Fintech Newsletter: recent legal developments and market updates from India - January 2025

INTRODUCTION

At the tail end of 2024, though November hit rock bottom for fintech funding, December brought a welcome surge in investments. The sector secured USD 425.4 million across deals, marking a dramatic upturn from November's USD 130.4 million.[1]

On the regulatory front, December 2024 saw significant moves from both the Securities Exchange Board of India (“SEBI”) and the Reserve Bank of India (“RBI”), with SEBI introducing comprehensive amendments for Investment Advisers (“IAs”) and Research Analysts (“RAs”), particularly addressing client level segregation and Artificial Intelligence (“AI”) related disclosures. The RBI further streamlined Know Your Customer (“KYC”) processes through amendments to its Master Direction, introducing simplified customer due diligence procedures and enhanced monitoring requirements for high-risk accounts. These regulatory developments signal a continued focus on modernising India's financial services framework, while also fortifying compliance standards.

In this first edition of our fintech newsletter for the year 2025, we explore the key developments in the Indian fintech space from November 01, 2024, to December 31, 2024, highlighting the interplay between regulatory measures, compliance requirements, and industry developments.

RECENT LEGAL & REGULATORY DEVELOPMENTS 

RBI issues amendments to the KYC Master Direction[2]

Effective immediately upon notification on November 6, 2024, RBI announced amendments to the Master Direction – Know Your Customer (KYC) Direction, 2016[3] (“KYC MD”), to align it with recent amendments introduced in India’s anti-money laundering and counter-terrorism financing regime.

Key Amendments to the KYC MD:

1. Simplification of CDD Processes: Regulated Entities (“RE”) are now required to apply the Customer Due Diligence (“CDD”) procedures set out in the KYC MD at the Unique Customer Identification Code (“UCIC”) level only. That is, REs do not need to carry out a fresh CDD exercise for existing KYC-compliant customers who are desirous of seeking additional products or services from the same RE. This amendment eliminates redundant CDD processes for customers who have already been verified by the RE, thereby making the CDD process more time efficient in such use-cases.
2. KYC Information Sharing with Central KYC Records Registry (“CKYCR”): REs are now required to submit updated or additional customer information to the CKYCR within 7 (seven) days of obtaining it. CKYCR will subsequently update the customer’s KYC records and electronically notify all REs that have previously interacted with the customer about such updated information.

SEBI issues circular for Business Continuity for Interoperable Segments of Stock Exchanges[4]

On November 28, 2024, SEBI issued a circular titled “Business Continuity for Interoperable Segments of Stock Exchanges” (“SEBI Circular”) with the intent to strengthen the business continuity framework of Market Infrastructure Institutions (“MIIs”)[5] to ensure smooth trading operations and hedging opportunities in the event of outages at stock exchanges.

The SEBI Circular builds upon the guidelines for market intermediaries previously outlined in SEBI Master Circulars dated October 16, 2023, and October 6, 2023, on Business Continuity Planning (“BCP”) and Disaster Recovery Sites (“DRS”). The provisions of the SEBI Circular will become effective from April 1, 2025. On the basis of discussions of a working group as well as with the Secondary Market Advisory Committee of SEBI, the following has been decided for interoperable segments of stock exchanges.

• Participants with open positions can hedge their risks by taking offsetting positions in identical or correlated indices available on other interoperable exchanges. This mechanism facilitates netting off open positions and releasing margins for end clients trading in interoperable exchanges.
• Exchanges may create reserve contracts for securities and derivatives listed exclusively on other exchanges and not traded on their platform. These reserve contracts may be invoked during outages on the other exchange, to maintain market continuity.
• Exchanges without highly correlated index derivatives are encouraged to create new indices and introduce derivatives contracts on them to provide hedging opportunities in index derivatives products of an exchange that suffered an outage.
• Affected exchanges must notify SEBI and the designated alternative trading venue within 75 (seventy-five) minutes of an outage. The alternative venue must activate its continuity plan as per a Standard Operating Procedure (“SOP”) within 15 (fifteen) minutes of notification.
• Initially, the National Stock Exchange and Bombay Stock Exchange will act as alternative venues for each other. Both exchanges are required to submit a joint SOP, detailing roles and responsibilities, to SEBI within 60 (sixty) days.

SEBI issues guidelines to Stock Exchanges, Clearing Corporations and Depositories to strengthen the governance of MIIs[6]

On November 28, 2024, SEBI issued a circular titled “Guidelines to Stock Exchanges, Clearing Corporations and Depositories” (“SEBI Guidelines”) aimed at enhancing the compliance and monitoring frameworks of MIIs.

The SEBI Guidelines also build on previous guidelines outlined in SEBI Master Circulars dated October 16, 2023, and October 6, 2023. Based on the recommendations of the Committee on Strengthening of Governance of MIIs, the following key provisions have been established:

• Quarterly reporting by the Compliance Officer (“CO”) is mandated, requiring the submission of any non-compliance issues to SEBI within 45 (forty-five) days after the end of each quarter in the format annexed within the SEBI Guidelines.
• The Chief Risk Officer must present a half-yearly report to SEBI, detailing the overall risk management practices of the MII, to be submitted within 90 (ninety) days from the end of each half-year.
• In the view of strengthening the whistleblower mechanism, MIIs will have to undertake the following functions –(i) MIIs shall resolve whistleblower complaints within 60 (sixty) days from the date of receipt; (ii) The audit committee of MIIs shall be responsible for receiving and investigating whistle-blower complaints, taking appropriate decisions with regards to further action and submitting a report to the governing board of the MII containing details of all such complaints received during a quarter; (iii) Appropriate checks and balances to be implemented by the MII to ensure that disincentives for misreporting, if any, do not dissuade genuine whistleblowers from reporting irregularities; (iv) The regulatory oversight committee of MIIs shall annually review the whistleblower policy and disclose the same on their website.
• To enhance oversight and strengthen regulatory and supervisory mechanisms, MIIs are encouraged to adopt advanced technologies for monitoring their members and participants, and to ensure that all material information is made publicly accessible on their websites.
• MIIs must have policies in place for appointment and monitoring of back-office vendors or outsourced agents. Such policy must clearly outline the risks that may arise from such relationships and steps to eliminate or reduce such risks and shall define the minimum standards or thresholds in terms of quantitative and qualitative parameters that must be met by the back-office vendors or outsourced agencies for appointment.
• MIIs must establish internal policies regarding data sharing adequately covering all methods both online and offline, ensuring compliance with confidentiality standards and conducting regular audits of data sharing practices at least once in 6 (six) months. The policy shall be reviewed annually by the Standing Committee on Technology. Non-compliances, if any, shall be reported within 15 (fifteen) days to governing board of the MII and SEBI by the Compliance Officer (CO) along with remedial steps taken or to be taken in this regard.

