The regulatory landscape for payments law in India is largely fragmented. There is no single set of regulations or guidelines that uniformly apply to FinTech payment products in India. The absence of a uniform set of regulations and guidelines makes it challenging to navigate the regulatory landscape. The sources of payments law in India primarily include the following:

(a) Law passed by the Indian parliament: Legislations enacted by the Indian parliament constitute the primary source of payments law in India. The Payment and Settlement Systems Act, 2007 (PSS Act) is India’s principal legislation governing payment services. Under the PSS Act, no person can commence or operate a payment system in India without obtaining prior approval from the Reserve Bank of India (RBI). The PSS Act defines a ‘payment system’ as “a system that enables payment to be effected between a payer and a beneficiary, involving clearing, payment or settlement service of all of them, but does not include a stock exchange.” By way of illustration, payment systems under the PSS Act include systems enabling credit card operations, debit card operations, smart card operations, money transfer operations, and prepaid payment instruments (PPIs) (such as prepaid cards and mobile wallets).

(b) Directions, notifications and circulars issued by the RBI: The RBI is India’s central bank responsible for regulating payments and financial products. The key payment products that the RBI regulates via master directions and regulations are:

(i) PPIs: The Master Directions on Prepaid Payment Instruments issued by the RBI on August 27, 2021, as amended from time to time (PPI Master Directions) prescribes the eligibility criteria for PPI issuers, permissible debits and credits from PPIs, co-branding arrangements by PPIs and other operational guidelines to be followed by PPI issuers while issuing PPIs to customers in India (including to foreign nationals/ non-resident Indians temporarily visiting India). PPIs are regulated as payment systems under the PSS Act and specified PPI issuers are required to obtain prior approval of the RBI to issue PPIs to subscribers.

(ii) Issuance of Cards: The issuance of credit and debit cards is primarily governed by the RBI’s Master Direction – Credit and Debit Card – Issuance and Conduct Directions dated April 21, 2022 (Cards Master Directions). The Cards Master Directions inter alia prescribes the conditions, eligibility criteria, and approval requirements for the issue of credit cards, debit cards and co-branded cards in India.

(iii) Operations of payment gateways and payment aggregators: The operations of payment gateways and payment aggregators (PAs) are governed by the RBI’s Guidelines on Regulation of Payment Aggregators and Payment Gateways dated March 17, 2020 (PA PG Guidelines). The PA PG Guidelines set out the eligibility, authorisation and conditions, including the baseline technology standards for PAs. Payment gateways are considered outsourcing partners and do not require RBI authorisation; however, they must comply with RBI’s guidelines on the engagement of service providers by regulated entities (under outsourcing arrangements) and are recommended to adopt specified baseline technology standards as good practice.

All entities facilitating online cross-border payment transactions for import and export of goods and services (PA-CBs) are also under the direct regulation of RBI, pursuant to the recent Circular on ‘Regulation of Payment Aggregators – Cross Border’ dated October 31, 2023 (PA-CB Circular). A PA-CB in India can only process payments for goods and services having a per unit value of up to INR 2.5 million. An RBI approval is required to undertake PA-CB business in India. The PA-CB Circular sets out the eligibility, approvals, permissible settlement flows, transaction limits and even extends the same capital, governance and know your customer (KYC) norms applicable to PAs to PA-CBs.

(iv) Payments Banks: The RBI issues a separate category of licenses to ‘payment banks’. Payments banks are primarily governed by the Banking Regulation Act, 1949 Operating Guidelines for Payments Banks dated October 06, 2016 read with the Guidelines for Licensing of Payments Banks dated November 27, 2014, each issued by the RBI. Payments banks are permitted to maintain small value deposit accounts up to a maximum amount of INR 200,000 for their customers but are not permitted to undertake any lending operations.

(c) Directions and guidelines issued by the National Payments Corporation of India (NPCI): The NPCI is the not for profit implementing entity behind the United Payments Interface (UPI), Aadhar enabled payment systems, Bharat bill payments system (BBPS), Rupay cards, e-RUPI vouchers and other payment systems and is registered with the RBI as an operator of payment systems under the PSS Act.

UPI payments in India are primarily regulated by the UPI Procedural Guidelines, the UPI Operating and Settlement Guidelines and the circulars issued by the NPCI from time to time. Under the current framework, banks can integrate with the UPI platform to provide money transfer services to their customers. Banks are, however, permitted to engage technology providers for the design and operation of mobile applications for UPI payments, subject to compliance with specific eligibility and prudential norms prescribed by the NPCI. PPI issuers (including non banks) have also been permitted to act as payment system providers within the UPI framework.

