Fintech Regulation: If It Looks And Walks Like A Duck, It Is A Duck
The RBI has brought focus back on an elephant in the room—should Indian regulators regulate entities or activities?
Last week, the RBI issued a tentative regulatory framework governing digital lending in India. The norms outlined in the framework are a recognition of the need to protect consumers in lending, whether the consumer facing end is a bank, NBFC or a digital app downloaded from the Play Store. To the extent that they mark the RBI’s transition from being a classic prudential regulator (regulating banks, setting loan recognition norms, mandating capital adequacy and provisioning ratios) to also a consumer protection focused regulatory agency in the space of lending, these guidelines are remarkable. They, however, re-focus the spotlight on an elephant which has been in the room on regulatory debates in India since the beginning of this century—namely, should Indian regulators regulate entities or activities?
Entity Vs Activity-Based Regulation
Historically, the Indian regulatory regime, like several other jurisdictions including the United States, has followed what could be termed as ‘entity based’ regulation. Thus, for instance, the law defines the RBI’s regulatory authority in terms of the categories of entities such as banks, non banking finance companies, payment system providers, etc. For some classes of these entities, there is a sub-classification. For example, banks are further divided into universal banks, small finance banks, and payments banks. There is also an ownership based sub classification into nationalised banks, private sector banks, co-operative banks, and foreign banks. Similarly, NBFCs are sub classified into deposit taking and non-deposit taking entities, core investment companies, loan companies, and so on. Regulations are then made for each type or even sub-type of these entities, focusing on three key questions—who, what, and how? The ‘who’ part of regulations governs who can invest in or manage these regulated entities. For instance, it will define who can own such entities, the ‘fit and proper’ criteria for its management and directors, etc. The ‘what’ part spells out a list of permitted activities for each of these entities; what they can and cannot do. Finally, the ‘how’ part deals with how these entities should conduct their business including compliance and disclosures, regulatory report requirements, etc.
The Indian regulatory experience has demonstrated three problems with entity-based regulation. In an entity-based regulatory regime, if an entity does not meet the characteristics of a ‘regulated entity’ as defined in the law, its activities will not be regulated, even though they pose exactly the sort of harm that regulation should deal with. Thus, for instance, if Amazon starts offering an EMI service to its consumers or working capital loans to the sellers as part of its marketplace service, Amazon may technically do so, without being regulated by the RBI, as it meets neither the definition of a bank nor a NBFC.
The regulatory disputes in early 2010 between SEBI, the securities market regulator and the IRDA, the insurance regulator—with regard to the regulation of ULIPs offered by insurance companies - is an example of a regulatory overlap. ULIPs bundle the features of an insurance policy and investment products linked to the securities market. Since the IRDA regulates entities which are insurance companies and SEBI regulates ‘the securities market’, this led to a disagreements between the two regulators on who would be more suited to regulate the sale of ULIPs, even as thousands of consumers were sold the product in the meanwhile.
The third problem with entity based regulation is that it limits the kinds of activities that a financial firm can undertake limiting its potential and what’s on offer to its consumers. For instance, today, payment service providers (as well as digital applications, such as GooglePay, PhonePe, etc.) possibly have the best visibility over the cash flows and working capital cycles of the merchants that use their services. They may also be the most efficient service provider to small sized shops and merchants, who would otherwise have to jump multiple hoops to get working capital loans from banks and NBFCs. However, since payment service providers are not allowed to undertake lending business on their balance sheet, this restriction either disincentivises these service providers to lend or compels them to tie up with entities registered with the RBI, namely, banks or NBFCs.
Technology related product innovation is exacerbating these problems. Take the example of crypto currencies. The regulation of crypto currencies depends on whether they are classified as payment instruments or securities. These definitional issues will decide whether these will be regulated by RBI or SEBI. As these definitional battles play out, selling (and mis-selling) of such financial products continues unabated and consumer grievances pile up without redress. As the industry matures, an ETF launched on a basket of crypto currencies will likely pose similar questions.
A Step Towards Activity-Based Regulation
When a regulated entity, such as a bank or NBFC, works with an unregulated entity, such as the provider of a digital application, the unregulated entity is participating in an activity (lending) that is permitted to the regulated entities. This participation becomes deeper when the unregulated entities issue a guarantee (as in the first loss default guarantee (FLDG) arrangements) as it is now sharing credit risk. Given the entity-specific approach, the RBI’s reaction to this blurring of boundaries is to strengthen the norms for the regulated entities. It has generally refrained from extending its regulatory remit to include the ‘digital partners’ (termed loan service providers) of such banks and NBFCs. Given the entity-focused approach in regulation, directly regulating loan service providers who are not registered as banks or NBFCs, would stretch RBI’s regulatory remit. Doing so would also create a moral hazard problem – the entities that the RBI regulates get a degree of credibility and legitimacy by being regulated.
Having said that, this effectively places loan service providers at the mercy of banks and NBFCs, and stifles potential competition in the lending space. An activity-focused regulatory regime might have resolved the consumer protection issues arising from unregulated entities offering lending services, without compromising on competition in lending.
While the RBI’s digital lending norms are a step in the right direction, these norms and the rapid development in financial technology driven products, revive the existential question about the basic approach to regulation – are we better off with activity-based rather than entity-based regulation?
In such a regime, regulating conduct in the specified activities would be the primary focus of regulation and the entities that perform them would be secondary. For instance, the regulator would regulate the activity of “lending” and not various classes of lenders; it will primarily focus on regulating “payments” activity and not payment players. It would define the standards of conduct of the players that perform these activities. In so doing, the regulators can continue to enforce the core principles of regulation – consumer protection, transparency and fairness, systemic stability, etc. in regulation. It also would continue to do micro prudential regulation such income recognition and capital norms for entities performing certain kinds of activities, such as deposit taking.
Some jurisdictions, such as the UK, have sought to resolve these problems by setting up a conduct authority in financial services that is agnostic to the financial product or service in question. The UK follows the twin peak model of regulation with prudential regulation being exercised by the Prudential Regulatory Authority located within the Bank of England, and the Financial Conduct Authority responsible for consumer protection issues across all segments of the financial market.
As technology increasingly blurs the lines across entities in a business model, activity based regulatory models will mitigate the jurisdictional gaps and overlaps that arise from segmented and entity-based regulation of the financial sector. In short, such a model focuses on the substance and not the form. After all, if a service looks and behaves like lending, it is lending.
Harsh Vardhan is a management consultant based in Mumbai. Bhargavi Zaveri-Shah is a doctoral candidate at the National University of Singapore.
The views expressed here are those of the authors, and do not necessarily represent the views of BQ Prime or its editorial team.