Fintech Newsletter: Recent legal developments and market updates from India - Sixth edition (7 August 2025)

Fintech Newsletter: recent legal developments and market updates from India

Introduction

As we progress through the second half of 2025, India’s fintech sector remains active across both regulatory and market fronts, with notable shifts in digital payments, trading platforms, compliance frameworks, and institutional supervision.

The Securities and Exchange Board of India (“SEBI”), in coordination with stock exchanges, has rolled out measures to improve investor security and data governance, including mandatory two-factor authentication for online trading access and a new framework for brokers distributing third-party financial products. SEBI has also moved ahead with a standardised UPI handle mechanism for intermediaries, aimed at reducing payment fraud and streamlining fund transfers.

In parallel, the Reserve Bank of India (“RBI”) has notified important amendments to the know your customer (“KYC”) framework, placing stronger obligations on regulated entities in relation to the updation of customer records of individuals in a timely manner, and allowing banks to use business correspondents for KYC verification in select cases. The RBI has also continued its supervisory enforcement activities, including cancellation of regulated entity registrations and monetary penalties for KYC non-compliances.

In this edition of the Fintech Newsletter, we provide an overview of these legal developments and market updates which emerged in the Indian fintech ecosystem in June 2025.

Recent legal & regulatory developments

Stock Exchanges Reiterate Mandatory Two-Factor Authentication for Online Client Logins (see here and here)

National Stock Exchange and Bombay Stock Exchange (“Stock Exchanges”), in consultation with SEBI, have reiterated the requirement for stockbrokers to implement Two-Factor Authentication (“2FA”) for client logins on Internet-Based Trading (“IBT”) and Securities Trading through Wireless Technology (“STWT”) platforms. Such 2FA may include biometric authentication, where feasible. The Stock Exchanges have further advised stockbrokers to terminate all client sessions at the time of end-of-day processing or at a predefined interval, and to allow re-login only upon successful completion of 2FA.

Stock Exchanges Issue Framework for Distribution of Third-Party Products by Trading Members (Link)

Stock Exchanges, in consultation with SEBI, have issued a regulatory framework governing the distribution of third-party products (“TPPs”) by trading members (“Brokers”) through their own platforms or through those operated by group or holding entities (“Parent Apps”).

 To address regulatory and investor protection concerns, the framework introduces a series of conditions that Brokers and affiliated entities must adhere to when facilitating access to TPPs. The framework, inter alia, provides guidelines such as (i) disclosure requirements to clients, (ii) data confidentiality and segregation of client data, (iii) direct agreements between TPP providers and clients, and (iv) compliance with the advertisement codes prescribed by SEBI, Stock Exchanges, or the relevant financial sector regulator.

SEBI Introduces Standardised Validated Unified Payments Interface (“UPI”) IDs for Secure Payments to Market Intermediaries (Link)

SEBI has issued a circular titled ‘Adoption of Standardised, Validated and Exclusive UPI IDs for Payment Collection by SEBI Registered Intermediaries from Investors’ effective October 1, 2025, pursuant to which SEBI will introduce a structured and validated UPI address mechanism featuring an exclusive “@valid” handle for all SEBI-registered investor-facing intermediaries. Through this mechanism, investors will have the option to transfer funds directly to the validated bank accounts of intermediaries.

While use of this mechanism by investors remains optional, it is mandatory for all SEBI-registered intermediaries to obtain and make this structured UPI address available to their investors. This initiative is designed to enhance payment security, reduce fraud risks, and streamline transaction processes between investors and market participants.

SEBI Introduces Settlement Scheme for Stockbrokers Associated with Certain Algo Platforms (Link)

SEBI has introduced a Settlement Scheme (“Scheme”) aimed at providing a one-time settlement opportunity to stockbrokers registered under the SEBI (Stock Brokers) Regulations, 1992, who were associated with certain algorithmic trading platforms and against whom proceedings have been initiated and are currently pending before SEBI’s Adjudicating Officer, the Securities Appellate Tribunal, or courts.

The Scheme enables eligible stockbrokers to settle the proceedings and seek expedited closure of their cases. It will be operational for a limited period (from June 16, 2025, to September 16, 2025).

A fixed settlement amount of INR 1 (one) Lakh per stockbroker has been prescribed under the Scheme. In cases where a settlement application had already been filed before the Scheme’s commencement and remains pending, no fresh application is required; however, such applicants must still complete payment and documentation formalities via the designated link.

