Deepsea Chakraborty, Army Law College, Pune
Puru Pratap Singh, GNLU
Whether buying Pizza at your local restaurant or managing your finances, FinTech is all around us. It is the amalgamation of finance and innovation. Financial Technology (FinTech) is used to describe new technologies and innovations that aim to contest with traditional financial methods in the use and delivery of financial services. As a developing industry, it uses technologies such as smartphones for mobile banking, investing, borrowing services, and cryptocurrency to improve activities in financial services and make them more accessible to the general public. FinTech is the new applications, methods, products, or business models in the finance industry, comprised of one or more complementary financial services and provided as an end-to-end process via the Internet. FinTech corporations comprise of both startups and recognized financial institutions and technology, firms trying to substitute or enhance the usage of financial services provided by existing financial companies.
FinTech has been used to automate investments, insurance, trading, banking services and risk-management. Some of the technologies include artificial intelligence (AI), big data, robotic process automation (RPA), and blockchain.
Let us now take a look at the laws that regulate FinTech in India.
FINTECH REGULATIONS IN INDIA
The regulated landscape governing FinTech in India is largely scrappy, and there is no solitary set of protocols or guidelines which uniformly administrate FinTech products in India. This absence of consolidated regulations makes it tough to navigate the regulatory landscape governing FinTech in India. The regulatory framework primarily consists of the following:
I. Payment and Settlement Systems Act, 2007
The Payment and Settlement Systems Act, 2007 (PSS Act) is the primary law governing payments regulation in India. This Act prohibits the commencement and operation of a “payment system” without prior authorisation of the RBI. It lays down the definition of “payment system” as “a system that allows payment to be effected between a payer and a beneficiary, including clearing, payment or settlement service of all of them, but does not include a stock exchange”.
II. Master Direction on Issuance and Operation of PPIs
On 11 October, 2017, RBI issued the Master Direction on Issuance and Operation of Prepaid Payment Instruments (PPIs) which prescribes the eligibility criteria for PPI issuers, permissible debits and credits from PPIs and other operational guidelines to be followed by PPI issuers while issuing PPIs to their customers in India.
III. NPCI Guidelines Governing UPI Payments
In India, UPI transactions are regulated mainly by NPCI's UPI Procedural Guidelines and UPI Operational and Settlement Guidelines. Under the present framework, only banks can integrate with the UPI network to offer consumers money transfer services. However, banks are allowed to engage technology providers for evolving and running mobile applications for UPI payment purposes, subject to compliance with certain eligibility and prudential customs prescribed by the NPCI.
IV. Non-Banking Finance Companies (NBFCs)
NBFCs are regulated primarily by the Reserve Bank of India Act of 1934 and a series of master directions and circulars governing NBFC licensing and operation in India. The RBI has set certain criteria to determine whether an entity will be listed as a financial services company lacking licensing. Most of the digital lenders operating in India are licensed as NBFCs.
V. Rules Regulating P2P Lending Platforms
P2P lending platforms are controlled mainly by the Master Directions – NBFC – Peer to Peer Lending Platform Directions 2017, which prescribe lender exposure requirements and aggregate borrowing limits to the country's operation of P2P lending platforms.
VI. Guidelines Regulating Payment Aggregators/Intermediaries
The notice dated 24 November, 2009 on "Directions for opening and operating accounts and settling payments for electronic payment transactions involving intermediaries" (Payment Intermediary Circular) lays down the legal framework appropriate to payment intermediaries effective in India. Payment intermediaries such as payment gateways, payment aggregators, etc. are required to conform to the operating guidelines laid down in the Payment Intermediary Circular for the operation of intermediary systems in India.
VII. RBI Guidelines on Payment Banks
The RBI's Operating Guidelines for Payment Banks dated 6 October, 2016 and Guidelines for Payment Bank Licensing dated 27 November, 2014 are the chief regulations governing the licensing and operation of payments banks in India. These guidelines include, inter alia, registration eligibility criteria, appropriate operations and other operational guidelines for payments banks effective in the country.
There are two key terms in the name itself, block and chain. These two words represent two core elements of the technology. Block is basically data or digital information and chain is the public database. Block in turn has three main parts. The first part is the basic information, for e.g. the date, time and the specifics of the transaction. The second part is the details of the parties involved in the transaction. The third and the key part of the block is the cryptographic code usually represented by hashtag (#).
Now the question arises, who can access this block chain? In today’s world, practically each and every person is a part of a chain. Social media is nothing but data saved on these blocks, which has its origin in the public domain. Any device having access or the ability to add or delete blocks is called a ‘node’. The reason why blockchain is one of the most secure forms of data storing is because if someone attempts to edit the cryptographic ‘#’, the details of the same would be stored in a new code, which makes it very easy to keep track of changes and very difficult for say a hacker, to cover his/her tracks.
Blockchain and Banking
One of the biggest benefits of blockchain is that payments, especially cross border payments are cheaper with the cost being only 2-3% as compared to 5-20% in the case of other methods, which usually involves a third party. Further, blockchain plays a key role in reducing the amount of data which is stored, by recording only the final outcome when it comes to share trading and stock exchange related transactions. Most importantly, with the help of blockchain, there is a standardization of data, which makes it very easily accessible in cases of audits, thereby allowing transparency.
