Skip to content

How the RBI guidelines could strengthen the security policies for NBFC’s and payment apps

India's reserve bank had released a set of guidelines for NBFC's and Digital payment apps due to the rise of cybercrimes.

What’s an NBFC: Introduction

An important segment of the financial system in India is made up of non-banking financial companies. NBFCs are financial intermediaries primarily involved in the deposit acceptance and credit delivery business. They play an important role in channeling scarce financial resources into the formation of capital. The banking sector’s role in meeting the corporate sector’s growing financial needs is supplemented by NBFCs, providing credit to the unorganized and small local borrowers. NBFCs have a structure that’s more flexible than banks. They can make quick decisions compared to banks, assume higher risks, tailor their services and charges according to customers’ needs. Their flexible structure expands the market by providing a bundle of services to savers and investors on a competitive basis (1).

Section 45-1 of Chapter IIIB of the Reserve Bank of India Act, 1934, has been defined as a non-banking financial company as a financial institution which is a company, a non-banking institution which is a company and whose principal business is to receive deposits under any arrangement or arrangement, or in any other manner, or to lend in any manner, a non-banking institution which is a company and whose principal business is to receive deposits under any arrangement or arrangement; Under Clause 9 of Paragraph 2 of the Non-Banking Financial Companies Acceptance of Public Deposits Directions, 1998, NBFC is defined as: ‘non-banking financial company’ means only a non-banking institution that is a lending company or an investment company or a leasing company or a leasing company for equipment or a mutual benefit finance company.

NBFCs provide a range of services such as hire purchase finance, equipment lease finance, loans, and investments. There has been a gradual blurring of the distinction between banks and NBFCs due to the rapid growth of NBFCs and a wide variety of services provided by them, except that commercial banks have the exclusive privilege of issuing cheques. By issuing non-convertible debentures, NBFCs have raised large amounts of resources through public deposits, shareholders, directors, and other companies and borrowings. In 1998, for the targeted supervision of NBFCs accepting such deposits, a new concept of public deposits, meaning deposits received from the public, including shareholders in the case of public limited companies and unsecured debentures and bonds, other than those issued to companies, banks, and financial institutions, was introduced (2).

Expansion of NBFC’s in India

NBFCs and Unincorporated Bodies have been competing and complementing commercial bank services around the globe until recently. While a country’s financial system usually develops through a gradual evolutionary process, it has been observed that this is a stage in the evolutionary process in which NBFC growth is more pronounced than other financial system components. Besides, depending on their clientele’s needs, they take various forms and sizes. As a group, the NBFCs managed to broaden the range of financial services provided to the public during this period (3).

Thus, within the first three decades of this century, the growth of NBFCs was more pronounced in the United States of America. Two of the top five trade creditors are NBFCs, and three of the top four consortium finance providers are currently non-bank firms. Such marked expansion in the non-bank financial sector has been noticeable in India over the last two decades (4).

In essence, the evolution, growth, and proliferation of financial intermediaries reflect the various forms of savings or resource flows and various types of investment uses of such funds, whether for current needs for working capital or investment in capital and between different sectors economy. In their role as repositories of the community’s savings and as providers of funds for investment needs, they serve various clients. Rapid urbanization, both in Europe and America, occurred in the nineteenth and early 20th centuries. The growth of cities has created a tremendous need to finance mortgages. Different private groups began organizing construction and loan associations to satisfy this need.

In many activities, such as hire purchase finance, equipment lease finance, loans, and investments, NBFCs in India have become prominent. In tapping resources, NBFCs have greater reach and flexibility. Due to their aggressive character and customized services, NBFCs might survive in desperate times. NBFCs are doing more business that is fee-based than fund-based. They are now focusing on housing finance, personal loans, and insurance marketing in the retail industry. In a short period, the powerful NBFCs have successfully emerged as ‘financial institutions and are in the process of converting into a ‘financial supermarket’-a one-stop financial shop. The overall growth of India’s NBFCs is still gaining momentum. It is impossible to neglect their role in the economy, and RBI should also make certain policies that should help them flourish and care for their investors.