Following the closure of the Scheme and reconciliation of records, SEBI will issue a composite settlement order. If the Scheme is not availed, pending proceedings shall continue in accordance with applicable securities laws.

IFSCA Issues Policy Directions on Participation of Payment Service Providers in International Payment Systems (Link)

The International Financial Services Centres Authority (“IFSCA”) has issued policy directions governing the participation of Payment Service Providers (“PSPs”) in international payment systems, under powers conferred by the Payment and Settlement Systems Act, 2007 and the IFSCA Act, 2019.

Under the new framework, PSPs must obtain prior approval from the IFSCA to join international payment systems involving cross-border payments with banks or financial institutions outside the IFSC. Where such systems enable transactions within IFSC, including between PSPs and financial institutions, authorisation under Section 7(1) of the Payment and Settlement Systems Act, 2007 is also required.

PSPs must review their participation in international payment systems in line with these requirements and submit a compliance report to the Department of Banking Supervision. Additionally, they must provide a list of international payment systems in which they were participants as of May 31, 2025.

RBI issues Master Direction – Reserve Bank of India (Electronic Trading Platforms) Directions, 2025 (Link)

The RBI has issued the Master Direction – Reserve Bank of India (Electronic Trading Platforms) Directions, 2025 (“ETP Directions”). The ETP Directions, which come into immediate effect, supersede the Electronic Trading Platforms (Reserve Bank) Directions, 2018, and establish a comprehensive regulatory framework for entities operating Electronic Trading Platforms (“ETPs”) for transactions in eligible instruments.

The ETP Directions, inter alia, provide for the following: (i) mandatory prior authorisation for all ETP operators, with eligibility criteria including Indian incorporation, minimum net worth of INR 5 (five) Crore, and relevant experience; (ii) operating norms covering access, membership, trade transparency, and dispute resolution mechanisms; (iii) comprehensive risk management and surveillance requirements, including for algorithmic trading systems; (iv) data preservation, confidentiality, and reporting obligations, including periodic reporting to RBI and relevant authorities; and (v) norms for outsourcing.

SEBI issues investor charters for Intermediaries

SEBI has issued several circulars which provide the investor charter for Real Estate Investment Trusts,[1]  Infrastructure Investment Trusts,[2] Investment Advisers,[3] and Research Analysts[4] (“Intermediaries”), in order to enhance financial consumer protection alongside enhanced financial inclusion and financial literacy, in light of the recent developments in the securities market such as the introduction of Online Dispute Resolution (ODR) platform and SCORES 2.0. The investor charters for the Intermediaries summarise the services provided by the relevant Intermediary to their clients, rights of investors, timelines prescribed on stockbrokers for completion of various processes such as KYC, client onboarding, order execution, grievance redressal, etc., Do’s and Don’ts for investors, among others. Additionally, the aforesaid circulars also require that the Intermediaries disclose the data on complaints received against them or against issues dealt with by them and redressal thereof on a monthly basis in the format prescribed therein.

INDUSTRY UPDATE

The Reserve Bank of India (“RBI”) issues the Reserve Bank of India (Know Your Customer (KYC)) (Amendment) Directions, 2025 and FAQs (Link) 

The RBI has issued the Reserve Bank of India (Know Your Customer (KYC)) (Amendment) Directions, 2025 (“KYC Amendment Directions”) to further amend the Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016 (“KYC Directions”)[i] in order to enhance consumer protection and service. The key changes introduced by the KYC Amendment Directions are outlined below: 

(i) Frequent KYC updation for low-risk customers who are individuals

 The regulated entities (“REs”) are now required to adhere to a more stringent requirement in respect of low-risk customers that are individuals by requiring REs to (i) ensure the updation of their KYC within 1 (one) year of its falling due or upto June 30, 2026, whichever is later; and (ii) regularly monitor such accounts. 

(ii) Banks can now use business correspondents for KYC updation 

Banks may now use a business correspondent (“BC”) for updation or periodic updation of KYC. This permits self-declaration from the customer in case of no change in KYC information or change only in the address details to be obtained through an authorized BC of the bank. The BC shall authenticate the self-declaration and supporting documents submitted in person by the customer, and promptly forward the same to the concerned bank branch and shall provide the customer with an acknowledgement of receipt of such declaration /submission of documents. The bank shall then update the customer’s KYC records and intimate the customer once the records are updated in the system. The RBI has, however, reiterated that the ultimate responsibility for periodic updation of KYC remains with the bank concerned. 

