There has been a revival of interest by the RBI in the creation of a new framework for recognition of SROs (self-regulatory organisations) for fintechs as one more layer in the regulatory fabric. It remains to be seen how this yet-to-be-unveiled framework differs from the earlier one announced in 2020.

SROs, in close co-ordination with the RBI, are expected to fulfil regulatory objectives like financial stability, market integrity and consumer protection. All these objectives are essentially public goods.

Prof Howell, in his paper published in Harvard DASH repository, explains the successive stages of regulation process thus: (i) rulemaking; (ii) enactment; (iii) monitoring; and (iv) enforcement. The public regulator may delegate to, or co-work with, SROs for some, if not all, these processes.

SROs, to start with, may play an active role in rulemaking. Given their domain expertise and being close to markets and consumers, they may provide a live feedback loop to regulators. Of course, regulators would be on guard to ensure that these are not self-serving.

It would take a while for SROs to be able to enforce the rules and levy penalties for breaches. This is particularly a challenge as many fintechs are not licensed by the RBI, unlike members of FEDAI and IBA. They can exert moral-suasion to control any malfeasance — maybe by naming and shaming. They can help the RBI in shaping a monitoring and enforcement framework.

There are issues that the regulator needs to address, to ensure the success of SROs. They should operate on sound governance structures and practices.

The issues

First, there are over 3,000 government recognised (not licensed by the RBI) fintechs. Some reports put the number at more than 7,000. The scale and scope of their businesses vary widely. It is important to map all these fintechs using some customer and market impact metrics.

Second, business and operating models of fintechs vary widely, though innovation is a common thread. Small players feel squeezed by the big ones and demand a level-playing field. And so do traditional players. Is this the job of the regulator or that of the market?

According to the Bank for International Settlements (BIS), ensuring a level-playing field is only an intermediate objective and not a priority (Occasional paper no 17). This may be ensured only after the primary regulatory goals of financial stability, market integrity and consumer protection are achieved. It suggests a lexicography of regulatory objectives and priorities.

Third, an issue that needs to be spelt out is the appropriateness of application of activity-based and/or entity-based regulation in a given context. It is not a binary choice but a blend of both in many cases. For instance, ensuring operational resilience needs a blend of entity- and activity-based regulations. In certain areas like KYC/AML/CTF, activity-based regulation may be adequate. Entity-based regulation may help rein in prudential risks.

Fourth, banks sell third party products of companies regulated not by the RBI but other regulators like IRDAI or SEBI. The interconnectedness may throw up systemic issues. This needs a multi-regulatory framework and intervention. Mis-selling, mis-characterisation and liquidity issues keep cropping up. A platform for inter-SRO collaboration also helps.

Notwithstanding differing business and operating models, traditional full-service banks and fintechs may have to work together under a single SRO as their products and services are similar in some respects.

Some traditional banks deploy phygital operating models as they have developed tech capabilities similar to pure-play fintechs.

Working together can create a win-win situation and improve the ecosystem. The disruptors and the disrupted (prey and predator?) may have to learn to live for the common good. It would be a challenge to herd in all these heterogeneous players under one homogenous roof.

SROs and the RBI need to be on the same page to minimise friction. This facilitates ex ante regulations which mitigate regulatory uncertainty and give comfort to both. But industry bodies, useful in their own way, cannot double up as SROs.

SROs will play a significant role in developing best practices and frameworks for implementation of the newly enacted Digital Personal Data Protection Act. The days of open-ended misuse of data are over. In these times of fast paced tech innovations and high stakes, tensions are bound to rise among various players/groups. Timely regulatory intervention can help in resolving them.

A measure of the success of SROs lies in maximising positives like social welfare and public good objectives. While SROs may play a significant role, the buck ultimately stops at the public regulator, particularly to stop abusive, coercive and opaque practices.

UPI transactions

Three large players account for over 90 per cent of UPI transaction volume, and one player nearly 50 per cent. Concentration is a regulatory issue from financial stability and market integrity perspective. It can also impact innovation Protocol-driven technical architecture is considered superior to platform-based architecture as this would prevent concentration in the UPI ecosystem.

Nandan Nilekani and Tanuj Bhojwani, in The ART Bitfulness, explain the rationale for their choice of protocol-driven architecture over platform for UPI (page no 267/68). But in reality, we see massive concentration of UPI transaction volume. This falls in the realm of public regulation, economic policy and political economy. SROs may not be able to address this issue.

Sambamurthy is former Director and CEO-IDRBT and Director NPCI; Padmanabhan is former Executive Director of RBI, and Senior Consultant, AZB Partners.

SROs will play a significant role in developing best practices for implementation of the Digital Personal Data Protection Act

comment COMMENT NOW