BBPS is a payment system conceptualised by the RBI as a ‘one-stop ecosystem’ for payment of all bills to provide an interoperable and easily accessible payment platform for customers across India. Customers may utilise multiple payment channels such as internet banking, mobile banking, ATMs, bank branches, agents and business correspondents for paying utility bills, mobile bills, fees for subscription services, etc. BBPS consists of the NPCI, which acts as the central implementing agency (called Bharat Bill Payment Central Unit), Bharat Bill Pay Operating Units (which may be banks or non-banks and which must be authorised by the RBI), agent institutions, agents and billers/ utility companies. The BBPS is primarily regulated and governed by the guidelines and circulars issued by the NPCI from time to time.

e-RUPI is a person and purpose-specific cashless e-voucher designed to guarantee that the stored money value reaches its intended beneficiary and can only be used for the specific benefit or purpose for which it was intended. It is typically in the form of an SMS or a QR code and is currently being used in the healthcare sector. Both government entities and private corporates can sponsor e-RUPI vouchers. A single e-RUPI voucher has a limit of INR 100,000 for government sponsors and a limit of INR 50,000 for corporate sponsors.

Under Indian law, recognised non-banking entities such as PPI issuers, money transfer operators registered under the RBI’s money transfer service scheme, and other non-banking financial companies (NBFCs) can provide payment related services. Set out below is a brief overview of the kinds of products that each such entity can provide and the key eligibility conditions applicable to each such entity:

(a) PPI issuers: Under the PPI Master Directions, companies incorporated in India (including those with foreign investment that are compliant with the extant foreign direct investment policy) can issue PPIs. A brief description of the different categories of PPIs which may be issued is set out below:

(i) Closed system PPIs do not permit cash withdrawal and facilitate the purchase of goods and services only from the entity that has issued the PPI; issuers of such closed system PPIs do not require prior authorisation from the RBI.

(ii) Small or minimum detail PPIs facilitate the purchase of goods and services at a group of clearly identified merchant locations/establishments with a specific contract with the PPI issuer (or contract through a PA/ payment gateway) to accept the PPI as a payment instrument. No cash withdrawal or funds transfer is permitted against such instruments. Small PPIs may be cash-loading (which must be converted to a full KYC PPI within 24 months from the date of issue) or non-cash loading (which need not be converted to full KYC PPIs). Non-bank entities that intend to issue small PPIs require prior authorisation of the RBI.

(iii) Full KYC PPIs facilitate the purchase of goods and services, funds transfers and cash withdrawals and may be issued by bank and non-banking entities after completing specified KYC requirements for the PPI holder. Prior authorisation of the RBI is required by non-bank entities that intend to issue full KYC PPIs. Full KYC PPIs can also be issued to foreign nationals/ non-resident Indians visiting India from G20 nations (in the form of UPI-linked wallets, which can be loaded using foreign currency/ payment instruments).

Key regulatory framework: All PPI issuers are required to comply with the minimum positive net worth requirement set out under the PPI Master Directions, i.e., entities must have a minimum positive net worth of INR 50 million to apply to the RBI for issuance of PPIs and must achieve a minimum positive net worth of INR 150 million, by the end of the third financial year from the date of receiving final authorisation from the RBI, which must be maintained thereafter on an on-going basis. In addition, non-bank entities regulated by other financial services regulators must submit, along with the application for issuance of PPIs to the RBI, a ‘no objection certificate’ from their respective regulators within 30 days from receipt of such clearance. Non-bank entities also require prior RBI approval for any takeover or acquisition of control, irrespective of a change in management or not, and for transfer of payment activity to another entity not authorised to undertake similar activity. Any change in management/directors or any transfer to an entity authorised to undertake a similar activity must be intimated to the RBI within 15 calendar days; these do not require prior approval.

In addition to these eligibility conditions, the PPI Master Directions require PPI issuers to maintain adequate balances in an escrow account, which are sufficient to cover all outstanding amounts in relation to all PPIs issued by them, which must be monitored daily. Further, depending on the kind of PPI issued (i.e., whether a small PPI or a full KYC PPI), the PPI Master Directions prescribe monthly and annual limits restricting the volume of transactions and top-ups for PPIs.

(b) Money transfer operators: The RBI allows non-bank money transfer operators to facilitate foreign inward remittances to individual beneficiaries in India through authorised ‘Indian agents’. Such cross border inward remittances are primarily governed by the RBI’s Master Directions on Money Transfer Service Scheme dated February 22, 2017 (as amended from time to time) (MTSS Master Directions).

(i) Permissible transactions: Under the MTSS Master Directions, eligible non-banking entities are permitted to act (after obtaining permission from the RBI) as Indian agents of their ‘overseas principals’ to facilitate permissible cross-border personal remittances such as remittances towards family maintenance, remittances in favour of foreign tourists visiting India, etc.

(ii) Key eligibility criteria: Applicants intending to obtain authorisation as ‘Indian agents’ under the MTSS Master Directions must have a minimum net owned fund of INR 5 million. Applicants with limited outreach in terms of branch network in the country and localised operations overseas are typically not granted authorisation under the MTSS Master Directions. In addition, the overseas principals of each Indian agent must obtain prior authorisation from the RBI to operate a payment system under the PSS Act.

(iii) Transaction limits: The MTSS Master Directions specify a per transaction maximum limit of USD 2,500, along with a cap of 30 individual remittances received by a single individual beneficiary in a calendar year. In addition, separate limits are applicable for cash withdrawals by a beneficiary in India.

