Technological innovations in the financial services sector, particularly driven by FinTechs, have brought about significant changes, transforming processes, enhancing accessibility, and reducing costs. However, achieving a delicate balance between fostering innovation and ensuring regulatory priorities to protect consumers and contain risks is crucial. In response, the Reserve Bank of India (RBI) has introduced a draft framework for recognizing Self-Regulatory Organisations (SRO) in the FinTech sector.
Reserve Bank of India
FinTechs are significantly reshaping the landscape of financial services by streamlining processes, improving accessibility, and reducing costs. Achieving a healthy balance between facilitating innovation by the industry on the one hand, and meeting regulatory priorities in a manner that protects consumers and contains risk, on the other, is crucial to optimising the contribution of the FinTech sector. Self-regulation within the FinTech sector is a preferred approach for achieving the desired balance. Accordingly, the Reserve Bank has today placed on its website, a ‘Draft framework for recognising Self-Regulatory Organisations (SRO) for FinTech Sector’. The draft framework lays down the characteristics of a FinTech SRO, and includes, inter-alia, functions, governance standards, etc.
Comments / Feedback from stakeholders and members of the public on the draft framework may be sent by end February 2024, through e-mail. The final framework will be issued taking into account stakeholder and public responses.
(Yogesh Dayal)
Chief General Manager
Press Release: 2023-2024/1677
Draft Framework for Self-Regulatory Organisation(s) in the FinTech Sector
Page Contents
Chapter I – Preliminary
Introduction
Technological innovations are reshaping the financial services landscape, with FinTechs emerging as disruptors and facilitators. FinTechs encompass diverse entities in terms of constitution, size, activities, domains, etc., all subject to constant flux and evolution. FinTechs play a pivotal role in redefining financial services by saving time, enhancing access, and lowering costs. At the same time, the sector raises concerns relating to customer protection, data privacy, cyber security, grievance handling, internal governance, financial system integrity, and the like. While the innovation and dynamism of FinTechs needs to be harnessed, the emerging risks require to be appropriately managed. In such a context, approach to regulation should be imaginative, adaptive, flexible, and proportionate to the perceived risks. In particular, an effective regulatory approach should maintain the balance between maximising the creative potential of FinTechs, while minimising the idiosyncratic risks they pose to the financial system.
2. Self-regulation within the FinTech sector could be one way of achieving this delicate balance. By pivoting towards a culture of self-governance, FinTechs could proactively set and adhere to industry standards and best practices. This approach could empower the sector to demonstrate its commitment to responsible conduct and innovation even in the absence of formal regulation. Through collaboration, the industry could collectively identify and address challenges, foster an environment where innovation flourishes, and guide shared commitment to ethical business practices. Self-regulation also offers the advantage of adaptability to rapid technological advancements and evolving market dynamics. In essence, the path of self-regulation could enable the FinTech sector to align growth with self-imposed standards, be answerable to peer demands, and be guided by exemplary behavioural norms. Appropriately designed, self-regulation can usher in self-discipline, high levels of internal governance and foster an environment conducive to an organised and organic development of the FinTech sector.
3. Self-regulation requires a well-defined structure based on consensus and co-operation amongst the entities. This document seeks to present such a structure in the form of a Self-Regulatory Organisation (SRO). While formal recognition is not a necessary condition, a FinTech SRO (hereinafter referred to as SRO-FT) that has formal recognition from the regulator will acquire legitimacy and provide regulatory comfort.
Since most entities in the FinTech sector are not directly regulated at present, the industry needs to answer the question of how an SRO-FT would create incentives for membership. Should the recognised SRO-FT comprise only of members who are unregulated, or in combination with those who are regulated (even for a part of their activities) is another question that merits discussion. Yet another issue that requires discussion is the number of SRO-FTs that would require recognition. Given the diverse nature of FinTechs, restricting to one SRO-FT could dilute some industry concerns, while having multiple SRO-FTs could undermine the representative character of self-regulation. A consensus on these issues would be crucial to the effectiveness of self-regulation.
