Regulator on overdrive across the banking ecosystem – Not just Fintech. Time to play by the rules in spirit, not just by letter | Episode 39
Ban on Kotak Mahindra Bank, more pain for payment aggregators, DLG guidelines again and RBI lens on Gold loan startups
It seems like the last few weeks in the country’s financial services space has been all about RBI coming hard on both traditional financial services firms as well as new age fintechs across the spectrum.
RBI has banned Kotak Mahindra bank to onboard new customers online and issuing new credit cards, (click here for more).
Looks like more pain for payment aggregators is on the way -The RBI's proposed KYC regulations for payment aggregators, which require physical verification for existing merchants and bank-grade KYC for new ones, have sparked concerns over higher costs and potential impacts on smaller businesses. They can’t catch a break!
And then the RBI’s favorite – FLDG. RBI came up with a new set of clarifications in a Q&A format. Effectively, they are saying DLG is not allowed on loans arranged on NBFC-P2P platforms as well as DLG arrangements for credit are not permitted. Interestingly, no DLG for revolving credit facilities via digital lending channels as well.
There’s a new kid on the regulatory crossroads now - Gold Loan firms. Although not said by many, it looks like Gold loan fintechs are next in the firing line after RBI took action against IIFL some time ago. Now it’s been learnt that RBI is not happy with gold loan fintechs around how they are evaluating the gold submitted to them and will come up with a draft guidelines for the same.
Will discuss each of these today. On the investment and new meetings front, QED’s event was an amazing one with good mix of people from both investing as well as startups and sell side coming in for a perfect evening.
Met with the founders at GroMo – they are building the distribution rails for all financial products and achieved some serious scale. Met another second time founder who is planning to disrupt the credit card space in ways unheard of till now, despite the space mushrooming with new players. Also met founders at Smartcoin – digital lending firm and they are now highly profitable. Very interesting times to come.
Before you read ahead, please note that this blog is solely based on my views only. All views expressed here are my personal views and do not represent those of my employers, present or past.
RBI Bans Kotak for poor KYC onboarding process
This twitter post is instructive –
A user lost 10K INR while trying to open a bank account online using bank’s website. Somewhere in the flow generated using bank’s website, the scamsters were able to input their own UPI id and scoop up the payment!
On top of everything, when contacted, the bank employees claimed that this could be a fraud and just write an application. Which means that the application drop off data was used by scamsters to change the flow – very, very serious thing.
Meaning, Kotak bank system is broken.
And RBI wants it fixed before they can onboard any new customers online. Which is the right way to do things. The thing to note here is that this is not new – RBI has been asking Kotak to get its house in order since at least last two years.
The regulator’s ban will have a direct bearing Kotak’s fastest-growing segments—its credit card business. In the CY 2023, Kotak Mahindra Bank’s credit card business grew by 52%, 2nd only to its retail microfinance vertical (59%). During that period, its net advances grew just 19%.
The bank’s focus on the credit card segment wasn’t surprising. With its shares largely stagnating over the past two years, the RoE remained lower than peers.
Credit card seemed to be the most obvious answer to its most pressing problems. Earn issuance fees, interest rate, merchant tie-up and marketing tie-up charges for co-branded cards.
Funnily, Kotak was also charging users Rs. 100+ GST for limit enhancements – Not sure about it’s legality though! Now, when HDFC got a similar ban, it lasted for a year or so. Expect the same here.
That 11% fall in Kotak bank on this news is not unjustified.
Apart from this, the ban on onboarding new customers digitally could have important implications for Kotak Mahindra Bank’s personal loan segment.
Now, to solve for all of this, including reducing outages, enhancing security and minimizing downtimes, bank will have shell out north of Rs. 600-700 cr as per various estimates. And the bank has existing cost to income ratio ~49% already. Compare this to HDFC Bank’s 41% and ICICI Bank’s 40.6%.
Things are going to get difficult before it becomes better!
For payment aggregators, the Winter is not ending
Looks like payment aggregators just can’t get on the right side of regulations. From a significant majority of them being barred from onboarding new customers (ask the likes of Cashfree or Razorpay), which was lifted for some players in Dec’23 to tokenization norms to issues around recurring payments and then, the overarching problem of delays/refusals to get PA license , the sector has seen everything.
Now, on 16th April, RBI came up with 2 more circulars.
The first circular, titled “Regulation of Payment Aggregators (PA)—DRAFT”, has proposed more stringent KYC checks, tighter monitoring of merchants’ transaction activities and stricter rules around data storage and other things, for all businesses involved in payment aggregation.
The second circular, titled “Regulation of Payment Aggregators—physical Point of Sale—DRAFT”, has proposed setting up a separate category of payment aggregators that are involved in offering merchants offline payment services through point-of-sale devices and QR codes. This is where most of the issue lies.
These businesses would need to be authorized by the central bank to conduct operations.
Simply put, the central bank has divided payment aggregators into two categories:
· online payment aggregators, which facilitate e-commerce transactions
· offline payment aggregators, which facilitate face-to-face transactions
RBI has also proposed that all offline merchants with an annual turnover of less than Rs 5 lakh should be classified as “small merchants”. And those (offline and online) with less than Rs 40 lakh should be categorized as “medium merchants”
Now, a major area of focus in the draft guidelines is due diligence by payment aggregators across both categories, online and offline. “The central bank wants these entities to have due diligence on a par with the highly regulated businesses like banks,” says the second of the three executives cited above.
