Framework for Self-Regulatory Organisation(s) in the FinTech Sector - આરબીઆઈ - Reserve Bank of India
Framework for Self-Regulatory Organisation(s) in the FinTech Sector
Introduction Technological innovations are reshaping the financial services landscape, with FinTechs emerging as both disruptors and facilitators. FinTechs encompass diverse entities in terms of constitution, size, activities, domains, etc., all subject to constant flux and evolution. FinTechs play a pivotal role in redefining financial services by saving time, enhancing access, and lowering costs. For the purpose of membership of an SRO-FT under this framework, FinTechs may be defined as entities that provide technological solutions for delivery of financial products and services to businesses and consumers or encompass regulatory and supervisory compliance in partnership with traditional financial institutions or otherwise. This definition may be taken as a broad guidance for deciding on membership eligibility. 2. While the FinTechs bring various innovations, the FinTech sector also raises concerns relating to customer protection, data privacy, cyber security, grievance handling, internal governance, financial system integrity, etc. The approach to regulation of this dynamic sector needs, therefore, to be balanced, nuanced and reasonably anticipatory. In such a context, the framework for FinTechs also needs to be imaginative, adaptive, flexible, and proportionate to the perceived risks. In particular, a judicious balance between maximising the creative potential of FinTechs, while minimising the idiosyncratic risks they pose to the financial system, is desirable. The oversight framework should be activity-based, risk-based, scale-based and phased-in as well. 3. Self-regulation within the FinTech sector could be one way of achieving this delicate balance. By pivoting towards a culture of self-governance, FinTechs could proactively set and adhere to industry standards and best practices. This approach could empower the sector to demonstrate its commitment to responsible conduct and innovation even in the absence of formal regulation. Through collaboration, the sector could collectively identify and address challenges, foster an environment where innovation flourishes, and guide shared commitment to ethical business practices. The advantage of adaptability to rapid technological advancements and evolving market dynamics could also be achieved by self-regulation. In essence, the path of self-regulation could enable the FinTech sector to align growth with self-imposed standards, be answerable to peer demands, and be guided by exemplary conduct norms. Appropriately designed, self-regulation can usher in self-discipline, imbibe high levels of internal governance and foster an environment conducive to an organised and orderly development of the FinTech sector. 4. Self-regulation necessitates a well-defined structure based on consensus and co-operation amongst the entities. This document presents such a framework in the form of a Self-Regulatory Organisation (SRO) for the FinTech Sector. SRO essentially is an industry-led entity responsible for establishing and enforcing regulatory standards, promoting ethical conduct, ensuring market integrity, resolving disputes, and fostering transparency and accountability among its members. The Framework contains the characteristics of an SRO for the FinTech sector (SRO-FT), and includes, inter-alia, broad functions, governance standards, eligibility criteria and expectations for grant of recognition as an SRO-FT. Chapter II – FinTech SRO – Characteristics and Operations 5. The SRO-FT should operate objectively, with credibility and responsibility under the oversight of Reserve Bank of India (RBI). It should strive towards healthy and sustainable development of the FinTech sector and, if necessary, identify a glide path to a phased regulatory and / or supervisory compliance. The SRO-FT should have, inter-alia, the following characteristics : (i) True Representation of the FinTech Sector: The SRO-FT should derive its strength from its membership, ensuring that it is truly representative of the FinTech sector, including FinTechs that are currently regulated by RBI (e.g., NBFC-Account Aggregators, NBFC-Peer to Peer Lending Platforms, etc.) but excluding banks. The diverse nature of FinTech businesses means they can often operate across various domains. For example, some entities might aggregate both loan and insurance products, while RegTech providers develop solutions for a range of financial institutions including lending and insurance. Through comprehensive membership agreements that encompass a broad spectrum of industry players, the SRO-FT should gain the legitimacy and credibility to not only frame baseline standards and rules of conduct codes, but also effectively monitor and enforce them. This representative structure should foster inclusivity and enable the SRO-FT to draw upon the collective expertise and experience of its members, resulting in development of standards that are pragmatic, adaptive, and widely accepted within the FinTech community. The SRO-FT must thus be looked up to and accepted by the industry as the key body for setting standards, defining rules of conduct and ensuring voluntary adoption of the framework contours by its members. Given the dynamics of the sector, it is likely that FinTechs could have membership of more than one SRO. Furthermore, the FinTech