Legal Requirements and Compliances needed for Fintech Startup in India

The future of the Fintech industry in India is increasingly shining and growing due to the growth of start-ups in the Fintech industry, the penetration of mobile users, the continuous construction of digital networks and the streamlining of financial processes in many industries.

'FinTech' organizations are financial institutions which, through the digital media, provide financial assistance, planning and management services to other companies and individuals. A fintech company varies from a bank and also requires in-depth preparation and guidance to start a finance start-up or FinTech in India.

There are 4 types of online finance companies providing services:

• Payment services: mobile payments and e-wallets.
• Lending resources from Peer to Peer (P2P).
• Retail banking services, Customer to Business (C2B) and Business to Customer (B2C).
• Personal consulting services for finance and savings.

Legal requirements and formalities for a start-up that wants to set up FinTech business in India:

• Choosing the Business Structure: Determining the business structure is the first step in launching an online finance business. For a FinTech, there are 3 types of market structure:

1. One Individual Corporation:An OPC is a blend of sole proprietorship and business, where the company has only one owner but operates as a business.
2. Limited Liability Partnership:An LLP is a mixture of a partnership and a company, where the limited liability of all the partners is limited to their respective shares only.
3. Private Limited Company: In a PLC, as it has its own rights and liabilities independent from the owners, the directors and shareholders of the company have no personal obligation to the creditors of the company. This is the right framework for India's financial technology market.

• Apply for GST:To register for GST and get GSTIN for the company, an online finance company or finance start-up is required. The GST scheme has introduced the old indirect taxes, such as service tax, excise duty, etc.
• Legal Contracts and Agreements:To start an online finance business, it is also important to get the following legal documents:

1. Co-Founders Agreement
2. Intellectual Property Licensing Agreement
3. Privacy Policy
4. Website User Policy
5. Terms of use for mobile app users
6. Vendor Agreement
7. Product Development Agreement
8. Employment Agreements
9. Get Intellectual Property: Trademark,  Patent and Copyright  comprise of Intellectual Property. To preserve its brand name, slogan, website, mobile app, etc., an online finance company needs to register these rights. This will provide them with exclusive right to use. Licensing:  Intellectual Property can be licensed via a licensing agreement that sets out the terms and conditions for use and payment. For Payment service: A 'Differentiated banking license' scheme for granting 'on-tap' licenses to companies wishing to start financial or banking services has been introduced by the Reserve Bank of India. They should apply to register with the RBI for this.
10. For P2P:They can only behave as intermediaries.
11. For retail service providers: fintech retail licensing to offer lending and depositing services to micro, small and medium-sized and unorganized industries.
12. For Financial Management/Investment: There are no regulations for finance management companies, but this FinTech will be registered as NBFCs- Non-Banking Finance Companies proposed by the RBI.

• Domain Registration: A tech company wants a presence on the internet. Therefore, the top goals for the online finance sector are to have a domain name and a fully established website. To broaden its subscribers and customers, a financial start-up may also set up a mobile app.

Compliances Required

The main fintech companies began as start-ups, while others have only expanded their online services. Fintech companies have been listed in a number of respects. Payments and remittances, lending networks, personal finance, blockchain and cryptocurrencies, company applications and investment platforms are several of these. To classify a start-up into any of the categories has become a tedious assignment. Most of them have begun to provide different services that confuse the nature of classification. Regulations and investments vary according to the market segment.

