The BFSI sector has grown by leaps and bounds, transitioning India from a primarily cash-driven economy to one that is now highly digitised. Fintech, today, has entered the mainstream, focusing on increasing profitability and curtailing risk. The fintech ecosystem has witnessed tremendous technological advancements and is projected to grow sixfold from $245 billion to $1.5 trillion by 2030. The Asia-Pacific region is expected to outpace the US and climb up the ranks to become the world’s leading fintech market by 2030.
With such growth projections and the recent crackdown from the RBI on Paytm Payments Bank, fintech companies have become more watchful about compliance measures. Earlier, Union Minister Rajeev Chandrasekhar also stated that the RBI’s regulatory action has drawn the attention of fintech firms to the importance of complying with laws. In line with this, Rishi Agrawal, CEO and Co-Founder, Teamlease RegTech, talked to FinancialExpress.com on international compliance standards such as GDPR or AML (Anti-Money Laundering) directives, and how they impact fintech operations in India.
“Fintech companies in India are subject to all domestic laws and regulations that are in force. The country has a robust framework of anti-money laundering regulations derived from the Financial Action Task Force Guidelines. The Prevention of Money Laundering Act, 2002 was enacted to protect the country from money laundering risks and identify and prevent other illicit financial activities. The Financial Intelligence Unit – India (FIU-IND) and RBI are central figures in the fight against financial crimes, with fintechs obligated under the AML directives required to report to them,” he said.
“Businesses dealing with customers and user data from the European Union (EU) are required to ensure compliance with GDPR standards in addition to local regulations. This warrants higher care and data protection measures for such fintechs. However, with the introduction of the Digital Personal Data Protection Act, 2023 (DPDP Act), the oncoming regulations and rules will enhance domestic regulations to a similar level. Consequently, fintechs will be required to adhere to similar levels of obligations in both international and domestic markets,” Rishi Agrawal added.
Now, what really are AML and CTF compliance obligations for fintech companies in India? The Prevention of Money Laundering Act (PMLA), 2002 is the regulatory framework providing compliance obligations for fintech companies in the country. Rishi Agrawal said, “Businesses are required to perform Know Your Customer (KYC) on their clients. They are required to conduct client KYC at the time of account opening and whenever a transaction or connected transactions equal to or above the value of Rs 50,000 take place and for all international transactions. An electronic copy of the KYC must then be filed with the Central KYC Records Registry within 10 days of account opening. They must also maintain records of all transactions, including cash transactions above Rs 10 lakh, for at least 5 years. In addition, records of all series of cash transactions individually valued below Rs 10 lakh, that are integrally connected with each other need to be maintained if they take place within the same month and the aggregate exceeds the 10 lakh threshold. International transactions of value over Rs 5 lakh with either origin or destination being India must also be maintained for the 5-year period.”
Further, he added that Principal Officers must be appointed by these service providers who will be responsible for furnishing information to the authorised officer of the government. Also, an internal mechanism for detecting suspicious transactions has to be deployed. These transactions must be reported as dubious within 7 days of being satisfied.
“Enterprises must register with the FIU-IND as a reporting entity and comply with the obligations listed under the act, like following KYC norms, reporting suspicious transactions and record keeping. They must maintain KYC details or records of documents evidencing the identity of their clients and beneficial owners, as well as account files and business correspondence relating to their clients. In addition, they are now obligated to report suspicious activity to the FIU-IND.”
Further, under the Income Tax Act, fintechs are required to file statements of financial transactions (SFT). Businesses must present information related to annual returns, balance sheets, profit and loss accounts filed with the Ministry of Corporate Affairs for the 3 previous financial years, as well as GST returns for the same period, among other details, he concluded.