entities are encouraged to participate in at least one SRO. (ii) Development-oriented: The SRO-FT should be development-oriented, actively contributing to the growth and evolution of the industry. This involves prescribing minimum eligibility criteria for its members, providing specialised knowledge and expertise, offering guidance, and contributing to capacity-building through training programs. By fostering continuous learning and skill development, the SRO-FT should contribute to a more robust, competent, and mature FinTech ecosystem. Additionally, expertise of the SRO-FT should be instrumental in bridging the skill gap, providing early-stage entities with necessary handholding, guiding, and keeping them abreast with the dynamic nature of financial technology and the regulatory environment, as well as in facilitating the creation of policies that are forward-looking. (iii) Independence from Influence: To maintain credibility, the SRO-FT should operate independently, free from the influence of any single member or group of members. This would ensure refined decision-making and prevent the organisation from being swayed by the interests of a dominant few. The SRO-FT should maintain impartiality, avoid conflicts of interest, and ensure unbiased oversight over its members. The independence of the SRO-FT would enhance reputation as a neutral and reliable entity, essential for gaining the trust and confidence of both industry participants and regulator. (iv) Legitimate Arbiter of Disputes: Members should perceive the SRO-FT as a legitimate arbiter of disputes. This would require a transparent and fair resolution mechanism for disputes arising among members that instil confidence in the FinTech sector. By efficiently handling conflicts and disputes of the members, the SRO-FT should contribute to a more stable and harmonious FinTech environment. (v) Encouraging Members to Subscribe to Regulatory Expectations: The SRO-FT should be capable of motivating its members to align with regulatory priorities. This should involve facilitating communication between industry players and RBI, advocating for necessary changes, and promoting a culture of compliance. The codes / standards / rules set for adoption by its members shall not be a substitute to the direct prescribed regulatory framework for FinTechs, if any. The SRO-FT, as its duty towards ensuring compliance, should have adequate powers to investigate and take disciplinary action against its members for non-adherence to codes / standards / rules. By actively participating in the regulatory dialogue, the SRO-FT should help in shaping a regulatory environment that is conducive to innovation, while ensuring consumer protection. (vi) Repository of Information: As a repository of information, the SRO-FT should collect, analyse, and disseminate relevant data pertaining to the activities of its members. This information hub should serve as a valuable resource for industry research, trend analysis, and policy making. By consolidating and sharing knowledge, the SRO-FT should contribute to the overall development and resilience of the FinTech sector. The SRO-FT shall be encouraged to set-up a repository containing all such information relating to the FinTechs that are part of its membership. Chapter III – FinTech SRO – Eligibility and Membership 6. General Requirements (i) The applicant should be set up as a not-for-profit company registered under Section 8 of the Companies Act, 2013. The shareholding of the SRO should be sufficiently diversified, and no entity should hold 10% or more of its paid-up share capital, either singly or acting in concert. (ii) To ensure transparency and clarity regarding the organisation’s purpose and activities, the Memorandum of Association (MoA) should explicitly state the operation as an SRO-FT as its primary objective. (iii) The applicant should have a minimum net worth of Rupees two crore within a period of one year after recognition as an SRO-FT by RBI, or before commencement of operations as an SRO-FT, whichever is earlier. (iv) The SRO-FT should demonstrate the capability of establishing the necessary infrastructure to fulfil the responsibility of SRO-FT effectively, and consistently. It should have a robust IT infrastructure and the ability to deploy technological solutions within a reasonable timeframe. (v) The SRO-FT should put in place systems for managing ‘user harm’ instances that come to its notice or are referred to it by the RBI or any other stakeholder. The user harm instances may include fraud, mis-selling, unfair practices, unauthorised transactions, or any other form of misconduct that harm consumers of financial services. (vi) The SRO-FT should not set up entities / offices overseas without the prior approval of the RBI. 7. Membership Criteria (i) The applicant SRO-FT should represent the FinTech sector with membership across entities of all size, stage and activities. (ii) If representation is inadequate at the time of application, a roadmap should be included for achieving this within a reasonable timeline. Failure to demonstrate or attain comprehensive membership would result in refusal or revocation of recognition. (iii) Membership of the SRO-FT should comprise of members who are FinTechs, and membership should be voluntary. (iv) The SRO-FT should be an entity domiciled / registered in India. (v) The SRO-FT could have FinTechs domiciled outside India as members. (vi) The membership fee structure developed