Recently, there has been a new development in the Indian financial landscape. The Reserve Bank of India (RBI) has launched a new framework for payment and settlement activities conducted by Payment System Operators (PSOs). This plan has been implemented as per the guidelines of the Payment and Settlement Systems Act, 2007. This act is a regulatory mechanism for supervising payment systems in India and assigns the RBI as the presiding authority in all matters related to it.
Understanding the Payment System
The payment system essentially refers to a method employed to complete financial transactions by transferring monetary value. It comprises various mechanisms that ensure smooth transfer of funds from one entity (the payer) to another (the payee). Any such system includes the participants (institutions), the users (customers/clients), along with the rules and regulations directing its operations and the standards and technologies it works on.
At the helm of policy-making for payment systems in India is the Board for Regulation and Supervision of Payment and Settlement Systems (BPSS), a sub-committee of the Central Board of the RBI.
Role of Payment System Operators (PSOs)
By their very nature, the services provided by PSOs and the models they operate on require them to largely outsource their payment and settlement-related activities to other entities. PSOs are institutions that have received authorization to operate a payment system.
Highlights of the New Framework
According to the new framework issued by the RBI, licensed non-bank PSOs can no longer outsource core management functions. Such core functions include risk management, internal audit, compliance, and decision-making tasks such as complying with Know Your Customer (KYC) norms. This rule applies to all service providers, whether located in India or abroad.
The Objective and the Need of the New Framework
The objective behind the RBI’s new framework is to set minimum standards for managing risks in outsourced payment and settlement-related activities, including tasks related to onboarding customers and IT-based services. The need for this framework arises from potential operational risks associated with outsourcing by PSO’s and participants of authorized payments systems. The recent series of cyberattacks on India’s tech ecosystem, including firms like Juspay, Upstox, and Mobikwik, have underscored the need for such a measure.
Previous Related Initiative
In the past, the RBI has imposed restrictions concerning investments in PSOs by new entities from jurisdictions having weak measures against money laundering and terrorist financing activities.
Way Forward
As India is ranked second in terms of digital adoption among 17 of the most digitally active economies globally, there is an urgent requirement for proactive measures to enhance cybersecurity. Both corporate entities and respective government departments are urged to identify their organizational gaps, address these areas of concern, and develop a layered security system. This system must facilitate sharing of security threat intelligence between different layers.