Effective from April 1, 2025, MIIs are required to implement these provisions, make necessary amendments to their bye-laws, and ensure that all relevant parties are informed of these changes.

SEBI issues circular to simplify the registration process for certain categories of FPI[7]

On November 12, 2024, SEBI issued a circular titled “Simplified Registration for Foreign Portfolio Investors (“FPIs”) (“FPI Circular”) with the aim of streamlining the registration process for FPIs and reducing redundancy in information submission.

The FPI Circular builds on SEBI’s “Master Circular for Foreign Portfolio Investors, Designated Depository Participants, and Eligible Foreign Investors” issued on May 30, 2024. Based on industry feedback and consultations, SEBI has introduced the following measures to ease the onboarding process for FPI applicants in specific scenarios:

•  Applicants falling under the following categories may opt for a simplified process: (i) Funds operated by an investing/non-investing Investment Manager already registered as FPIs; (ii) Sub-funds of a master fund or its affiliates already registered as FPIs; (iii) Segregated portfolios or equivalent structures within a fund already registered as an FPI; (iv) Insurance schemes where the parent entity or another scheme is registered as an FPI.
• Eligible applicants may choose between the full Common Application Form (“CAF“) or an abridged version containing only unique fields relevant to them. Non-unique fields will either be auto-populated from the depositories’ CAF module or disabled, as applicable. Applicants opting for the abridged CAF must provide explicit consent to use existing information and confirm that all details other than those mentioned in the abridged version of CAF remain unchanged.
• Designated Depository Participants (“DDPs”) must update the CAF module with applicant-provided information against the application number of the application and ensure the system reflects complete and accurate details.
• Standards for implementation, including fields eligible for auto-population or disabling, will be developed by the Custodians and Designated Depository Participants Standards Setting Forum (“CDSSF”) in consultation with SEBI.

The provisions of this circular will come into effect on February 12, 2025.

RBI has cautioned the public against deepfake videos of RBI Governor Shaktikanta Das being circulated over social media[8] 

On November 19, 2024, RBI issued a cautionary communication titled “RBI Cautions Public on Deepfake Videos of Top Management Circulated Over Social Media Giving Financial Advice” (“RBI Advisory”) to alert the public about the circulation of fake videos impersonating senior officials of the RBI, including the Governor.

The RBI Advisory highlights that these videos, created using advanced technological tools, falsely claim that the RBI has launched or endorsed certain investment schemes and provide fabricated financial advice to the public. To address this issue and protect the public, it has been clarified by the RBI that the RBI and its officials are not associated with or supportive of any such investment schemes and do not provide financial investment advice or endorse any specific investment platforms or products. Members of the public were strongly cautioned against engaging with or believing such deepfake videos being circulated on social media. This advisory is issued in the interest of public awareness and safety, emphasising the importance of verifying information from authentic RBI communication channels.

RBI updates the Guidelines on Default Loss Guarantee in Digital Lending FAQs[9]

On November 5, 2024, RBI released an updated Frequently Asked Questions document titled “Guidelines on Default Loss Guarantee (DLG) in Digital Lending” (“Updated Guidelines”), providing additional clarifications on the operational and compliance requirements under its DLG framework. These Updated Guidelines, initially issued on June 8, 2023,[10] aim to enhance transparency and standardisation in digital lending practices.  It is also clarified that DLG arrangements are not permitted with respect to loans which are covered by the credit guarantee schemes administered by trust funds as specified under paragraph 2 of Review of Prudential Norms – Risk Weights for Exposures guaranteed by Credit Guarantee Schemes dated September 07, 2022, as amended from time to time.

NPCI implements the Advanced Encryption Standard (“AES”) as the mandatory encryption protocol within the ONMAGS Application for all authentication modes[11]

On November 5, 2024, the National Payments Corporation of India (“NPCI”) announced the mandatory implementation of the Advanced Encryption Standard – Galois/Counter Mode (“AES-GCM”) protocol for all authentication modes within the Online Mandate Gateway Service (“ONMAGS”) application to enhance data security and comply with modern encryption standards. NPCI has directed all National Automated Clearing House (“NACH”) member banks to adopt the new encryption methodology by January 31, 2025.

Key highlights of the new encryption framework include –

• Implementation of AES-GCM encryption, a symmetric encryption protocol utilising a 256-bit key, is now mandatory for new merchants and banks onboarded to ONMAGS.
• Details of the encryption process, the flow of the encryption process for merchants as well as the flow of the decryption process for the NPCI and banks has been outlined within the standards.
• The flow diagram as well as a summary view of the end-to-end approach has been included within the standards for ease of understanding and implementation.

The AES-GCM is to be implemented based on 2 (two) assumptions – (i) NPCI, banks and merchants will have two different set of keys for encrypting and signing the request, and (ii) Code logic for the AES-GCM approach will be shared by NPCI with merchants and banks, and they shall use the same for decrypting the request.

IFSCA issues regulatory framework for consumer grievance redressal by IFSC regulated entities^[12]

The International Financial Services Centres Authority (“IFSCA”) through a circular dated December 2, 2024, has issued the regulatory framework for handling of complaints and redressal of grievances by the regulated entities in the International Financial Services Centre (“IFSC”). All entities regulated by the IFSCA are required to implement a board approved policy for handling of complaints and grievance redressal. The same needs to be published on the website of the regulated entity or the dedicated website of its group entity, as may be applicable, along with the name and contact details of the complaint redressal officer and the complaint redressal appellate officer.