The above challenges notwithstanding, a broad framework has been suggested below which lays down the characteristics of an SRO-FT, and includes, inter-alia, broad functions, governance standards, eligibility criteria for grant of recognition. Needless to add, the framework would be refined based on user expectations and stakeholder feedback.
Chapter II – FinTech SRO – Characteristics and Operations
4. The SRO-FT is expected to operate objectively, with credibility and responsibility under the oversight of the regulator. It should strive towards healthy and sustainable development of the FinTech sector and, if necessary, identify a glide path to a phased regulatory compliance. The SRO-FT is expected to have the following characteristics :
(i) True Representative of the FinTech Sector: The SRO-FT would derive its strength from its membership, ensuring that it is truly representative of the FinTech sector. Through comprehensive membership agreements that encompass a broad spectrum of industry players, the SRO-FT should gain the legitimacy and credibility to not only frame baseline standards and rules of conduct codes, but also to effectively monitor and enforce them. This representative structure would foster inclusivity and enable the SRO-FT to draw upon the collective expertise and experience of its members, resulting in development of standards that are pragmatic, adaptive, and widely accepted within the FinTech community. Therefore, the SRO-FT must be looked up to and accepted by the industry as the key body for setting market standards, defining rules of conduct and ensuring voluntary adoption of the common framework by its members.
(ii) Development-oriented: The SRO-FT should be development-oriented, actively contributing to the growth and evolution of the industry. This involves providing specialised knowledge and expertise, offering guidance, and contributing to capacity building through training programs, and prescribing minimum eligibility criteria for its members. By fostering continuous learning and skill development, the SRO-FT should contribute to a more robust, competent, and mature FinTech ecosystem. Additionally, expertise of the SRO-FT could be instrumental in bridging the skill gap, providing early-stage entities with necessary handholding, guiding, and keeping them abreast with the dynamic nature of financial technology and the regulatory environment as well as in facilitating the creation of policies that are forward-looking.
(iii) Independence from Influence: To maintain credibility, the SRO-FT should operate independently, free from the influence of any single member or group of members. This would ensure unbiased decision-making and prevent the organisation from being swayed by the interests of a dominant few. The SRO-FT should maintain impartiality, avoid conflicts of interest, and ensure unbiased oversight over its members. Independence would enhance reputation of the SRO-FT as a neutral and reliable entity, essential for gaining the trust of both industry participants and regulators.
(iv) Legitimate Arbiter of Disputes: Members should perceive the SRO-FT as a legitimate arbiter of disputes. This would require a transparent and fair resolution mechanism for disputes arising among members that instils confidence in the FinTech industry. By efficiently handling conflicts and grievances, the SRO-FT would contribute to a more stable and harmonious FinTech environment.
(v) Encouraging Members for Adherence to Regulatory Priorities: A proactive SRO-FT should be capable of motivating its members to align with regulatory priorities. This would involve facilitating communication between industry players and regulatory bodies, advocating for necessary changes, and promoting a culture of compliance. The SRO-FT, as its duty towards ensuring compliance, should be empowered to investigate and take disciplinary action against its members for non-adherence to codes / standards / rules. By actively participating in the regulatory dialogue, the SRO-FT is expected to help in shaping a regulatory environment that is conducive to innovation, while ensuring consumer protection.
(vi) Repository of Information: As a repository of information, the SRO-FT should collect, analyse, and disseminate relevant data pertaining to its members’ activities. This information hub could serve as a valuable resource for industry research, trend analysis, and policy making. By consolidating and sharing knowledge, the SRO-FT should contribute to the overall development and resilience of the FinTech sector.
Chapter III – FinTech SRO – Eligibility and Membership
5. General Requirements
(i) The applicant should be set up as a not-for-profit company registered under Section 8 of the Companies Act, 2013.
(ii) To ensure transparency and clarity regarding the organisation’s purpose and activities, the Memorandum of Association (MoA) of the applicant company should explicitly state the operation as an SRO-FT as one of its primary objectives.