Payment aggregators, payment aggregators – cross border and payment gateways: PAs are entities that facilitate e-commerce sites and merchants to accept various payment instruments from the customers to complete their payment obligations without the need for merchants to create a separate payment integration system. PA-CBs are considered to be a specific category of PAs which facilitate export and import transactions under the PA-CB Circular. Non-banking companies incorporated in India can provide PA or PA-CB services only with prior RBI authorisation. A PA must comply with the minimum positive net worth requirements under the PA PG Guidelines, i.e., INR 150 million at the time of application and must achieve a minimum positive net worth of INR 250 million after the end of the third complete financial year from the final approval, which must be maintained at all times, on an on-going basis. The same capital requirements also apply to PA-CBs with one deviation: non-banks which were already undertaking PA-CB activity at the time of introduction of the PA-CB Circular have time only till March 31, 2026, to fulfill the INR 250 million net worth requirement.

All PAs are required to be professionally managed with promoters of the entity being ‘fit and proper’ as per the guidelines prescribed by the RBI. Under the PA PG Guidelines, PAs are required to undertake KYC, undertake background checks, ensure compliance with security controls and other prescribed obligations while onboarding merchants. PAs must also have a board approved policy for merchant onboarding and comply with the prescribed baseline technology requirements.

PA-CB must also comply with the standards applicable to PAs for governance, merchant onboarding, customer grievance redressal and dispute management framework, baseline technology recommendations, security, fraud prevention and risk management framework. An existing PA-CB (at the time of the PA-CB Circular) has three months from the date of the PA-CB Circular to comply with these standards. A PA-CB will also need to undertake a customer due diligence/ KYC check of all entities onboarded by them directly (merchants, e-commerce marketplaces or entities providing PA services). If the per unit value of the goods/services imported is more than INR 2.5 lakhs, then the concerned PA-CB must also undertake due diligence of the buyer.

A PA-CB must also ensure that it does not facilitate payment transactions for the import/export of restricted/prohibited goods and services (which are not permitted under the prevailing Foreign Trade Policy) or of goods and services having a per unit value exceeding INR 2.5 million.

Non-bank entities also require prior RBI approval for any takeover or acquisition of control, irrespective of a change in management or not, and for transfer of payment activity to another entity not authorised for undertaking similar activity. Any change in management/directors or any transfer to an entity authorised to undertake a similar activity is required to be intimated to the RBI within 15 calendar days; these do not require a prior approval.

In addition to these eligibility conditions, the PA PG Guidelines require PAs to maintain adequate balances in an escrow account, which are sufficient to cover all amounts collected by the customers and all amounts due to merchants, which must be monitored daily by the bank with which the escrow is maintained.

In contrast, there are no approval requirements for non bank payment gateways, which operate as technical service providers and provide technology infrastructure to route and facilitate processing of an online payment transaction.

(c) Cards: NBFCs with a minimum net owned funds of INR 1 billion are eligible to undertake credit card business with specific prior approval of RBI. In addition, non banks (including NBFCs) are permitted to act as the co-branding partner for issuing co-branded cards with banks (except urban co-operative banks) and permitted NBFCs.

However, the non bank co-branding partners can play only a limited role of marketing and distribution of the cards or providing access to the cardholder for the goods or services that are offered. The co-branding partner must not have access to information relating to transactions undertaken through the co-branded card. Additionally, post issuance of the card, the co-branding partner must not be involved in any of the processes or the controls relating to the co-branded card apart for being the initial point of contact in case of grievances.

(d) UPI: The UPI system is designed so that banks can directly interact with the UPI switch to enable small value retail payments (including peer-to-peer transfers as well as merchant payments). Non-banks typically participate in the UPI eco-system on the customer facing front end by developing their own applications and act as third party application providers (TPAP) (for example, Google Pay, PhonePe, WhatsApp Pay, etc.). Such TPAPs act as the facilitators for transactions, as the entire operational and financial liability of transactions originated through TPAPs lies on the bank operating on the back end.

TPAPs form the lion’s share in UPI transactions in terms of transaction values, with over 80% by volume of UPI transactions undertaken by 2 TPAPs (Phone Pe and Google Pay). Given the increasing volume of transactions on UPI, a mandatory multi-bank model for large TPAPs has been introduced, which requires TPAPs to tie-up with multiple banks to act as payment system providers.

There is a significant growth in adoption and deepening of digital payments in India, as is apparent from the increase of the digital payment index from 207.84 (March 2020) to 395.57 (March 2023). Amongst these, UPI enabled payment solutions dominate the digital payment market. UPI payments amount to about 28.7558% of value and about 79.7660% of volume of all digital retail payments in India in November 2023. Easily accessible technology, established public trust and universal remittance services associated with low costs have significantly contributed to the popularity of UPI based payment solutions in India.

PPI wallets form a considerable portion (4.6219% by volume and 0.4008% by value in November 2023) of the small value digital retail payments in India. However, Indians seem to be leaning away from PPI wallets. Between November 2022 and November 2023, there was only a 7.1585% increase in volume and a 6.3136% increase in the value of PPI payments (in contrast to a 53.7092% and 46.1239% increase in UPI volumes and values respectively).

