The Reserve Bank of India (RBI) has recently released a robust and intricate framework for the establishment and functioning of self-regulatory organisations (SROs) in the fintech sector (SRO-FT), aimed at fostering a balanced environment that promotes innovation while ensuring compliance with regulatory standards. The said framework delineates the characteristics, operations, eligibility criteria, functions, responsibilities, governance, and management of the SRO-FT. The framework emphasizes on the transformative impact of technological innovations on the financial services landscape, positioning fintech entities as pivotal players in this evolution. It also outlines the necessity of regulating the rapidly evolving fintech sector.
The framework defines FinTechs as entities providing technological solutions for delivery of financial products and services to businesses and consumers or encompass regulatory and supervisory compliance in partnership with traditional financial institutions or otherwise. The framework recognizes the dual nature of fintech entities as both facilitators and disruptors, highlighting their potential to enhance access, reduce costs, and improve efficiency, while also posing ‘idiosyncratic risks' related to customer protection, data privacy, cybersecurity, and governance, terming the sector crucial in success while acknowledging its vulnerability to failures.
The RBI's framework aims to strike a balance by fostering a culture of self-regulation and governance which encourages fintech entities to adhere to industry standards and best practices voluntarily, thus aligning innovation with responsible conduct.
Characteristics and Operations of Fintech SROs
An SRO-FT is envisioned to operate with credibility, objectivity, and responsibility under the RBI's oversight. The framework mandates that the SRO-FT should represent the fintech sector comprehensively, ensuring inclusivity and legitimacy. It must derive its strength from a diverse membership base, including entities regulated by the RBI such as NBFC-Account Aggregators and NBFC-Peer to Peer Lending Platforms but excluding banks. The representative structure would enable the SRO-FT to establish and enforce standards effectively. The framework also recognizes the dynamic nature of the industry, thereby allowing a Fintech entity to be a member of more than one SRO.
Furthermore, the SRO-FT should be development-oriented, contributing to the industry growth by prescribing “minimum eligibility criteria for members, providing specialized knowledge, offering guidance, and facilitating capacity-building through training programs”. This developmental role includes bridging skill gaps and ensuring that early-stage entities receive necessary support and providing guidance on regulatory compliance.
Independence from undue influence is paramount, necessitating the SRO-FT to maintain impartiality in its operations and decision-making processes. The framework emphasizes that as a legitimate arbiter of disputes, the SRO-FT is required to establish transparent and fair resolution mechanisms. The SRO-FT should also have the power to investigate and take action against defaulting members.
Additionally, it should encourage members to align with regulatory expectations and foster a “culture of compliance”. It is important to highlight that the internal regulations set by the SRO-FT shall not be a substitute to framework prescribed directly by the RBI.
Eligibility and Membership Criteria
The general eligibility criteria for recognition as an SRO-FT are stringent. The applicant must be a not-for-profit company under Section 8 of the Companies Act, 2013, with diversified shareholding, where no entity holds 10% or more of the paid-up share capital, either singly or acting in concert. The Memorandum of Association (MoA) must explicitly state the operation as an SRO-FT as its primary objective and the applicant should have a minimum net worth of INR 2 Crores within one year of recognition or before commencing operations, whichever is earlier.
The applicant also must demonstrate the necessary infrastructure, including robust IT systems and the ability to deploy technological solutions within a reasonable timeframe. The SRO-FT should put in place systems for managing ‘user harm' instances such as fraud, mis-selling, and unauthorized transactions etc. Additionally, the SRO-FT should not set up entities/offices overseas without the prior approval of the RBI.
Membership Criteria
Membership criteria emphasize broad sector representation, with a roadmap for achieving comprehensive membership if it is initially inadequate. Failure to achieve such membership or adequate demonstration will result in refusal or revocation of recognition by the RBI. Basic principles of membership outlined in the framework include requirements such as membership should be voluntary, with a reasonable and non-discriminatory fee structure although intelligible differentia is allowed and authority to set and enforce rules, standards, and codes of conduct should be derived from membership agreements.
Fit and Proper Criteria of Board of Directors (BoD) and Key Managerial Personnel (KMP)
The BoD and KMP should possess professional competence and reputation for fairness and integrity. Any legal proceedings against the BoD and KMP should be declared as part of the application and demonstrated that such proceedings do not impede the functioning of the SRO-FT or harm its reputation. Further, the applicant, the BoD members or any KMP should not have been convicted of any offence including moral turpitude / economic offence in the past.
Functions and Responsibilities
The SRO-FT's functions are multifaceted, encompassing standard-setting, oversight and enforcement, developmental activities, and grievance redressal. The SRO-FT must establish objective and consultative processes for rulemaking and standard setting. It should also frame a code of conduct tailored to its members. It should set industry benchmarks for transparency, disclosure, and data privacy etc. by its members.
Standardized documents for specific purposes and an accreditation mechanism for improving compliance culture and professionalism are also required, however, the accreditation system is to be approved by the RBI prior to its implementation and must be periodically reviewed by the BoD.
The FinTechs should be encouraged to report its various activities to the SRO-FT. The SRO-FT should deploy surveillance mechanisms to monitor member activities, enforce consequences for violations, and bar or remove non-compliant members, however, the collection of such confidential data must be restricted to what is essential. Explicit specification of consequences and penalties in case of breach of any code or rule SRO-FT is a must.
Developmental functions include promoting understanding of statutory and regulatory requirements and promoting a culture of compliance. The SRO-FT should disseminate sector-specific information, encourage a culture of research and development and conducting training course for members while extending support to smaller entities.
The SRO-FT should establish a grievance redressal as well as a dispute resolution framework for its members, which should be efficient, fair, and transparent, periodically assessed for its effectiveness. The SRO-FT should also engage in customer education and periodically review customer service standards.
Responsibilities towards the RBI
The SRO-FT is expected to act as the collective voice of its members in engagements with the RBI, addressing sector-wide concerns beyond individual member interests. Regular updates on sector developments, major violations by its members, and systemic issues must be provided to the RBI to enable timely action.
The SRO-FT should develop a scalable technology solution for data collection and share relevant information with the RBI to aid in policy-making. Consultation with the RBI in developing and updating fintech taxonomy is required, along with carrying out assigned tasks, reviewing proposals, and supplying requested data. The SRO-FT must submit annual reports and periodic returns as prescribed, and the RBI reserves the right to inspect the SRO-FT's books or arrange for an audit whose cost will be borne by the organisation itself.
Governance and Management
Adhering to high governance standards is crucial for the SRO-FT's effectiveness. The SRO-FT should uphold transparency, accountability, integrity, fairness, responsiveness, and compliance with all relevant laws and regulations. The Articles of Association should ensure professional management, address conflicts of interest, and explicitly outline membership criteria including admission, expulsion, suspension etc., for its members and governance structures. The BoD and KMP must possess professional competence and integrity, with at least one-third of the BoD, including the chairperson, being independent and without any active association with any Fintech entity.
Majority of the non-independent directors have to be representatives of directly unregulated Fintechs. The SRO-FT must report any changes in directorship or adverse developments to the RBI. The BoD should frame a policy on the rotation of directors and ensure the SRO-FT has skilled human resources and robust technical capability. The RBI reserves the right to remove any board or management members if necessary, with an adequate opportunity for representation. The RBI may also nominate observers to the SRO-FT's Board if it thinks fit and necessary.
By pivoting towards self-governance, FinTechs could establish and abide by industry standards and best practices. This self-governance approach could empower the sector to demonstrate its commitment to responsible conduct and innovation, even in the absence of formal regulation.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.