(iii) The applicant should have sufficient net worth and demonstrate the capability of establishing the necessary infrastructure to fulfil the responsibilities of SRO-FT effectively, and consistently. In this respect, the SRO-FT should have a robust IT infrastructure and the ability to deploy technological solutions within a reasonable timeframe.
(iv) The SRO-FT should put in place systems for managing ‘user harm’ instances that come to its notice or are referred to it by the Reserve Bank or any other stakeholder.
(v) The SRO-FT should not set up entities / offices overseas without the prior approval of the Reserve Bank.
6. Membership Criteria
(i) The applicant SRO-FT should represent the FinTech sector with membership across entities of all size, stage and activities. If representation is inadequate at the time of application, the application should include a roadmap for achieving this within a reasonable timeline. Failure to demonstrate or attain comprehensive membership could result in denial or revocation of recognition.
(ii) Membership of the SRO-FT should comprise of members who are FinTechs, and membership should be voluntary. FinTechs would be encouraged by the Reserve Bank to become member of a recognised SRO-FT.
(iii) The SRO-FT should be an entity domiciled / registered in India. It could have FinTech members domiciled anywhere.
(iv) The membership fee structure developed by the SRO-FT should be reasonable, and non-discriminatory.
(v) The SRO-FT should derive authority through the membership agreements to set rules, standards, codes of conduct, etc., for the members.
7. Fit and Proper Criteria of Board of Directors and Key Managerial Personnel
(i) The Board of Directors (BoD) and Key Managerial Personnel (KMP) should possess professional competence and have a general reputation for fairness and integrity.
(ii) Any legal proceeding against the applicant company, BoD or KMP should be declared as part of the application, and demonstrated that such proceedings would not impede the functioning of the SRO-FT or harm its reputation. Further, the applicant, any members of the BoD or any KMP should not have been convicted of any offence including moral turpitude / economic offence in the past.
(iii) Reserve Bank’s view on the fit and proper status of the applicant company, BoD and KMP would be final.
8. While granting recognition as SRO-FT, the Reserve Bank would, if deemed necessary, prescribe such other conditions as may be required to ensure that functioning of the SRO-FT does not become detrimental to public interest.
9. Application Requirements
(i) The Reserve Bank would invite applications for the SRO for the FinTech sector, either for the entire sector or for specific sub-sectors, as and when required. The number of SRO-FTs to be recognised would be considered based on the number and nature of applications received.
(ii) The application made by the SRO-FT should be accompanied by –
a. A copy of the MoA, Articles of Association, etc., of the SRO-FT;
b. Details of the constitution of its Board, roles / responsibilities of its management, and the manner in which its operations would be undertaken;
c. Roadmap to achieve comprehensive membership, if necessary;
d. The application should be submitted under authorisation of the Board; and
e. Reserve Bank may require the SRO-FT to submit any further information / clarification, as may be deemed necessary;
(iii) Incomplete applications or applications not meeting the eligibility criteria would be returned / rejected. Nevertheless, before returning / rejecting any such application, the Reserve Bank would provide the applicant with an opportunity of being heard.
10. Where the applicant is deemed suitable, the Reserve Bank would issue a “Letter of Recognition” to the SRO-FT. The recognition granted would be valid subject to the following conditions:
i. Information or particulars furnished by recognised SRO-FT are true and not misleading in any manner.
ii. The requirements prescribed in this framework, including that of membership, would be adhered to, on a continuing basis.
iii. The SRO-FT would ensure adherence to the terms and conditions governing its recognition. The recognition granted to the SRO-FT would be subject to periodic review by the Reserve Bank, as considered necessary.
iv. Reserve Bank would revoke recognition granted to the SRO-FT, if it deems that the functioning of the SRO-FT is detrimental to public interest or any other stakeholder and / or the SRO-FT is found to be conducting activities that are not in conformity with the objectives of the SRO-FT. Adequate opportunity would be given to the SRO-FT before arriving at the decision.
v. The recognised SRO-FT should ensure compliance with the provisions of relevant Acts, regulations as well as guidelines, directions or circulars issued by the Reserve Bank, to the extent applicable.