Conventional payment methods such as debit cards and credit cards play a significant but decreasing role (3.3670% by volume and 3.4717% by value in November 2023) in the payments landscape in India. In addition, other traditional modes of payment such National Electronic Funds Transfer, Real Time Gross Settlement, Immediate Payment Service also continue to play a significant role, especially for high value transactions in India (88.2567% by value of the digital payments including both retail and financial market infrastructures in November 2023).

India presents a unique case study where despite the increasing usage of digital payment systems, there has not been a commensurate reduction in the reliance on cash. However, there has been a reduction in the rate of growth – cash transactions in India had a 7.8% year on year growth in FY 23 (the lowest growth rate in the last 6 years). To decrease its reliance on cash, India is currently piloting its central bank digital currency, the e-Rupee (e₹). In FY 23, only INR 163.9 million of e₹ was in circulation in India (of which only INR 57 million was retail e₹).

(a) UPI interface: One of the first steps towards open banking in India in the payments space was the introduction of UPI that allows users to perform inter-bank money transfers and pay retail merchants directly from one’s bank account. Through a set of application programming interfaces, the UPI framework ensures interoperability among existing players. Currently, banks can integrate with the UPI platform to provide money transfer services to their customers and PPI issuers are also permitted to act as payment system providers in UPI. Almost all the major banks in India now provide UPI linked payment functionality.

(b) Account aggregators: Another step towards open banking has been the issue by the RBI of the Master Directions – NBFC – Account Aggregator (Reserve Bank) Directions, 2016 dated September 02, 2016 (Account Aggregator Master Directions) which seek to regulate access to customer’s financial data among banks, non bank and other financial players that provide financial services. The Account Aggregator Master Directions provide a regulatory framework under which NBFCs permitted by the RBI can aggregate customer’s financial information (with the customer’s consent) and share such information with other financial service providers. Currently, there are 14 fully operational account aggregators in India; with a few other entities having in-principle approvals to commence account aggregation services from the RBI.

(a) Current data regulatory framework: Data protection in India is currently governed by the Information Technology Act, 2000 read with the Information Technology (Reasonable Security Standards and Procedures and Sensitive Personal Data and Information) Rules, 2011 (SPDI Rules). While the SPDI Rules set out the broad guidelines applicable to processing and storage of customer data by service providers, they are not adequately equipped to address privacy issues and concerns created by modern day technological innovations in delivery and distribution of financial products and services.

(b) Digital Personal Data Protection Act 2023: The Digital Personal Data Protection Act, 2023 (DPDP Act) does not differentiate between the kinds of personal data and applies to the digital processing of data within India or in connection with goods and services offered in India. It outlines consent requirements, deemed consent, withdrawal of consent and deletion of data, the responsibilities of data fiduciaries and data processors while handling data. While the DPDP Act has been enacted, it is yet to be enforced. The DPDP Act will come into force when the Government of India publishes notification(s) regarding its commencement in the official gazette. The Government of India will likely adopt a staggered approach to enforcement of the DPDP Act. Upon effectiveness, the DPDP Act will replace the SPDI Rules to constitute the applicable statutory framework on data privacy and data protection in India. Financial service providers are currently gearing towards compliance with increased data protection and due consents standards and have started aligning internal data protection systems and controls with what has been prescribed under the DPDP Act.

(c) Digital lending guidelines: The RBI issued the ‘Guidelines on Digital Lending’ dated September 02, 2022 (DL Guidelines) pursuant to which the RBI has prescribed a regulatory framework for the digital lending ecosystem in India. The DL Guidelines apply to both regulated entities (REs) and the lending service providers (LSPs) or digital lending applications (DLAs) engaged by such REs to provide digital lending products to consumers. Among others, the DL Guidelines prescribe guardrails on the kinds of customer data that can be accessed and stored by LSPs and the consent architecture that must be in place for collection and storage of such customer data. The RE is required to ensure that any collection of data by an LSP or DLA that it partners with is need-based and with prior and explicit consent of the borrower and has an audit trail. The purpose of collection of data is also required to be disclosed at each stage of interface with the borrower.

(d) Data localisation: In addition, the RBI’s Circular on Storage of Payment System Data dated April 06, 2018 (read with clarifications issued by the RBI) (Data Localisation Circular) requires all banks and payment system operators to ensure that all data related to payments is stored only in servers located in Entities which are required to comply with the Data Localisation Circular are additionally responsible to contractually ensure that any intermediaries or other unregulated entities participating in payment transactions also comply with such localisation requirements. The DL Guidelines also require all data to be stored on Indian servers.

The RBI has created a regulatory sandbox under the ‘Enabling Framework for Regulatory Sandbox’ dated August 13, 2019 (as updated from time to time) to allow testing of products and technology that are not currently governed by regulations and face some form of regulatory barrier in implementation, require certain regulatory relaxations for testing, and seek to improve delivery of financial services.

