FinTechs in India: legal overview


With Shark Tank India being the hottest topic of discussion among youngsters, teens and adults, fintech is no longer a new term. The reality show opened the eyes of the general public to the usefulness and concept of fintech in India and it is the future of India. The Fintech industry is booming more than ever and it is becoming difficult for regulators to keep up with the latest technological developments.

As fintech grows, potential threats such as frauds, breaches, and cybersecurity dangers are also on the rise. New payment systems and models can compromise security and market integrity. New products and services could be sold to customers who do not realize the risks or who are unable to deal with them. Blockchain, crowdfunding, and distributed ledger technology (DLT) also expand the dangers of fraud and hacks.


Fintech or rather start-ups are a fairly new concept in India which has seen immense growth in recent years not only in terms of new fintech start-ups but also in the area of ​​government support and control and hence regulatory landscape of the fintech sector in India is highly fragmented. There is no particular set of laws and regulations governing fintech services and products in India. However, they are governed by multiple laws whose application depends on goods and services:

  • Payment and Settlement Systems Act (2007): This Act is the main legislation governing the regulation of payments in India. This law prohibits the launching and operation of any “payment system” in India without the prior permission of the RBI. Payment structures include credit and debit card transactions, smart card transactions, money transfers, and PUPs.
  • Guidelines governing P2P lending platforms: The Peer-to-Peer Lending Platform Guidelines 2017 prescribes lender exposure standards and borrowing limits with respect to the operations of P2P lending platforms in India. The first actor to be ruled under this leadership includes postpe.
  • NCPI regulations regarding UPI payments: The UPI Procedural Guidelines, issued by the NCPI, regulate UPI payments in India. According to this framework, money transfer services through UPI platforms must be generated by banks. Banks may engage technology providers to operate mobile applications for UPI payments but under the eligibility criteria and prudential standards prescribed by the NCPI.
  • NBFC Rules: The Reserve Bank of India Act 1934 governs all NBFCs. According to its regulations, any organization providing fintech services in India will need to be registered by the RBI. According to Article 45-IA of the RBI Act, no NBFC may initiate or carry on the business of a non-banking financial institution without obtaining the registration certificate from the RBI.
  • Regulation of Banks of Payment: Payment banks operate like a bank but operate on a smaller scale. It cannot grant loans or issue credit cards. These banks are registered as limited companies and licensed under Section 22 of the Banking Regulation Act 1949. Specific licensing conditions restrict the activities of banks, in particular for the acceptance of demand deposits as well as for payments and settlements.
  • RBI Regulation of Payment Intermediaries: Instructions for the opening and operation of accounts and the settlement of payments for electronic payment transactions involving intermediaries (“EPT Instructions 2009”) were issued by the RBI in November 2009 under Section 18 of the P&SS law in order to protect the interests of customers. and to ensure that the payments they make are duly substantiated by the intermediaries receiving such payments and paid into the accounts of the traders who provided the goods and services without undue delay.

With the emergence of the fintech industry, these fragmented laws are not sufficient and able to ensure the protection of customers and users despite the availability of protection under consumer protection law. This industry still needs greater reforms in order to create business structures that really solve user problems and create a holistic fintech industry in India.


The Self-Regulatory Bodies Recognition Framework for PSOs of the Reserve Bank of India is likely to be key to safeguarding the safety and quality of PSO services in India. The creation of NUEs in the retail sector is also likely to affect the functioning of FinTechs specifically in the retail sphere.

The government has set up a committee to design a non-personal data regulatory framework which recently published its report on non-personal data governance, proposing legislation to regulate non-personal data and the creation of a statutory authority distinct. Interestingly, one of the report’s key proposals is to mandate the sharing of non-personal data for sovereign, public interest and economic purposes.

In addition to this alongside, India’s first comprehensive data protection framework under the Personal Data Protection Bill 2019 is also under the pen of the Legislature As financial information currently falls within the scope of enforcement of the bill, FinTech companies and financial institutions are likely to face more stringent data protection obligations once the bill takes effect.

Comments are closed.