The RBI, in its ‘Payments Vision 2025’ document, proposed the creation of a Digital Payments Protection Fund to provide a security cover for defrauded customers
As many similar funds seem to have failed in achieving their stated objectives, there are questions about the success of DPPF
Industry players also seem to be divided about who will fund DPPF, its members, and if financial institutions should pay for the negligence of customers
The fintech industry in India is at a critical juncture. On one hand, funding winter warrants extra caution on the part of startups in the space. On the other, the central bank is consistently tightening the regulations governing the segment.
Payment companies in particular are in for an overhaul if the Reserve Bank of India’s (RBI’s) ‘Payments Vision 2025’ is any indication.
The payments ecosystem in India is quite dynamic. Thanks to the increased adoption of technology and innovation, India enjoys a pre-eminent status in the global payments space. A steady growth in digital payments and the availability of innovative and efficient payment systems have made India a force to reckon with in the global arena.
According to the RBI, over 26 crore digital payment transactions are processed daily by payment systems in India, of which the UPI (Unified Payments Interface) system processes more than two-thirds.
RBI’s Vision Document
The RBI’s vision document aims to provide every user with safe, secure, fast, convenient, accessible and affordable e-payment options. It also envisions the creation of a Digital Payments Protection Fund (DPPF).
“With the growing adoption of digital payment modes, there is a rise in digital payment frauds. In spite of the efforts of stakeholders, recovery rate of defrauded amounts is not very encouraging. With an aim to provide a security cover to defrauded customers/issuers of payment instruments, a study on scope/ feasibility of the creation of DPPF shall be undertaken,” says the RBI’s vision document.
At present, DPPF is just an idea floated by the RBI. The regulator in due course will come out with detailed guidelines for the administration and management of DPPF.
Funds Similar to DPPF Have Achieved Nothing Substantial
The Depositor Education and Awareness Fund, established by the RBI in 2014 for safeguarding the interest of depositors, is already operational. The objective of this fund, as the name suggests, is to educate and spread awareness. The fund grants financial assistance to entities for taking up activities such as seminars, campaigns, among others, on depositors’ education and awareness, and financial literacy, particularly among the excluded sections of the society.
The banks transfer inoperative deposit accounts, which have not been claimed or operated for a period of 10 years or more, to the fund. Deposits or amounts remaining unclaimed for more than 10 years are also transferred to the fund.
Similarly, there is an Investor Education and Protection Fund Authority (IEPFA), established under the Companies Act 2013 by the Government of India. The authority is entrusted with the responsibility of administration of the Investor Education Protection Fund (IEPF), making refunds of shares, unclaimed dividends, and matured deposits/debentures, among others, to investors and promoting awareness among investors.
“The Investor Education Protection Fund (IEPF) can be the template for the DPPF as it also primarily promotes awareness among investors, and protects the interests of the investors. In this case, it would be creating awareness about frauds and thus providing a security cover to the defrauded,” Avinash Godkhindi, MD and CEO of Zaggle, a SaaS-based fintech player, suggested.
There are also investor protection funds established by the exchanges to compensate investors in cases of defaulters’ assets not being sufficient to meet the claims of investors. The stated objectives of these funds include investor education, awareness and research.
These funds, however, have achieved nothing substantial since their inception. Take the example of depositors. Repeated large-scale bank scams in recent years have left retail depositors in the lurch. The Depositor Education and Awareness Fund has done precious little to safeguard the interests of depositors in the wake of recurring scams that cost retail depositors dear.
Last year, Minister of State for Finance Dr Bhagwat Kisanrao Karad informed Parliament that as per the RBI, the total amount of unclaimed deposits of scheduled commercial banks (SCBs) stood at INR 24,356 Cr as of December 31, 2020.
Unclaimed deposits increased by INR 5,977 crore in 2020 from the previous year, which only goes on to state that depositors’ interest is not really taken care of.
The story of investor protection funds is not different either. Now, we will soon have DPPF.