Blockchain is a huge sphere under which “smart contracts” are a small head under its uses. The banking and finance sector is now waking up to the potential of smart contracts. The space for streamlining all types of bank-intermediated services using smart contracts goes much further than blockchain, with condensed complexity and bureaucracy offering possibly huge costs discounts for banks, and lower fees, faster processing, and less paperwork for customers.
A smart contract encrypts a series of terms and conditions entered into by counterparts to an agreement and then implements the terms of that agreement automatically, as the conditions are fulfilled. The contract is self-enforcing without any recourse to a third party.
Smart contracts are not defined under any of the legislations in India hitherto, but for a generic idea, it can be extracted from one of the notifications released by the Telecom Regulatory Authority of India (TRAI) in the year 2018. When smart contract is added to a distributed ledger then it becomes probable to distribute many of the most regularly used functions of trusted financial intermediaries. Automation of transfers of funds, lending decisions and loan servicing, compliance work, insurance, will writing, securities issuance - in code, all of these can be performed by smart contracts.
Uses of Smart Contracts in Banking
Shared access to borrower information and digital versions of land registry records and title deeds could facilitate automated execution of the entire lending process, from the application stage, credit risk assessment, the extension of mortgage lending and transfer of property rights, and even mortgage servicing and securitization thereafter.
Smart contracts could substitute the need for the time-consuming and complex legal documentation involved in onboarding new banking customers to adhere to KYC processes. Customer information could be willingly verified against records held on the blockchain. This, in turn, could placate conditions to unlock further smart-contract based services.
The process of clearing and settlement, whereby all payments and transactions are coordinated and verified comes with high administrative costs. These are eliminated outright if agreements are executed autonomously on a blockchain.
FINTECH, BLOCKCHAIN AND SMART CONTRACTS – RELATED LEGAL ISSUES
1. Anonymity and Enforceability
When blockchain comes into the picture, there arise two possibilities, permissioned blockchain and permission-less blockchain. The key difference between the same, is that the identity of the party making the transaction is only revealed in the latter. Therefore in case of permissioned blockchain, it provides the person with a high degree of anonymity, thereby opening the platform to be misused and to give rise to illegal activities on the internet, as can be seen on the dark web. Bitcoin has been very widely used on the dark web for drug trade and the buying and selling of several other illegal items, including arms and ammunition. The condition for anonymity has to be kept in mind and the same should be banned in the interest of transparency and the benefit of the society at large. In India, the Information and Technology Act, 2005, can be used as a tool to tackle this issue.
2. Privacy and Cyber-security
The other side of the coin of anonymity is the public access of the distributed ledger. This brings forward the issue of privacy of an individual. The question here arises, as to what extent of data can be stored? Should the data be limited to IP addresses and the key specifics of the transaction or should wider data be collected? In India, as of now, the law is ill-equipped to tackle this issue. For e.g. Section 43A of the IT Act, takes into account online privacy from the perspective of a body corporate and fails to accommodate blockchain is a decentralised form of technology and that several parties may be involved at once.
India is currently on the cusp of a sea change in regulating the manner in which personal data is processed. The Committee of Experts under the Chairmanship of Justice Srikrishna released the draft Personal Data Protection Bill, 2018. Under this Bill, a duty has been cast on all ‘data fiduciaries’, or parties who determine the purpose of processing personal data to protect the individuals’ (data principals) digital privacy and grant them certain rights. The Bill also entails processing of personal data only for a specific and lawful purpose and such processing must be done with the consent of the data principal. It is pertinent to note that the Bill only governs the use of ‘personal data’, or data which is identifiable to an individual. A close analysis of the Bill and the unique nature of the blockchain may result in the position that blockchain is likely going to be incompatible with some provisions of the Bill, if personal data is stored on the blockchain. Some of these provisions have been explained below:
· The Bill has obligations requiring the deletion of data once the purpose of processing is achieved. However, this is not possible in an immutable ledger. In some instances, where the data being processed is classified as ‘critical personal data’, then the Bill requires the processing of the data to happen only within India. However, the blockchain by itself is global and de-centralized. It lives on the internet. Designing a blockchain system in compliance with this requirement and to ensure that the ‘nodes’ of the blockchain are Indian IP addresses could lead to loss of efficiency and transparency.
· The Bill mandates that the personal data of a data subject be made ‘portable’ or transferable from one service to another. It is unclear however, how this can be implemented in a blockchain.
· The Bill grants the data subject the right to modify and correct their personal data. However, the immutable nature of the blockchain may make this difficult.
Therefore, even though the additions of FinTech, Smart Contracts and Blockchain to the Banking system in India can prove to be a highly beneficial change, the law prevailing in the country needs to take into account the effects and consequences of the same in the interest of the society.
 50 Wake Forest Law Review 643, Infinite Financial Intermediation, (2015).  Lenny Sanicola, “What is FinTech?”, Huffington Post, (2017).  https://www.investopedia.com/terms/b/blockchain.asp  https://main.trai.gov.in/sites/default/files/RegulationUcc19072018.pdf  http://www.nishithdesai.com/fileadmin/user_upload/pdfs/Research%20Papers/The_Blockchain.pdf