Credit lines on UPI, UPI interchange fees, Crypto entities brought under the PMLA and more...

10th April, 2023

Welcome back to MoneyRules, Setu’s newsletter on fintech regulatory developments in India, written by Sriya Sridhar, Madhuri, Drishti Ranjan and Vinay Kesari. 

Here are some notable takeaways since our last issue!

UPI to get a credit boost

The RBI in its quarterly policy statement proposed to “expand the scope of UPI by enabling transfer to / from pre-sanctioned credit lines at banks, in addition to deposit accounts.” 

Currently, the overwhelming use of UPI is to transfer money from deposit (ie. savings and current) accounts to other such accounts. While NPCI already allows UPI payments through two types of credit products (RuPay credit cards since end-2022, and overdraft (OD) lines linked to deposit accounts since the release of the UPI 2.0 spec in 2018), these are yet to make a significant impact. While RuPay credit on UPI is being progressively rolled out by major banks over the last few months, the penetration of RuPay in the credit card market is still relatively low. And OD on UPI has never really gotten off the ground, possibly due to inherent limitations with OD as a credit product.

This new move from the RBI could open up the doors for NPCI to allow linking of all manner of credit products to UPI, given the broad meaning of ‘pre-sanctioned credit lines’, and the delinking of UPI from deposit accounts. Some of the interesting questions that arise include:

1. Can existing Visa/ MasterCard credit cards (and the underlying unsecured revolving bank credit line) now be linked to UPI? We covered this possibility when it was rumoured in February.

2. What types of new revolving credit products can be built to best utilise UPI rails? After the crackdown on some new types of BNPL products (by barring credit lines linked to PPI, the Guidelines on Digital Lending, etc.) we could now see a resurgence in BNPL products built over UPI.

3. The RBI’s statement mentions only banks, and currently only banks and PPI licensees are UPI issuers within the NPCI system. To unlock the full potential of credit over UPI, will NBFCs (who are key when it comes to consumer credit) be brought within this fold?

The RBI has promised ‘detailed instructions’ to follow, which will hopefully shed more light on these and other questions.

News coverage we liked on this topic: This explainer on Finshots. 

NPCI introduces interchange fee for UPI over PPIs

On March 24th, NPCI released a circular introducing an interchange fee (payable by the acquirer to the issuer) of 1.1% on UPI transactions of over 2,000 INR using prepaid payment instruments (PPIs) at online, large, and small offline merchants. Certain listed Merchant Category Codes will be subject to specific interchange fees (ranging from 0.5% to 1.1%) that may be different. The circular also  clarifies that P2P and P2PM transactions will not be subject to this interchange. Finally, the circular also introduces a service charge of 0.15% for wallet loading transactions over Rs. 2000, payable by the PPI issuer to the remitting bank. 

Responding to subsequent rumours that this fee would apply to all UPI transactions, on March 29th NPCI released a clarification that there will be no charges for normal UPI payments made from bank account to bank account. The NPCI also emphasised that customers will not be charged any fees for using UPI payments for their transactions.

Overall, this is a significant development in relation to charges in the UPI ecosystem, which has been a much debated issue for the industry (you can read our previous coverage on this issue here and here), and leads to a welcome source of revenue for system participants. It will be interesting to see how the PPI industry adapts to the new fee structure, and whether this move signals future fees associated with other types of UPI transactions.  

News coverage we liked on this topic: This explainer on Livemint.

Scope of PMLA expanded to include crypto entities 

On March 7th, the Finance Ministry  announced the extension of the Prevention of Money Laundering Act (PMLA) to include entities dealing in virtual digital assets (VDAs) or cryptocurrencies as ‘reporting entities’ (REs). 

As REs, entities involved with VDAs such as crypto exchanges, custodial wallets, etc. will be required to abide by a number of regulatory requirements, including KYC standards, record-keeping, reporting of suspicious transactions, the appointment of a compliance officer, and engaging with regulatory authorities to seek guidance on compliance issues. They will also now be required to notify the Financial Intelligence Unit - India (FIU-IND) of any suspect cryptocurrency-related activities for investigation.

This latest development is part of a series of measures taken by the RBI to regulate the crypto space (you can access our previous coverage on this issue here).  Since this regulation was notified, many industry players have moved swiftly to comply with the norms by registering as REs with the FIU-IND. The move is being seen by some as an encouraging one, signalling increasing legitimacy being granted to the crypto ecosystem.

