RBI Regulations in India: Shaping the Financial Services and Fintech Landscape | Episode 42

RBI's stance seems to be this - innovate, but within the guardrails of stability and trust.

Being a VC focused on Fintech and BFSI mean one thing for sure - conversations around RBI and regulations almost on a daily basis. While usually a concern, off late there has been some positive changes on this front and it looks like that there is an easing off happening currently.

News share - We, at UNLEASH, have just announced our 4^th investment – We have led the seed round in CredResolve, an AI led debt collections platform. We explain why we invested and why we are optimistic about the company.

Coming back to the RBI, while there can be arguments that RBI has stifled the growth of fintechs, especially digital lending ones and been cautious on issuing licenses for NBFCs in general, the other side of the argument is that this is exactly what has kept the Indian financial ecosystem robust over the decades.

All said and done, RBI has been at the forefront of shaping the country's financial sector through a series of regulatory updates. These changes aim to strike a delicate balance between fostering financial inclusion, ensuring consumer protection, and maintaining systemic stability. In this blog post, we delve into the recent RBI regulations impacting the lending and banking space, exploring their implications and potential future directions.

Today, we will explore the evolution of RBI regulations, their key components—including asset risk weightage—their impact on the financial and fintech ecosystem, and the future implications.

Disclaimer – The views presented here are my own and doesn’t reflect views of my employer in any way and it shouldn’t be construed as that in any way whatsoever.

The Evolution of RBI’s Regulatory Framework

Established under the Reserve Bank of India Act, 1934, the RBI traditionally focused on regulating banks, NBFCs, and payment systems to maintain monetary stability and promote economic growth. Until the early 2000s, its oversight was centred on conventional financial institutions. However, the fintech revolution—spurred by the 2016 demonetization, the Unified Payments Interface (UPI), and the proliferation of digital platforms—introduced new players into the ecosystem. Companies like Paytm, PhonePe, and Lendingkart leveraged technology to offer innovative financial services, necessitating a broader regulatory approach.

Subsequently, RBI responded by balancing innovation with risk management. A significant milestone was the creation of the FinTech Department in January 2022, tasked with fostering innovation, monitoring risks, and addressing challenges like cybersecurity and data privacy.

Initiatives such as the Central Bank Digital Currency (CBDC) pilots and digital banking units reflect the RBI’s forward-thinking stance. Within this evolving framework, asset risk weightage has emerged as a critical tool to ensure financial institutions maintain adequate capital buffers against diverse asset classes, particularly as fintechs blur the lines between traditional and tech-driven finance.

Key RBI Regulations Impacting the Fintech Segment

The RBI’s regulatory framework for fintech spans payment systems, lending, data protection, and emerging technologies. Below are the key regulations, with a focus on how asset risk weightage integrates into this landscape:

1. Payment and Settlement Systems Act, 2007

The Payment and Settlement Systems Act serves as the backbone of India’s digital payments regulation. It governs payment systems, including credit/debit cards, mobile wallets, and UPI. The RBI authorizes entities to operate payment systems, ensuring compliance with security and operational standards.

Post-COVID-19, the surge in contactless payments—evidenced by digital transaction volumes rising from 8.6 billion in May 2022 to 16.9 billion in May 2024—prompted stricter guidelines. In 2021, the RBI issued a master circular mandating enhanced security controls, such as source code protection for third-party apps and 24-hour settlement timelines, to curb fraud and outages.

2. Guidelines on Digital Lending (2022)

The rapid growth of digital lending platforms, including Buy Now Pay Later (BNPL) services, raised concerns about predatory practices and over-leveraging. In August 2022 , the RBI released Guidelines on Digital Lending, emphasizing transparency and consumer protection. Key provisions include:

• Loan disbursals and repayments must occur directly between borrowers and regulated entities (banks/NBFCs), sidelining unregulated fintech platforms as mere facilitators.

• Fees to loan service providers must be collected directly by regulated entities, not third parties.

• Enhanced disclosure requirements, such as providing borrowers with a Key Fact Statement outlining terms and costs.

These guidelines shifted the focus from platform-driven lending to regulated NBFCs, compelling fintechs to either obtain NBFC licenses or partner with banks via co-lending models. This has been one of the areas where RBI has been very active and has come down hard on players not adhering with the spirit of the guidelines.