by the SRO-FT should be reasonable, and non-discriminatory. While membership fees may vary or be differentiated, based on size, intent, capability, etc., it should be ensured that the membership character remains non-discriminatory, i.e., all FinTechs irrespective of membership fees enjoy equal rights and representation. (vii) The SRO-FT should derive authority through the membership agreements to set rules, standards, codes of conduct, etc., for its members. (viii) FinTechs would be encouraged by the RBI to become member of a recognised SRO-FT. 8. Fit and Proper Criteria of Board of Directors and Key Managerial Personnel (i) The Board of Directors (BoD) and Key Managerial Personnel (KMP) should possess professional competence and a reputation for fairness and integrity. (ii) Any legal proceeding against the SRO-FT, BoD or KMP should be declared as part of the application and demonstrated that such proceedings do not impede the functioning of the SRO-FT or harm its reputation. Further, the applicant, any members of the BoD or any KMP should not have been convicted of any offence including moral turpitude / economic offence in the past. (iii) RBI’s views on the fit and proper status of the SRO-FT, BoD and KMP would be final. 9. While granting recognition as SRO-FT, the RBI would, if deemed necessary, prescribe such other conditions as may be required to ensure that functioning of the SRO-FT does not become detrimental to public interest. 10. Application Requirements (i) Any representative organisation for FinTechs may apply for recognition as an SRO-FT. The ‘representative’ character should be demonstrable at the stage of application by way of actual membership. Separately, ‘intended’ membership may also be indicated by the applicant, listing out FinTechs who have explicitly conveyed their intention to become a member in the future. (ii) Membership in the SRO-FT should be primarily from FinTechs that are currently not regulated by any financial sector regulator. Membership may also be open to Regulated Entities (other than banks). (iii) The number of SRO-FTs to be recognised would be considered based on the number and nature of applications received. (iv) The application for recognition as an SRO-FT should be accompanied by – (a) A copy of the MoA, Articles of Association, etc., of the proposed SRO-FT; (b) Details of the constitution of its Board, roles / responsibilities of its management, and the manner in which its operations would be undertaken; and (c) Roadmap and timeline to achieve comprehensive membership, if necessary. (v) The application should be accompanied by detailed justification of how it acquires or intends to acquire the characteristics of an SRO-FT explained in Chapter II. (vi) The application should be accompanied by detailed exposition of how it undertakes functions or proposes to undertake functions explained in Chapter IV. (vii) The application should be submitted under authorisation of the Board, and RBI may require the SRO-FT to submit any further information / clarification, as may be deemed necessary. (viii) Incomplete applications or applications not meeting the eligibility criteria would be returned / rejected. Nevertheless, before returning / rejecting any such application, RBI would provide the applicant with an opportunity of being heard. 11. Where the applicant is deemed suitable, the Reserve Bank would issue a “Letter of Recognition” to the SRO-FT. The recognition granted would be valid subject to the following conditions : (i) Information or particulars furnished by the SRO-FT are true and not misleading in any manner. (ii) The requirements prescribed in this framework, including that of membership, would be adhered to, on a continuing basis. (iii) The SRO-FT would ensure adherence to the terms and conditions governing its recognition. (iv) RBI would revoke recognition granted to the SRO-FT, if it deems that the functioning of the SRO-FT is detrimental to public interest or any other stakeholder and / or the SRO-FT is found to be conducting activities that are not in conformity with the objectives of the SRO-FT. An opportunity would be given to the SRO-FT before arriving at the decision. (v) The SRO-FT should ensure compliance with all relevant provisions of relevant Acts, regulations as well as guidelines, directions or circulars issued by RBI. 12. RBI reserves the right to not grant recognition to any SRO-FT. The decision of RBI in this regard would be final. Chapter IV – FinTech SRO – Functions and Responsibilities 13. Functions The SRO-FT should guide the conduct of its members, ensure that they adhere to industry standards, comply with relevant laws and regulations, and maintain high ethical standards. This involves establishing and enforcing guidelines for consumer protection, data security, data privacy, etc. The SRO-FT should play a crucial role in promoting responsible innovation by providing a framework that encourages responsible experimentation. The SRO-FT should be responsible for addressing any grievance, conflict of interest, or dispute that may arise among its members, and foster a fair, equitable and competitive environment. Through these responsibilities, the SRO-FT should act as a steward of trust and stability in the FinTech sector, balancing the need for innovation and maintaining integrity. In particular, the SRO-FT should undertake the following functions: (i) Standard-setting (a) The SRO-FT should have objective, well-defined