The fintech space in India has undergone massive changes in the last few years on account of significant policy decisions in India – from the demonetization exercise in November 2016 to the rapid changes in the laws of privacy, as well a range of other proposed policy\changes by the financial regulator of India, the Reserve Bank of India (RBI). This article focuses on key Indian regulations concerning pre-paid payment instruments and peer-to-peer lending.

Regulation Of Prepaid Payment Instruments In India


In the recent years, prepaid payment instruments i.e. stored value cards and electronic instruments (PPIs) have gained significant popularity. Issuance and operation of PPI is regulated by the RBI under the Payment and Settlement Systems Act, 2007 (PSS Act) (which is the umbrella legislation for the regulation of payment systems in India). PPIs are defined in RBI guidelines as “payment instruments that facilitate purchase of goods and services… against the value stored on these instruments”.

The RBI (Issuance and Operation of Prepaid Payment Instruments) Directions, 2017 (PPI Regulations) under the PSS Act, set out the regulatory framework for PPIs in India. Under the PPI Regulations permit the following kinds of PPIs:

  • Closed system PPIs (C-PPIs): These can be used for the purchase of goods and services from the issuer. These do not permit cash withdrawal or use at third-party merchants. Only C-PPIs do not require RBI approval.
  • Semi-closed system PPIs (S-PPIs): These can be used for purchase of goods and services from third-party merchants. However, these do not permit cash withdrawal.
  • Open system PPIs (O-PPIs): Only banks are eligible to issue these PPIs. These can be used for purchase of goods and services from third party merchants and permit cash withdrawal.

Net worth requirements:

For S-PPIs, a non-bank issuer of PPIs is required to have a minimum net worth of INR 50,000,000 at the time of RBI application and must increase this to INR 150,000,000 within 3 financial years from the date of the final approval. C-PPIs do not attract net worth requirements.

Know your customer (KYC) norms:

S-PPIs are differentiated depending on KYC norms:

Limited-KYC PPIs- A limited KYC-PPI can be setup after a limited-KYC verification of the user (being an OTP-verified phone number and the details of an officially valid identification proof). The maximum balance for such PPIs cannot exceed INR 10,000 at any point of time and the PPIs are subject to a loading limit of INR 10,000 per month and INR 100,000 in a financial year. These PPIs do not allow fund transfer to other PPIs and/or bank accounts. Significantly, these PPIs will have to be converted into full KYC PPIs within 12 months of their issue after which no further reloading will be permitted.

Full-KYC PPIs- After a full-KYC verification of a customer, an issuer can setup a full KYC PPI. In case of these PPIs, the maximum balance cannot exceed INR 100,000 at any point of time and there are no specific monthly or yearly loading limits for these PPIs. These PPIs permit fund transfer to other PPIs and/or bank accounts.

O-PPIs require a comprehensive full-KYC verification. In case of O-PPIs, the maximum balance cannot exceed INR 100,000 at any point of time and there are no specific monthly or yearly loading limits for these PPIs.

Other key features:

Pursuant to the PPI Regulations, on 16 October 2018, the RBI released the guidelines for interoperability of PPIs (Interoperability Guidelines) i.e. the ability to transfer customer’s balances across PPIs issued by different issuers. The Interoperability Guidelines only permit fully-KYC compliant PPIs to be made interoperable.


KYC is a significant cost and operational reality for entities providing retail fintech products. This has traditionally involved the physical collection and storage of the customer’s documents and required face-to-face verification of the customer’s identity.

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (Aadhaar Act) had revolutionized the KYC verification process for fintech entities in India by enabling remote electronic know-your-customer (eKYC) by allowing fintech entities to access KYC data with the Unique Identification Authority of India (UIDAI) by using the unique Aadhaar number of an individual.

In January 2018, the UIDAI issued a circular under the Aadhar Act specifying that only such entities that are legally mandated to use Aadhaar for KYC (such as banks, life insurance companies, government departments etc.) were permitted to continue using eKYC. All other agencies such as PPI issuers, non-banking financial service companies, non-life insurance companies, telecom operators etc. were restricted from using eKYC.

Subsequently, pursuant to the judgment of the Supreme Court of India in Justice K.S. Puttaswamy (Retd.) v. Union of India dealing with the constitutional validity of the Aadhaar Act, the Supreme Court of India has prohibited private enterprises from using Aadhaar data for KYC verification.

Peer-To-Peer Lending Platforms

In October 2017, the RBI issued Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017 (P2P Directions) for the licensing, regulation and operation of electronic platforms which connect an individual lender and an individual borrower for small-value loans (P2P Platforms). The P2P Directions mandates RBI-registration for P2P Platforms.

The P2P Directions impose prudential norms and provide that the exposure of a lender to all borrowers across P2P Platforms, the aggregate of loans taken by a borrower across P2P Platforms and the exposure of a single lender to a single borrower across P2P Platforms cannot exceed INR 1,000,000, INR 1,000,000 and INR 50,000, respectively. Further, the maturity of the loans cannot exceed 36 months.

Additionally, a P2P Platform is required to setup up escrow accounts with a trustee as well as comply with fair practices code, disclosure requirements, fit and proper criteria for directors etc.


Indian regulations for fintech sector are evolving fast. While this article focuses on some of the regulations prescribed by the RBI, there are a cluster of other regulations (including regulations issued by the securities market regulator and insurance regulators) which can be attracted depending on the offerings and business models of the fintech companies.

 *Authored by Suswagata Roy, Senior Associate, Verist Law and assisted by Tanay Khanna, Associate, Verist Law