Payments Digest by Cashfree- November 2021- Regulating Digital Lending & Neobanks

Asheeta Regidi Head, Fintech Policy at Cashfree.

Via the Payments Digest, we aim to provide a view on key developments with payments regulations each month. In the last section we also share our internal data on beneficiary bank downtimes for the last month. 

PART I: Proposals for regulating Digital Banks & the larger implications for fintech services

Quick take: RBI/Niti Aayog discussions indicate first steps towards introducing regulatory frameworks for tech based disruption to financial services, irrespective of the licensing/ partnership model adopted.

The many neobanks, challenger banks, etc. in the market today adopt models ranging from fintechs riding on licenses of regulated partners, acquiring small bank licenses (payments banks, universal banks, etc.) to incumbent banks launching digital-only banks. These have largely been operating in a regulatory grey area, but are now on the radar with recent proposals from the RBI & Niti Aayog. The approach differs, with the RBI keeping a strong focus on consumer protection, while the Niti Aayog proposes a new licensing model for digital bank operations. Entities here may thus soon see regulatory & compliance obligations. Comments on both are invited by December 31st. 

The RBI Working Group on digital lending & its wider implications

The RBI Working Group on Digital Lending Report, while primarily focussed on addressing the menace of unauthorised digital lending, has larger implications for fintech driven disruption, being the first attempt to regulate this. The report reflects this, noting the challenge with blurring lines between regulated & unregulated offering of financial services. It for instance notes conduct & governance issues arising with the ‘unbridled extension of financial services by tech companies’ to retail individuals. The specific recommendations thus impact digital lending platforms (‘DLPs’) first, but also impact the fintech industry as a whole in the medium-term. On neobanks specifically, a general suggestion to bring them under the RBI’s regulatory purview is made.

Recommendations impacting various players

DLPsNodal agency to verify apps, Setting up an SRO, Separate law to prevent illegal lending, Baseline tech standards, Disburse loans directly to borrower accounts, Explicit consent for data collection, Documented algorithmic features, Negative list of LSPs, etc.
Payments IndustryLoan disbursal to PPIs post interoperability being in place, Disbursal to full KYC PPIs only for otherwise unabanked beneficiaries, BNPL to be a part of balance sheet lending, Refining ‘travel rules’ for OTPs & SMS/email alerts for payments transactions.
Digital Banks/ NeobanksDigital banks/ neobank operations be brought under the RBI’s purview, Encouraging digital-only NBFCs, Guiding bank-fintech partnerships, Prohibiting ‘bank’/ ‘banking’ based promotional activities for such ‘OTT’ entities.
Fintech Industry as a wholeComprehensive regulation for fintechs & techfins in the medium term, Setting up a National Financial Consumer Protection Regulation, National Financial Crime Record Bureau to supplement onboarding diligence in the digital/ fintech based ecosystem.

Niti Aayog’s proposal for a digital bank licensing model

The Niti Aayog takes a different approach, focusing on a licensing & business model for digital banks. Additionally, unlike the RBI’s focus on tech based disruption to financial services, this paper focuses on digital-only entities which meet the legal definition of ‘banks’, i.e. which can accept deposits, issue loans & offer all services as per the Banking Regulation Act, 1949. For these, it proposes a two phased licensing regime:

Phase I* An initial restricted ‘Digital Business Bank License’, with business commencing in the regulatory sandbox, to be eventually eased to a full stack license.
* Requirements range from capital/ BCP/track-record/ prudential norms, etc. combined with equal access to Account Aggregator, Aadhaar eKYC, NEFT/RTGS & other such infrastructure.
* Restricted license to allow all standard banking services like loans, deposits, current accounts, etc., including complementary non-financial VASs. 
Phase IIMay involve a ‘Digital Universal Bank License’, to be introduced based on regulatory learnings from Phase I. 

Currently the paper focuses primarily on Phase I, proposing a welcome model for a full-stack digital bank without a physical branch requirement. It doesn’t however clarify if its proposed model is to be the sole licensing mechanism for digital banks in future, or if this supplements existing mechanisms via small bank models & other fintech-bank partnerships. The former may prove restrictive to fintech experimentation, if every digital bank ing/ BaaS initiative must be put through a sandbox process before release. For instance, regulatory relaxations, which is what a sandbox offers, may not be required every time a service offering needs to be developed or tested for scalability.