and consultative processes to make and establish rules and standards. (b) The SRO-FT should frame a code of conduct for its members, customised to the nature of various set of activities undertaken by them. (c) The SRO-FT should set industry benchmarks and baseline technology standards, as could be applicable, for transparency, disclosure, data privacy, etc., by its members. (d) The SRO-FT should frame standardised documents for the FinTech sector for specific requirements, for instance, agreement between the lending service providers and regulated entities. The agreements should be compliant with extant statutory and regulatory requirements. Further, SRO-FT should encourage members to utilise these standardised documents as a baseline and adapt them to suit their specific needs, recording the deviations and reasons thereof to ensure transparency and accountability. (e) The SRO-FT should set up a mechanism for accreditation in the FinTech ecosystem for, inter-alia, improving compliance culture, fostering professionalism, creating healthy market behaviour, etc., among its members. The accreditation mechanism should require prior approval of RBI. The performance of accreditation mechanism should be periodically reviewed by the Board of SRO-FT. (f) The SRO-FT should put in place a code of conduct for responsible advertisements and market standards. (g) The SRO-FT should develop appropriate baseline governance standards for the FinTech sector. (h) The SRO-FT should specify the consequences for violation of agreed upon rules and misconduct by its members and enforce them. (i) The SRO-FT should ensure that the data collected and stored by it is in compliance with the necessities of the various statutory legislations. (j) The standards / best practices developed by SRO should be in compliance with, and within the applicable statutory / regulatory instructions. (ii) Oversight and Enforcement (a) The FinTechs should be encouraged to report its various activities to the SRO-FT. (b) The SRO-FT should have a structured framework to guide its oversight and enforcement functions. The baseline surveillance standards and oversight framework should meet the regulatory expectations. (c) The SRO-FT should deploy suitable surveillance mechanisms for effective monitoring of the FinTech sector to detect and highlight exceptions. This should involve the use of tools and techniques to assess the activities of industry participants, ensuring a proactive approach to maintaining integrity and compliance. The SRO-FT, however, should ensure stringent confidentiality of surveillance data and restrict data collection to essential information disclosed to the FinTechs for the specified purposes. (d) The SRO-FT should implement data collection procedures from member FinTechs that safeguard proprietary information while effectively fulfilling broader functions outlined in this framework. (e) The SRO-FT should establish clear standards of conduct and specify consequences for violation of agreed rules / codes such as counselling, cautioning, reprimanding and expelling members. It may be noted that such consequences if entails monetary penalty, they should be ensured that they are reasonable and not prohibitive. (f) The SRO-FT would be empowered to bar / remove any of the FinTech entities to be its member for a period as specified by it, or for eternity if the circumstances so require. (iii) Developmental (a) The SRO-FT should actively promote understanding of statutory and regulatory requirements and promote a culture of compliance. It should facilitate exchange of expertise and experience, as well as organise training programs for the benefit of its members. (b) The SRO-FT should disseminate sector-specific information through various channels such as periodicals, bulletins, pamphlets, magazines, etc., to raise awareness among its members about the developments, trends, and best practices in the FinTech sector. (c) The SRO-FT should encourage a culture of research and development within the FinTech sector to encourage responsible innovation. The SRO-FT should facilitate this by conducting studies, organising surveys, preparing research papers, facilitating think tank discussions, etc. (d) The SRO-FT should extend guidance and support, particularly to smaller entities within the sector, agnostic of membership, and publicly share best practices aligned with statutory and regulatory policies. (iv) Grievance Redressal and Dispute Resolution (a) The SRO-FT should establish a grievance redressal as well as a dispute resolution framework for its members. The framework/s should be efficient, fair, and transparent. (b) The SRO-FT should work towards customer education focused on products and services offered by the industry. (c) The SRO-FT should conduct periodic assessment of customer service standards, adherence thereof and review the grievance redressal framework.