The complaint handling procedure and appeal mechanism have been prescribed specifically for regulated entities dealing with retail consumers, i.e., consumers who are individuals. Such entities are required to dispose of complaints ideally within a period of 15 (fifteen) days, but no later than 30 (thirty) days after acceptance of the complaint. Regulated entities are also required to maintain all records relating to handling of complaints and file reports on handling of complaints in the form and manner that may be specified by the IFSCA from time to time.

The requirements prescribed under this circular are in addition to the compliances relating to grievance redressal that may have been prescribed under any other regulations by the IFSCA. The purpose of this circular is mainly to align the procedures for complaint handling across the financial services in the IFSC. If any requirement in this circular is contradictory to an existing requirement under any regulation by the IFSCA, the existing regulatory requirement will prevail.

Regulated entities have been given time till April 1, 2025, to align their grievance redressal and complaint handling procedures with this circular.

SEBI issues clarifications with respect to Specified Digital Platforms^[13]

SEBI issued a clarification on December 4, 2024, stating that digital platforms used by regulated entities are not obligated to be notified as specified digital platforms (“SDPs”) and are not regulated by the SEBI. SDPs are digital platforms approved by the SEBI that implement mechanisms to prevent and address prohibited activities, such as providing unregulated financial advice or misleading claims of returns or performance on securities.

It has also been clarified that it is not mandatory for regulated entities to associate with or through SDPs. However, regulated entities associated with SDPs will not be held liable for violating certain provisions of the SEBI (Intermediaries) Regulations, 2008 (“Intermediaries Regulations”), the Securities Contracts (Regulation) (Stock   Exchanges   and   Clearing   Corporations) Regulations, 2018 (“SECC Regulations”) and the SEBI (Depositories and Participants) Regulations, 2018 (“DP Regulations”). However, regulated entities not associated with SDPs are required to ensure that they independently comply with the aforementioned provisions under the Intermediaries Regulations, SECC Regulations and DP Regulations.

SEBI amends the regulations applicable to Investment Advisers^[14]

SEBI released the SEBI (Investment Advisers) (Second Amendment) Regulations, 2024 (“IA Amendment Regulations”) on December 17, 2024, to amend the existing SEBI (Investment Adviser) Regulations, 2013 (“IA Regulations”). The IA Amendment Regulations addresses the growing use of AI in the investment advisory industry and the related data protection concerns. An IA who deploys AI tools for providing advice to its clients is solely responsible for the investment advice that is being provided on the basis of the output generated by the AI tools, and for the security, confidentiality and integrity of its clients’ data. IAs are also required to disclose the use and extent of use of AI tools in providing investment advice to its clients.

The IA Amendment Regulations have included part-time investment advisers within the regulatory purview of the SEBI. To obtain registration as a part-time investment adviser, an applicant is required to obtain a no-objection certificate from its existing employer, if the applicant is currently employed. A part-time investment adviser is required to maintain an arms-length relationship between its investment advisory activities and other business activities and ensure clear segregation. As per the IA Amendment Regulations, part-time investment advisors cannot have more than 75 (seventy-five) clients at a given point of time and are required to use the term ‘part-time investment adviser’ in all correspondence with their clients.

Additionally, it has also been clarified that trading calls do not fall within the ambit of investment advice.

SEBI amends the regulations applicable to Research Analysts^[15]

SEBI, on December 17, 2024, published the SEBI (Research Analysts) (Third Amendment) Regulations, 2024 (“RA Amendment Regulations”) to further amend the SEBI (Research Analysts) Regulations, 2014 (“RA Regulations”). The definition of “research services” has been added to the existing RA Regulations, which includes services in relation to preparing or publishing research reports, providing or issuing a research report or research analysis, making buy / sell / hold recommendations, giving price targets or stop loss targets, providing opinions on public offers, recommending model portfolios, providing trading calls, and offering other services of similar nature. Much like the IA Amendment Regulations, RAs are required to disclose to their clients the extent of the use of AI tools in providing their research services. The concept of ‘part-time research analysts’ has also been introduced. Individual RAs have been prohibited from providing distribution services. However, non-individual RAs may undertake distribution services, provided that there is client-level segregation of its research and distribution services at a group level. RAs are now required to also maintain KYC records of their fee-paying clients. Non-individual RAs are required to appoint a compliance officer or an independent professional such as a chartered accountant or a company secretary, who will be responsible for ensuring compliance with the RA Regulations.

With regard to the eligibility criteria for RAs, instead of maintaining a specific net-worth, RAs are now required to maintain a specified deposit with a scheduled bank. The amended RA Regulations have also prescribed minimum qualification requirements for individual RAs and principal officers of non-individual RAs.

IFSCA releases revised guidelines for setting up and operating International Trade Financing Services Platforms^[16]

The IFSCA released revised guidelines for setting up and operating International Trade Financing Services (“ITFS”) platforms in the IFSC on December 23, 2024. ITFS platforms are regulated platforms which facilitate access to trade finance services digitally to global exporters and importers at competitive prices via a bidding mechanism. These trade finance services inter alia include factoring, forfaiting, bill discounting and supply chain financing.

The revised guidelines have simplified the eligibility criteria for ITFS platforms, requiring applicants to meet specific financial, technological, and general criteria to qualify, as compared to the earlier net-worth requirement. The revised guidelines have also permitted registration for eligible entities on an on-tap basis, instead of a closed timeline for making applications. Additionally, the procedures for grant of provisional registration, registration, process involved in refusal, revocation, or surrender of registration have also been provided.

The scope of permissible activities on an ITFS platform has been expanded to include secondary market transactions of trade finance units to enhance liquidity on the platform.