(a) Eligibility: Eligible entities (including start-ups, banks, financial institutions, any other company, limited liability partnerships and partnership firms, partnering with or providing support to financial services businesses) can be selected for testing their products in the regulatory The eligibility criteria include parameters such as: (i) net worth of at least INR 1 million, (ii) satisfactory credit score, (iii) promoters and directors of the applicant entity meeting the prescribed ‘fit and proper’ criteria, (iv) ability to comply with personal data protection laws, and (v) adequate IT infrastructure and safeguards to protect against unauthorised access, alteration, destruction and disclosure.

(b) Successful cohorts: The RBI contemplates product testing by a limited number of eligible entities in a single regulatory sandbox cohort (i.e., end to end sandbox process), where products broadly fall within a shared theme. As on date, the RBI has announced five cohorts — on retail payments (February 2021), cross border payments (December 2020), micro small medium enterprises lending (October 2021), prevention and mitigation of financial frauds (June 2022) and a fifth ‘theme neutral’ cohort (October 2023). Of these, the successful exit of fifteen applicants from first three cohorts has led to innovations such as a cross-border payment platform that allows Indian investors to invest in foreign exchanges through local payment methods and a voice based UPI payment solution that supports local languages and offline use.

Additionally, the Reserve Bank Innovation Hub (RBIH) (the RBI’s financial innovation limb) is setting up a repository for FinTechs, tentatively by April 2024. FinTechs may voluntarily provide the repository information regarding their activities, products, technology stacks, etc. Through this repository, RBIH aims to gain a real-time understanding of the FinTech sector in India and enable the RBI to make agile, market-led and risk-mitigating policy decisions.

Frauds and unethical practices by unregulated entities pose the greatest risk underpinning every aspect of the FinTech market in India. While the fraud to transaction value ratio is still quite low (0.209 bps as of November 2023), there is a clear rise in the number and value of payment frauds occurring on the consumer side in India. At the FinTech side, data security is the key concern. There have been instances of leaked Aadhar information (India’s digital identification number) being used for undertaking fraudulent payments. RBI (through its technology subsidiary) is setting up a secure cloud service for FinTechs to address the data security concerns at a systemic level.

Additionally, RBI has recently increased the risk weights on unsecured retail lending by 25%. The increase in the underwriting costs is an intentional policy move by the RBI to check the growing bubble in unsecured retail credit.

While the Income-tax Act, 1961 (Income Tax Act) does not exclusively provide for tax incentives to entities in the ‘FinTech’ space, a host of incentives/ benefits are available to ‘start up’ companies in general. The same benefits will be available to such FinTech start-ups which are recognised as ‘eligible start-ups’ under the Income Tax Act, subject to satisfaction of prescribed conditions.

(a) Conditions to be met by start-ups to avail incentives under the Income Tax Act:

Benefits are available to start-ups who qualify the below requirements (Qualifying Eligible Start-ups):

(i) It is incorporated on or after April 01, 2016 but before April 01, 2024.

(ii) Turnover of such Qualifying Eligible Start-ups should not exceed INR 1 billion in any year for which such tax holiday is claimed.

(iii) Should engage itself in innovation, development or improvement of products or processes or services, or if it is a scalable business model with a high potential of employment generation or wealth creation (Eligible Business) and also hold a valid certificate of Eligible Business from the Inter-Ministerial Board of Certification.

(b) Key benefits available to such Qualifying Eligible Start-ups:

(i) Tax Holiday under Section 80-IAC of the Income Tax Act: Deduction of 100% of profits from Eligible Business is available to such Qualifying Eligible Start-ups for any 3 consecutive assessment years out of 10 assessment years beginning from the year in which such start-up is incorporated, subject to conditions prescribed in the said section.

(ii) Under the Indian tax laws, in case of a closely held company, the benefit of carry forward of past tax business losses is not available if there is a change in the beneficial shareholding carrying voting power of more than 49% as on the last day of the year in which the loss was incurred vis-à-vis the year in which loss is proposed to be carried forward and set-off. However, in the case of Qualifying Eligible Start-ups, such losses will be allowed to be carried forward and set off in subsequent years even if the total voting power of original shareholders changes by more than 49% provided all shareholders as on the last day of the year of losses continue to hold those shares in the year in which loss is sought to be set off. This benefit is available for the loss incurred in the first 10 years beginning from the year in which such Qualifying Eligible Start-up was incorporated.

(iii) Angel tax exemption: In case a closely held company issues shares and receives consideration in lieu thereof, which exceeds the prescribed fair value of such shares, the excess consideration is taxed in the hands of the company. In the context of start-ups, this levy of tax is popularly referred to as the ‘angel tax’. The government has now clarified that such start-ups which are recognised by Department for Promotion of Industry and Internal Trade (DPIIT) and satisfy the conditions as prescribed by DPIIT, shall be exempt from the levy of the angel tax (refer notification issued by Ministry of Commerce (DPIIT) dated February 19, 2019).

