May 15, 2024
📰 FEATURE STORY
Will the RBI’s KYC regulations backfire?
Sending or receiving money via online transactions has become part of our everyday lives. It’s easier than ever to buy something with a few touches on an app. Ditto for payments. For an e-commerce business, online payments are a lifeline. All in all, they’re a win-win since it benefits consumers and the companies.
Recently, the Reserve Bank of India (RBI) asked Payment Aggregators (PAs) to undertake due diligence of merchants when onboarding them. The RBI stated PAs should conduct Contact Point Verification (CPV) and verify the bank account in which the funds of these merchants are settled. The RBI wants to ensure the system is free of any malpractice. However, merchants are upset.
Context
Know Your Customer (KYC) norms have been around for a while. Since the early 2000s, the RBI has released various KYC norms to curb malpractices in the financial industry. Simply put, the RBI doesn’t want bad actors in the space.
While KYC regulations were seen as a way to reduce financial crimes, banks and other financial institutions found them tricky to navigate. It has always been a tug-of-war between the RBI, and financial institutions and fintech companies.
It started with something as simple as being unable to verify people’s documents like ID proof or photographs. Authentication was tough, but banks didn’t want to lose customers.
Once Aadhaar came to the fore, things became cheaper and faster for everyone. However, privacy issues came under the spotlight since unsecured systems could mean data breaches. In 2018, the Supreme Court struck down Section 57 of the Aadhaar Act that allowed private entities to use Aadhaar authentication to establish identity for delivering services.
Just as India was seeing the rise of fintechs, this court ruling came as a blow. If these companies wanted to innovate in digital services, they needed to follow the KYC rules, no questions asked. That meant higher costs on two fronts – onboarding customers and securing their systems.
There were a couple of things that helped these companies. The first was something they cooked up to let customers come on board using digital copies of the ID proofs and authenticate by using OTPs. The second was the government’s DigiLocker, which allowed companies to access digital versions of documents. There was also the Central KYC or e-KYC; an online registry where companies could access customers’ KYC.
The RBI wasn’t happy with this and deemed e-KYC “high risk”. The RBI has now introduced stricter rules for PAs in light of everything that happened with Paytm. Physical merchants that undertake only proximity or face-to-face transactions with a turnover of less than ₹5 lakh per annum and those not registered under Goods and Services Tax (GST) are defined as “small merchants.”
Given the complicated history of KYC in this space, are the RBI’s new rules fair?
VIEW: They’re necessary
The rules provide some clarity in terms of handling different kinds of merchants and the specific KYC protocols that need to be done by them. The Paytm saga has illustrated two things – existing risks in the market and stricter, more robust KYC guidelines were sorely needed to eliminate those risks. Some executives believed the Paytm scandal showed issues like money laundering were prevalent. The guidelines, if followed diligently, will act as deterrents against fictitious accounts.
As far as PAs are concerned, this is a positive sign. Previously, the challenge for them was that the money from online merchants would go into one escrow account and that from offline merchants would go to another. Now, things get streamlined with settlements into a single escrow account.
In the past, the RBI has warned people falling prey to KYC frauds. Most recently, in February. There was always a need to strengthen data security and protections at the merchant level since the chances of compromise are higher. In 2023, over 11 lakh cases of financial cyber fraud worth over ₹7,400 crore were reported, per the National Crime Records Bureau (NCRB). Another concern the RBI has is individuals accepting payments routed through fintech platforms who aren’t properly onboarded as merchants.
COUNTERVIEW: Unnecessary burdens
The challenges of implementing KYC have become prominent since financial intermediation has become more complex. Transactions now involve multiple companies like banks, payment gateways, point-of-sale machines, etc. Things will get tougher for companies like RazorPay, Cashfree Payments, and PayU. Smaller merchants will also be impacted since PAs might not spend additional money on them for enhanced KYC since earnings from them are limited.
The process could become cumbersome and more expensive. In that case, some PAs might just skip small and medium merchants to avoid the headache of additional KYC protocols. If these rules come into play, then small online sellers and those in the creator economy won’t opt for online payments. Entrepreneurs who sell through social media platforms will ask customers to pay directly via UPI or personal contact numbers.
Physical KYC verification across the country is expensive. PAs will surely see if there are cheaper alternative ways for verification. Some have pitched a middle ground where full KYC verification is done only for a “high-risk” merchant. Another approach could be a Digital CPV. This would keep costs in check and address issues with the current traditional CPV process.
Reference Links:
- RBI mandates offline payment aggregators to verify KYC for merchants – Business Standard
- RBI directs payment aggregators to undertake due diligence of merchants on-boarded – The Economic Times
- RBI reiterates caution against KYC frauds – Mint
- On KYC compliance front, payment aggregators may be second to some – The Economic Times
- RBI’s draft KYC guidelines add burden and cost for payment aggregators – Entrackr
- PA firms request RBI to limit offline KYC requirement to high-risk merchants – Moneycontrol
- RBI’s stricter KYC rules may slow merchant onboarding 90%: experts – The Economic Times
What is your opinion on this?
(Only subscribers can participate in polls)
a) The RBI’s new KYC regulations won’t backfire.
b) The RBI’s new KYC regulations will backfire.
🕵️ BEYOND ECHO CHAMBERS
For the Right:
‘What use is a bullet train to us?’ In Maharashtra’s Palghar, tribal anger at BJP over lack of jobs
For the Left:
The Trial of RSS Founder Keshav Baliram Hedgewar: When the defence was more seditious than the speech