Transparency starts with your Identity Disclosure

We are today seeing tech companies entering the field of services related to “Compliance of Regulatory aspects”. Many of them proclaim that they use AI and ML for various requirements. Some of them are providing services to organizations for KYC services. However these service providers are themselves not compliant to the Indian laws. The users of these services who are the “Data Conrollers” use the services of these “Data Processors” without fully understanding their responsibilities.

I draw the attention of the readers to this article in ET “How RegTech can be a game-changer for the FinTech industry?”

The moot question is who regulates these RegTech companies? It appears that RBI is yet to decide on how to regulate these RegTech Companies.

Many of these companies are themselves non compliant to various regulations they should be compliant with.

I was checking on one such start up recently and found that even to send an e-mail to the company to get more information, there were many hurdles and many privacy infringements.

The company was not even transparent about its own identity on its website, let alone on the client’s website where their services were pushed to customers.

It is hightime that RBI takes a serious view of such companies and introduce a proper accreditation system since these organizations are actually substituting the regulatory processes managed or to be managed by RBI and such other regulatory agencies.

I came across a RBI notification which is a master direction to the licensed entities regarding outsourcing responsibilities . This however does not cover the regualtion of RegTech companies who provide services to other companies who are not RBI sueprvised entities. There is a need for a separate regualtion of these RegTech companies apart from the FinTech companies who are engaged in financial services such as lending.

In a Keynote address delivered by the Deputy Governor T Rabi Sankar, on July 7, 2023 at Bangalore, RBI stated that there is a need to establish a meaningful dialogue on regulation of FinTech. There was no mention of the earlier attempts of RBI on FinTech Company (Please refer to this earlier article on Fintech at on FinTech Steering Committee Report). There was a need for a greater thrust on FinTech Regulations and it appears that RBI has been overwhelmed by the technology and failing in its duty to have an effective regulation.

However the point of “Transparency through Identity Disclosure” is a non compliance of many Indian companies and it is the failure of CERT IN to impose its authority that has resulted in a situation where unknown and hidden companies are providing critical services in the RegTech/ FinTech as well as other areas and not providing the opportunity to for consumers to raise their grievances.

I request CERT IN to recognize that its responsibility does not end with issuing a notification that a greivacne redressal officer needs to be designated by all intermediaries, but take effective steps to check the non compliance. Hope the DG of CERT In and the Secretary MeitY take effective steps at least now.

Also refer:

Will Fintech Steering Committee report bring changes to PDPA?

RBI’s FinTech Workign Group needs to secure Consumer Interests also


About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.