Several FinTech companies across sectors such as digital lending, payments solutions, wealth management, neo-banking, data analytics, and have received foreign investment (both internal and external rounds of funding). Up to 100% foreign direct investment under the automatic route is permitted for FinTech companies that are regulated by the RBI or any other financial services regulator in India, subject to certain compliances such as minimum capitalisation norms.

India is ranked third globally in FinTech funding and deal volume – over USD 25 billion has been invested in the Indian FinTech sector in the last 5 years. Generally speaking, the Indian FinTech sector is maturing but is still in high growth phase. While the proportion of late stage financing rounds (Series D+) is growing, most FinTechs in India are still in angel, seed and series A to C funding stage.

FinTech has caused significant disruption in the payments landscape in India, aided by the Indian government’s push towards a digital economy incentivising digital payment transactions. RBI has recently published its ‘Vision Statement for 2022-2025 for Payment Systems in India’ (2025 Payments Vision) which recognizes the exponential growth of digital payment systems in India and lays down a framework for the next steps in the era of digitisation of payment methods – to endeavour to ensure increased efficiency, uninterrupted availability of safe, secure, accessible, and affordable payment systems.

India has a tremendous potential for continued growth in the FinTech space given the sheer number of new customers that can be on-boarded on digital payment platforms and the government’s continued endeavours to make digital payments more accessible to give a boost to digital India. India received a large portion of the global funding in FinTech and is among the leading players in deal volume and unicorn strength. Regulatory and government support for innovation, a population open to FinTech adoption, investment interest and previous success stories are factors that will influence FinTech entrepreneurs to look to India.

There is no quota system in place for any sector for foreign nationals entering India. However, as per the guidelines issued by the Bureau of Immigration, Ministry of Home Affairs, a foreign national being sponsored for an employment visa in any sector should draw a gross salary in excess of USD 25,000 per annum. Further, as per the employment visa requirements, employment visa is not granted for jobs for which qualified Indians are available or for routine, ordinary, secretarial or clerical jobs. It is granted to highly skilled/ qualified professionals or to persons engaged or appointed on contractual or employment basis. Consular and immigration officials consider an applicant’s academic and professional qualifications to fill the proposed position in India, and the availability of Indian workers to fill the position.

Typically, employment visas for most sectors are processed on a case-by-case basis and historically have been granted for 1 year even if the duration of employment is longer than a year. It is possible to get an extension of the visa in India for an additional 12-month period enabling the individual to remain in India on the employment visa for up to a total of 5 years from the date of initial issue of the visa. The extension procedure and processing time differs in every jurisdiction within India. US nationals who are the CEOs or senior executives of a US company may be granted employment visas for a period of three years or for the validity of the employment contract, whichever is shorter. Special provisions regarding visa processes and validity apply to the citizens of Japan and China.

At present, given that India has substantial labour surplus, there are no new guidelines/policies in pipeline in relation to entry of foreign nationals in India. The Indian government from time to time enters into agreements with other countries in order to bring about relaxed immigration guidelines for individuals from both the countries. Such relaxed guidelines typically include visa on arrival, medical and tourist visa relaxations. However, these agreements have not focused on any specific sector. Currently, the Indian FinTech sector does not seem to have any specific policies/guidelines in place.

Under Indian law, computer programs and software codes are generally protected by copyright whereas brands, logos, sounds, colours and 3D shapes are protected by trademark. Typically, FinTech companies enter into non-disclosure and confidentiality agreements to protect their intellectual property. However, there is no common law protection for such confidentiality agreements and parties typically resort to damages and contractual breach as remedy. Several companies have also filed patent applications with the patent office in India for patenting block- chain based technology that provides financial solutions.

Cryptocurrency is not a valid legal tender in India. India has moved away from its earlier ‘complete ban’ approach to an approach that supports regulation of cryptocurrencies. As part of the G20 New Delhi Leaders’ Declaration, India will align itself with the globally agreed principles for crypto-asset regulation. India has already operationalised the Updated Guidance for a Risk Based Approach on Virtual Assets and Virtual Asset Service Providers dated October 2021 and will be setting regulatory standards in line with the International Monetary Fund – Financial Stability Board’s Synthesis Paper.

The crypto ecosystem is decentralized but still relies on multiple intermediaries (exchanges, wallet platforms, and token issuers). Indian regulators are therefore now focused on regulating crypto intermediaries with rules centred around KYC requirements, consumer protection, disclosures and reporting requirements. The Government of India issued a notification on March 7, 2023 (VASP PMLA Circular), terming virtual asset service providers as ‘reporting entities’ under the Prevention of Money Laundering Act, 2002 (read with the rules and regulations issued thereunder) (PMLA). The Financial Intelligence Unit – India (FIU-Ind) has also published on its website a set of guidelines known as the ‘AML & CFT Guidelines for Reporting Entities Providing Services Related To Virtual Digital Assets’ (FIU-Ind Guidelines) which have come into effect from March 10, 2023. Every virtual asset service provider operating in India needs to: (a) register with the FIU-Ind, (b) adopt the prescribed KYC verification processes to verify the identity of users at the time of onboarding and (c) comply with other obligations under the PMLA (such as maintaining transaction records, reporting of suspicious transactions and specified transactions to the FIU-Ind).