• Payments and Remittance: -The payments market is the fintech industry's foremost member. Since its inception, this sector has seen tremendous growth, inviting a large amount of investment. Demonetization has resulted in the payments industry being widely embraced. Digital payments in India are expected to double to about $135.8 billion in 2023. Around 50 percent of start-ups in the payment sector are made up of mobile/digital wallets, PoS systems and payment gateways. A 'High-level Committee on Deepening Digital Payments' has been established by the Reserve Bank of India.
• In previous years, the payments industry experienced a number of changes from digital wallets to Payments Bank and UPIs. The go-to choice for digital payments has been digital/mobile wallets. They were closed/semi-closed prepaid payment tools used for payments between the same network, along with recharge, e-commerce, and shopping applications. RBI has defined KYC specifications for different prepaid payment instruments in its "Guidelines for Prepaid Payment Instruments." For the use of mobile/digital wallets, which are often semi-closed prepaid instruments, KYC compliance has become mandatory (PPIs).
• The payments industry has recently experienced a significant change when the National Payment Corporation of India unveiled the Unified Payments Interface (UPI) (NPCI). Under the provisions of the Payments and Settlements Act 2007, the NPCI was established as an autonomous entity. It was established under the guidance of the RBI and IBA for operating the payments and settlement systems. UPI turned out to be a fantastic e-wallet competitor. There are no KYC conditions for UPI applications as of now. The RBI's annual report shows that in 2018-19, UPI transactions exceeded debit cards. In contrast to the popularity of digital wallets, the UPI infrastructure built by the RBI led NPCI was the perfect response from banks. UPI is a cross-bank transfer tool sponsored by a bank consortium. Mobile wallets are unable to access UPI technology on their own, which banks would rely on. For UPI, Bharat QR code, and BBPS related payments, NPCI offers guidelines.
• The Digital wallets were dramatically affected by the introduction of UPI, lack of interoperability, and KYC specifications. E-wallet giants like Paytm have introduced a new banking system called the 'Payments Bank' to counter the problem. RBI released its Payments Bank Guidelines in 2017. Payments Bank is to be registered under the Companies Act as a public limited company and is to be authorized under section 22 of the Banking Regulations Act. INR 100cr is the minimum capital required. The RBI conceptualized the idea of Payment Banks to counter financial inclusion. Payment banks advocate paperless banking and are not entitled to accept deposits above INR 1 lakh. Payment Banks are not permitted by RBI to lend money or issue credit cards. To open savings bank accounts with Payment Banks, a complete KYC must be Payment banks have many parallels to ordinary banks and have been seen as  significant in the financial inclusion movement. Platforms such as Paytm have added their wallets to the Payment Bank.
• Payment gateways and aggregators are playing a crucial role in the payments sector as a result of the rise in digital transactions. Such organizations are not directly protected by the Reserve Bank of India. All the interactions are made via the banks between payment gateways and RBI. RBI instructed the payment gateways, in a press release in 2017, to route their transactions to a nodal account opened with a bank. These accounts will be deemed to be the bank's internal account and payment gateways will not be allowed to work on that account. But still, they are essentially self-regulated, and the RBI does not explicitly approve them. Payment gateways maintain such requirements in order to protect and secure digital payments, such as the Payment Card Industry Data Protection Standard (PCI DSS). The Central Bank has recently come up with a proposal to control these payment operators directly, taking into account the increasing number of digital transactions.
• Financial Lending: -In India's fintech industry, digital lending platforms have recently flourished. The lending landscape in India, previously dominated by banks, has been exponentially revolutionized by P2P lending and SME lending start-ups. In very little time, lending platforms offer problem-free loans with very little paperwork. MSME companies in India have benefited greatly from these services, especially when applying for bank loans involving complicated procedures with a lower likelihood of approval. To replace the older systems of analysing the creditworthiness of the loan seeker, these platforms have used technologies such as machine learning and AI.
• There were no clear guidelines applicable to lending platforms until 2017. The RBI issued a circular on the regulation of P2P lending companies in September 2017. The position where lenders meet borrowers directly across the web is the P2P lending platform. Fintech companies in India are allowed by the RBI to obtain an NBFC license. RBI required P2P sites to be registered as P2P lending NBFCs in its guidelines. Companies that have acquired the RBI P2P NBFC license are expected to post the platform's default rates on their website. They are also directed to exchange data on grievance redress mechanisms, results of the portfolio, etc. NBFC P2Ps are also expected to provide the borrowers and lenders with adequate information to promote clear decision making. To defend them against the tougher regulations followed by conventional NBFCs, RBI has categorized these platforms as NBFC P2Ps.

Personal Finance and Investment Platforms:

