Bengaluru: Fintech regulation in India is at an inflection point. The country is moving away from no regulation and light-touch regulation to fairly extensive regulations, according to Shilpa Mankar Ahluwalia, partner at Shardul Amarchand Mangaldas and Co.

“I think now is the key time (for fintechs) to focus on regulation and engage with the regulator," said Ahluwalia. But there are a couple of areas where fintechs may find it challenging when it comes to regulation, she added. Those include know-your-customer (KYC) regulations and data protection and privacy.

A year ago, when fintech clients used to ask Ahluwalia how to onboard a client and what the easiest way was to do it, her answer was much simpler than it is today. For most fintech products, all that was necessary to onboard new customers was a mobile number and a name. But today, things have changed. “Two things have happened. The Supreme Court has been hearing the Aadhaar judgement and during the course of that it has made observations and expressed concerns on unregulated entities having access to Aadhaar. The second thing that’s happened globally is the protection and privacy of customer data. The regulator has now come down with a set of regulations which change the way fintech does business," she said.

Today most fintech companies are required to do a full KYC before onboarding a customer. Besides, several unregulated entities now have restricted access to the Aadhaar database. This makes customer onboarding fairly expensive, and mobile wallet companies have felt that recently, Ahluwalia explained.

Fintech companies should start to focus on data protection in the product development stage, Ahluwalia said, as there are going to be developments on that front in India too in future. It is important, thus, for fintechs to be able to display to regulators that they have the ability to protect data.

“I think we will see a couple of things over the next 8-10 months. One is a final decision from the Supreme Court in the Aadhaar case, which will hopefully lay out guidelines on what fintechs can do to access the Aadhaar database. Two is data protection law. There is a gaping hole today in India because we don’t have a full privacy regulation but there is a committee and I think we can expect a very extensive regulation fairly quickly," she said.