RBI allows Unified Payments Interface (UPI) access for Prepaid Payment Instruments (PPIs) through third-party applications^[17]

RBI, through a circular dated December 27, 2024, has introduced significant changes to the existing framework for Unified Payments Interface (“UPI”) transactions involving Prepaid Payment Instruments (“PPIs”). As per the earlier framework, UPI payments from or to a PPI could only be carried out through the mobile application provided by the PPI issuer. The revised framework now permits full-KYC PPI holders to link their PPIs to third-party UPI applications, thereby enabling PPI holders to make and receive UPI payments through the mobile applications of third-party UPI applications. It has also been reiterated that PPI issuers, acting as Payment System Providers, cannot onboard customers of any other banks or PPI issuers. The authentication requirements for UPI transactions on issuer applications have also been revised, mandating the use of customers’ existing PPI credentials to authenticate UPI transactions from PPI on the issuer’s application, thereby ensuring pre-approval of such transactions before the transactions reach the UPI system. With respect to the UPI transactions from PPIs using third-party UPI applications, authentication is required to be done by using the UPI credentials. These changes have also been incorporated into the Master Directions on Prepaid Payment Instruments, dated August 27, 2021.

SEBI issues clarifications to Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities^[18]

SEBI vide circular dated December 31, 2024, issued clarifications to its Cybersecurity and Cyber Resilience Framework (“CSCRF”) for SEBI-regulated entities. The CSCRF was issued by the SEBI on August 20, 2024. It requires regulated entities to establish cybersecurity risk management roles and responsibilities and formulate a comprehensive cybersecurity and cyber resilience policy which is to be approved by the board of the regulated entity. It also holds regulated entities solely accountable for violations by third parties in relation to confidentiality obligations, security of regulated entities’ data and logs, and all other compliance requirements under laws, regulations and circulars issued by SEBI. Among other requirements such as data localisation and implementing specific security standards, regulated entities are also required to undertake risk assessments and vulnerability testing of their critical systems in the information technology environment. The CSCRF also prescribes standardised formats for regulated entities to report their compliance with the CSCRF to their respective authorities.

While the CSCRF was to come into effect from January 1, 2025, the clarifications extend the timeline for compliance with the same for KYC Registration Agencies and Depository Participants. It has also been clarified that no regulatory action will be taken against regulated entities for non-compliance with the requirements under the CSCRF before March 31, 2025, provided that they are able to demonstrate progress towards implementing the CSCRF. Additionally, compliance with guidelines and provisions in relation to data localisation under the CSCRF have been deferred until further consultation by the SEBI.

INDUSTRY CHALLENGES

In December, the framework governing IAs and RAs was the focal point of discussion in the financial advisory space owing to some significant amendments introduced by the SEBI to the RA Regulations and the IA Regulations. While the amendments introduced address gaps and challenges in the sector, the new RA Amendment Regulations and IA Amendment Regulations will present significant challenges to the present structuring of IA and RA services.

While already a requirement under the IA Regulations, the RA Amendment Regulations have introduced the obligation on RAs to maintain client-level segregation at the group level for ‘research activities’ and ‘distribution activities’. RAs not already practicing this segregation will have to undertake internal housekeeping steps immediately to comply with this requirement.

A popular phenomenon in the fintech space in the recent years has been creation and operation of super apps that offer bundled services through a single platform. In the financial advisory space, several super apps are available in the market that offer distribution and research activities simultaneously. Notably, the super apps popularly incline to provision research advisory services over investment advisory services owing to the existing obligation on an IA under the IA Regulations to maintain client level segregation between investment and distribution services at a group level.

With the introduction of the RA Amendment Regulations putting the clubbing of research and distribution services at risk, these players will need to further overhaul their current service offerings are restructure their organisation and platform interface to adhere to the segregation requirements.

In keeping up with the theme of addressing challenges in the advisory ecosystem in 2024, SEBI introduced key guidelines in January 2025 which provide some respite to IAs and RAs. The ‘Guidelines on Investment Advisers’ dated January 08, 2025,[19] provided that stock broking services do not fall within the scope of distribution services for the purposes of client-level segregation requirements for advisory and distribution activities under the IA Regulations. Therefore, enabling stockbrokers to offer advisory services to the same set of customers without being in foul of the segregation requirements under the IA Regulations.

Similarly, the SEBI released ‘Guidelines for Research Analysts dated January 08, 2025’[20], clarifying that the distribution services for the purpose of client-level segregation envisaged under the RA Regulations does not include stock broking services. Accordingly, any stockbroker carrying out research activities does not need to implement client-level segregation at the group level in relation to its research and stockbroking activities.

These recent regulatory measures taken by SEBI with regards to IAs and RAs clearly denote its interest in addressing any criticisms around the extant regulations being too stifling for industry players while also ensuring the protection of investors’ best interests. 

SEBI proposes regulatory changes for Angel Funds in AIF Regulations[21]

On November 13, 2024, SEBI issued a consultation paper proposing significant amendments to the regulatory framework for angel funds under the SEBI (Alternative Investment Funds) Regulations, 2012. The proposals follow a comprehensive review by a working group formed in July 2022 and aim to streamline operations while addressing structural challenges faced by angel funds.

The proposed key amendments include restricting investments in angel funds to accredited investors while retaining the 200 (two hundred)-investor cap (excluding Qualified Institutional Buyers). The minimum corpus requirement of INR 5 (five) crore for angel funds may be replaced by a requirement to onboard at least 5 (five) accredited investors before initiating investments. Additionally, the minimum and maximum investment thresholds are proposed to be set at INR 10 (ten) lakh and INR 25 (twenty) crore, respectively.

To address compliance challenges, SEBI has proposed removing the 25% (twenty-five per cent) diversification cap on investments in single ventures and permitting follow-on investments in portfolio companies that no longer qualify as start-ups. Other proposals include reducing the lock-in period for investments from 1 (one) year to 6 (six) months and revising continuing interest requirements for sponsors or managers to apply at the investment level.

Operational simplifications include eliminating the term sheet filing requirement and introducing a standardised PPM template, with mandatory audits for funds managing over INR 100 (one hundred) crore. The proposals will apply to new angel funds upon notification while existing funds will have a 1 (one)-year transition period to comply.

IFSCA introduces modifications to AML/CFT Guidelines[22]

IFSCA, on November 22, 2024, amended the IFSCA (Anti Money Laundering, Counter-Terrorist Financing, and Know Your Customer) Guidelines, 2022. These modifications, issued under Section 12 of the IFSCA Act, 2019, and Rule 9(14) of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, aim to enhance compliance with international countermeasures and strengthen group-wide risk management practices.

