Know how designating the Reserve Bank of India as regulatory body can fulfil the primary aim of the Payment and Settlement Systems Act, 2007 and the Prevention of Money Laundering Act, 2002, which is to establish frameworks for the oversight and management of payment systems in India.
—
Have you ever wondered about how PayTm differs from GooglePay (GPay)?
Is there even a difference— and if so, does it really matter? How do the two compare with an e-commerce entity using a third-party platform to facilitate payment?
While the difference might seem negligible to an average consumer, legally the three are quite uniquely defined, with varied compliance requirements. The devil is truly in the details.
This article seeks to examine the existing legal regime governing technology service providers.
These platforms, for example GPay, merely provide a technological service to facilitate Unified Payments Interface (UPI) transactions.
Is there a difference between PayTM and GPay— and if so, does it really matter? How do the two compare with an e-commerce entity using a third-party platform to facilitate payment?
They do so by identifying different types of payment systems and evaluating the thin line of distinction in the application of financial legislations such as the Payment and Settlement Systems Act, 2007 (PSSA) and the Prevention of Money Laundering Act, 2002 (PMLA).
While the above-mentioned platforms may be termed as ‘intermediaries’ in digital payment transactions, judicial interpretation, regulatory orders, the stance of the Reserve Bank of India (RBI), and the Financial Intelligence Unit (FIU) all seem to differ on the categorisation and obligations of each of these platforms.
Existing legal regime
The PSSA and the PMLA are already applicable to banking companies, financial institutions and even intermediaries through holistic definitions of payment system and payment system operators.
Technology service providers can hereby be termed ‘intermediaries’, which would enable the government to regulate such entities under the PSSA and the PMLA.
The RBI expanded the definition of intermediaries to include “payment aggregators” and “payment gateways” and brought them under the purview of the PSSA and the PMLA.
Hence, legally, the PSSA and the PMLA have been applied to technology service providers under the guidance or approval mechanism of the RBI.
The question that may be left for evaluation is whether such payment aggregators and payment gateways ought to be considered payment system operators under the PSSA or the PMLA.
However, in the absence of any directions to the contrary, it seems that the present regime has adequately responded to the innovation in technology in a holistic manner— especially by having inclusive definitions pertaining to payment system operators, payment aggregators and payment gateways.
While the question is still being evaluated by the judiciary as well as executive, until otherwise stated, technology service providers can easily be categorised as either payment aggregators or payment gateways as their operation can be encompassed by the definitions already in existence.
A recent Order of the FIU also agreed that given the extent of their involvement in the processing and facilitation of digital payments, technology service providers can easily be termed as either payment aggregators or payment gateways.
In the case of PayPal— which acts as an intermediary to facilitate payments between two financial institutions but does not have an internal wallet (of the kind PayTm has) or does not store any financial details of the individuals who use the platform— the Order stated that even such intermediaries can be termed payment systems operators in light of a broad definition.
The question that may be left for evaluation is whether such payment aggregators and payment gateways ought to be considered payment system operators under the PSSA or the PMLA.
The definition also encompassed such institutions that enable payment and settlement over the internet by way of various payment instruments, hence making the PSSA and the PMLA applicable.
However, this Order has been set aside by the Delhi High Court and a committee is seeking to evaluate whether platforms like PayPal and GPay can be included within the ambit of payment system operators.
While the matter is sub-judice depending on the outcome of the recommendations of the committee so formed, the PSSA and the PMLA are still applicable to payment aggregators, payment gateways, and payment system operators as notified from time to time. Their approval mechanism is regulated by the RBI.
As of now, technology service providers like PayPal and GPay have not sought approval from the RBI or have not been granted the same— but what does an approval from the RBI indicate?
If a technology service provider falls under any of these definitions, it will have to apply to the RBI for approval for its functioning.
If not, there may still be a little wriggle room to treat the present scenario as a regulatory sandbox. This is what GPay and PayPal also argue.
Such an approval mechanism, if applicable, would increase regulatory compliance and would need to conduct consumer due diligence, report suspicious transactions and maintain records of transactions by defining “reporting entity”.
If the technology service providers can successfully argue (with the RBI, the FIU and the courts) that due to the nature of their activities, they do not fall under the ambit of the aforementioned definitions, they may not be subject to the PSSA and the PMLA.
Proposed amendments and interventions
In light of the present facts and circumstances, due to the considerable dependence on technology service providers and day-to-day financial transactions with wider implications of cybersecurity, financial fraud and money laundering, such technology service providers cannot be left unregulated.
The best way forward is to include similarly placed technology service providers within the definition of intermediaries.
While this can be facilitated through the RBI under the PSSA through a circular, it can also be done through a judicial pronouncement by the Supreme Court or high court committees.
This would enable the application of the PMLA to similarly placed technology service providers and would make them liable to be ‘reporting entities’.
Such obligations pertain to carrying out due diligence checks through ‘know your customer’ (KYC) exercises. It would also place the liability of reporting suspicious transactions and maintaining the records of such transactions.
Technology service providers would be required to obtain the authorisation from the RBI and be included in the permissible list of payment system operators, enabling the provisions of the PSSA to be applicable on such technology service providers.
The definition of payment system operators can also be amended to include technology service providers that provide technical support to banking or financial institutions, facilitating ‘digital payments’.
Technology service providers would then be required to obtain the authorisation by the RBI and be included in the permissible list of payment system operators, enabling the provisions of the PSSA to be applicable on such technology service providers.
The RBI and the FIU have always tried to interpret the definitions of intermediaries like payment aggregators, payment gateways and payment system operators on the ‘functionality test’ of such technology service providers.
What would also be pertinent for the RBI is to take into account the specific nature of the activities of technology service providers, which would not handle or even have direct access to consumer funds or banking information.
The best way to approach this is as a service-specific regulation rather than an entity or sector-specific regulation. Guidance from the RBI on this aspect would enable technology service providers to avoid the unnecessary regulatory burden.
Feasibility of these amendments and interventions
Keeping in mind the objectives of the PSSA and the PMLA which are to provide for regulation and supervision of payment systems in India, appointing the RBI as the focal authority shall prevent money laundering and confiscation of illegally derived property or gains. These amendments should ideally stand the test of time.
While evaluating these amendments on the touchstone of consumer protection, especially in light of the increasing dependence on digital payment modes, the RBI’s objective is to ensure that these infrastructures can be efficient, effective and resilient to conventional as well as emerging risks, especially those pertaining to cybersecurity.
The RBI can put technology service providers at par with intermediaries and make them accountable. Since payment systems have a direct impact on financial stability, financial inclusion and advancement of the economy; these amendments should not only be desirable but mandatory.
The objectives of the PSSA and the PMLA is to provide for regulation and supervision of payment systems in India, appointing the RBI as the focal authority shall prevent money laundering and confiscation of illegally derived property or gains.
On the other hand, since the FIU Order and the subsequent high court Order has provided a regulatory sandbox to these technology service providers. This allows technology service providers either to adapt to it innovatively (bypassing the definitions mentioned) or adhere to the regulatory regime.
It is often said that regulation is the antithesis of innovation, but when it comes to fintech regulation, it has often led to technological advancements (not only to avoid regulation, but also making it more accessible, available and affordable).
This can be highlighted by the example of UPI and similarly placed technology service providers that have enabled and facilitated innovation leading to financial affordability and financial inclusion en masse.
The feasibility of the proposed interventions can be argued on four facets— consumer protection, technological innovation and development, dependence of consumers on such technology service providers, and the need to curb financial fraud.