• SEBI is the Fintech industry's chief policymaker for this segment. Several traditional players have expanded their online offerings already. Stockbrokers such as Zerodha are registered with SEBI and are NSE and BSE members. Online trading firms are expected to follow the NSE, BSE and MCX Trading Member Guidelines. There are other businesses that deal with personal finance and wealth management consulting functions. These companies are expected to obtain the SEBI Registered Investment Advisor Certificate (RIA). To govern these organizations, SEBI developed the SEBI (Investment Advisers) Regulations in 2013.As per the guidelines, RIAs are directed to make such disclosures to their customers, such as their remuneration and other key product/security characteristics. Copies of documents such as risk profiles, KYC records, client agreements, investment advice given and so on are also expected to be retained. For the monitoring of enforcement requirements required by the regulations, a compliance officer should be named. Asset management firms with mutual funds are registered with the 'Association of Mutual Funds in India' as a distributor (AMFI). AMFI is a SEBI licensed mutual fund association that prescribes guidelines for distributors of mutual funds.
• Increased internet and tablet penetration has allowed private finance and wealth management firms to reach deeper segments of the industry. A wider audience, such as women and young people, has attracted the ease and comfort of making investments and handling personal finance. Such platforms use modern technology to facilitate the entire investment and wealth management process, especially when compared to traditional institutions.

Impact of Aadhar Judgment on Fintech

Section 57 of the Aadhaar Act was struck down by the Supreme Court in 2018. Section 57 allowed the 12 digit Aadhaar number to be used by any state, company, or person to determine an individual's identity. This judgment prohibited private entities from accessing individuals' Aadhaar data. The decision had a major effect on the e-KYC Fintech industry, which relied on Aadhaar. For payments and lending platforms in particular, it was a huge blow. This suggests that the fintech firms are going to have to go back to the old KYC based on paper. However, its 'Master Direction on KYC Standards' was later amended by the Reserve Bank of India. The direction was a consequence of the decree passed by the Government by amendment of the 2005 Rules on Money Laundering Prevention (Maintenance of Records) and certain provisions of the 2016 Aadhaar Act.

The ordinance, with the consent of the consumer, permitted the voluntary use of Aadhaar in physical (QR code) or electronic form for offline verification and eKYC. Only banks were, however, permitted to use Aadhaar-based eKYC. Fintech companies also had to go with Aadhar's offline verification based on QR codes or XML files. Users can download XML files from the UIDAI website. They contain required information that can be shared offline without disclosing the Aadhaar number for KYC purposes. The ease and efficiency offered by the older eKYC methods could never replace this device. Due to the sophisticated KYC requirements, Fintech companies, especially from the payments sector, lost a lot of customers. The Steering Committee on Fintech recently submitted its report to the Ministry of Finance on the easing of KYC standards through methods such as video-based KYC and Digi locker facilities. Digi locker is an online forum for document/certificate issuance and verification. A cloud storage space associated with the Aadhaar number is received by users who sign up on the website. Positive changes in the KYC regulations will help to raise new highs for the industry.

Compliance with the Information Technology Act 2000

Fintech companies are sites that operate on the internet. They are also mandated to obey the directions set out in the IT Act. Section 43A defines the responsibility of corporate organizations to pay damages in the event of negligence in maintaining fair security measures for the protection of their users' confidential personal data. In violation of a lawful contract, Section 72A prescribes penalties for disclosure of details. Fintech companies rely on individuals' personal data a lot. To prevent legal problems, it is important to follow the specified data security requirements.

2011 rules on Information Technology (Reasonable standards and procedures for protection and confidential personal data or information) explains personal information as any information that directly or indirectly relates to a natural individual, information that is able to distinguish a person when combined with other information. Details or information such as passwords, biometric data, financial data, sexual orientation, etc. are sensitive personal data. The rules govern how the storage, use, processing and transfer of personal data are carried out. It also allows organizations to create a privacy policy and make it available in a transparent and open manner to information providers. Corporate bodies must obtain permission from the provider of information prior to the disclosure of any confidential personal data. In addition, corporate organizations must maintain security control structures and information security procedures. Certifications such as IS, ISO and IEC 27001 are included.

Conclusion

The use of new technology to provide financial services has contributed significantly to financial inclusion. However, unclear legislation, consumer mistrust and the lack of a broad customer base are complications for this sector, especially when compared to traditional financial institutions. Traditional financial institutions have client trust.

In addition to current legislation, potential laws such as the "Personal Data Protection Bill" will have a direct effect on the fintech industry powered by data. For FinTech start-ups, data is a lifeline. For the launch of new products and services, modern technologies need data. The inconsistency in current legislation has led to numerous operational difficulties for fintech companies. Fintech companies that offer various services are also subject to various regulations from various regulators. The industry hopes that, along with other financial institutions, the government's supportive policy would guarantee them a level playing field. "Industry 4.0" and wide-scale financial inclusion will lead to the growth of fintech companies.

Copyright 2023 – Helpline Law - HLL001