Regulated entities are now required to adhere to countermeasures mandated by any international or intergovernmental organisation of which India is a member, provided these measures are approved by the Central Government.

Additionally, group-wide compliance functions must ensure the sharing of customer, account, and transaction information between branches and subsidiaries for effective AML/CFT risk management.

SEBI issues advisory on unauthorised virtual trading and gaming platforms[23]

SEBI, vide an advisory dated November 4, 2024, has issued a caution to the public against using unauthorised virtual trading platforms, paper trading services, or fantasy gaming platforms that base their operations on the stock price data of listed companies. These activities are in violation of the Securities Contract (Regulation) Act, 1956, and the SEBI Act, 1992, which are designed to safeguard investor interests.

Previously, SEBI had issued a press release on August 30, 2016, warning against leagues, schemes, and competitions related to securities markets, including those offering prize distributions. The current advisory reiterates that trading and investment in securities markets should be conducted only through registered intermediaries, as unauthorised platforms fall outside SEBI’s regulatory ambit.

SEBI has also emphasised that participation in such unauthorised schemes carries significant risks, including the misuse of personal and confidential trading data. Investors engaging with these platforms do so at their own risk, with no access to SEBI’s investor protection mechanisms, including the SEBI Complaints Redress System (SCORES), exchange grievance mechanisms, or SEBI’s Smart ODR platform for online dispute resolution.

RBI allows small finance banks to offer credit on UPI[24]

As per the RBI Governor’s Statement dated December 6, 2024, the RBI has now permitted small finance banks to extend pre-sanctioned credit lines through UPI. Previously, credit line on UPI was launched by the RBI for scheduled commercial banks, and it was not made available for small finance banks. However, noting the need for expanding financial inclusion and enhancing formal credit, particularly for ‘new to credit’ customers, the RBI permitted the small finance banks to extend pre-sanctioned credit lines through the UPI.

RBI enhances the limit for UPI lite transactions[25]

On December 04, 2024, the RBI enhanced the limits for UPI lite transactions to INR 1000 (one thousand) per transaction with INR 5,000 (five thousand) being the total limit. In light of the same, the RBI has amended its Framework for Facilitating Small Value Digital Payments in Offline Mode dated January 03, 2022 (“Framework”). That said, the upper limit for an offline transaction remains to be INR 500 (five hundred), and the total limit for offline transactions on a payment instrument is retained as INR 2,000 (two thousand) at any given point in time.

Centre seeks public comments on the draft bill for banning illegal lending[26]

On December 13, 2024, the Department of Financial Services under the Ministry of Finance released a draft bill titled ‘The Banning of Unregulated Lending Activities’ (“Bill”) to curb unregulated lending activities in India. The Bill seeks to ban all entities who are not authorised by RBI or any of the other regulators specified under the Bill, from undertaking public business lending activity including digital lending. Additionally, the lenders are also prohibited from issuing any advertisements in pursuance of unregulated lending activity.

The Bill defines unregulated lending activities as any lending activities which are not regulated under the laws set out in the first schedule to the Bill and carried by any person through digital lending or otherwise.  The Bill contemplates a fine ranging from a punishment of a fine ranging from INR 2 (two) lakh to INR 1 (one) crore and imprisonment for a minimum of 2 (two) years, which may extend up to 7 (seven) years in any instances of contravention. Interestingly, the Bill digresses from the definition of digital lending provided under the Guidelines on Digital Lending dated September 02, 2022, by limiting the scope of digital lending solely to ‘public lending activity’. Stakeholders can submit comments on the Bill to the Ministry of Finance by February 13, 2025.

AI regulatory updates in the fintech space

RBI constitutes a committee to develop a Framework for Responsible and Ethical Enablement of AI (FREE-AI) in the Financial Sector[27]

In its statement on developmental and regulatory policies, the RBI noted the shift in the development paradigm of financial sector through the introduction of AI/ Machine Learning (ML), tokenisation, and cloud computing. As per the RBI, these technologies hold transformative potential for the financial sector owing to their ability to handle enormous volumes of data, automate complex processes and enhanced decision-making. Pursuant to the statement on developmental and regulatory policies, the RBI announced setting up of a committee for development of a Framework for Responsible and Ethical Enablement of AI (FREE-AI) in the Financial Sector. The committee aims to achieve objectives including: (a) assessing the current level of adoption of AI in financial services, globally and in India; (b) reviewing regulatory and supervisory approaches on AI with focus on financial sector globally; (c) identifying potential risks associated with AI; and (d) recommending an evaluation, mitigation and monitoring framework and consequent compliance requirements for financial institutions, including banks, non-banking financial companies (“NBFCs”) and fintechs.

SEBI proposes amendments for the use of AI tools by Market Infrastructure Institutions[28]

SEBI, vide a consultation paper dated November 13, 2024, has proposed amendments to the Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Regulations, 2018, the SEBI (Depositories and Participants) Regulations, 2018, and the SEBI (Intermediaries) Regulations, 2008. These amendments aim to assign responsibility for the use of AI tools by MIIs, Registered Intermediaries, and other persons regulated by SEBI.

The proposed amendments introduce new obligations on regulated entities. Any person or entity regulated by SEBI that uses AI tools and technologies, either designed in-house or procured from third-party technology service providers, will be solely responsible for ensuring the privacy, security, and integrity of investors’ and stakeholders’ data, including fiduciary data, throughout all processes involving the use of such tools. They will also be responsible for the consequences of relying on outputs generated by AI tools and techniques and for compliance with applicable laws in force.

The proposed amendments also expand the regulatory scope to include the use of "artificial intelligence tools," which are defined as applications, software programs, or executable systems offered publicly or used internally by regulated entities for activities such as trading facilitation, investment strategy dissemination, and compliance operations.