11. Reserve Bank would reserve the right to not grant recognition to any SRO-FT. The decision of Reserve Bank in this regard would be final, subject to providing opportunity to the SRO-FT of being heard.
Chapter IV – FinTech SRO – Functions and Responsibilities
12. Functions
The SRO-FT should guide the conduct of its members, ensure that they adhere to industry standards, comply with relevant laws and regulations, and maintain high ethical standards. This involves establishing and enforcing guidelines for consumer protection, data security, data privacy, etc. The SRO-FT should play a crucial role in promoting responsible innovation by providing a framework that encourages responsible experimentation. The SRO-FT should be responsible for addressing any grievance, conflict of interest, or dispute that may arise among its members, and foster a fair, equitable and competitive environment. Through these responsibilities, the SRO-FT should act as a steward of trust and stability in the FinTech sector, balancing the need for innovation and maintaining integrity. In particular, the SRO-FT should undertake the following functions:
(i) Standard-setting
(a) The SRO-FT should have objective, well-defined and consultative processes to make and establish rules and standards.
(b) The SRO-FT should frame a code of conduct for its members, customised to the nature of various set of activities undertaken by them.
(c) The SRO-FT should set industry benchmarks and baseline technology standards, as could be applicable, for transparency, disclosure, data privacy, etc., by its members.
(d) The SRO-FT should frame standardised documents for the FinTech sector for specific requirements, for instance, agreement between the lending service providers and Regulated Entities. The agreements should be compliant with extant statutory and regulatory requirements.
(e) The SRO-FT should set up a mechanism for accreditation in the FinTech ecosystem for, inter-alia, improving compliance culture, fostering professionalism, creating healthy market behaviour, etc., among its members.
(f) The SRO-FT should put in place a code of conduct for responsible advertisements and market standards.
(g) The SRO-FT should develop appropriate baseline governance standards for the FinTech sector.
(h) The SRO-FT should specify the consequences for violation of agreed upon rules and misconduct by its members and enforce them.
(ii) Oversight and Enforcement
(a) The SRO-FT should have structured frameworks that guide its oversight and enforcement functions.
(b) The SRO-FT should deploy suitable surveillance mechanisms for effective monitoring of the FinTech sector to detect and highlight exceptions. This could involve the use of tools and techniques to assess the activities of industry participants, ensuring a proactive approach to maintaining integrity and compliance.
(c) The SRO-FT should offer counselling on restrictive, unhealthy, and such other practices that could be detrimental to the growth of the sector.
(iii) Developmental
(a) The SRO-FT should actively promote understanding of statutory and regulatory requirements and promote a culture of compliance. It should facilitate exchange of expertise and experience, as well as organise training programs for the benefit of its members.
(b) The SRO-FT should disseminate sector-specific information via various channels such as periodicals, bulletins, pamphlets, and magazines to raise awareness among its members about the developments, trends, and best practices in the FinTech sector.
(c) The SRO-FT should encourage a culture of research and development within the FinTech sector to encourage responsible innovation. The SRO-FT should facilitate this by conducting studies, surveys, think tank discussions, etc.
(d) The SRO-FT should extend guidance and support, particularly to smaller entities within the sector, agnostic of membership, and publicly share best practices aligned with statutory and regulatory policies.
(iv) Grievance Redressal and Dispute Resolution
(a) The SRO-FT should establish a grievance redressal as well as dispute resolution framework for its members. These frameworks should be efficient, fair and transparent.
(b) The SRO-FT should work towards customer education focused on products and services offered by the industry.
