India is in the midst of change driven by technology. The biggest disruption is happening in the fintech sector as new businesses are emerging, be it robo advisory, P2P lending, block chain or wallets. Business Today organised a panel discussion on "Challenges Before India's Fintech Sector" to understand the issues before the industry.
Participating in the discussion were Alok Mittal, CEO, Indifi Technologies, Nitin Motwani, Founder, Bookmyforex, Ankit Singh, Cofounder, MyPoolin, Pavan Duggal, cyber law expert, and Naveen Kukreja, CEO & Co-founder, Paisabazaar. com. The discussion was moderated by Rajeev Dubey, Managing Editor, Business Today. Edited excerpts:
RAJEEV DUBEY: We are in the midst of one of the greatest disruptions in financial technology. Let's start with wallets. Do you think they can survive the way they are going or do you see them evolving?
PAVAN DUGGAL (PD): The government wants the sector to transform itself. After demonetisation, there has been a massive increase in use of wallets and the government is concerned and putting in place mechanisms to ensure compliance. That's why it has come up with a draft rule under the IT Act, 2000, for pre-paid payment instruments (PPIs) and various activities, including how they're going to handle or process sensitive personal data. I see more regulation coming in.
The government is aware that mobile wallets need to exercise due diligence under Section 79 of the IT Act 2000. But post demonetisation, wallets have been saying I am a distinct animal not governed per se by the IT Act and that I'll only be governed by the Reserve Bank of India.
NAVEEN KUKREJA (NK): There are four aspects to consumer finance. When consumers need money, they borrow. They can invest when they have a surplus through mutual funds, PPF, deposits, etc. They can protect themselves or their assets through insurance, and they can use different instruments to pay. Wallets tried to make the payment mechanism simpler.
ANKIT SINGH (AS): Wallet as a concept was never supposed to be what we have in India. What we call wallet, Google Wallet for example, is different. You store cards on a file; you are parking money. Talking particularly about payments, wallets never worked out as a brilliant use case because of structural issues. I had to upload money from my bank account to the wallet. There was lack of interoperability. There were transaction limits on transfer and there were bank withdrawal charges. UPI completely kills the wallet.
ALOK MITTAL (AM): When we talk about wallets, we talk payments. Payment is incidental. Wallets are about creating customer experiences and Paytm is a good example because it was never about storing money. It was about making a mobile recharge seamless.
NITIN MOTWANI (NM): Wallet companies have realised that they have to go beyond payments as UPI is taking over that. That's what Paytm strategy has been for a long time now. But there is still a use case for closed-loop wallets, which can be used to increase loyalty.
RD: What is the biggest challenge for wallets? Is it regulatory clampdown or low transaction charges?
NM: If they can keep the customer experience as simple as UPI, and for all people who already have an account with a wallet, moving to another app or another way of making payments may be irrelevant. That could be one reason they may be able to retain a bigger customer base.
AM: Dropping transaction charges and creating more seamless payment mechanisms hurts banks more than innovators.
NK: In the US, there is nothing like a wallet, because if you shop on Amazon, it's a single-click buy. That was never the case in India. So, that was one use case for wallets. The other was mobile recharge. Then came the opportunity of payment friction. As transaction charges fall, it won't be a business model.
RD: There is going to be a tussle between regulators, government and wallet companies. The government would want interoperability and, of course, the companies would like to keep as much possible with themselves.
PROSENJIT DATTA: Why did banks come late in the game? And I don't run into anybody who actually uses any of them, but people use Mobikwik and Paytm.
NM: Technically, bank apps are better than any wallet. Kotak Bank gives you interest for keeping money in the wallet. If banks really wanted to go after this industry, they could have done that. Their rates are low but they take time to adapt.
RD: We found that banks were not interested. They said it is not our job, why should we do it?
NM: That's the thing about banks. They take too long to realise and by then the industry is already over.
PD: The government is very clear on cyber security. At present, there are no norms on how your data is going to be retained, saved, transmitted. Despite this, all wallets are actually giving, handling or processing sensitive personal data, and while they're required to comply with the IT rules, 99 per cent of these service providers are not fully compliant. The government wants to replicate the telecom module where I can go and change my service provider. But the industry wants least regulation.
