This article has been authored by Pratik Karmarkar, enrolled in Diploma in Advanced Contract Drafting, Negotiation and Dispute Resolution from LawSikho.

It has been published by Rachit Garg.


“FinTech” has been the buzzword in India’s business and entrepreneurship sector for quite some time now. India is home to several FinTech giants, offering a wide range of products and services. The FinTech sector has been growly steadily and is like to witness unprecedented growth in the coming decade. This article presents a brief about India’s FInTech sector and provides an overview of some of the key statutes and regulations applicable to FinTech companies in India. 

Download Now

A brief about the FinTech sector 

The word “FinTech” pertains to technology-driven start-ups that are upending incumbent financial actors, and traditional banking practices. Even though there isn’t a single definition that applies to all instances of FinTech, the Financial Stability Board of the Bureau of Indian Standards (BIS) defined it as “technologically enabled financial innovation that may result in new business models, applications, processes, or products with an associated material effect on financial markets and institutions and the provision of financial services.” In other words, FinTech may be seen as the union of financial firms with cutting-edge technology to create, enhance, and automate the supply of banking and finance.

FinTech was first thought of as computer technology that had been solely utilised in the back-end facilities of banks, trading companies, and financial intermediaries. FinTech is nowadays most closely associated with offering customers more solution-oriented services, such as chatbot and artificial intelligence platforms to help customers with simple chores, supervising, reducing fraud, and keeping low operational and employee costs. Furthermore, modern tools like informatics marketing, predictive behavioural analytics, and machine learning or artificial intelligence are now being utilised to help customers make better financial decisions without relying just on assumption.

FinTech can significantly improve productivity and save costs while promoting financial inclusivity by changing how consumers perceive financial services. Transaction processing and settlements, deposit lending and capital generating, market liquidity, asset management, data analytics, and risk mitigation are the major areas into which FinTech innovations may be divided.

India has one of the fastest-growing FinTech-related sectors in the world, and the same is home to a growing FinTech industry. There are currently over 2100 FinTech businesses operating in the nation, with more than 67 per cent of them having only been founded in the previous five years. The sector is predicted to reach an estimated $150 billion by 2025.

Laws regulating the FinTech Sector in India

The obligation to regulate the goods and services that FinTech offers grows as technology develops. The Reserve Bank of India (RBI), the Insurance Regulatory and Development Authority of India (IRDAI), the Securities Exchange Board of India (SEBI), the Ministry of Corporate Affairs, and the Ministry of Electronics and Information Technology (MEITY) are the primary regulatory agencies in charge of this sector. A FinTech company would be governed by the appropriate regulatory body in charge of its goods and services. For instance,  the FinTech businesses that engage with account aggregation, peer-to-peer credit, cryptocurrencies, payments, etc are governed by RBI.

The FinTech regulatory framework in India is largely disjointed, and no one body of laws or standards governs all FinTech services. This sector is difficult to manage since there isn’t a unified set of FinTech laws. The paragraphs below discuss some of the key regulations applicable to FinTech companies in India. 

The Payment and Settlement Systems Act, 2007

The Payments and Settlements Systems (PSS) Act, 2007 (PSS Act) regulates payments in India. A “payment system” cannot be created or operated, in accordance with the PSS Act, without the RBI’s prior consent. The PSS Act defines a “payment system” as “a system that permits payment to be made from one person to another,” but it specifically excludes a stock exchange. Payment methods include PPIs, money transfer services, smart card operating systems, and debit and credit card operating systems. RBI authorisation is required before a payment system may start up or be put into operation. As a result, compliances under this enactment are essential for FinTech companies to operate.

The Companies Act, 2013

FinTech businesses must register under the Companies Act 2013 and abide by all of the Act’s laws and regulations, just like any other business in India. FinTech businesses like Paytm, Bharat pe, etc, are incorporated and authorized under the Act. 

The Consumer Protection Act, 2019

Companies in the FinTech industry are considered service providers for purposes of the Consumer Protection Act. According to Section 2(47)(ix) of the Act, “disclosure of consumer’s personal information supplied in confidence, unless required by law or in the public interest,” is an unfair trade practises. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which prohibit the disclosure of a consumer’s personal information without the person’s prior authorization unless required by law, are comparable to this. FinTech businesses must abide by this law since they handle sensitive personal data belonging to their clients.

The Prevention of Money Laundering Act, 2002

The principal rules that set anti-money laundering standards and operational directions for firms that offer financial services in the nation are the Prevention of Money Laundering Act 2002 (PMLA), the Prevention of Money Laundering Rules 2005, and the KYC Master Directions. The aforementioned laws require banking firms, financial institutions, and intermediaries to confirm the identification of clients, preserve records, and provide information to the Financial Intelligence Unit – India in a defined format (FIU-IND).