Initial coin offerings are, per se, not prohibited in India. Under the FIU-Ind Guidelines, persons offering initial coin offerings are seen as reporting entities under PMLA. They must also undertake money laundering, terrorism financing and proliferation financing risk assessments before the launch or use of the platform. Despite these developments, initial coin offerings are still not viewed favourably in India given the backdrop of several monetary scams involving cryptocurrencies. Cryptocurrency is still an evolving space in India. Indian regulators may change their policy approach with any global changes in the treatment of initial coin offerings.

Indian regulators are favourable towards blockchain technology based innovations, with the RBI specifically including applications under blockchain technologies in the indicative list of innovative products and services which could be considered for testing under the framework for regulatory sandbox notified by the RBI.

There are several active blockchain projects in India. India has set up a Centre of Excellence in Blockchain Technology (CEBT) which is exploring blockchain applications for government services. CEBT is facilitating an immutable, verifiable and transparent record-keeping system and has 5 live chains, including for documents, judicial orders and land records (albeit the participation in such chains has been limited). Leading Indian banks have also collaborated for ‘Primechain-KYC’, a permission based blockchain for integrated and shared KYC, an active project under the Bankchain umbrella. Similarly, Indian banks have incorporated a company (Indian Banks’ Blockchain Infrastructure Co Pvt Ltd) to roll-out blockchain technology-based solutions for processing letters of credits, indirect tax invoices and e-way bills.

On the private side, blockchain based technology startups in India focus on customer centric solutions for a wide array of industries ranging from healthcare, banking, trade finance, insurance, data and analytics, social media and networking, and others.

Artificial intelligence (AI) based tools and utilities have witnessed increased use cases in the financial sector in India, with financial services witnessing a shift from personal customer interactions to automated processes. The primary areas where AI has made strides in the financial services in India relate to product matching in accordance with the requirements and profile of customers, fraud detection, assistive chatbots and personal finance management. There are success stories of use cases of AI in the financial sector: a leading private Indian bank implemented predictive analytics through regression and decision tree models that use patterns observed in historical data to identify borrowers with a high tendency to default across segments. Another Indian bank collaborating with an international conglomerate used AI to detect lifecycle and macroeconomic events for small and medium businesses. This was then used to curate unique personalised experiences through customer profiling and micro segmentation.

Indian regulators have also pushed for greater adoption of AI. The Indian government aims to become the global leader in AI ensuring responsible and transformational ‘AIforAll’ with a special emphasis on the promotion of research, skilling and reskilling, responsible AI and increased AI adoption. The Ministry of Commerce and Industry set up the AI task force to create a roadmap for AI use. The task force outlined ten key domains of AI application for India’s socioeconomic development. Additionally, the NITI Aayog has chalked out an ‘AI for All’ strategy – focused on leveraging AI for inclusive growth.

There are two key challenges in connection with use of AI in financial sector in India. First is with respect to data privacy and protection. Use of AI utilities involves access to sensitive customer data including inter alia financial information, credit history, spending patterns, etc. Financial service providers must comply with the changing regulatory landscape pertaining to data privacy and digital lending in India to ensure an uninterrupted use of AI in financial services. Secondly, while deploying AI in high-value decision making use cases, financial service providers must also be mindful of any potential adverse impacts. ‘AI biases’ can arise from limited training data/ faulty considerations, which could further perpetrate social inequities. Thus, in decision making use cases, financial service providers must ensure close human supervision and an auditable decision making criteria (in line with the DL Guidelines).

The RBI officials have recently called for a supportive regulatory framework for AI requiring robust governance arrangements and clear accountability frameworks for developing and deploying AI models.

InsurTech in India is currently in its nascent stages of growth, but, it has to a large extent disrupted the traditional supply chain of insurance products in the country and the underwriting process using alternative data. Several insurance providers have partnered with technology partners and other FinTech players to offer a range of digital insurance products to their customers. For example, several PPI wallets operating in the country have entered into collaboration arrangements with insurance companies to offer insurance products to their customers through their digital platforms. In addition to partnering with FinTech players like PPI wallets, insurance providers have also set up independent digital platforms for offering insurance products to existing and new customers.

The key regulations governing InsurTech in India include the Guidelines on Insurance e-commerce dated March 09, 2017, the Guidelines on Insurance Repositories and Electronic Issuance of Insurance Policies dated May 29, 2015, the Issuance of e-insurance Policies Regulations, 2016, each issued by the Insurance Regulatory and Development Authority of India (IRDAI) to regulate and govern the provision of digital insurance products by eligible insurance providers to new and existing customers.