This seems to stem from the lapses at Paytm payment bank (click here to read a detailed piece on the same). What the regulators now want to do is to point verification of all merchants – even those classified as small merchants. This means physical verification of all merchants.
The direct impact is that it will increase the cost of verification by as much as 2-3x from current costs.
The other worry is that a lot of these small and medium don’t really have any office address – they simply operate from their home or even any place they can find, including temporary ones.
Imagine an entrepreneur with an annual turnover of more than Rs 5 lakh may need to rent office space simply to avail a payment aggregator service. Not happening. They will move back to cash or UPI at best.
This particular move, then, is very anti digitization. It stands directly against the quick onboarding and sign-ups which led to industry’s above normal growth in the past.
Another key proposal, aimed at stepping up due diligence, is that all non-bank payment aggregators register themselves with the Financial Intelligence Unit-India (FIU-IND). For this, the central bank has set 30 September 2025 as the deadline. The central agency is responsible for receiving, processing, analyzing and disseminating information relating to suspect financial transactions.
The idea is to curb money laundering and terrorism financing. On the merchant front, a key recommendation is that payment aggregators keep a better check on merchant transactions, moving merchants to a higher category of risk in terms of due diligence if required. It has also been proposed that payment aggregators follow payment limits based on risks for the onboarded merchants.
The following lists down the other set of requirements –
· Payment aggregators to ensure that merchant transactions are in line with the merchants’ business profiles
· Payment aggregators to make sure that marketplaces onboarded by them do not collect and settle funds for services not offered through their platforms
· The names of merchants and payment aggregators to be listed on the web pages where different payment options are mentioned, on the payment confirmation page and also on the charge slip—this must be done within 3 months from 16 April 2024
· To track transactions, entities store limited data—the last four digits of the card number and the card issuer’s name
None of these bodes well for the payment business players. Not just compliance costs will increase on top of wafer thin margins, this will lead to churn in customers as well as reduced growth.
The tide, for the payment aggregators, doesn’t seem to be turning at all. The only solace is that these guidelines are draft guidelines as of now and might become softer on the final version. We will have to wait and watch.
DLG at crossroads again! Nowhere to hide
RBI dropped the latest FAQs on DLG guidelines on 16th April – Click here for the same.
This was followed by a very panicked message from a second time founder, a fantastic one, who is trying to launch something new. He was asking if it even makes sense to start a fintech firm right now – And his concerns are valid.
We now need a master circular, which clears all the air for a particular segment at one go – This piecemeal, monthly injectable doses of lending guidelines is not helping at all. It’s just putting fear into everyone’s head – Founders , investors and partners as well.
The latest circular will impact lot of fintechs, NBFCs, banks, P2P industry and credit card players.
RBI has clarified that DLG cannot be given for credit cards. Few credit card fintech platforms had tied up with banks where banks would issue credit cards and fintech platforms would provide default guarantee. It’s been explicitly stated in FAQs that such DLG cannot be given. This may significantly lower credit card issuances for some platforms since banks would not have risk appetite to take credit risk without any default guarantees to the customer segment that these platforms were catering to.
Imagine the likes of Kiwi or Scapia or even One card with large amount of money raised and now scrambling, for the nth time, to find a new business model.
Some P2P platforms were sourcing loans in partnership with sourcing agents who in turn would provide some partial guarantee. This again has been prohibited by RBI. This may increase the NPAs on P2P platforms for the investors.
RBI had earlier allowed DLG upto 5% , however there was lot of confusion in the industry where this was 5% of the disbursements or the portfolio outstanding. RBI has clarified that the limit of 5% would be on the the identified disbursements.
Lastly, if, let’s say a NBFC enters into digital lending partnership with a bank and provides default guarantee the NBFC would need to effectively set aside equity capital equal to the guarantee provided. This would increase the capital requirements for NBFCs having such parternships. This is a lose lose for all the parties involved.
The impact of these guidelines is that Digital lending now needs very seasoned founders with risk and compliance first mindset rather than tech mindset. All new investors in this space will do well to keep this in mind. I see more VCs now backing veterans starting up NBFCs led business rather than tech first model. Tech will be enabler rather than the business model itself.
And now, for the new block in the regulator’s town – Gold loans
There’s some murmur in the founder’s circle that RBI is unhappy with how gold is being evaluated (assayed) by gold loan fintechs.
As per some reports, large banks with exposure to fintechs in the gold loan business have been told by RBI that the regulator is not satisfied with the way in which gold is assayed and Ioans are being underwritten, especially by fintech platforms.
Banks such as Federal Bank, Axis Bank and ICICI bank have exposure to this via Rupeek, Indiagold and Oro Money. Expect some circular on specifics here.
So what’s next for the founders and investors in the fintech/BFSI space?
Think one of the most important take-aways across the board is to interpret the guidelines in the strictest way possible, rather than the other way round. Founders will do well to have a compliance team from day zero and be on the right side.
Investors, on their part, need to dig deeper and be on top of regulations and expected regulations. Growth will suffer, but this is a fantastic opportunity for the right kind of founders/investors to create companies with real competitive moats. It won’t be easy to replicate firms which are doing businesses the right way, as deemed by the regulators.
Would be happy to discuss more on this. Reach out to me at abhishekk.kumar@iiml.org for more on this!