13. Responsibilities towards the Reserve Bank
The SRO-FT would be expected to play a pivotal role in ensuring compliance with statutory and regulatory frameworks, adherence to industry standards and best practices, and in facilitating transparent communication channel with Reserve Bank. Its responsibilities towards the Reserve Bank would broadly encompass relaying sector-specific insights, addressing regulatory concerns, and collaboratively working towards the overall development of the FinTech sector. The SRO-FT would serve as a valuable bridge, foster co-operation, and provide policy commensurate to the dynamic nature of the FinTech sector. In particular, the SRO-FT should discharge the following responsibilities towards the Reserve Bank:
(i) The SRO-FT should act as the collective voice of its members in engagements with the Reserve Bank. In such engagements, it would be expected that the SRO-FT functions beyond the self-interest of specific members and addresses larger concerns of the FinTech sector. Also, while acting as the industry association, the SRO-FT would be expected to ensure equitable and transparent treatment for all its members.
(ii) The SRO-FT would be obligated to regularly update the Reserve Bank on the developments in the sector and notify the Reserve Bank of any violations by its members regarding statutory or regulatory requirements that may concern the Reserve Bank as soon as such violations come to its attention.
(iii) The SRO-FT should collect relevant and up to date sectoral information and share the same with the Reserve Bank to aid in policy making. For this purpose, the SRO-FT should develop a scalable technology solution. This system should enable the Reserve Bank to understand the details about specific products, services, and scale of activities of FinTech entities. The SRO-FT should, where required, co-ordinate the introduction of new products within the regulatory framework set by the Reserve Bank.
(iv) The SRO-FT should consult the Reserve Bank in developing and updating the taxonomy for FinTechs.
(v) The SRO-FT should carry out any assigned tasks from the Reserve Bank, review referred proposals or suggestions, and supply requested data / information as directed by the Reserve Bank.
(vi) The SRO-FT would be required to submit its Annual Report and / or other information to the Reserve Bank. Additionally, the SRO-FT should submit periodic returns as may be prescribed by the Reserve Bank.
(vii) The SRO-FT would be invited for periodic interactions with the Reserve Bank and be expected to adopt a holistic perspective on the FinTech sector when providing its views, inputs, or suggestions.
(viii) Reserve Bank could inspect the books of the SRO-FT or arrange to have the books audited by an audit firm. The SRO-FT would be obligated to provide the required information to the inspection team for the purpose of conduct of inspection / audit. The expenses of such inspection would be borne by the SRO-FT.
(ix) The SRO-FT should discharge such other functions and abide by such other directions as specified by the Reserve Bank, from time to time.
(x) The SRO-FT would be expected to guide / facilitate the Reserve Bank on the extent, scope, and manner of regulation of entities in the FinTech sector.
Chapter V – FinTech SRO – Governance and Management
14. Adhering to the highest standards of governance is essential for the effectiveness of the SRO-FT. The SRO-FT is obligated to uphold transparency, accountability, integrity, fairness, responsiveness, and compliance with all relevant laws and regulations. Additionally, it must implement robust conflict of interest management, ensure professional competence of its leadership, and promptly address grievances. By strictly following such governance principles, the SRO-FT should instil trust and credibility within the financial ecosystem it oversees. Accordingly, the SRO-FT would be expected to rigorously comply with the following guidelines to uphold the principles of good governance –
(i) The SRO-FT should be professionally managed, with its Articles of Association (AoA) containing appropriate provisions to ensure this. The AoA should explicitly outline the functioning of the Board / governing body / management, addressing conflicts of interest comprehensively.
(ii) The AoA should also clearly lay down the criteria for admission, expulsion, suspension, re-admission, etc., of its members.
(iii) The Board should put in place a framework for the ongoing monitoring of ‘fit and proper’ status of its directors. Any change in the directorship or adverse change in its fit and proper status, should be immediately reported to the Reserve Bank.
(iv) At least one-third of members in the Board, including the chairperson, should be independent, and without any active association with a FinTech entity.
(v) The Board should ensure that the SRO-FT has adequately skilled human resources, and robust technical capability to monitor the sector.
(vi) Reserve Bank would, if it deems necessary, nominate / depute Observer(s) on the Board of the SRO-FT.