In November last year, the Reserve Bank of India said it was contemplating an overhaul of the regulations governing the issue and operation of pre-paid instruments (PPIs) and wallets. The on-tap licences for new PPI operators were put on hold. On October 11, the RBI issued a revised set of directions bringing about some significant changes to the PPI regulatory framework.
Greater interoperability and increased payment options make the wallet a more attractive payment platform for users. The regulations, however, impose increased know your customer (KYC) and capital adequacy obligations on operators, increasing the cost of issue and operation.
Key changes are:
Capital: Wallet operators must have a net owned fund of Rs 5 crore and this must be increased to Rs 15 crore within three years. Existing wallet issuers must comply with the Rs 15 crore net owned fund target by 31 March 2020. This is a significant increase from the current requirement of Rs 1 crore and in some ways indicative of the greater role that PPI operators are playing (and are expected to play) in the fin-tech space.
Interoperability: The push toward interoperability is tremendous. Today, it is not possible to transfer money from one wallet to another. RBI has now contemplated wallet-to-wallet interoperability and also wallet-to-bank account interoperability via the UPI infrastructure. Once full inter-operability has been achieved (as per the regulations, this may happen in six months), wallet users can transfer money to other wallets and bank accounts. This has been something the industry has been asking for and will certainly increase usage. Inter-operability is also an important step towards creating a level-playing field among bank and non-bank issuers.
Full KYC: As expected, RBI has moved toward full KYC of wallets. Most wallets have, so far, been issued under the limited KYC route (that is, only name and mobile number) that existed under the earlier rules. RBI has now put in place a layered KYC requirement:
- Limited KYC: wallets with a monthly limit of Rs 10,000 may be issued with limited KYC (name, mobile number and ID number). However, no wallet-to-wallet or wallet-to-bank account fund transfers are allowed on a limited KYC PPI and such wallets must migrate to a full KYC within 12 months. Limited KYC wallets are not as versatile as they used to be.
- Full KYC: All other wallets must be issued on a full KYC basis. The movement to a full KYC policy will significantly increase costs for operators and has been a key industry concern.
Limits: The aggregate monthly transaction cap on a limited KYC wallet has been reduced from Rs 20,000 to Rs 10,000 while the aggregate monthly transaction cap on a full KYC wallet remains unchanged at Rs 1 lakh. This was against expectation – the industry had hoped for an increase in both sets of limits. And given that most wallets today have been issued under the limited KYC route, a reduced limit of Rs 10,000 will restrict usage in the short term.
Security controls: Curtailing fraud and enhanced customer security were key goals of the revised regulations. To this end, the RBI requires operators to put in place systems where a user can set its own limits for number and value of transactions – a useful tool. The regulations also require a ‘cooling period’ between making payments and loading a wallet or adding a beneficiary. While this may help in terms of fraud control, it is practically very inconvenient. The ‘cooling period’ could perhaps have been made applicable only to payments above a certain value.
Expanding usage: Customers can use their wallets for a lot more purposes than originally permitted:
- RBI has permitted wallet payments for financial services and products (for instance, insurance, mutual funds and securities). However, it is unclear whether dividend or other financial income is a permitted credit to the wallet. Allowing such a credit seems only logical. However, a clarification from the RBI would be useful.
- A wallet issued by a bank can now be used to buy goods and services from an offshore merchant—this kind of payment was typically done using a credit card. This is a big plus.
Two-factor authentication: The draft regulations issued by RBI in March contemplated a two-factor authentication (2FA) for all wallet transactions. 2FA is currently only required for credit cards. The 2FA completely changes the ‘look and feel’ of a wallet and was something industry was strongly opposed to. The new regulations require 2FA for all ‘successive payment transactions’ and for all ‘cards (physical or virtual)’. It is unclear what the intent is and whether all wallet payments will now require 2FA. This is an important aspect requiring clarification.
Conversion: To allow for seamless usage, PPI operators must ensure that full KYC on all existing wallets is completed by 31 December this year. This is a high-cost exercise. A full KYC requires the physical presence of the customer, which, for most operators means sending an agent to the customer location to complete the process. The regulations should ideally permit digital verification of KYC documents or remote Aadhaar-enabled KYC (without requiring the physical presence of the customer).
The exponential growth in digital payments did indeed trigger a need for changes to the regulation. A key industry concern going forward will be managing KYC costs. There is significant scope for innovation in technology (leveraging of the Aadhaar database) to bring down costs of operation, provided the regulations allow processes such as remote KYC. The wallet has emerged as a very popular payment instrument and the regulations, to some extent, lay the groundwork for greater usage – not only as a payment tool but also as a distribution platform for a wider set of financial services and products.
Shilpa Mankar Ahluwalia is partner at Shardul Amarchand Mangaldas. Views are personal.
Like this column? Sign up for our daily newsletter to get our top reports.