(Related Read: Top 16 Neobanks In India: How Are They Disrupting Fintech?)

PART II: Improving dispute resolution for online financial transactions

Quick take: There is now only one, Integrated Ombudsman instead of 3, & dishonored AutoPay loan/EMI collections will be an actionable offence, increasing protections for merchants & customers alike.

Effective grievance redressal for customers and merchants alike is essential for building confidence in online financial transactions. This November some steps have been taken to this end:

Integrated Ombudsman Scheme

The RBI has integrated the former separate ombudsman schemes for banks, NBFCs and Digital Transactions (OSDT) into a single one. This brings 3 primary benefits for customers- they need not identify which regulated entity (‘RE’) they are dealing with (Bank? NBFC? ‘System participant’ like a PA/PPI issuer?) to identify the correct Ombudsman. Nor do they need to identify the specific office to approach from a territorial perspective (RE’s branch address? Customer’s billing address?). Instead now a single centre has been identified for physical/mail complaints, & the CMS portal can continue to be used. Last, the grounds for complaint is now simply a generic ‘deficiency in service’, where earlier 98.32% complaints were rejected for not being listed as a ground for complaint in the specific scheme. In fact earlier 45.76% of complaints were not maintainable for technical reasons including improper jurisdiction (RBI 2021 Report on Ombudsman Schemes).

Dishonor of AutoPay transactions

The NPCI has introduced welcome protections which encourage UPI AutoPay’s use for loan/credit/EMI collections by merchants & lenders. AutoPay transactions which are dishonored due to insufficiency of funds will now be treated as an offence by the customer, with the same rights and remedies (fine/ imprisonment) as available for dishonored cheques. Payments players on their part will need to ensure that mandates for such repayments are created with the proper merchant category code now specified- MCC 7322.

NBFC Internal Ombudsman

The RBI has also issued separate directions for an Internal Ombudsman for NBFCs, to act as a second layer of internal review before an NBFC wholly or partly rejects a customer complaint. If despite this the complaint is rejected, then complainants will have recourse to the Integrated Ombudsman. The NBFCs that need to implement this are specified, for eg., this includes deposit-taking NBFCs with 10 or more branches and excludes NBFC-AAs.

(Related Read: What is UPI AutoPay, How it Works, Comparison With Other Recurring Payment Modes & More)

PART III: The proposal for an indigenous SWIFT & non-SWIFT based innovation today

Quick take: Details on the JPC’s reported proposal are not yet available, but implementing & scaling a new SWIFT may prove to be a significant challenge for banks.

The Joint Parliamentary Committee (‘JPC’) reviewing the Personal Data Protection Bill (‘PDP Bill’) is reportedly planning to suggest developing an indigenous SWIFT, similar to others like US’s Ripple & EU’s INSTEX, to ensure privacy of financial data. This thus isn’t the first attempt at an indigenous SWIFT, Russia’s SPFS being another example, launched in 2019 in response to fears of US sanctions. SWIFT nevertheless retains its dominance in cross-border payments, being used widely globally since its launch back in 1977. It in fact records about 41.6 million ‘FIN’ messages per day as on October 2021. Building & scaling a SWIFT alternative will thus certainly face challenges, in terms of costs, adoption, integration with multiple international banks, etc. 

At this stage, the JPC’s final report is yet to be submitted, post which clarity can emerge on the proposal. As per reports, the JPC has currently been given an extension till the end of the current winter session (December 23) to submit its report in Parliament.

