The Reserve Bank of India (“RBI”), India’s apex bank conferred with legislative powers, published[1] a Framework for Recognition of a Self-Regulatory Organization for Payment System Operators (“Framework”)[2]. This comes at a juncture where the Indian digital payments industry is witnessing increasing innovation, disruption and velocity. This is not the first self-regulatory mechanism that is being introduced by the RBI as it previously established a self-regulatory framework for non-banking financial companies offering various products in micro-finance (“NBFC-MFIs”) in 2013.[3]
In February 2020, the RBI published a Statement on Developmental and Regulatory Policies[4] expressing its intent to further boost the industry and encourage the establishment of self-regulatory organizations (“SROs”) for Payment System Operators (“PSOs”)[5]. In line with this vision of self-governance, the Framework has followed suit.
As the number of players in the payment ecosystem increase steadily, RBI has sought to optimize regulatory resources available and promote self-regulation in terms of pricing mechanisms, security standards, customer protection measures, behavioral and ethical standards, and grievance redressal. The Framework establishes a system to provide formal recognition to associations formed between the industry players to set certain standards of business for and between themselves. The Framework details the criteria of recognition of such bodies, their functions and the oversight of the RBI over their functioning.
Concept of SROs
The Framework envisages recognition of SROs which are established as autonomous organizations. These SROs are intended to be set up by mutual agreement of members who would enter into respective membership agreements with the SRO. The membership agreements provide a basis for an SRO’s authority and allows it to set standards, procedures, oversight mechanisms and resolve conflicts between members.
The SRO’s responsibility, while taking into consideration vested interests, would be to devise behavioral and professional standards that address larger interests of the ecosystem such as to impart training to staff of its members, conduct awareness programs, and promote research and development. An SRO is also expected to have a well-defined and transparent means of conflict resolution, and an effective system of monitoring and enforcement.
Regulator's Recognition
The RBI grants formal recognition to SROs which meet the prescribed eligibility criteria. An SRO:
- must be set up as a non-profit company under the Companies Act, 2013;
- must have clear bye-laws that sufficiently establish the procedure of obtaining membership and define the manner of the SROs’ functioning i.e. the board of directors;
- must have only regulated payment system entities, such as banks and non-bank PSOs as members; and
- must have a uniform, reasonable fee for its members and must be financially self-sufficient to discharge its responsibilities.
An SRO is governed by a board of directors who must meet a prescribed ‘fit and proper’ criteria. At least one-third of the board members must be independent and not associated with member institutions and any change or an adverse development about any Director must be informed to the RBI. The board must devise a member code of conduct. The RBI can also mandate that the appointment of important positions in the board of directors of an SRO be done only upon its approval, if it so sees fit. It may revoke the recognition granted to the SRO too if it deems the functioning of an SRO to be detrimental to public interest.
Role of SROs
An SRO is intended to embody the representation of the common will of the stakeholders in the digital payments industry. It is managed by a board which is governed by its own code of conduct and decides how the SRO functions. The SRO is expected to perform typical regulatory duties such as:
- establish minimum professional, behavioral and ethical standards for its members and act as a catalyst for a competitive but fair market;
- inform the RBI of the violation of either the Payments and Settlement Systems Act, 2007 or any other circular, direction or regulation notified by the RBI;
- establish a uniform grievance redressal and conflict resolution system for the benefit of all its members, including inter-PSO issues;
- train its members and spread awareness about safe payment transactions;
- work in coordination with the RBI for the larger interest of the industry and comply with any directions issued by the RBI including the terms of its recognition;
- play a constructive role in supplementing and complementing existing regulatory / supervisory arrangements; and
- have completely transparent processes of functioning in place and be in a position to monitor the effective implementation of codes of conduct and regulations..
Foundation Stone for Self-Regulation
The introduction of a self-regulatory framework by the RBI bodes well with the Government of India’s policy of minimum government, maximum governance. While the Framework is a progressive step towards the growth of the industry, it is important for the RBI to supplement it further. Future guidance from the RBI in the form of model codes/rules, checklists, etc. would go a long way in creating a robust system of self-regulation including ethical and behavioral standards, and an effective mechanism of conflict resolution. While the Framework is a welcome move, it does pose some interesting questions.
Firstly, the Framework allows only banks and non-bank PSOs to be members of an SRO and overlooks the fact that there are other stakeholders in the industry who form a vital part of the payments ecosystem including unlicensed entities offering a variety of fintech products to consumers, backend technology providers, merchants and consumers and consumer associations. Recognized self-regulators in other jurisdictions such as the Australian Payments Network (“AusPayNet”)[6], the Financial Industry Regulatory Authority[7] in the USA and the Investment Industry Regulatory Organization of Canada[8] allow both regulated and non-regulated entities to join as its members. Closer to home, bodies such as the Advertising and Standards Council of India (“ASCI”)[9], the Indian Broadcasting Foundation (“IBF”),[10] and the Payments Council of India[11] allow both regulated and non-regulated entities as members. It is important to recognize that fintech companies of the day are more diverse and disruptive than traditional banking or other financial companies and hence, representation of from various stakeholders becomes even more crucial. The Framework must provide such entities an adequate degree of representation in these SROs to truly do justice to its purposes.