However, I do feel that the sector has gone through the churn it needed to be robust and the players which are now standing tall, will do greatly over the coming times. I am looking very closely at digital lending players now.

3. Prepaid Payment Instruments (PPI) Restrictions

In June 2022, the RBI prohibited non-bank PPIs, such as digital wallets, from loading credit lines. This move impacted fintechs like Slice and Uni, which relied on credit-backed prepaid cards. The RBI’s rationale was to prevent unregulated entities from extending credit, a privilege reserved for banks and NBFCs. Fintechs responded by pivoting to co-branded credit cards with banking partners, aligning with the RBI’s preference for regulated entities.

Of course, there has been cases where fintech have flouted this rule to offer PPIs disguised as “Credit cards” , but given the heavy RBI hands here, this segment also seems to be stabilizing now.

PPIs can be issued by both banks and non-bank entities after obtaining necessary approvals from the RBI. The regulatory framework is designed to ensure seamless digital payments while maintaining security and compliance standards. Below are some of the key regulatory points that has been directed by RBI over the last 4 years or so.

Master Directions on PPIs (2021)

1. The RBI issued Master Directions on PPIs on August 27, 2021, consolidating previous guidelines and circulars.

2. These directions regulate the issuance and operation of PPIs, including semi-closed and open systems.

Interoperability and Increased Limits (2021)

1. In May 2021, the RBI mandated interoperability for PPIs and increased the limit for Full-KYC PPIs from INR 100,000 to INR 200,000.

2. Cash withdrawal was permitted from Full-KYC PPIs issued by non-bank entities1.

Loading of PPIs (2022)

1. The RBI clarified that PPIs cannot be loaded using credit lines, emphasizing the need for cash or other approved funding sources.

Payments Vision 2025 (2022)

1. The RBI outlined a goal to increase PPI transactions by 150% as part of its Payments Vision 2025.

PPIs for Public Transport Systems (2024)

1. The RBI allowed banks and non-banks to issue PPIs for public transit services like metro, buses, and tolls without requiring KYC verification.

2. This move aims to promote digital payments and reduce cash transactions in public transport.

Linkage with UPI Handles (2024)

1. The RBI amended the PPI Master Directions to allow linking PPIs with UPI handles on third-party applications, enhancing flexibility for PPI users.

As a VC, one of the most important question that we keep discussing is the monetization in the segment, which has been difficult without resorting to lending. Looking at this closely to see how this evolves.

4. Peer-to-Peer Lending Regulations

Under the NBFC-P2P framework, P2P platforms facilitate direct lending between individuals. The RBI caps lender exposure and borrower limits, requiring platforms to maintain Rs. 2 crore in net-owned funds.

P2P lending platforms, which connect lenders and borrowers directly, fall under the RBI’s NBFC-P2P framework introduced in 2017. These regulations cap lender exposure and borrower limits, mandate capital requirements, and prohibit platforms from relending repaid funds without authorization. The goal is to mitigate risks of misuse and ensure investor protection, fostering trust in this nascent sector.

The slew of multiple guidelines have been formulated after observing certain irregular practices in the industry that violated earlier regulations. The revised guidelines focus on several critical aspects of P2P lending, including the prohibition of credit guarantees, stricter fund transfer rules, restrictions on cross-selling, and enhanced disclosure requirements. These changes are expected to bring about a more transparent and accountable P2P lending environment in India.

One of the most significant changes in the revised guidelines is the prohibition of credit guarantees and enhancements by NBFC-P2P entities. The RBI has also introduced stricter regulations regarding the amount that individual lenders can lend through P2P platforms. As per the updated guidelines, the cumulative lending limit for individual lenders across all P2P platforms has been capped at Rs 50 lakh.

The revised guidelines also impose restrictions on the cross-selling of products by P2P platforms. Specifically, NBFC-P2P entities are now prohibited from cross-selling any products other than loan-specific insurance products.

In a bid to enhance transparency, the RBI has mandated that P2P platforms must now disclose their portfolio performance, including details on non-performing assets (NPAs) and any pre-NPA delinquencies, every month.