(iii) REs must remind customers to update their KYC 

REs are now obligated to inform their customers, in advance, to update their KYC. Prior to the due date of periodic updation of KYC, the RE must give at least 3 (three) notices to customers in advance, including at least 1 (one) by letter, at appropriate intervals, through available communication options/ channels for complying with the requirement of periodic updation of KYC. The issue of such an advance reminder is to be duly recorded in the RE’s system against each customer for audit purposes. Every RE is required to implement the same no later than January 01, 2026. 

The RBI has also issued frequently asked questions (FAQs) on the KYC Directions[ii] to provide guidance on several aspects relating to the conducting KYC process, including, without limitation, conducting the Video-Customer Identification Process (V-CIP). The KYC Amendment Directions along with the FAQs, introduce crucial measures to ensure timely KYC updates are provided to prevent account misuse and combating financial fraud. While implementation challenges remain to be assessed over time, the KYC Amendment Directions show the RBI’s commitment to balancing regulatory compliance with customer protection.

MARKET UPDATES  

RBI announces decision on an application received under Guidelines for ‘on tap’ Licensing of Universal Banks (Link)

The RBI completed the examination of an application for setting up a universal bank made by Annapurna Finance Private Limited. Based on the RBI’s assessment of the application as per the procedure laid down under the RBI Guidelines for ‘on tap’ Licensing of Universal Banks in the Private Sector, 2016,[iii] the applicant was not found suitable for granting of in principle approval to set up a universal bank.

RBI cancels certificates of registration of 6 (six) NBFCs (Link)

The RBI, in exercise of the powers conferred on it under Section 45-IA(6) of the Reserve Bank of India Act, 1934 (“RBI Act”), has cancelled the certificates of registration (“CoRs”) of the following companies: (i) Wofin Leasing and Finance Private Limited, (ii) Outram Properties Private Limited, (iii) SCM Holding Private Limited, (iv) Kalash Vyapaar Private Limited, (v) Everest Vinimay Private Limited, and (vi) Adhikar Microfinance Private Limited. Accordingly, the foregoing companies can no longer transact the business of a Non-Banking Financial Company (“NBFC”) as defined in Section 45-I(a) of the RBI Act.

RBI imposes penalties on banks and NBFCs for non-compliances

The RBI imposed monetary penalties ranging between INR 1-2 (one to two) Lakh on Ratanchand Shah Sahakari Bank Limited, Poornawadi Nagarik Sahakari Bank, and The Jammu and Kashmir State Co-operative Bank Limited for non-compliance with the KYC Directions. These defaults include (i) allotment multiple customer identification codes to certain customers, instead of a Unique Customer Identification Code (UCIC) for each individual customer[iv], (ii) failure to upload the KYC records of certain customers onto the Central KYC Records Registry (CKYCR) within the prescribed time[v], and (iii) failure to obtain OVDs of its customers while establishing account-based relationships[vi].

RBI launches new editions of 3 surveys

The RBI has been conducting the Survey on Foreign Collaboration in Indian Industry since 1965. The 15^th round of the survey has now been launched. This survey collects information on the operations of the Indian companies having foreign technical collaboration in terms of performance indicators.[vii]

Additionally, the RBI has launched the 2024-25 edition of its annual survey on ‘Computer Software and Information Technology Enabled Services (ITES) Exports’ to collect data on various aspects of computer services exports as well as exports of information technology-enabled services (ITES) and business process outsourcing (BPO). [viii] It has also launched the 2024-25 round of its annual survey on ‘Foreign Liabilities and Assets of Mutual Funds and Asset Management Companies’, which collects information from mutual fund companies and asset management companies on their external financial liabilities and assets as at the end of March of the latest financial year.[ix]

MAJOR DEALS 

We have set out in the table below some of the major deals for the month of June 2025:

[1] Available here.

[2] Available here.

[3] Available here.

[4] Available here.

[5] Stable Money is a CMS IndusLaw client.

[6] Available here.

[7] Refyne is a CMS IndusLaw client.

[8] Available here.

[9] Available here.

[10] Available here.

[11] CMS IndusLaw advised the investor in this transaction.

[12] Available here.

[i] Please refer: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11566

[ii] Please refer: https://rbi.org.in/Scripts/FAQDisplay.aspx?Id=173

[iii] Please refer: https://www.rbi.org.in/scripts/bs_viewcontent.aspx?Id=3220

[iv] Please refer: https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=60602

[v] Please refer: https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=60600

[vi] Please refer: https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=60582

[vii] Please refer: https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=60568

[viii] Please refer: https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=60566

[ix] Please refer: https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=60567