MARKET UPDATES

Cancellation of Certificate of Registration for Non-Banking Financial Companies by RBI

6 (six) NBFCs have surrendered their Certificate of Registration (“CoR”) to RBI. Of these, 3 (three) NBFCs have surrendered their CoR following an exit from the non-banking financial business, namely Bellona Dealcom Pvt. Ltd., Sonata Finance Private Limited, and Stanley Vyapaar Pvt. Ltd. The remaining three NBFCs surrendered their CoR due to ceasing operations for reasons such as amalgamation, merger, dissolution, or voluntary strike-off, namely Mayur Barter Pvt. Ltd., Sakthi Consultants Pvt. Ltd., and C L Developers Pvt. Ltd.[29]

Additionally, the RBI has cancelled the CoR for 2 (two) more companies. Ulhas Securities Private Limited, with its registered office in Gandhinagar, Gujarat and Sikar Investment Co. Ltd., based in Bharatpur, Rajasthan. These cancellations were also effected under the provisions of Section 45-IA(6).[30]

MFIN introduces stricter lending norms to address asset quality challenges in microfinance[31]

The Microfinance Institutions Network (“MFIN”), a self-regulatory organisation for the microfinance sector, has announced a series of stringent measures to address ongoing asset quality challenges and borrower over-indebtedness. These measures come in the wake of rising non-performing assets in the microfinance segment and growing regulatory concerns about lending practices in the industry.

Key changes introduced by MFIN include limiting the number of lenders per borrower to 3 (three), down from the earlier limit of 4 (four), and capping total indebtedness at INR 2 (two) lakh per borrower, which now includes both microfinance and unsecured retail loans. Additionally, lending to borrowers with overdue amounts exceeding INR 3,000 (three thousand) for more than 60 (sixty) days will be prohibited, tightening the existing 90 (ninety) day norm.

These stricter norms follow increased scrutiny from the RBI, which has raised concerns over practices such as exorbitantly high-interest rates, multiple loans to single borrowers, and the misallocation of repayments despite borrower compliance.

Angel One[32] receives SEBI approval to launch mutual fund operations[33]

Angel One, a leading stockbroking firm, announced that its subsidiary, Angel One Asset Management Company, has received approval from the SEBI to act as the asset management company for Angel One Mutual Fund.

HDFC Life reports data breach, initiates investigation^[34]

HDFC Life Insurance has reported a data breach, disclosing the incident in a regulatory filing. The company revealed that it received communication from an unidentified source who shared customer data fields with malicious intent.

In response, HDFC Life has initiated a comprehensive information security assessment and data log analysis to identify the root cause of the breach. The insurer has assured that all necessary steps are being taken to safeguard customer interests and prevent similar incidents in the future.

This breach comes shortly after Star Health Insurance experienced a similar attack two months ago, during which hackers leaked personal data, including sensitive medical information, online. Star Health responded by reporting the incident to authorities and conducting a forensic investigation with the assistance of independent cybersecurity experts.

Rio launches UPI app and co-branded credit card in partnership with Yes Bank and NPCI[35]

Rio, a fintech platform, has introduced its UPI app alongside a co-branded credit card developed in partnership with Yes Bank and NPCI. The initiative aims to integrate the advantages of credit with the widespread accessibility of UPI, enabling users to make purchases via UPI at over 100 (hundred) million merchant locations across India. This move seeks to address the rising demand for convenient financial solutions.

The Rio app is among the first to merge credit benefits with UPI payments. The platform sees credit-on-UPI as a transformative opportunity to reshape consumer finance in India, catering to the cash flow management needs.

Paytm enables UPI international payments[36]

One97 Communications Limited, Paytm's parent company, has introduced international UPI payments, enabling Indian travellers to make cashless transactions in countries like the UAE, Singapore, France, Mauritius, Bhutan, and Nepal. This aligns with the RBI’s vision to expand UPI to 20 (twenty) countries by 2028-29, as outlined in its Annual Report 2023-24.

The feature on the Paytm app allows users to activate UPI for trips (1 (one) – 90 (ninety) days) with transparent foreign exchange rates and deactivate it anytime. RBI’s roadmap emphasises integrating UPI with global fast payment systems to enhance cross-border payments, citing the successful UPI-PayNow model in Singapore.

NPCI International Payments Limited, UPI’s global arm, is driving partnerships in countries like Peru and Namibia, highlighting opportunities for Indian fintechs to streamline remittances and reduce transaction costs.

MAJOR DEALS

Pulse, a Software as a Service (“SaaS”) focused agentic AI platform, raised USD 1.4 (one point four) million in a seed funding round led by Endiya Partners.[37] Angel investors, including the founders of SaaS platform Zluri and customer service startup Yellow.ai, along with other entrepreneurs, also participated in the round. The company plans to utilise the funds to strengthen its core team, enhance platform development, and advance its large language models and agentic AI capabilities.

PeLocal, a payment solutions provider specialising in ecommerce transactions via messaging platforms like WhatsApp, raised USD 2 (two) million in a funding round led by Unicorn India Ventures.^[38] The Chennai-registered fintech startup aims to scale its monthly transactions from the current 3 (three) million to 10 (ten) million within a year. Founded in 2021, PeLocal plans to develop a marketing catalogue and a dedicated small business payments platform on WhatsApp. The company caters to prominent clients like Delhi Metro, Indraprastha Gas, and Mahanagar Gas, with its solutions also adopted by insurance companies for premium collections. This follows a USD 1 (one) million seed round raised in 2022.

AssetPlus,[39] a fintech platform providing distribution of financial products like mutual funds, has raised INR 50 (fifty) crore in a funding round led by Eight Roads Ventures, a global investment firm backed by Fidelity.^[40] Eight Roads Ventures contributed INR 40 (forty) crore, while Zerodha-backed Rainmatter invested INR 10 (ten) crore. The funds will be utilised for business development, operational expansion, and distributor partner training.

Zopper, an insurtech startup, has raised USD 25 (twenty-five) million in a funding round led by Elevation Capital and Dharana Capital, with participation from existing investor Blume Ventures.^[41] The fresh funds will be used to enhance Zopper’s digital technology infrastructure, strengthen its insurance distribution platform, and accelerate growth in its bancassurance solutions. Additionally, the funds will bolster post-sales and servicing capabilities for its device and appliance protection businesses.