News coverage we liked on this topic: This explainer on The Hindu. 

Amazon Pay penalised by RBI

On March 3rd, RBI announced that it has imposed a penalty of 3.06 INR crore on Amazon Pay (India) Private Limited (Amazon Pay), for not complying with certain rules of the Master Directions on Prepaid Payment Instruments (PPIs) and Master Directions on Know Your Customer (KYC).

Reportedly, the RBI had found that Amazon Pay had breached certain KYC regulations, including failure to conduct mandatory due diligence before onboarding certain customers. The RBI had issued a notice to Amazon Pay asking them to show cause as to why a penalty should not be imposed for non-compliance with the KYC norms. However, Amazon Pay failed to provide a satisfactory response to the notice, which led to the imposition of the penalty. The RBI also clarified that the penalty was strictly based on regulatory compliance shortcomings and cannot be seen as being a judgement on the legality of any transaction or arrangement made by Amazon Pay with its clients.

 This action from the RBI, coupled with recent regulatory scrutiny of bank-fintech partnerships (see our last issue), signals that there is likely to be strict monitoring and enforcement of regulatory norms in relation to onboarding processes.

RBI’s efforts to curb spam messages 

The RBI has reportedly partnered with the Department of Telecommunications (DoT) and the Telecom Regulatory Authority of India (TRAI), to develop a solution to curb the issue of Unsolicited Commercial Communication (UCC) or spam. A joint committee was formed recently, which also includes participation from other financial regulators such as the Insurance Regulatory and Development Authority of India  and Securities and Exchange Board of India.

The committee proposed the creation of a database containing details of financial institutions under supervision, their registered call centre numbers, and registered SMS headers. The database would also include a list of numbers and telemarketers flagged as fraudulent by customers, along with permissible message templates. The committee is expected to ask industry stakeholders to coordinate in building the repository, which would act as a filter for TRAI's blockchain-powered spam scrubber.

News coverage we liked on this topic: This coverage on The Morning Context (Paywalled). 

• Stories from D91: Check out D91’s latest blog in the 'Banking on Women' Series, an initiative to understand and design for the financial lives of women in India. The blog explores women’s obscure path from awareness to adoption of insurance products. Also out, is the latest episode of the D91 Labs Idea Series, where they delve deep into understanding the new-to-UPI user’s experience. Finally, they showcase some insights on exclusive access to mobile phones among adults in Urban India and its implications for Digital Financial Service offerings in the latest D91 Khata visual story.

• Setu Talks: Our co-founder, Nikhil Kumar, participated on a panel with the regulators and top leaders of the banking and fintech industry for a discussion on how India is leading the way in digital public infrastructure, at the MoneyControl India Fintech Conclave 2023. Here’s a link for our interested readers.

• RBI Notifies IT Outsourcing Directions: Following from the draft released for public consultation in June 2022, the RBI has notified the final Master Directions on Outsourcing of Information Technology Services, which will come into effect on October 1st, 2023. These directions will be crucial to the arrangements between REs such as banks and NBFCs, and technical service providers providing a host of IT related services like infrastructure management, application development and cloud computing. Stay tuned for our next issue where we will be discussing these directions in detail!

• Continued Crackdown on Payment Apps Associated with Chinese Nationals: On March 17th, the Enforcement Directorate (ED) filed a chargesheet against several NBFCs that allegedly did business with Chinese loan apps. This crackdown on Chinese loan apps includes seven entities and five individuals, including fintech firms. The ED alleges that the fintech entities  and NBFCs facilitated the transfer of funds collected by the Chinese loan app and received commissions for their services without conducting proper due diligence. This crackdown is a continuation of the government's efforts to curb the involvement of Chinese nationals in the Indian lending ecosystem. Read our previous coverage on this issue here.

• Updates on Aadhaar-based e-KYC setu system: The Ministry of Electronics and Information Technology (MeitY) released a circular laying out detailed roles and responsibilities for NPCI as well as the REs using e-KYC setu services. While  NPCI will be responsible for designing, developing, and maintaining the e-KYC Setu system, REs will also have a significant compliance burden. Apart from the basics including compliance with the Aadhaar Act and associated regulations, REs will also have to undergo regular audits by CERT-IN empanelled auditors of the systems, operations, and processes.

This wraps up the updates which caught our eye in March ‘23! Feel free to DM us on Twitter or LinkedIn, or fill out this form with feedback or topics to include in our April edition.