The Steering Committee on FinTech Related Issues (‘the FinTech Committee’) issued, on 2 September 2019, its final report to the Minister of Finance and Corporate Affairs which includes recommendations for the FinTech sector (‘the Report’). In particular, the Report outlines that the Personal Data Protection Bill, 2018 (‘the Bill’) may have far-reaching implications for growth in the FinTech sector therefore regulators should urgently review their existing data protection regulatory frameworks in line with emerging Indian data privacy legislation. The Report recommends, among other things, the introduction of a data protection task force (‘the Task Force’), a reformed Know Your Customer (‘KYC’) process, and a consumer protection framework.
Mathew Chacko and Aadya Misra, Partner and Associate respectively at Spice Route Legal, told OneTrust DataGuidance, “The current regulatory approach is quixotic, [however] with the hopefully imminent new Bill, which contours and extends to FinTech, a respectful, compliant approach to data privacy is unavoidable. […] There is a general consensus that financial data is particularly potent and deserves urgent attention. […] While the power and remit of the Task Force are not yet clear, we understand that they would look at the Reserve Bank of India’s existing data regulations to recommend changes. Looking at the recent move to license account aggregators, we presume that the Task Force will look at similar approaches. A clear and transparent regulatory approach combined with the new Consumer Protection Bill, 2018 will see increased litigation, increased enforcement and greater fines, that are all positive developments.”
Furthermore, the Report notes that after the Supreme Court of India’s ruling in Writ Petition (Civil) No. 494 of 2012 & connected matters on the use of Aadhaar numbers for KYC, the FinTech Committee recommends a reformed KYC process, including options such as video-based KYC and other offline authentication methods prescribed by the Unique Identification Authority of India. The Report also highlights that a legal framework for consumer protection should be put in place, including recommendations on informed consent, removing discriminatory regulatory practices in digital payments and improving data security of systems.
There is a general consensus that financial data is particularly potent and deserves urgent attention
Chacko and Misra noted, “India’s KYC rules are archaic and often demand physical verification of documents. There seems to be a push for e-KYC and the wide adoption of a central KYC registry that will make sharing of data in the FinTech sector easier. KYC through videos and e-KYC will be an added advantage to companies who are often caught between a rock and a hard place when it comes to undertaking physical KYC: associated costs drive a huge operational dent, but failing to undertake KYC, even if they are not mandated to under law, renders many companies non-compliant with the law.”
Moreover, the Report highlights the innovative use of cryptocurrencies by FinTech businesses while noting the need for a centralised authority to oversee transactions that rely on electronic ledgers. The Report also details the potential uses of blockchain and distributed ledger technology outside of cryptocurrencies, including cross-border payments and smart contracts.
Chacko and Misra concluded,”The FinTech Committee seems to recognise the potential of distributed ledger technology and encourages the exploration of its use within trade finance and with medium and small enterprises […] [However,] the FinTech Committee has stayed silent on recommendations with respect to cryptocurrencies, which is perhaps a relief [as] there have been contradictory statements on the pros and cons of cryptocurrencies being issued by different governmental organisations.”
Christopher Campbell Privacy Analyst