AS: In December, the Watal committee gave 13 recommendations, and interoperability has been there. It's going to come up in wallets as well.
AM: I see a long life for wallets as they're not just payment instruments; they are tied into what you're getting the user to do, what your work flows are. Banks will be enablers for these, they won't be competitors.
AS: Telecom became interoperable when you could switch your operator. In health insurance, not many people are aware that it is interoperable, but in motor insurance, people are aware. It's not easy to move my bank account. Large banks would fight as long as they can to avoid that.
RD: We have Paytm with 200 million downloads. WhatsApp and Microsoft are also looking at this space. What do you see are the prospects for WhatsApp because it is only a question of time?
AM: The possibility exists. That's the benefit of bringing in UPI there. It depends on what applications they come up with.
PROSENJIT DATTA: In every business there is inertia or network effect that cigarette and newspaper companies used to live on - people don't change very quickly. Will that extend the life of the wallets?
AM: I think there are exceptions in use cases. So, Paytm has a merchant acceptance mechanism, but one of the reasons for wallets to come up was low entry and exit barriers. It is the ease of entry and exit that defines them.
AS: If Paytm were to establish that reach, and is of use, then yes. But it doesn't matter what is behind Uber. I'm paying and a wallet allows me to pay easily. Uber has a tie up with Paytm; tomorrow, it can change. Second, it's so early in the game that it is very difficult to predict, but if you see, Samsung Pay is already obviating the need to set up one structure. They have linked Samsung Pay to all machines that accept credit cards.
NK: BHIM has 30 million-plus downloads but only three-four million people have installed UPI. So, it's not going to be that at one shot 200 million people will come on to Whatsapp and become UPI users. It will be a gradual trend.
RD: How do you see P2P evolving? What are the biggest challenges?
AM: When we look at lending, we look at the overall alternative lending. P2P is just one model. It is not clear if there is some distinctive advantage to P2P versus a Fintech company partnering with a bank to deliver alternative lending products.
RD: Do you expect interest caps in P2P lending?
RD: You don't think it will happen?
AM: That's not the general philosophy that the RBI works with.
RD: Yes, but the government seems to be forcing it down the RBI's throat, whether it is in UPI, BHIM, they have said that and they have been doing it consistently. So, sector by sector, if they start taking it up, they have done it in MFIs' case. Pavan, any thoughts on the challenges for the P2P lending industry?
PD: It's a lucrative, decent industry. The government should not come in because it needs to grow on its own.
PROSENJIT DATTA: How does GST affect service providers in this case? What are the rates you are under?
AM: We are service providers to banks and come under 18 per cent.
PROSENJIT DATTA: Does it increase compliance costs?
AM: Not significantly. In the short term, it will, because of the adjustment phase. But essentially there is this all-powerful entity in India called the chartered accountant and that works.
AS: P2P is a small component of overall lending. Out of 1.2 billion people, the tax payer base is 40 million, 4 per cent of the country. So, the opportunity in alternative lending or data- and access-based lending is huge.
RD: What is the biggest challenge in insurance?
PD: Today, insurance regulation happens from IRDA's perspective. It's still not looking at the holistic digital ecosystem that has been created and interoperability of services vis-a-vis other platforms. IRDA needs to come out with parameters for issues of cyber security. Fortunately, they have now come out with web aggregated draft rules.
AS: The fundamental issues remain. First is the awareness about the need for insurance, and the second is trust, where I think insurance companies have not done a good job. The third is consumer-focused products and the fourth is the cost of distributing these products.
On cyber security, individual regulators may not be the best entities to implement any framework. The government will have to create an expert agency.
PD: India faces challenges from state and non-state actors outside India who want to destabilise the country. What better way to do that than target Fintech and insurance data? Elements pertaining to cyber resilience will have to be part of federal responsibilities.
RD: I want to talk about blockchain. Nobody can make out what to do with it; yet, it exists. Pavan, your thoughts on what to do with blockchain.
PD: Blockchain is going to be a game changer. Now, with Ethereum coming in a big way and the ecosystem evolving, the challenges before blockchains are going to be issues pertaining to enforceability of blockchain-related contracting arrangements and how to deal with the emerging legal and regulatory issues.
