RBI Giveth and Taketh | Fintech Inside - Edition #81 - 05th Feb, 2024
RBI took action against Paytm Payment Bank but the impact will be felt across the fintech ecosystem.
Hi Insiders, I’m Osborne, investor in early stage fintech startups.
Welcome to the 81st edition of Fintech Inside. Fintech Inside is the front page of Fintech in emerging markets.
On 31st Jan, 2024, RBI announced taking action against Paytm payment bank citing “persistent non-compliance and material supervisory concerns in the bank, warranting further action”. This action is precedent setting and could a negative impact on the broader fintech ecosystem.
In this edition, I discuss the action against Paytm payment bank, what is the implication on Paytm, why it happened and the broader impact on the financial ecosystem. I end with potential actions fintech startups could take to minimise the risk of RBI action.
There’s also an beautiful song recommendation at the end.
Thank you for supporting me and sticking around. Enjoy another great week in fintech!
Raising funding for your early stage fintech startup? reach out to me at connect@osborne.vc
🤔 One Big Thought
What RBI Giveth, RBI can Taketh
Disclaimers:
All views expressed here are my personal views and do not represent those of my employers, present or past, or portfolio companies.
I personally own a very very small number of shares in Paytm (One97 Communication Ltd.)
The information in this edition is not investment advice and should not be treated as such.
Phew what a year we've had for fintech. Except, January just ended. We still have 11 months to go. Fasten your seat belts for 2024!
Paytm was in the news this past week because of an RBI action against the payment firm. But Paytm is not new to speed bumps and challenges all throughout its history. In fact, the way I remember it, UPI specifically got support from banks solely as a "Paytm killer". The banks couldn't let Paytm "win". Back in 2014/2015, Paytm, as a prepaid payments platform, was the first such consumer facing fintech company (not just payments company) that grew to several millions of customers - owning customers experience but more importantly owning customer transaction data. Paytm also faced several actions from regulators over the years. What happened this past week however is precedent setting in many ways, most of which doesn't sit right with me. Though I must point out that this edition is not in support of Paytm or its actions - most of what's written out in media is speculation at best, and I don't want to deal in speculation. This edition is about the impact on the broader ecosystem. Read on!
Here's what went down: On 31st Jan, 2024, RBI, India's central bank and banking and payments regulator, notified that it has taken action against Paytm Payment Bank after conducting a comprehensive system audit. In it's notification, RBI mentioned that on 11th March, 2022, RBI directed Paytm Payment Bank (PPB) to stop onboarding new customers immediately. RBI then directed PPB to conduct a comprehensive system audit (CSA) from external IT Auditors. As per RBI, the CSA report and other compliance validation reports "revealed persistent non-compliance and material supervisory concerns in the bank, warranting further action".
What action did RBI take against Paytm Payment Bank: The RBI directed Paytm Payment Bank (PPB) as follows:
PPB shall not accept any further deposits or credit transactions or wallet top ups in any customer accounts after 29th Feb, 2024.
PPB shall allow withdrawal or utilization of balances from customer accounts upto their available balances.
PPB shall not provide any other banking services including fund transfers, bill payments or UPI after 29th Feb, 2024.
Nodal Accounts of One97 Communications and Paytm Payment Services will be terminated no later than 29th Feb, 2024.
Is a payment bank different from a regular bank? yes, the main difference being, a payment bank cannot issue credit products - not with customer deposits or at all. A payment bank is a type of banking entity that can accept deposits and provide basic banking services and products to users except credit products (credit cards or loans). There are also limits on the maximum deposit a customer can hold with a payment bank. The draft guidelines for payment banking was introduced in 2014 and Airtel Payments Bank was the first to launch in 2017.
What's the potential impact on Paytm: Paytm has over 100mm KYC'd customers and 30mm payment banking customers. It has 17% market share in FASTag (electronic toll collection) volume with 8mm units issued - among the largest. Manish Singh, Editor at TechCrunch has a good Twitter thread on what research analysts are saying about the impact on Paytm.
The obvious, direct impact is that Paytm's payment banking operations will be halted until RBI releases further instructions. It is however unclear if RBI will allow Paytm to ever resume payment banking operations even post compliance with RBI's requirements as the notification does not state any remedial clauses. It's entirely possible that RBI may cancel Paytm's payment banking license altogether. If that happens, bear with me as I'm not able to conclusively decipher, but it seems Paytm might not even have a payment aggregator license, as the payment aggregator license would have resided in the payment bank license and Paytm's application for a payment aggregator license was returned by RBI.
Paytm has a huge user base, as pointed above, bigger than most banks in the country. To avoid any service disruptions, Paytm will have to work on transitioning users from the payment banking entity to the payment aggregator business (re-KYC). It will also have to retool its backend to integrate with third party UPI issuers and banks to continue offering UPI and bill payments products to its user base. Paytm might not have the highest UPI payment success rate in the industry anymore as it will rely on third parties for payment processing. This is likely to result in loss of active customers including via general churn because of this RBI action and Paytm having limited moats on its payments business because it has to rely on third parties for core parts of its product. There are a lot of companies e.g. PhonePe, Google Pay, SBI Bank, Jio Payments Bank and more, waiting to gain from Paytm's churning users and merchants.