CredFlow, a fintech startup that provides small and medium businesses with payment solutions, including invoice collection, payment acceptance, cash flow management, and financial analysis, has raised USD 3.7 (three point seven) million in funding from existing investors Inflexor Ventures and a prominent Singapore-based family office.^[42] The funds will be deployed to scale its financial services and lending verticals, enhance technology and innovation capabilities, and drive the expansion of its embedded digital lending arm, CredFlow Finance. The company also aims to secure an NBFC licence as part of its growth strategy.

Theranautilus, a deeptech startup developing nanorobotic healthcare solutions, has raised USD 1.2 (one point two) million in seed funding led by Pi Ventures.^[43] The round also included participation from Golden Sparrow Ventures and angel investors. Incubated at the Indian Institute of Science, the startup plans to use the funds to establish an ISO-certified manufacturing facility to commercialise nanorobotics-based medical devices. Theranautilus will initially focus on dental care applications and aims to file new international patents as part of its growth strategy.

Snapmint, an NBFC with buy-now-pay-later offerings, raised USD 18 (eighteen) million in its Pre-Series B funding round.[44] The round, which was a mix of debt and equity, was led by Prudent Investment Managers, and also saw participation from new investor, Perpetuity Ventures and existing investor, Pegasus Fininvest. The startup plans to use capital in enhancing its technology, launching new ‘buy now pay later’ products, expanding product categories, and onboarding new merchants.

Zaggle, fintech company providing SaaS products, has raised funding of almost INR 595 (five hundred and ninety-five) crores in funding through qualified institutional placement by issuing 1.13 (one point one three per cent) crores equity shares to eligible qualified institutional buyers. Bank of India ELSS Tax Saver emerged as the largest buyer, by subscribing to 16.81% (sixteen point eight one per cent) of the offering.[45]  The Bank of India ELSS Tax Saver is followed by Societe Generale-ODI and ICICI Prudential Technology Fund, which secured 9.25% (nine point two five per cent) and 6.72% (six point seven two per cent) of the offering, respectively.

Varthana Bags, an education focused non-banking financial company, has raised INR 120 (one hundred and twenty) Crores in debt from BlueOrchard Microfinance Fund.[46] This funding was raised through an external commercial borrowing framework. It will be using the funds to expand its lending portfolio to provide financial support for infrastructure enhancement and skill-based learning initiatives to private schools and vocational students in Tier II & III cities, respectively.

QuiD Cash[47] has raised around USD 4 (four) million in a pre-series A funding from angel investors including Piyush Jain, Director of Shrem Group and existing investor MINTCAP.[48] QuiD Cash is a business-to-business supply chain fintech startup, which has as launched QuiD Capital, an NBFC arm to facilitate anchor-led invoice financing.

Univest, a wealthtech startup, has secured USD 10 (ten) million as a part of its Series A funding round led by Bertelsmann India Investments (BII).[49] This equity round also saw participation from a host of undisclosed angel investors. Previously, the startup was set to raise USD 16 (sixteen) million in its Series A round, which was set to be a mix of both equity and debt infusion. The investment from this round will be utilised in developing a stock market super application for retail investors.

Yield Technologies Private Limited (Curie Money), a neo-bank, has raised USD 1.2 (one point two) million in a seed funding round led by India Quotient, with participation from other institutional and angel investors from fintech space.[50] Curie Money is a high-yield, mutual fund-backed banking app that integrates investments with payments. The platform enables users to invest in mutual funds and provides instant liquidity through a savings account. The investment will be utilised in scaling technology infrastructure and accelerating growth.

Axio, a fintech firm backed by SAIF Partners, Elevation Capital, Peak XV Partners, Creation Investments, Ribbit Capital, and LR India Fund,[51] is set to be acquired by Amazon to strengthen its credit-based offerings in India.[52] The companies signed an acquisition agreement in December following due diligence, and the transaction is now pending regulatory approvals. Axio has filed an application with the RBI for a change in control, and the acquisition will be completed upon approval.

Mintifi, a supply chain financing platform, has raised USD 180 (one hundred and eighty) million in Series E funding round.[53] This series E round was a mix of primary and secondary transactions, and it was co-led by Teachers’ Venture Growth (TVG) and Prosus. It also saw participation from existing backer Premji Invest. The startup plans to deploy the fresh capital to expand its footprint across key sectors and strengthen its position in the supply chain financing segment. It also plans to leverage AI to enhance user experience.

[1] https://bfsi.economictimes.indiatimes.com/news/fintech/fintech-funding-december-2024-indian-fintechs-raised-usd-425-4-mn/117019418

[2] https://rbidocs.rbi.org.in/rdocs/notification/PDFs/NOTI87296ED881E788420F971BE7ACDD35EAFE.PDF

[3] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11566

[4] https://www.sebi.gov.in/legal/circulars/nov-2024/business-continuity-for-interoperable-segments-of-stock-exchanges_89032.html

[5] Market Infrastructure Institutions (MIIs) are organizations that provide the fundamental systems and facilities for the securities market. MIIs include stock exchanges, clearing corporations and depositories. 

[6] https://www.sebi.gov.in/legal/circulars/nov-2024/guidelines-to-stock-exchanges-clearing-corporations-and-depositories_88709.html

[7] https://www.sebi.gov.in/legal/circulars/nov-2024/simplified-registration-for-foreign-portfolio-investors-fpis-_88408.html

[8] https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=59135

[9] https://www.rbi.org.in/Scripts/FAQDisplay.aspx?Id=168

[10] https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=12514&Mode=0

[11] https://www.npci.org.in/PDF/nach/circular/2024-25/NACH-005-FY-24-25-Implementation-of-AES-Encryption-in-ONMAGS-Application.pdf

[12] https://ifsca.gov.in/Viewer?Path=Document%2FLegal%2Fcomplaint-handling-and-grievance-redressal-by-regulated-entities-in-the-ifsc02122024015438.pdf&Title=Complaint%20Handling%20and%20Grievance%20Redressal%20by%20Regulated%20Entities%20in%20the%20IFSC&Date=02%2F12%2F2024