The RBI has also revised the fee structure that P2P platforms can charge for their services. Under the new guidelines, fees must either be a fixed amount or a fixed percentage of the principal amount involved in the lending transaction, and they cannot be contingent upon the borrower’s repayment performance.

Overall, the risks associated with P2P lending seems to be on the higher side for me to be comfortable with the segment currently – risks both in the credit/collection side as well as regulations.

5. Regulatory Sandbox (2019)

The RBI’s Regulatory Sandbox, launched in 2019, allows fintechs to test innovative products in a controlled environment. Cohorts have focused on retail payments, cross-border payments, and MSME lending.

This initiative reflects the RBI’s “test-and-learn” approach, enabling innovation without immediate regulatory overreach while managing risks.

The basic idea here is “to learn by doing” and this has been one of the most exciting things done by RBI in the recent past.

6. Account Aggregator Framework (2016)

The Account Aggregator (AA) framework enables customers to share financial data securely with regulated entities via consent-based APIs. Operational since 2021, it enhances competition and financial inclusion by allowing fintechs to offer tailored services, such as credit scoring, while adhering to strict data privacy norms.

I wrote about them in detail in an earlier newsletter.

AA provides a consent-based digital data sharing platform to Users, Financial Information Providers or FIP (banks/NBFCs, MFs/ Insurers/ brokers, tax, etc.) and Financial Information Users or FIU (banks/ NBFCs, MFs/ Insurers/ brokers/ wealth managers, etc.). This would allow Users to conveniently & digitally share information from FIPs to FIUs to get better deals on loans & financial mgt. & have one place to manage financial assets. FIUs benefit with digital & verified data. While FIPs are losing customer exclusivity, new acquisition will be easier. It works on symbiotic relationship among the three stakeholders, so among banks only those that are FIP can be FIU.

7. Self-Regulatory Organization (SRO) for Fintech

In May 2024, the RBI finalized guidelines for a Fintech SRO, following a draft framework released in January. The SRO aims to ensure compliance, monitor industry practices, and act as a bridge between fintechs and the regulator. It must represent diverse fintech sub-sectors (e.g., digital lending, payments) and address issues like fraud and mis-selling, reinforcing self-governance.

In August 2024, RBI recognised FACE as the only self regulatory organization for fintech in India. As per their website, they work with their members and are constantly making and mending the FinTech ecosystem that seizes opportunities and bulks against risks. Also, Engaging with regulators, government, FinTechs and ecosystem players, FACE advances fair and responsible practices through self-regulation and consumer empowerment.

While still early days, I am very interested in seeing how this shapes up.

8. Central Bank Digital Currency (CBDC)

The e-Rupee pilots, launched in 2022 , aim to modernize payments and reduce cash reliance.

The RBI’s concept note on CBDC (October 2022) and subsequent pilot programs mark a significant step toward digital currency adoption. The e-Rupee, launched in wholesale and retail pilots, aims to enhance efficiency and reduce cash dependency. Amendments to the RBI Act, 1934, now recognize digital currencies, signalling a forward-looking approach.

While I have written about this in detail earlier , I just don’t see why this will pick up. Not very positive on this and anyway, not a VC backable area.

9. Asset Risk Weightage and Basel Norms

Asset risk weightage, rooted in the Basel Accords and tailored by the RBI, determines the capital banks and NBFCs must hold against various assets. Under Basel III, implemented progressively in India since 2013, risk weights range from 0% for sovereign securities and CBDC to 100% or higher for unsecured loans and equity exposures. For instance:

• Cash and government securities: 0% risk weight, reflecting negligible default risk.

• Residential mortgages: 35%–50%, depending on loan-to-value ratios.

• Unsecured personal loans: 100%, due to higher default risk.

• Commercial real estate: 100%–150%, reflecting market volatility.

• Substandard assets: Up to 150% or more, per the RBI’s prudential norms.

In the fintech context, digital loans—often unsecured and small-ticket—typically attract a 100% risk weight, increasing capital requirements for banks and NBFCs partnering with fintechs. The RBI’s April 2023 guidelines raised risk weights on unsecured consumer credit (e.g., credit card exposures) from 100% to 125%, signalling tighter control over riskier asset classes amid rising delinquencies.