Secondly, the Framework requires that an SRO must be a ‘not-for-profit company’ but the rationale for such a requirement is unclear. It must be noted that many SROs such as the Microfinance Institutions Network[12] and Sa-Dhan[13] (both of which are registered under RBI’s SRO scheme for NBFC-MFIs), and the Internet and Mobile Association of India are registered societies and not incorporated companies. Such an obligation in the Framework would add additional burden since registered companies have comparatively more compliance obligations than a registered society such as conducting a minimum number of board meetings in a year and annual filing requirements. Notably, the Payments Council of India and the Indian Banks Association are in talks to set up a non-profit entity and apply for recognition under the Framework.[14]
Thirdly, the degree of oversight the Framework provides to the RBI may result in over-intervention into the functioning of an SRO. The Framework allows RBI to ensure that an SRO takes its approval for appointment of important positions to its board of directors, if necessary. An SRO’s recognition may be withdrawn if the RBI opines that it is functioning in a manner detrimental to the public interest. Other self-regulatory organizations in India i.e. ASCI and the IBF hold more autonomy in the manner of appointment of management personnel and general functioning. The RBI should be wary of turning a self-regulatory framework into a pseudo-regulatory framework.
Fourthly, the Framework is unclear on whether it seeks to recognize a single SRO for the payments ecosystem (or group of banks or PSOs) or if it would allow establishment of multiple SROs. While para 1.3[15] of the Framework provides that the establishment of an SRO would be encouraged, there is no express prohibition across the Framework on different associations of banks and non-bank PSOs from forming their own SROs, thereby multiple SROs. Establishing a single SRO may potentially defeat the purpose of self-regulation as it may lead to the formation of a shadow or pseudo regulator which would function at the pleasure of the RBI.
Lastly, the most typical observation on any self-regulatory mechanism across industries is the efficacy of its dispute resolution and penal framework. Enforceability is also a prime objective of the Framework and the SRO seems to lack teeth in this aspect. While an SRO is bound to notify any violation of laws to the RBI, it appears that it cannot itself impose penalties or other mechanisms of enforceability on its members except contractually through its membership agreements. There exists a possibility that a member may choose to forfeit the membership of the SRO at the imposition of an undesirable enforceability action and that would adversely affect the SRO itself and perhaps the industry group as a consequence. The Framework provides that an SRO also gets legitimacy by the efficiency with which self-regulation is perceived to be administered. A possible solution would be have a penal referral mechanism in place where an SRO can refer violations by its members to the RBI in the event they refuse compliance and recommend penal action by the regulator. The ASCI has the power to issue notices to industry players in case of violations as well as the power to send recommendations to the Ministry of Information and Broadcasting in case of non-compliance of its members.
[1] Published on January 19, 2021.
[2] Available at: https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11986&Mode=0. Last accessed: January 19, 2021.
[3] https://www.rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=30052. Last accessed: January 19, 2021.
[4] Available at: https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=49343. Last accessed: January 19, 2021.
[5] A Payment System is defined as a system that enables payment to be effected between a payer and a beneficiary, involving clearing, payment or settlement service or all of them (not including a stock exchange) under section 2(i) and Payment System Operators are persons who operate an authorized payment system or participate in a payment system as provided under sections 2(p) and 2(q) of the Payment and Settlement Systems Act, 2007.
[6] Available at: https://www.auspaynet.com.au/join-us. Last accessed: January 19, 2021.
[7] Available at: https://www.finra.org/registration-exams-ce/registration. Last accessed: January 19, 2021.
[8] Available at: https://www.iiroc.ca/industry/registrationmembership/Pages/default.aspx. Last accessed: January 19, 2021.
[9] Available at: https://ascionline.org/index.php/membership-advantages.html. Last accessed: January 19, 2021.
[10] Available at: https://www.ibfindia.com/membership-criteria. Last accessed: January 19, 2021.
[11] Available at: http://paymentscouncil.in/Eligibility-Criteria.aspx. Last accessed: January 19, 2021.
[12] Available at: https://mfinindia.org/about/industry. Last accessed: January 19, 2021.
[13] Available at: http://www.sa-dhan.net/wp-content/uploads/2020/12/Information-Brochure.pdf. Last accessed: January 19, 2021.
[14]Availableat:https://economictimes.indiatimes.com/tech/technology/lobby-groups-iba-pci-in-talks-to-set-up-regulatory-body-for-digital-payments/articleshow/79022443.cms. Last accessed: January 19, 2021.
[15]Para 1.3 of the Framework: It has, therefore, been decided to encourage the establishment of a Self-Regulatory Organisation (SRO) for Payment Systems Operators (PSOs).