Contact Form

Sticky Contact Form

Fintech Startups In India: Regulations And Compliances To Consider  

By - Pooja Rao on July 13, 2022

Fintech Startups In India

In the complex digital landscape of today, the use of technology to achieve business objectives has climbed rapidly to the forefront for banks and other financial institutions. This nascent sector has sought to disrupt traditional fiscal systems, identify modern issues of concern and provide avant-garde solutions for the same - giving rise to the concept of financial technology or ‘fintech’ as a newly essential aspect of the financial business. Fintech companies are financial organizations that provide financial planning, management, and assistance to other businesses and individuals via digital media. A fintech company is not the same as a bank, and it takes substantial planning and guidance to create a financial start-up in India.  

To offer regulatory recognition for this invention, the Reserve Bank of India [“RBI”], passed the Payment and Settlement Systems Act, 2007 [“PSSA”], which covers payment systems and recognized procedures such as payment, settlement, and clearing.  When fintech startups are launched, several legal and regulatory challenges arise.

Fintech Regulations & Compliances:

  • Business Structure Determination  
  • Goods & Services Tax [“GST”] Registration   
  • Legal Contract Formation & Management  
  • Intellectual Property Rights [“IPR”] Protection  
  • Information Technology [“IT”] Act & Rules Compliance  
  • Securities and Exchange Board of India [“SEBI”] Regulations  
  • RBI Regulations  
  • National Payments Corporation of India [“NPCI”] Guidelines  
Business Structure Determination

A fintech company must determine what type of corporate structure it needs. The three market structures for fintech companies are One Person Company [“OPC”], Private Limited Company [“PLC”], and Limited Liability Partnerships [“LLP”].  

The Companies Act of 2013 governs the formation of OPCs and PLCs. The Limited Liability Partnerships Act of 2008 governs LLPs.  

GST Registration

Certain types of businesses are required by law to register for GST, and refusal to do so is an offence. This category includes casual taxpayers, non-resident taxpayers, e-commerce aggregators, reverse charge payment users, and others.  

The new company would need to register for GST and obtain a GST Number. Among the benefits of registering is the ability to claim an input tax credit, quicker registration on e-commerce websites, competitive advantages, reduced compliance needs, and so on.  

Each business must have its own set of legal paperwork. Fintech startups need to hire legal professionals to draft and customize legal documents. Various legal documents and contracts, such as privacy policies, terms, and conditions, employment agreements, non-disclosure agreements, user policies, etc., are required by law.  

IPR Protection

An IP strategy is critical for fintech startups to legally protect the services provided. Furthermore, if a founder decides to sell their company, nothing will be more appealing to potential buyers than a strong intellectual property portfolio. These can be done by patenting and trademarking in the fintech arena.  

IT Act & Rules Compliance

The two main regulations controlling personal data protection are the Information Technology Act of 2000 and the IT Rules of 2011. Data privacy & protection have all become increasingly relevant issues as fintech platforms acquire and store the personal & financial data of users.    

Fintech companies are required to follow the instructions outlined in the IT Act. Section 43A [1] establishes corporate organizations’ liability to “pay damages if they fail to maintain reasonable security measures to protect their users’ sensitive personal data”. Section 72A [2] provides penalties for disclosing details in breach of a legitimate contract. Fintech firms rely heavily on individuals’ data. It is critical to adhere to the defined data security rules to avoid legal issues.  

Furthermore, to improve digital security and protect sensitive client data, the RBI also inculcated various measures such as common minimum-security controls via the Master Direction on Digital Payment Security Controls and prohibiting payment aggregators and merchants from storing customer card credentials under the Tokenization Scheme.  

SEBI Regulations

In the fintech industry, SEBI is the major regulator of investment-related policies. Several well-known companies have already expanded their internet operations. Zerodha and other stockbrokers are registered with SEBI and members of the NSE and BSE. Online trading firms must follow the NSE, BSE, and MCX Trading Member Guidelines.   

Additional companies offer wealth management and personal finance advice. These firms are expected to receive their SEBI Registered Investment Advisor [“RIA”] Certificate. To govern these firms, the SEBI Investment Advisers Regulations 2013 were created. [3] The laws require RIAs to provide their clients with information about their compensation and other relevant product characteristics.   

A compliance officer should be established to oversee the regulations’ enforcement requirements. Mutual fund asset management organizations are registered as distributors with the “Association of Mutual Funds in India” [“AMFI”].  

RBI Regulations

In 2009, the RBI issued the Directions for Opening and Operating Accounts and Settlement of Payments for Electronic Payment Transactions Involving Intermediaries to protect clients’ interests and ensure that middlemen who receive their money properly, account for them and refund them to the retailers who sold the items. [4] 

The RBI issued the Master Direction on Issuance and Operation of Prepaid Payment Instruments in 2017 to encourage innovation and competition, ensure security and safety, and protect customers. [5] The Master Directions provide eligibility rules for issuing pre-paid instruments to banks and non-banks.  

The RBI also updated Guidelines on Regulation of Payment Aggregators and Payment Gateways 20206 to include “recommendations relating to security and information technology systems, information security governance, data security standards, and risk assessments.” [6] 

NPCI Guidelines

The NCPI developed the Unified Payments Interface [“UPI”] and the Bharat Interface for Money [“BHIM”]. NPCI published UPI Procedural Guidelines and their Operating and Settlement Guidelines, which outline requirements that a fintech company must follow such as their duties and obligations, the transactions that such payment service providers are permitted to perform, and their liabilities.  [7] 

Final Remarks - Fintech Startups In India

Using current technologies to deliver financial services has greatly facilitated financial inclusion. Several banks and financial institutions have formed alliances with technology companies to incorporate modern technologies such as blockchain and artificial intelligence into their products, services, and operations.   

Digital financial services, payment aggregators and processors, standalone platforms that interface with regulated institutions, and digital banks are all growing in popularity. The Framework for Recognition of Self-Regulatory Organizations for Payment System Operators will have a significant impact on the dependability and quality of Payment System Operator services in India. [8] 

Finally, a big obstacle for the bulk of offshore fintech companies functioning in the “Indian Payment Ecosystem” is to make the effort to localize operations and create a pool of data localization since these efforts could cost the offshore corporation a lot of money  

[1] Section 43A, The Information Technology Act 2000 
[2] Section 72A, The Information Technology Act 2000 
[3] https://www.sebi.gov.in/legal/regulations/jan-2013/sebi-investment-advisers-regulations-2013-last-amended-on-december-08-2016-_34619.html 
[4] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=5379&Mode=0 
[5] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10981&Mode=0 
[6] https://rbi.org.in/Scripts/NotificationUser.aspx?Id=11822&Mode=0 
[7] https://www.npci.org.in/PDF/npci/upi/circular/2019/Circular-74-UPI_Compliance_guidelines.pdf 
[8] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11986&Mode=0 

Contributed by Pooja Rao Putrevu, Associate & Dhaval Bothra


Liked this Article ?

Join our list to receive more such updates

Subscription Form

By entering the email address you agree to our Privacy Policy.

King Stubb & Kasiva

Offices In - New Delhi | Bangalore | Mumbai
Chennai | Hyderabad | Kochi | Pune | Mangalore

Subscription Form