There's another major negative impact on Paytm.
Blurred Lines: It's not entirely clear how users are segmented within Paytm's various licensed entities and how these various entities talk to each other and share data with each other. Paytm has two main apps for end users to access all of Paytm's financial products i.e. Paytm main app and Paytm Money. Unfortunately, due to these blurred lines, RBI's actions on Paytm Payments Bank impacts Paytm's main app because users don't know one from the other. More importantly, the singular Paytm brand is impacted in users perception and on the stock markets. Fear-mongering is the largest competitive sport in our country. RBI announced its actions on Wed evening and in the next two trading cycles (Thursday and Friday), Paytm's stock hit lower circuit i.e. -20% cap on stock price based on previous day's price, on both days, resulting in its market cap plummeting by 36% in total from $5.8bn to $3.7bn.
What did Paytm do to warrant this action by RBI? It's unclear why this happened. Uncharacteristic of RBI, it hasn't offered a clear reason, leaving it at "persistent non-compliance and material supervisory concerns in the bank, warranting further action". This, in my view, is unlike my favourite regulator. Of course, RBI acts in customer interest and financial inclusion so I'm not ignoring the fact that there could be severe, persistent issues with Paytm, and if true (we don't know yet), Paytm should not be let off the hook easily, but let's explore a few reasons why this happened, as reported in the media (TechCrunch has excellent reporting on this).
KYC violations (Economic Times), money laundering (MoneyControl), unusually high number of dormant accounts (Reuters) and data sharing between Paytm entities (TechCrunch) were the main reasons cited in various press reporting. Leaving aside the several service disruptions in almost all out major banking institutions which is a problem for us customers, our banks don't necessarily have the cleanest of records. There have been several instances of material KYC issues and money laundering in the largest of banks - including in 2020, 2019, 2018, 2017, 2013 and more. This report provides a good summary of the largest frauds and money laundering cases in recent banking history. Data sharing and security issues between a bank's various licensed entities is not even highlighted - that alone should warrant serious inquiries. These cases amount to several thousand crores (billions of dollars) of depositor savings wiped out, because of actions right from the bank manager level to the CXO level. One might argue that these were just cases of rogue individuals, bad apples, in otherwise impeccable institutions. Which could be true, but what about the case where SBI Bank intentionally charged users INR 17.7 per UPI transaction when UPI is free? The bank collected a total of INR 254cr ($39mm, @ USD 1=INR 65), between April 2017 and September 2020 from basic savings account holders, people with least amount of money. The incorrect charge was identified by an IIT Bombay professor, not RBI. Only $14mm was returned to users as of 15th Apr, 2021 and to date its unclear if the rest was ever returned back to users.
I'm not at all saying "there are irregularities at all financial institutions without any implication, it's normalised and so why act only against Paytm". In fact, RBI acted against each of the banks in the cases listed above by imposing monetary penalties on the institutions. The fines ranged from INR 50K to INR 5crs (a few thousand dollars to a few hundred thousand dollars). In FY23 (ended Mar, 2023), RBI collected INR 40cr ($5mm) in penalties from 211 entities. In CY23, RBI imposed monetary penalties on financial institutions in 265 cases, 22% of those penalties were imposed for violations of KYC directions, even more were penalised for violation of fraud reporting requirements. RBI also regularly cancels licenses of financial firms, cancelling 32 licenses in 2023 with the most recent one being on 29th Dec, 2023 giving clear, sufficient reasons for cancellation. From what I've seen, it's mostly canceled licenses of regional cooperative banks, smaller NBFC's and other smaller licensed entities with clear reasoning, mostly for inadequate capital to sustain operations. RBI has not (yet) canceled Paytm Payment Bank's license, but if it does, we could expect better reasoning provided by RBI.
Why this action doesn't sit right with me: I believe this action against Paytm is precedent-setting, harsh and impacts the broader financial services ecosystem in India. I don't remember the last time RBI canceled the license of a bank for reasons other than adequate capital requirements. RBI has never canceled the license of a bank with a large enough user base, at least to my knowledge, I could be wrong). For the larger firms, RBI has always superseded the bank's board, placed limits on depositor withdrawals and found a buyer/acquirer or formulated a path to stability. We've seen examples of YES Bank, PMC Bank, IL&FS and several others.