14. Responsibilities towards the Reserve Bank The SRO-FT is expected to play a pivotal role in ensuring compliance with statutory and regulatory frameworks, adhering to industry standards and best practices, and in facilitating transparent communication channel with RBI. Its responsibilities towards RBI should broadly encompass relaying sector-specific insights, addressing regulatory concerns, and collaboratively working towards the overall development of the FinTech sector. The SRO-FT should serve as a valuable bridge, foster co-operation, and provide policy commensurate to the dynamic nature of the FinTech sector. In particular, the SRO-FT should discharge the following responsibilities towards the Reserve Bank: (i) The SRO-FT should act as the collective voice of its members in engagements with the Reserve Bank. In such engagements, it would be expected that the SRO-FT functions beyond the self-interest of specific members and addresses larger concerns of the FinTech sector. Also, while acting as the industry association, the SRO-FT would be expected to ensure equitable and transparent treatment for all its members. (ii) The SRO-FT would be obligated to regularly update the Reserve Bank on the developments in the sector and notify the Reserve Bank of any major violation by its members regarding statutory or regulatory requirements or systemic issues to enable Reserve Bank to initiate timely action. (iii) The SRO-FT should collect relevant and up to date sectoral information and share the same with the Reserve Bank to aid in policy making. For this purpose, the SRO-FT should develop a scalable technology solution. This system should enable the Reserve Bank to understand the details about specific products, services, and scale of activities of FinTech entities. The SRO-FT should, where required, co-ordinate the introduction of new products within the regulatory framework set by the Reserve Bank. (iv) The SRO-FT should consult the Reserve Bank in developing and updating the taxonomy for FinTechs. (v) The SRO-FT should carry out any assigned tasks from the Reserve Bank, review referred proposals or suggestions, and supply requested data / information as directed by the Reserve Bank. (vi) The SRO-FT would be required to submit its Annual Report and / or other information to the Reserve Bank. Additionally, the SRO-FT should submit periodic returns as may be prescribed by the Reserve Bank. (vii) The SRO-FT would be invited for periodic interactions with the Reserve Bank and be expected to adopt a holistic perspective on the FinTech sector when providing its views, inputs, or suggestions. (viii) Reserve Bank reserves the right to inspect the books of the SRO-FT or arrange to have the books audited by an audit firm. The SRO-FT would be obligated to provide the required information to the inspection team for the purpose of conduct of inspection / audit. The expenses of such inspection would be borne by the SRO-FT. (ix) The SRO-FT should discharge such other functions and abide by such other directions as specified by the Reserve Bank, from time to time. (x) The SRO-FT should guide / facilitate RBI on the extent, scope, and manner of regulation of entities in the FinTech sector. (xi) The SRO-FT should facilitate collection of market intelligence inputs and feed them to RBI on an appropriate basis at periodic intervals and / or at urgent intervals, as may be necessitated upon. Chapter V – FinTech SRO – Governance and Management 15. Adhering to the highest standards of governance is essential for the effectiveness of the SRO-FT. The SRO-FT should uphold transparency, accountability, integrity, fairness, responsiveness, and compliance with all relevant laws and regulations. Additionally, it should implement robust conflict of interest management, ensure professional competence of its leadership, and promptly address grievances. By strictly following such governance principles, the SRO-FT should instil trust and credibility within the FinTech ecosystem it oversees. Accordingly, the SRO-FT should rigorously comply with the following guidelines to uphold the principles of good governance – (i) The SRO-FT should be professionally managed, with its Articles of Association (AoA) containing appropriate provisions to ensure this. The AoA should explicitly outline the functioning of the Board / governing body / management, addressing conflicts of interest comprehensively. (ii) The AoA should also clearly lay down the criteria for admission, expulsion, suspension, re-admission, etc., of its members. (iii) The SRO-FT should adopt highest standards in governance and maintain the essence of impartiality in decision making. The imperative for the SRO-FT to preserve functional autonomy and impartiality should be explicitly articulated within its AoA or Bye-laws to pre-empt any undue influence. (iv) The Board should put in place a framework for the ongoing monitoring of 'fit and proper' status of its directors. Any change in the directorship or adverse change in its fit and proper status, should be immediately reported to RBI. (v) At least one-third of members in the Board, including the chairperson, should be independent, and without any active association with a FinTech entity. Further, majority of non-independent directors are to be representative of FinTechs that are currently not directly regulated. (vi) The Board should, among others, frame a policy on rotation of directors for important positions in the Board. (vii) Any change in directorship or adverse development about any Director should be immediately reported to RBI. (viii) The Board should ensure that the SRO-FT has adequately skilled human resources, and robust technical capability to monitor the sector. (ix) RBI shall, if required, remove any member of the board and / or management of the SRO-FT, if felt necessary. Adequate opportunity shall be provided, before any such adverse action is initiated. (x) RBI would, if it deems necessary, nominate / depute Observer(s) on the Board of the SRO-FT. ***** |