  • What is SWIFT and what is its role in cross-border payments? SWIFT is essentially a messaging network, used widely by banks & other financial institutions to send & receive money transfer instructions, which are thereafter settled by the banks. For cross-border payments for eg., the settlement happens via ‘correspondent accounts’ (Nostro/Vostro) with banks in each jurisdiction. Apart from these, SWIFT can also help facilitate KYC for onboarding foreign merchants.
  • How will the payments industry be impacted? PAs usually don’t directly deal with SWIFT. For eg., facilities like OPGSP (export/import payments) & RDA (cross-border remittances) depend on SWIFT. OPGSPs here act as intermediaries, collecting relevant data from merchants, & then sharing files with the AD-I banks for processing the actual transfer via SWIFT. The primary impact of a new SWIFT is thus on the banks. Nevertheless, depending on its design, it may result in improved payment timelines or in making cross-border payments more seamless.
  • Why is an indigenous SWIFT being proposed? The aim as per reports is to protect the privacy of financial data from being compromised via SWIFT. This may perhaps stem from multiple cybersecurity attacks on SWIFT, which include thefts to the tune of $951 million & $12 million, for reasons ranging from gaining control over a bank’s SWIFT systems, misusing bank employee credentials, malware generating false requests, etc. SWIFT itself has been taking steps to address these, by say introducing new controls.
  • What are non-SWIFT based alternatives being worked on today? Today, a strong focus on simplifying cross-border payments is leading to innovation in this space by fintechs, banks & regulators alike. The new solutions may or may not depend on SWIFT. Non-SWIFT based solutions for eg. include fintech enabled API & blockchain based solutions being explored by banks. Regulatory innovation includes Nexus, proposing to link instant payment systems like UPI across various jurisdictions, & mBridge, proposing a common platform for CBDC exchange. Card network offered solutions are another, like Visa Direct which enables cross-border payments to other Visa debit/prepaid cards. Then there is Russia’s SPFS, an equivalent to SWIFT, & US based domestic clearing & settlement systems like Fedwire & CHIPS.

Others: PIDF update, RRA 2.0 withdrawals, NIPL-Network MoU, Retail Direct Scheme

  1. RBI publishes PIDF status update: The first status update on the RBI’s Payments Infrastructure Development Fund has been shared post its operationalisation in January this year for subsidising the deployment of payments acceptance devices in tier 3-6 centres, north-eastern states & SVANidhi beneficiaries. The PIDF corpus currently stands at Rs.614 crore, and as on end September 2021, a total of 2.5 Lakh physical devices & 55.4 Lakh digital devices have been deployed.
  1. Multiple regulatory circulars withdrawn post RRA 2.0 recommendations: The RRA 2.0, set up in April 2021, recommended withdrawing 150 circulars in its first tranche of interim recommendations. The withdrawn circulars start from 1969 onwards & include circulars on ECS, EFT, cheque clearing, RTGS, old KYC/AML/CFT notifications, credit default swaps, foreign investment in India by foreign portfolio investors, statutory/concurrent audit related notifications, etc.
  1. Network International and NIPL’s MoU for UPI in the UAE: Network International & the NIPL have signed an MoU for acceptance of UPI payments in the UAE. This will allow Indian tourists in the UAE to make UPI payments via Network International’s payments infrastructure & merchant network. Earlier in the year, the NPCI allowed acceptance of UPI-based merchant payments & remittances in Bhutan and Malaysia. 

(Related Read: Payments Digest by Cashfree- September 2021- CoFT, Aadhaar onboarding & UPI-PayNow linking)

  1. Activation of RBI Retail Direct Scheme: The RBI activated the Retail Direct Scheme, which aims to simplify the process of investment in the government securities (G-Sec) market for retail individual investors. Payments can be via internet banking or UPI (UPI limits for this have just been increased to Rs. 5 lakhs). 

Cashfree Payments’ Data on Beneficiary Bank Downtimes

In this section we share our consolidated internal data on beneficiary bank downtimes for the month of November 2021- a part of our efforts to mitigate the impact of bank system outages & downtimes on payments. More details are here. For live updates on unscheduled beneficiary bank downtimes, please visit our Status Page here

That’s all for this edition. 

This edition has been authored by Asheeta Regidi with inputs from Ankit Bandi and Rhama Visweswaran. Assisted by interns Urmil Shah and Anjuri Saxena.