Why the RBI is pushing new guidelines for payment apps and NBFC’s

There are different sides of security today which are of great importance. First, the coronavirus’s physical safety is concerned, (5) and second, the ‘payment security’ of the increasing number of cyber frauds. The Government and other regulatory bodies such as NPCI encourage citizens to make digital payments to mitigate the risk of spread by shared surfaces such as cash or cards. While this move has brought many consumers into digital India, cyber fraud has also increased significantly. Cybercriminals use fear, lack of knowledge, and various deceptive means to cheat vulnerable customers, such as first-time or not-so-tech-savvy users, such as lucrative emails.

Most citizens are now using digital modes to make their grocery, electricity bill, and essential purchases. In preferences and buying habits, we can see a paradigm shift. In July 2020, 57 percent of respondents used digital payments 5 to 6 times a week, according to a recent survey conducted by India Transact Services Ltd, a merchant payment solutions company, while 21 percent of respondents claimed to use it three times. Less than three times a week, about 20 percent of respondents used digital payments. These figures define the amount of use and, therefore, the possible impact it will have in the event of fraud (6).

Many digital users have been put at risk by increasing customer concerns and a lack of digital literacy. As citizens worldwide are trying to source pandemic-related information, fraudsters are now tampering with official websites and acting to deceive users as impostors of official sources. Therefore, while sharing details or downloading attachments from unfamiliar emails, clients must be extra cautious. India’s head of cybersecurity, Rajesh Pant, recently said India was hit by around 375 cyber attacks every day in 2020. Also, it is estimated that in the first nine months of 2022, there was a loss of 6 trillion to organizations and individuals as a result of cybercrime.

As we move into the digital age, digital payments are highly probable to become a major part of the future. The spread of digital payments will inevitably increase the risk of cyber thefts and fraud. In this environment, early detection and prevention of fraud must become a primary motivator for banks and financial institutions. Fortunately, banks and other financial institutions can effectively monitor the fraud-related threats to the digital payment ecosystem through innovative and secure solutions.

Regulatory bodies such as RBI and NPCI and banks are taking timely initiatives to ensure that customers are informed about safety concerns and address them. They often share emails and text messages with their customers to keep them up to date. However, many times consumers turn a blind eye to these communications and become vulnerable to fraud. As a result, end-users can follow simple steps, such as reading important communications from their banks and payment apps, regarding possible digital fraud and SMS-related transactions. In the event of suspicious activity, the banks concerned should be informed immediately (7).

He added these occurrences included malicious scams, network scanning and browsing, viruses, and website hacking. The Minister noted that the increasing popularity of non-banking financial companies, together with e-commerce, has also broadened the scope of digital payments. The number of digital transactions increased from 3134 crores in 2018 to 2019 financial year to 4572 crores in 2019 to 2020.

How the RBI is pushing for safety

The Reserve Bank of India had already published detailed guidance to reinforce India’s digital payment architecture and improve security, control, and compliance among banks, gateways, wallets, and other non-banking entities at the forefront of helping New Delhi achieve its less-cash economy goal. The new regulatory standards come when India’s rapidly growing payment ecosystem has seen greater instances of defaults, fraud, and cyber violations. The new regulations set a framework for all regulated entities to standardize their security operations (8).

These rules apply directly to scheduled commercial banks, small finance banks, payment banks, and NBFC credit cards. The new set of standards also sets out the criteria under which regulated entities can form partnerships and interact with third-party apps and ecosystem players, such as mobile applications, payment operators, and gateways. The 21-page master circular issues specifications for a wide range of application areas, including mandates from the source code protection of third-party UPI apps, cybersecurity guidelines for external attacks, card payments, and internet banking security protocols.

RBI Governor Shaktikanta Das first suggested that these guidelines be introduced to the Monetary Policy Committee on 4 December 2020. Das said that such a detailed payment ecosystem specification would seek to bring about a common minimum standard. These rules would have implications for regulated banks and third-party payment applications such as Google Pay, WhatsApp Pay, and PhonePe to interact with their banking partners and store customer data (9).

“Given the prominent role played by digital payment systems in India, RBI attaches the highest importance to security controls around it,”

RBI said.

“While the guidelines will be innovation and platform agnostics, they will create an enhanced and supportive environment for customers to use digital payment products more securely and securely. The necessary guidelines will be issued separately,”

said the governor of the RBI.