The Information Technology Act, 2000

As more and more user information, particularly behavioural and financial information about individuals, is collected and stored by FinTech platforms, the value of protecting consumer privacy and data has increased. India currently lacks a reliable data privacy mechanism. The Information Technology Act of 2000 (IT Act) and the Rules on IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) are the two main pieces of legislation regulating personal data privacy.

The IT Act’s regulations must also be followed by FinTech businesses. In accordance with Section 43A, businesses are liable for damages if they fail to take reasonable security precautions to protect the sensitive personal data of their customers. Section 72A establishes penalties for leaking info in breach of a valid contract. Personal data about individuals is very important to FinTech firms. It is crucial to adhere to the mandated data security laws in order to avoid legal difficulties.

The Reserve Bank of India Rules

The principal regulatory tools that apply to NBFCs are the Reserve Bank of India Act, 1934 and a series of governing guidelines and circulars. Certain FinTechs are subject to RBI regulation either directly through the issuance of NBFC licences to them or indirectly through the regulation of banks and NBFCs connected to FinTech. The organisation must fulfil a number of standards in order to receive licensure from the RBI. In India, there are several digital lenders who have received NBFC approval.

The registration and operation of payment banks in India are governed by regulations that were published by the Reserve Bank of India (RBI) in November 2014 and October 2016, respectively. Among the rules governing payment banking institutions are the eligibility requirements for registration, suitable practices, and other operational standards.

According to the Governor of the RBI’s remarks, the RBI has implemented surveillance technologies known as SupTech for data collecting and analysis. Another illustration of supervisory tech is the risk-based supervision of banks, which is heavily data-driven.

RegTech, also known as regulatory technology, has the potential to be useful in a number of areas, including simplifying the regulatory reporting system, compliance and risk monitoring, safeguarding consumer interests, and identifying financial crime. India’s RegTech industry is growing quickly in the banking and insurance sectors.

The Insurance Act, 1938

Companies involved in insurance technology, or InsurTech, are collaborating with many stakeholders and upending the insurance industry’s value chain. They have helped to speed up application procedures, and automate the testing, and claim processes through their collaborations with insurance firms. Some businesses also serve as online aggregators from time to time, allowing clients to examine the breadth of coverage, the term, the premium, and other pertinent parameters before making a choice. The Insurance Regulatory Development Authority of India (IRDA), the country’s top insurance industry regulator, must grant these web aggregators clearance.

When several prominent FinTech businesses in India received direct insurance broker licences from the IRDA to facilitate the distribution and sale of insurance products, this became a big flashpoint. A few participants have also obtained an IRDA insurance corporate agent licence.

The Foreign Exchange Management Act (FEMA), 1999

According to the RBI’s regulations released under the FEMA, countless cross-border transaction services have been created due to advancements in India’s FinTech industry. The Foreign Exchange Management Act of 1999 (“FEMA”) and the rules and regulations issued thereunder control transactions involving foreign currency. Accredited Dealer Category II Entities, such as usurers, are allowed to offer foreign currency pre-paid cards in India to Indian citizens in accordance with the FEMA, according to the RBI’s regulations released under the FEMA. The PPI (Prepaid Payment Instruments) Master Directions also permit PPIs to be issued by qualified entities for international transactions. Authorised dealer category I can provide semi-closed and open-system PPIs for FEMA-compliant, FEMA-compliant, and payments that do not exceed ₹ 10,000 per transaction and ₹ 50,000 per month acceptable current account transactions (including all the procurement of goods and services).

Correspondingly, as long as the PPIs are wholly KYC-compliant, reloadable, and granted in electronic form, and the inward disbursement does not exceed ₹ 50,000 per transaction, authorised bank and non-bank PPI issuers (designated as agents of an authorised overseas principal) are permitted to accept inward remittances under the money transfer service scheme.


The use of contemporary innovation to deliver financial services has greatly increased financial inclusion. In contrast to traditional financial institutions, the FinTech industry faces obstacles from confusing laws, consumer distrust, and a tiny client base. The emergence of technology requires regulation as the law cannot always pace up with technology.

Government legislative actions and the expansion of the Indian Stack have contributed to the FinTech boom that is about to take place in India. The innovative items are just the start. From a legal standpoint, many issues arise. Thus, the right balance between promoting emerging technology developments and the need to oversee them effectively must be found.

The data-driven FinTech sector will be directly impacted by both current law and prospective legislation, such as the new “Digital Personal Data Protection Bill, 2022”. Data is needed by modern technology to develop new goods and services. For FinTech businesses, the inconsistent nature of current law has produced a wide range of operating difficulties. A range of limitations and rules from various agencies apply to FinTech companies that offer various services. They hope that the government’s supporting approach will likely provide the FinTech industry and other financial institutions with an equal playing field. Industry 4.0 and universal financial inclusion will make it easier for FinTech businesses to grow.



Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.


Please enter your comment!
Please enter your name here