A Guide to Legal Compliance for Fintech Startups in India

A Guide to Legal Compliance for Fintech Startups in India

Financial Technology or Fintech for short, is a technological innovation expanding the delivery of financial services from the traditional methods.  Fintech enhances and automates financial activities like investing and trading in financial markets using smartphones, buying cryptocurrencies online, etc. Hence, fintech companies are those that provide financial services, financial management and financial planning services to individuals or entities through a digital platform.

India’s fintech market is the third-largest across the globe with a valuation of USD 31 billion, as per Blinc Invest’s report. The Indian Government’s support for digitalization, increase of tech-savvy citizens, growing number of mobile users, building of digital networks and the streamlining of financial processes have all contributed to the rapid growth of the fintech sector in the country.

Types of Services Provided by Fintech Startups
Different Business Structure of a Fintech Startup
One Person Company (OPC)
Limited Liability Partnership (LLP)
Private Limited Company (PLC)
Legal Compliances for a Fintech Startup
Payment Gateways
Data Protection
Fintech Insurance Aggregators
Digital Wallets
Lending Platforms
Why Strong Compliances are Necessary?

Types of Services Provided by Fintech Startups

The favourable ecosystem in India provides a great opportunity for the fintech sector to continue growing. Fintech companies in India mainly provide services in four main categories:

  1. Payment and remittances services such as e-wallets and mobile payments
  2. Peer to Peer Lending (P2P Lending)
  3. Retail Banking Services - including both consumer-to-business (C2B) and business-to-consumer (B2C) services
  4. Personal consultation services for savings and finance
Segment wise FinTechs in India

Business Structures of a Fintech Startup

A fintech startup can be any one of the following –

One Person Company (OPC)

As per the Indian Companies Act, 2013, Section 3(1)(c), a single person can form a company for a lawful purpose.  In case the owner is a single entity wanting to operate a business, this is a good option.

Limited Liability Partnership (LLP)

A company where the liability to partners is limited to their respective shares is called a Limited Liability Partnership.

Private Limited Company (PLC)

In this type of setup, the company is treated as a separate entity from the owners with its own rights and liabilities.  The owners, directors and shareholders have no personal responsibility towards the creditors.  For fintech startups in India, this is the most preferred framework of formation.

Indian FinTech Market Size in 2022

The nature of business for a fintech company makes it high-risk and very tightly bound within a legal framework.  Hence the list of legal requirements and compliances to operate a fintech startup in India is long and detailed.  This gets further complicated as most fintech companies offer a variety of services to their customers.  A few important legal compliances are -

Payment Gateways

All payment gateways and payment aggregators are intermediaries that facilitate payment online in accordance with the Circular on Guidelines on Regulation of Payment Aggregators and Payment Gateways, 2020.  Interactions pertaining to payment aggregators and payment gateways must be made through a bank between the payment gateway and the Reserve Bank of India (RBI).  This is because payment gateways generally maintain certain requirements for protecting and securing digital transactions like Payment Card Industry Data Protection Standard (PCI DSS).  This is a necessary step to safeguard digital transactions.

Data Protection

Financial companies, by the very nature of their business, collect and have access to personal and sensitive information on their customers.  This automatically makes it mandatory for them to comply with the Information Technology Act, 2000 and its relevant regulations like the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (‘SPDI Rules’).  This protects the data, manages and reports security breaches and avoids legal complications.  Legal procedures prohibit corporate entities from revealing any confidential data they have received from the information provider, subject to certain exceptions.

Fintech Insurance Aggregators

Insurance aggregators are governed and regulated by the Insurance Regulatory and Development Authority of India (IRDAI) Insurance Web Aggregators Regulations, 2017.  These insurance aggregators provide information about various insurance products in compliance with IRDAI regulations.

Digital Wallets

A fintech startup providing e-wallet or mobile wallet services must comply with KYC (Know Your Customer) requirements.  The KYC specifications are outlined by the RBI in its “Master Direction – Know Your Customer (KYC) Direction 2016” and  “Guidelines for Prepaid Payment Instruments.”

Lending Platforms

Lending Platforms are governed by the Master Directions – NBFC – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017.  It says that P2P NBFC license-holding lending platforms have to mandatorily post the platform’s default rates on their website.  They must also provide lenders and borrowers with adequate information to enable them to make clear and informed decisions.

Apart from the above-mentioned Legal Compliances for Fintech startups in India, other regulations and compliances includes -

  1. Goods and Services Tax Registration
  2. Legal Contract Formation and Management
  3. Intellectual Property Rights (IPR) Protection
  4. Information Technology Act & Rules Compliance
  5. Securities and Exchange Board of India (SEBI) Regulations
  6. RBI Regulations
  7. National Payments Corporation of India (NCPI) Guidelines

Why Strong Compliances are Necessary?

Indian Fintech startup sector is growing rapidly using new and emerging technologies such as artificial intelligence, machine learning, blockchain, etc for providing faster and efficient financial services.  What this also encompasses is that fintech companies have access to data highly sensitive in nature.  The need for strong compliances is to primarily safeguard that data from misuse as well as to ensure that fintech companies are operating within the parameters of the law.

Conclusion

The process of launching a new fintech company is complicated.  However, the grave importance of complying with legalities and regulations of India’s fintech policies cannot be stressed upon enough.  This helps to avoid any future legal complications while also allowing emerging players to take advantage of any government incentives or benefits that are released for this sector.

FAQ

What laws are applicable to fintech companies in India?

Different Laws regulating the FinTech Sector in India are

  • The Payment and Settlement Systems Act, 2007
  • The Companies Act, 2013
  • The Consumer Protection Act, 2019
  • The Prevention of Money Laundering Act, 2002
  • The Information Technology Act, 2000
  • The Reserve Bank of India Rules
  • The Insurance Act, 1938

Do fintech companies operate without licenses?

Fintech companies in India are allowed by the RBI to obtain an NBFC license.

Are fintech companies regulated by RBI?

The Reserve Bank of India, also known as the RBI, is the country's apex financial body in charge of regulating fintech companies and other financial institutions.

Is fintech is NBFC?

Fintech companies may not have succeeded in obtaining non-bank lender licenses from the Reserve Bank of India after three months of engagement and discussions.

Must have tools for startups - Recommended by StartupTalky

Read more