AM: Applications are beginning to come in. There are two elements of blockchain, one is the distributed nature of technology, second is the anonymity. We are seeing more applications around the distributed nature of technology than anonymity, which is where a lot of regulatory concerns might come up. Some of those valid use cases are beginning to pop up. Yes Bank has done some pilots and so has ICICI.
NM: Blockchain has laudable applications, but its role in crypto currencies specifically is one that requires greatest monetary regulation because there are so many back doors right now to accomplish everything that regulatory bodies across the world are trying to prevent, the most recent example being WannaCry. Pretty much every cybercrime that happens out there uses Bitcoin now.
AS: The biggest use case within consumer finance would be in lending and asset purchase. What it will allow is easier and cheaper processing of transactions and, more importantly, proving the ver-acity of the chain behind it, reducing credit as well as fraud losses.
RD: We are still in the early days of Fintech 1.0. If this has been so disruptive, what will Fintech 2.0 be like?
PD: We have to keep our belts tightened. It's hard to predict, but it's going to change the way we perceive, the way we do transactions.
NK: It's probably the most exciting time. The real revolution is just beginning.
AS: Multinationals will have to be on their toes in terms of the ever-changing regulatory and KYC rules.
AM: Version 1.0 has been around technology innovations. The business model innovations are yet to be rolled out.
NM: We've already started seeing a lot of Fintech 2.0 in markets like London.
RD: Pavan, what do you see as the chinks in the cyber security armour?
PD: As a nation we haven't done enough for cyber security. India came up with a National Cyber Security Policy 2013. It is a coalition of good mother listings. It does not even have parameters for effective implementation. The only thing that we have is the Indian Information and Technology Act wherein in Section 2 we added a definition on cyber security through the 2008 amendments. The recent WannaCry attacks have shown that India is vulnerable.
RD: Who should lead these efforts? The government?
PD: It has to be led by the government. The Fintech sector must be prepared for massive attacks from the dark net, from cybercrime as a service. We can't afford to wait for the government to prescribe some stuff.
PROSENJIT DATTA: Is there anybody in the government working on it or are they still sleeping on it?
PD: There is no information of work within the government on cyber security law. The maximum that we've heard is that they will be amending the IT Act.
PROSENJIT DATTA: Who is supposed to be doing this, is it Ravi Shankar Prasad's ministry or somebody else?
PD: Cyber security appears to be a shared turf. It has to be the Ministry of IT, the home ministry, the MEA and the finance ministry. Who takes thought leadership? I think it should be the Ministry of Electronics and IT.
RD: Whenever I talk to companies on cyber security, their only answer is, they depend on their cloud service provider, and that's where their responsibility ends. Are companies doing things themselves?
NK: What's happened in the last two years is that there is a lot of public info that has got created. Aadhaar is the best example and on top of that they have built public APIs. So, more and more entities will have access to sensitive data. How do you start regulating this?
AM: I wonder about the risk of overdoing cyber security laws without doing the cyber security infrastructure.
NM: I feel companies are left to themselves to try and figure out what's the best way to protect their data. I think they by themselves do set decent guidelines. But when you're transferring data between organisations, when you're transferring data from a centralised source like Aadhaar, that's when there are chances of breaches happening.
PROSENJIT DATTA: How aware are companies that have started taking payments about the need or the technology required for it?
RD: Pavan, when you say that things need to be done, what in your view must be done from the governments point of view, apart from creating a log which needs updation? We've consistently come up with this thing that public infrastructure has to come from the government side. Other than that, is there anything else besides tighter law or an elaborate law?
PD: I think we have to realise that the ecosystem is porous and when the government is talking about Aadhaar and Fintech together, we have a cocktail of potential disaster waiting to happen. The Aadhaar Act, 2016, legalised Aadhaar in March 2016. However, it was drafted keeping in mind that Aadhaar will be voluntary, but now with the government increasingly mandating it, we've realised that the Aadhaar Act has become almost obsolete because it doesn't deal with cyber security, it is only concerned about the security of the central identities data depository.
With Aadhaar breaches, 14 lakh cards and bank account details were leaked from a Jharkhand government website. There is a CIS report which says that 130 million Aadhaar numbers have been potentially leaked. At the time when the authenticity and veracity of the Aadhaar database is itself in question, I think we should go forward in a very, very constructive and cogent manner.