I've also heard an "us" vs. "them" argument in financial services far too often. Us being financial institutions, them being fintech startups - as if to say fintech startups are the root cause of all issues with the financial ecosystem. There is a dangerous perception about fintech startups being reckless and not interested in consumer protection. There's no doubt there will be a couple of bad actors chasing the wrong metrics and operating on edge cases, resulting in issues, but characterising the entire ecosystem as such is not only wrong but also dangerous. There are four main effects of this action that I believe will delay progress in this sector by at least a few years:
Innovation:
We need more innovation in financial services, innovation in terms of product and business models. I can't think of a single new innovation that's come out of a bank/incumbent licensed entity in the past 15 years. All the aspects that we've come to love (too much of a stretch?) about the financial products we use i.e. QR payments, payment gateways, digital onboarding, digital savings/investing, small ticket loans, 360 data (not just credit history) driven underwriting and many more (not to forget pricing improvements) have come out of startups and competition, not a bank/incumbent financial institution. There is no incentive for incumbents to innovate because of regulatory capture and protection. We need more startups, not less, to innovate products and business models. Innovation and competition brings about better solutions that benefits users with better experiences and achieves inclusion.
Moreover, I don't believe RBI should be launching centralised products e.g. digital payments infrastructure, data localisation cloud and other platforms. RBI's job is being a regulator in interest of beneficiaries (retail users, companies, government etc.) not an ecosystem participant. With RBI launching products, there cannot be other innovations. It kills competition, just like it allowed NPCI to exist and launch products without competition.
Actions such as these shut out smaller startups who have ideas and products that could truly benefit users. Expecting large financial firms to innovate and risk their brand and existing product is a tall ask.
People:
Anecdotally, this past year I've seen fewer people wanting to start fintech companies. Yes, I agree, we want only serious, reputable and high integrity people building startups in financial services. That's where these actions by RBI are becoming dangerous - I'm seeing even the serious, reputable and high integrity people avoid financial services like the plague. Even at the operations/product levels, I'm seeing an exodus of people from this sector, when we should be figuring out how to attract more people in, not making it tougher for them.
Trust:
Users are never going to be able to build trust in fintech startups in the fear that RBI will just cancel licenses. Users don't know/care of RBI's history of providing warnings or following due process. Users only know the end state - is the license cancelled or not. In fact, there are hundreds of millions of people who still prefer to bank with public sector banks, despite a terrible user experience, because of they have the notion that the public sector banks are backed by the government and the government will not let their deposits get wiped out. This action by RBI on Paytm will result in erosion of users trust, hopefully limited to Paytm.
Licence:
In the past decade, RBI has been "risk-on" with issuing new licenses across financial services, meaning, the RBI has been largely hesitant to issue new licenses for banking, payments, credit and other financial sectors. This is important because the RBI is clear that it wants only regulated entities to operate in India's financial sector. I don't think you will find anyone who disagrees with this. Unfortunately, on the other hand, the RBI is not approving license applications, even of the serious, reputable, high integrity applicants. At the same, the RBI is making it increasingly difficult for non-licensed entities operate, making their scope extremely narrow - as we've seen in digital lending guidelines, payment aggregator guidelines and others. This is squeezing out startups that are building better, inclusive experiences for all users. Unfortunately, with actions such as this, there's going to be an increasing fear in the minds of founders and investors - what if my licenses are cancelled by RBI one day? This risk factor is such a huge unknown that it will deter anyone even considering spending time in this sector.
I would be the happiest if the implications on the broader financial ecosystem are not as severe as I'm thinking it would be.
What fintech startups can do? I don't think founders can be reactive about regulatory engagement anymore. Founders should engage with regulators, especially from the early days - share new product ideas with data on global precedents if any, share aggregated data on traction within a closed user group, engage on policy changes that could benefit the user. There's a lot that founders could do to build trust between the regulator and the fintech ecosystem. Think of building a qualified and experienced independent board of directors. Hire the right people to engage with regulators and who speak their language. Build better audit and financial control practices from the early days. These aspects have all been drilled in my head by very senior people in financial services since the early days of my career. Back then I used to think they're just old grumpy men who want to feel important (don't tell them I said this). Obviously I'm the dumb guy who's been proven wrong time and again over the years. I've advocated for founders to focus on all this and become proactive about regulatory engagement for a long time. Now is a good time as any to act.
1-min Anonymous Feedback: Your feedback helps me improve this newsletter. Click UPVOTE 👍🏽 or DOWNVOTE 👎🏽
🎵 Song on loop
Fintech updates can get boring, so here's an earworm: Give a listen to Trouble (feat. Albert Gold) by Bakermat (Youtube / Spotify). It’s got clean lead guitar riffs and a uplifting saxophone solo. Discovered this smooth track at Gigi, Mumbai’s latest cocktail bar.
Any link between the song recommendation and the topic of this edition is purely coincidental.
👋🏾 That's all Folks
If you’ve made it this far - thanks! As always, you can always reach me at connect@osborne.vc. I’d genuinely appreciate any and all feedback. If you liked what you read, please consider sharing or subscribing.
1-min Anonymous Feedback: Your feedback helps me improve this newsletter. Click UPVOTE 👍🏽 or DOWNVOTE 👎🏽
See you in the next edition.