PayTM : The Brand sharing risk

PayTM is a well known brand when it comes to online payments. If India is proud to say that even vegetable vendors are using UPI, a large part of the credit should go to PayTM. It is sad to note that currently this reputation got a hit because their sister entity which had a Payment Banking license has run into problems with RBI in terms of compliance of regulations.

Using its brand value, PayTM had also obtained the license as a Payment Bank and called it PayTM Payment Bank. (PPB). However the regulations for Banking being much different from the operations of an intermediary service as a payment transfer mechanism, PPB encountered regulatory issues. Accordingly, on March 11, 2022, RBI had invoked Section 35A (RBI Act) powers and stopped acceptance of further onboarding of new customers.

PPB under its Payment Banking license was otherwise allowed to accept deposits of upto Rs 2 lakhs which could not be used for lending but could be used as a deposit for other services. (eg: remittance services, mobile payments/transfers/purchases and other banking services like ATM/debit cards, net banking and third party fund transfers.). After two years of observation and audits, RBI has now come to the conclusion that the PPB has failed to implement all the regulatory requirements and therefore issued a further notice on March 31, 2024 to stop further operations except allowing the customers to withdraw their current deposits in different services.

While PayTm and Paytm Payment bank are two different entities and 70% of revenue of PayTM group is said to come from its PayTM business and not PayTM Payment Bank business, the reputation loss and consequential damage to the stock market value cannot be avoided.

We have to wait and see how PayTM comes out of this problem. Currently the Company is yet to provide appropriate clarifications by way of disclaimers though the promoter has made some press statements. As of today, does not have any disclaimers about its “Arms Length Relationship” with which should have been one of the first things to do. (P.S: This sort of risk would be noted under the WebDTS compliance measure suggested by FDPPI)

In the meantime, we would like to highlight two aspects of policy failures which have led to this situation.

Firstly, RBI was not prudent in trying to convert FinTECH companies into Banks. had discussed some of these issues in the earlier articles. (

Recently we have also pointed out how RBI’s over enthusiastic measures on Account Aggregators have created a set of licensees who may not be compliant with most of the regulatory requirements required for the conduct of Banking.

The “Reasonable Security Practices” required by these Banks and the Banking regulatory measures were un-natural to the “Innovation driven Fintech Industry” and it was wrong for RBI to assume that “Banking” and “E-Commerce” were two faces of the same coin.

This policy error by RBI can be considered as the main problem that has led to the current situation where the non-compliance has forced the RBI to take drastic steps.

The second policy failure is in the policies of the licensed entities who tried to raid on their current brands and started Banking activities under the same umbrella name. As a result today when the Banking business needs to be closed down for reasons of non compliance the damage to the parent brand is inevitable.

Clarification issued by the company is available here:

RBI should realize that when an existing IT Company gets into Banking, one of the strengths are their current operations and hence the extension of their IT infrastructure to the new business is a natural inclination of technology architects. It is perhaps the business strategy of aggregating their current IT infrastructure for better productivity.

However, from Compliance perspective this introduces certain risks which have come to hurt PayTM.

We may foresee similar issues when MeitY allows the RBI licensed Payment Aggregators as “Consent Managers” under DPDPA 2023. It is for this reason that Naavi has been advocating that the Consent Managers under DPDPA 2023 are different from Account Aggregators under RBI license.

We have advocated that “Licensed Consent Managers” under DPDPA 2023 are more like the “Licensed Certifying Authorities” under ITA 2000 and when Meity formulates the notifications, it has to avoid the mistakes committed by RBI in allowing brand sharing with an existing unrelated business with the licensed business.

Hence we debate that RBI was wrong to call E Commerce Companies as “Banks” in the first place and hence its licensing terms were faulty. Had PayTM Payment Bank been called as “PayTM E Commerce” or just “PP Bank” either disassociating the Bank from the name or disassociating the parent company name from the licensed entity, the damage would not have been as much as it is now.

(P.S: It is also time to point out this branding confusion in respect of and Navi group of companies promoted by the erstwhile Flipkart promoter. Authorities who have licensed as a business entity need to be aware that if they fail, they will be hurting the reputation of Naavi and if gets into bad reputation, it could hurt It is for this reason that the existing brand of Naavi has issued a notice to that their “Lookalike-Imitation” is not a good strategy. So far their arrogance has made them ignore this mutual risk.


PS: Views expressed here are the personal views of Naavi

Also refer:

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.