[13] https://www.sebi.gov.in/media-and-notifications/press-releases/dec-2024/clarification_89294.html

[14] https://www.sebi.gov.in/legal/regulations/dec-2024/securities-and-exchange-board-of-india-investment-advisers-second-amendment-regulations-2024_89980.html

[15] https://www.sebi.gov.in/legal/regulations/dec-2024/securities-and-exchange-board-of-india-research-analysts-third-amendment-regulations-2024_89979.html

[16] https://ifsca.gov.in/Viewer?Path=Document%2FLegal%2Fpress-release-24-12-2024-clean-copy-post-cp-approval-final24122024082832.pdf&Title=Review%20of%20Guidelines%20for%20setting%20up%20and%20operation%20of%20International%20Trade%20Financing%20Services%20Platform%20%28ITFS%29&Date=24%2F12%2F2024

[17] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12756&Mode=0

[18] https://www.sebi.gov.in/legal/circulars/dec-2024/clarifications-to-cybersecurity-and-cyber-resilience-framework-cscrf-for-sebi-regulated-entities-res-_90401.html

[19] https://www.sebi.gov.in/legal/circulars/jan-2025/guidelines-for-investment-advisers_90632.html

[20] https://www.sebi.gov.in/legal/circulars/jan-2025/guidelines-for-research-analysts_90634.html

[21] https://www.sebi.gov.in/reports-and-statistics/reports/nov-2024/consultation-paper-on-review-of-regulatory-framework-for-angel-funds-in-aif-regulations_88449.html

[22] https://ifsca.gov.in/Viewer?Path=Document%2FLegal%2F21-11-2024-modifications-under-ifsca-guidelines22112024120220.pdf&Title=Modifications%20under%20the%20International%20Financial%20Services%20Centres%20Authority%20%28Anti%20Money%20Laundering%2C%20Counter-Terrorist%20Financing%20and%20Know%20Your%20Customer%29%20Guidelines%2C%202022.&Date=22%2F11%2F2024

[23] https://www.sebi.gov.in/media-and-notifications/press-releases/nov-2024/advisory-on-unauthorized-virtual-trading-gaming-platforms_88200.html

[24] https://rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=59246

[25] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12752&Mode=0

[26] https://www.fidcindia.org.in/wp-content/uploads/2024/12/MOF-BULA-DRAFT-BILL-13-12-24.pdf

[27] https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=59377

[28] https://www.sebi.gov.in/reports-and-statistics/reports/nov-2024/proposed-amendments-with-respect-to-assigning-responsibility-for-the-use-of-artificial-intelligence-tools-by-market-infrastructure-institutions-registered-intermediaries-and-other-persons-regulated-b-_88470.html

[29] https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=59183

[30] https://rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=59184

[31] https://economictimes.indiatimes.com/industry/banking/finance/microfinance-sector-tightens-lending-norms-to-address-asset-quality-stress/articleshow/115660655.cms?from=mdr 

[32] Angel One is an IndusLaw client.

[33] https://www.business-standard.com/companies/news/angel-one-s-amc-arm-gets-sebi-s-approval-to-launch-mutual-fund-business-124112600850_1.html

[34]https://www.medianama.com/2024/11/223-hdfc-life-insurance-reports-data-breach-regulatory-filing/.

[35] https://economictimes.indiatimes.com/tech/technology/rio-launches-upi-app-partners-yes-bank-and-ncpi/articleshow/115421473.cms?from=mdr

[36] https://www.medianama.com/2024/11/223-paytm-allows-users-make-upi-payments-outside-india/

[37] https://economictimes.indiatimes.com/tech/funding/saas-focused-agentic-ai-platform-pulse-raises-1-4-million-from-endiya-partners-others/articleshow/115027750.cms

[38]https://economictimes.indiatimes.com/tech/funding/pelocal-secures-2-million-funding-led-by-unicorn-india-ventures/articleshow/115446354.cms.

[39] Assetplus is an IndusLaw client.

[40]https://economictimes.indiatimes.com/tech/funding/mutual-help-assetplus-and-zfunds-receive-venture-capital-support/articleshow/115494929.cms.

[41]https://m.economictimes.com/tech/funding/nbfc-seeds-fincap-raises-over-8-5-million-funding-from-lok-capital-z47/articleshow/111808692.cms#:~:text=Founded%20in%202021%20by%20Subhash,in%20loans%20to%2050%2C000%20customers.

[42]https://economictimes.indiatimes.com/tech/funding/insuretech-startup-zopper-bags-25-million-in-round-led-by-elevation-capital-dharana-capital/articleshow/115531008.cms

[43]https://economictimes.indiatimes.com/tech/funding/credflow-secures-3-7-million-in-funding-from-inflexor-ventures-others/articleshow/115514891.cms.

[44] https://www.moneycontrol.com/news/business/snapmint-secures-18-mn-in-a-mix-of-debt-and-equity-to-expand-its-no-cost-emi-platform-12888089.html

[45] https://inc42.com/buzz/zaggle-raises-inr-595-cr-via-qip-shares-up-4-intraday/

[46] https://inc42.com/buzz/varthana-bags-inr-120-cr-to-expand-lending-portfolio/

[47] QuiD Cash is an Induslaw client.

[48] https://inc42.com/buzz/supply-chain-fintech-startup-quid-cash-nets-4-5-mn-to-boost-tech-stack/

[49] https://inc42.com/buzz/wealthtech-startup-univest-nets-10-mn-led-by-bii/

[50] https://economictimes.indiatimes.com/tech/funding/fintech-startup-curie-money-raises-1-2-million-from-india-quotient-others/articleshow/116447023.cms?from=mdr

[51] SAIF Partners, Elevation Capital, Peak XV Partners, Creation Investments, Ribbit Capital, and LR India Fund are IndusLaw clients.

[52] Amazon to acquire fintech firm Axio to expand credit services in India | Company News - Business Standard

[53] https://inc42.com/buzz/fintech-startup-mintifi-bags-180-mn-from-tvg-prosus/