However, on Feb 25^th, 2025, RBI issued an update to the regulation in which Risk-weights for MFI loans have been reduced from 125% to 100% in most cases and to 75% in some eligible cases. This implies a risk-weight decrease of at least 25ppts for Bandhan’s and IIB’s MFI loans. The risk-weights on loans by banks to NBFCs were reduced 25ppts, ie. this is now back to where it was pre-Nov 2023. This has been very positive and same can be seen by immediate stock price reactions on Bandhan Bank, SBI Cards and more.

Impact on the Fintech Ecosystem

The RBI’s regulations have profoundly shaped India’s fintech landscape, with both positive and challenging outcomes.

Some of the most important positive impact of the regulations are as follows -

1. Financial Inclusion: The push for digital payments and frameworks like UPI and AA has expanded access to financial services, especially in rural areas. The establishment of 75 digital banking units across districts in 2023–24 exemplifies this commitment.

2. Consumer Protection: Stricter guidelines on lending and payments have curbed predatory practices, enhancing trust. For instance, the digital lending norms ensure borrowers receive clear terms, reducing the risk of debt traps.

3. Innovation with Guardrails: The sandbox and SRO frameworks allow fintechs to innovate while aligning with regulatory priorities, fostering a sustainable ecosystem.

4. Market Credibility: Compliance-focused regulations have bolstered investor confidence, as seen in the consolidation of P2P lending platforms and the rise of co-lending partnerships.

However, with the ever changing regulations, there are some issues that keep cropping with a very active regulator like RBI, such as -

1. Compliance Burden: Small fintech startups often lack the resources to meet stringent requirements, such as capital thresholds for NBFCs or SRO membership, potentially stifling innovation.

2. Shift to Asset-Heavy Models: The emphasis on regulated entities has forced fintechs to move from asset-light, tech-driven models to capital-intensive NBFC operations, slowing growth for some players.

3. Global Competition: Tight regulations, such as the ban on credit-loaded PPIs, may deter international fintechs from entering India, limiting market diversity.

4. Regulatory Lag: The pace of technological advancement often outstrips regulatory updates, creating uncertainty for emerging areas like decentralized finance (DeFi) and cryptocurrency.

Balancing Innovation and Regulation – The need of the hour

The RBI’s approach reflects a delicate balancing act. Deputy Governor T. Rabi Sankar, in a 2021 speech, argued for entity-based regulation over activity-based rules for fintechs offering liquidity services (e.g., credit, deposits), akin to banks. However, the broader fintech sector benefits from a “wait-and-watch” strategy, allowing initial innovation before imposing rules. This is evident in the RBI’s initial leniency toward digital payments, followed by robust controls post-adoption. Same can be seen in the recent risk reduction for NBFCs and MFIs.

The SRO framework exemplifies this balance. By delegating oversight to industry bodies, the RBI reduces its regulatory burden while ensuring fintechs self-regulate. However, critics argue that multiple SROs could fragment the ecosystem, complicating coordination.

While the RBI’s regulations have stabilized the fintech sector, they are not without flaws. The emphasis on regulated entities risks sidelining tech-driven disruptors, potentially favoring incumbents. The lack of a formal fintech definition in Indian law also creates ambiguity, leaving room for interpretation. Moreover, the RBI’s cautious approach to cryptocurrencies—following the 2020 Supreme Court ruling overturning a blanket ban—contrasts with global trends toward regulation rather than prohibition.

Conversely, the RBI’s focus on financial inclusion and consumer protection aligns with India’s socio-economic realities, distinguishing it from Western models prioritizing innovation alone. This pragmatic stance ensures fintech serves the masses, not just the tech-savvy elite. It’s been a fine balancing act till now.

Conclusion

The RBI’s regulations on the financial services and fintech segments reflect a nuanced strategy: encouraging innovation while mitigating risks. From digital payments to lending and CBDCs, these rules have transformed India into a global fintech hub, albeit with growing pains.

For fintechs, the message is clear: innovate, but within the guardrails of stability and trust. For the RBI, the challenge lies in staying agile in a fast-evolving landscape, ensuring India’s fintech story remains one of growth and resilience.

Exciting times ahead for sure!