A key area of discussion pertaining to offering of insurance products in India is bundling of insurance products with other goods and services (including financial products). The concerns around packaging of insurance products with other products primarily include inadequate disclosure to the customer of the characteristics of the bundled insurance products, restrictions on consumer choice or the freedom to make informed choices or comparisons with other products available in the market and undue influence over the customers by the provider of the packaged bundled products. With advances in technology and fast paced developments in the FinTech market, opportunities to bundle insurance products with other financial products have become easier and convenient. In 2012, with a view to regulate bundling of insurance products with other goods and services, the IRDAI had released a discussion paper on “tying and bundling insurance policies with other services and goods” and had invited comments from the public. However, the discussion paper could not culminate into codified guidelines or regulations to regulate bundling of insurance products.

Digital lending, payment instruments (particularly UPI enabled payment systems), digital investments continue to be the revenue drivers for the Indian FinTech space.

Banks and non-bank FinTech players had initially launched competing products and the FinTech landscape in India was, for a while, segmented into bank vs. non-bank players. In fact, the major advantage for a non-bank FinTech player such as a non-bank PPI issuer was ease of customer on- boarding process and ease of access to diversified goods and services, without the need to primarily rely on bank accounts, for such purposes. However, the market has now shifted to a more collaborative model, with banks and non-bank entities partnering on several dimensions, each leveraging their respective strengths, to provide customers easy to use financial products. Non-banks have the ability to leverage technology more effectively and are able to access customers and markets that banks would find too expensive to tap in the ordinary course. Banks have strong balance sheets and a robust understanding of the regulatory and licensing regime governing financial products.

In the payments landscape, banks regularly partner with third party technology service providers to manage the customer and product interface for both PPI and UPI based payment products. In the digital lending space, traditional lenders such as NBFCs are increasingly collaborating with FinTechs to act as their LSPs and DLAs. Further, acceleration of account aggregator adoption by the ecosystem and expanding to other data sources beyond banks will unlock financial industry’s ability to drive better access, undertake algorithmic risk-based lending through open market platforms and for offering tailor made financial products to their customers.

Leading commercial banks in India are forefront players for developing and exploring innovation programmes.

Banks have also assimilated their systems, by developing compatible interfaces on top of already existing technological infrastructure, with UPI to offer extended services to their customers. Post the roll-out of UPI, a number of banks have been able to tweak their existing digital banking solutions to enable functionalities offered by UPI, with a view to retain customers and provide the full benefits of UPI to their customers without substantially changing user experience.

In addition to co-branding arrangements, leading banks have invested in research projects to take advantage of developments in block-chain technologies and their adoption in the services offered by them. Recent examples of collaborations by leading Indian banks for blockchain (Primechain-KYC, processing letters of credit, etc.) and AI (predictive analysis to forecast defaults, lifecycles for small and medium businesses, etc.) applications have been discussed above.

UPI has been the strongest disruptor of the payments landscape in India, since its inception in 2016. It has effectively disrupted peer to peer and peer to merchant payments in India. NPCI continues to launch several UPI linked products/ initiatives to further disrupt the payments space. Two such products/ initiatives from the last year stand out: (a) enabling pre-sanctioned credit lines from banks linked to UPI and provide end-to-end customer lifecycle services; and (b) the UPI global initiative through NPCI International Payment Limited (NIPL) (NPCI’s wholly owned subsidiary) which enables low-cost, real-time cross border payments.

[For countries with developed payment systems or with large remittances to India, NPCI creates bilateral linkages between UPI and the payment systems locally available to reduce the cost of remittances (for e.g. the UPI – PayNow linkage with Singapore). NIPL also assists countries in developing their own UPI-like payments systems (for e.g. Nepal). NIPL is also partnering with central banks, local and international digital payment service providers and PGs to enable international merchant payments (typically using QR code interoperability) (for e.g. NIPL has partnered with Liquid Group, Lyra, Neopay, Worldline, Central Bank of Oman and PPRO). Cross-border payments are currently dominated by the Visa-Mastercard duopoly. UPI has significant advantages over the incumbent card networks with its secure and user-friendly interface, reduced costs and real-time transactions. Nevertheless, UPI Global is still in its nascent stage and will take a few years to play out.]

Apart from the payments sector, FinTechs are now creating disruptions in the lending and investments space. Rapid disruption in unsecured lending has improved customer experience, encouraged analytics-based credit decisioning and reduced costs of service and customer acquisition. FinTechs have also disrupted the investments and money management space, enabling mobile based investments into securities, mutual funds and even cryptocurrency/non fungible token investments. Key enablers include an online and seamless KYC process, easy fee collection, and providing access to account aggregator ecosystem, with market wide depositories information access. A similar tech-enabled disruption to improve customer access and experience is also taking place in the InsurTech space.

Additionally, further disruption in the payments ecosystem is expected due to adoption of evolving technologies such as block-chain and AI by payment service providers (including both bank and non-bank entities). Both bank and non-bank entities have already began to rely on AI based tools to improve customer experience, especially, in the areas of product identification and matching, background and credit verification checks which all make for a seamless customer experience.

While India has traditionally been a cash-based economy, it is now rapidly transforming into a digital economy on the strength of the digital payment products offered by FinTech players operating in the country. This is also evident from the RBI’s 2025 Payments Vision, which targets a threefold growth in digital payments transactions and a reduction in cash in circulation.