  1. Article by BIS: Inthanon-LionRock to mBridge: Building a multi CBDC platform for international payments, BIS, dated September 2021
  2. Article by Codruta Boar, Stijn Claessens, Anneke Kosse, Ross Leckow & Tara Rice: Interoperability between payment systems across borders, BIS Bulletin, dated 10 December 2021
  3. Article by Deloitte: SWIFT Systems and the SWIFT Customer Security Program, Deloitte
  4. Article by Nicole Lindsey: SWIFT Fraud On the Rise According to EastNets Survey Report, CPO Magazine, dated 11 December 2019 
  5. Media Report by Megha Mandavia: Need an Indian alternative to SWIFT payment system: Parliamentary committee, The Economic Times, dated 24 November 2021 
  6. Media Report by Sarvesh Mathi: PDP Bill Report Will Be Presented In Last Week Of Winter Session As JPC Gets Extension, MediaNama, dated 1 December 2021
  7. NPCI Circular: Dishonor of UPI Autopay transactions due to insufficiency of funds, NPCI/UPI/OC No. 125/2021-22, dated 25 November 2021 
  8. NPCI Circular: Implementation of Rs. 5 lakhs limit per transaction for specific categories in UPI, NPCI/UPI/OC No. 127/2021-22, dated 9 December 2021
  9. NPCI Press Release: BHIM UPI to foray into Bhutan in collaboration with Royal Monetary Authority (RMA) of Bhutan, dated 13 July 2021
  10. NPCI Press Release: Merchantrade Asia and NPCI International come together to offer real-time remittances to India through the UPI Platform, dated 4 August 2021
  11. NPCI Press Release: Network International and NPCI International sign MoU for upcoming collaboration on acceptance of UPI real-time mobile payment solution in the UAE, dated 18 November 2021
  12. PIB Press Release: NITI Aayog Releases Discussion Paper on Digital Banks Seeking Comments A Proposal on a Licensing and Regulatory Regime for Digital Banks Mooted, Niti Aayog, dated 24 November 2021 
  13. RBI Circular: Processing and settlement of import and export related payments facilitated by Online Payment Gateway Service Providers, RBI/2015-16/185, dated 24 September 2015 
  14. RBI Circular: Regulations Review Authority (RRA 2.0) – Interim Recommendations – Withdrawal of Circulars, RBI/2021-22/129, dated 16 November 2021 
  15. RBI FAQs: Remittances [Money Transfer Service Scheme (MTSS) and Rupee Drawing Arrangement (RDA)]
  16. RBI Notification: Ombudsman Scheme for Non-Banking Financial Companies, 2018, 3590/13.01.004/2017-18, dated 23 February 2018 
  17. RBI Notification: Storage of Payment System Data, RBI/2017-18/153, dated 6 April 2018 
  18. RBI Notification: Operationalisation of Payments Infrastructure Development Fund (PIDF) Scheme, RBI/2020-21/81, dated 5 January 2021
  19. RBI Notification: Appointment of Internal Ombudsman by Non-Banking Financial Companies, RBI/2021-2022/126, dated 15 November 2021 
  20. RBI Press Release: RBI expands Scope of Banking Ombudsman Scheme; Includes Fair Banking Practices, 2005-2006/783, dated 26 December 2005 
  21. RBI Press Release: The Reserve Bank introduces Ombudsman Scheme for Digital Transactions, 2018-2019/1802, dated 31 January 2019 
  22. RBI Press Release: Reserve Bank constitutes a Working Group on digital lending including lending through online platforms and mobile apps, 2020-2021/934, dated 13 January 2021 
  23. RBI Press Release: RBI releases Annual Report of Ombudsman Schemes, 2019-20, 2020-2021/1068, dated 8 February 2021 
  24. RBI Press Release: Constitution of the Regulations Review Authority 2.0, 2021-2022/56, dated 15 April 2021
  25. RBI Press Release: The Reserve Bank – Integrated Ombudsman Scheme, 2021, 2021-2022/1184, dated 12 November 2021 
  26. RBI Press Release: RBI Retail Direct Scheme, 2021-2022/1183, dated 12 November 2021
  27. RBI Press Release: RBI releases the Report of the Working Group on digital lending including lending through online platforms and mobile apps, 2021-2022/1224, dated 18 November 2021 
  28. Website: SWIFT, SWIFT FIN Traffic & Figures
Asheeta Regidi Head, Fintech Policy at Cashfree.