operator and regulator of the United Payments Interface (UPI), an initiative by the RBI.
Roles & Responsibilities of NPCI:
NPCI owns and operates the Unified Payments Interface (UPI).
NPCI prescribes rules, regulations, guidelines, and the respective roles, responsibilities and liabilities of the PSPs and TPAP, with respect to UPI. This also includes transaction processing and settlement, dispute management and clearing cut-offs for settlement.
NPCI approves the participation of Customer Banks, PSP, Third Party Application Providers (TPAP) and Prepaid Payment Instrument issuers (PPIs) in UPI.
NPCI provides a safe, secure and efficient UPI system and network.
NPCI provides online transaction routing, processing and settlement services to members participating in UPI.
NPCI can, either directly or through a third party, conduct audit on UPI participants or call for data, information and records, in relation to their participation in UPI.
NPCI provides the PSP access to the system where they can download reports, raise chargebacks, update the status of UPI Payment Transactions, etc
Insurance FinTech Companies (InsurTech):
General Mode of operation: These companies involve the use of automated systems that analyse and process the applicant’s data using set AI algorithms, predictive analytics and empirical analysis to assess risk and provide quotations faster than any human (thereby removing humane elements like bias, preconceptions etc. from the process). The use of AI also facilitates quick filing of applications which are immediately checked for feasibility and applicability with the applicant’s policy choice.
Raising claims has been made quite convenient by InsurTech companies as the customer’s physical presence for filing a claim has been dispensed with. Many large insurers now allow clients to file claims through an app, which usually takes only a few minutes. These services simplify the procedure for users and assist the insurer in organizing important information.
However, the main reason for the growth of these companies is because the concept of digital insurance appeals to the younger generation. They are equipped with complete information whenever they visit these portals/apps and thus, are able to make an educated decision regarding the policy they want to buy-in.
The legal framework:
Like traditional insurance companies, InsurTech companies have to be in compliance with the provisions of the Insurance Act of 1938 and the rules and regulations formulated by the Insurance Regulatory and Development Authority (IRDA).
The companies looking to operate in the insurance sector have to get a license from the IRDA under Section 42 of the Insurance Act 1938 and also meet the capital requirement criteria under Section 6 to get themselves registered under the IRDA.
Another important aspect in this space is the existence of Insurance Repositories - companies that are granted certificate of registration by the IRDA for the sole purpose of maintaining data of insurance policies on behalf of insurers. Currently there are 5 licensed insurance repositories in India:
NSDL National Insurance Repository (NIR)
CDSL Insurance Repository Limited
Karvy Insurance Repository Limited
CAMS Repository Services Limited
SHCIL Projects Limited
The insurance plans provided by InsurTech companies are classed as “E-Insurance” by the IRDA
The Insurance Regulatory and Development Authority of India (Issuance of E-Insurance Policies) Regulations, 2016 governs the issuance of insurance policies by InsurTech companies.
Under Regulation 2(vi) an e-insurance policy is defined as:
“A policy document which is an evidence of insurance contract issued by an insurer and digitally signed in accordance with the applicable provisions prescribed by law and issued in an electronic form either directly to the policyholder by the insurer or through the platform of registered Insurance repository.”
Under Regulation 3, every prospect shall be issued an e-proposal (approved by the IRDA) and such form should be able to capture all necessary details, electronically. In case the prospect does not have an [eIA] number (electronic insurance account number), the issuer shall make arrangements for the same.
Under Regulation 4, e-insurance policies may be issued directly or via Insurance repositories [4(ii]. All policies issued electronically shall also be issued physically unless the IRDA exempts the same under [4(iii)] or the issue is made through the repository.
Under Regulation 5, an insurer may offer discount in premium rates to policyholders for e-insurance policies that are exempt from issuance in physical form [5(i)]. The same provision makes it mandatory for insurance issuers to issue e-policies in disaster prone and vulnerable areas.
In case of listed companies in this space, they do not have to abide by SEBI regulations and circulars (especially when it comes to financial reporting)
Under the SEBI Circular [CIR/CFD/FAC/62/2016 dated July 05, 2016], the following was specified:
“For the period ending on or after March 31, 2017, the formats for Unaudited/Audited quarterly financial results to be submitted by the Listed Entities, with the stock exchanges, shall be as prescribed in Schedule III to the Companies Act, 2013.
However, Banking Companies and Insurance Companies shall follow the formats as prescribed under the respective Acts/Regulations as specified by their Regulators.”
#Stay tuned for PART III which shall focus on Lending and WealthTech companies and shall understand under which regulation they are operating.