‘Banks Should Fund DPPF’
Any step that protects the interest of customers is welcomed without reservations. However, the administration of such a fund, its corpus, constitution, constituents, and method of compensation, among others, need brainstorming among stakeholders, including banks.
“The volume of digital fraud in India as a percentage of overall digital transaction volume is extremely low compared to other markets. I don’t think DPPF will help in reducing fraud. Today, all financial services companies are required to get fraud protection insurance. We will need to wait and see who exactly DPPF will benefit,” said Kunal Jhunjhunwala, founder and MD of airpay, a payments aggregator.
Kumar Shekhar, VP member, Operations at Tide InLondondia, a business financial platform, said that the layout of contributing entities will largely depend on the structure of the fund – whether it is in the form of a grant by an institution, such as the state and central governments, or if the constituents are required to back the fund with a security amount.
Jhunjhunwala is clear in his thoughts that the banks should fund DPPF.
“It is the banks that oversee all the fund flows with very little control with anyone outside of a bank,” Jhunjhunwala said.
An ideal scenario would be for all the players in the ecosystem, including issuers, acquirers, payment aggregators and gateways (PA/PG), fintech, and non-banking financial companies (NBFCs) to collectively participate in the fund, Shekhar said.
Constituents Of DPPF
According to Jhunjhunwala, banks, fintech and payment companies, NBFCs and law enforcement agencies should be constituents of DPPF.
In the case of Investor Education and Protection Fund, stakeholders such as eGovernance Services India and the Institute of Chartered Accountants are partners. They could be partners of the proposed DPPF as well. Experts drawn from different fields but with the deep technical know-how of digital operations are certain to be a part of the DPPF in some or other capacity.
Industry observers said guidance of the SFIO (Serious Fraud Investigation Office) can be explored for setting up DPPF.
In any case, according to the RBI’s ‘Master directions on frauds – classification and reporting by banks’, frauds involving INR 1 Cr and above need to be reported to the SFIO.
Who Should Foot The Bill In Cases Of Customer Negligence?
Jhunjhunwala said investor protection funds would be a good starting point for the DPPF framework. The scale and type of use the RBI needs to deal with are far more complex and diverse. Capital movement is now real-time and far simpler to execute, he added.
As things progress with the setting up of DPPF, a key question that is likely to raise many eyebrows is whether should DPPF cover a fraud protection that occurred due to the negligence of a customer.
It will prove to be a tricky situation. “How do you define carelessness?” Jhunjhunwala wondered. “An old lady might have got a call from an individual threatening to shut the bank account unless the OTP is given. In that fear, they will provide the OTP. Is that carelessness?”
Many have argued that financial institutions cannot be penalised for customer negligence. The general refrain is that the customer should bear the losses which have occurred due to his negligence.
“This is because an insurance cover for such frauds opens the door for massive system abuse. But at the same time, I think it is also the responsibility of financial institutions to educate users about possible forms of cyberattacks and the various tactics used by fraudsters so that instances of negligence can be reduced,” said Shekhar.
Godkhindi noted that banks and payment companies are responsible for creating awareness among customers so that they do not fall victim to fraudulent activities.
If a fraud takes place even after repeated warnings, it can be due to faults lying within the system. Neither the bank nor the customer is at fault in this scenario.
“In such cases, the customer has zero liability if he or she reports the fraud to the bank within three working days of receiving the communication from the bank about the unauthorised transaction, as per previous RBI guidelines,”
Shekhar opined that the amount of compensation – minimum, maximum, or nil – should be directly proportional to the customer’s negligence.
“For instance, if a customer is defrauded despite all security measures embedded by the institution due to his/her own negligence, the customer will not be eligible for a cover from the pooled fund,” he said.
However, if a financial fraud occurs due to negligence by a financial body, the victim can be refunded from the pooled fund and the responsible institution can in turn reload the fund consumed, he added.
Offering a different perspective on the issue, Godkhindi said, “Customers, who are usually young and new to the whole digital payments interface, or old, who are not as tech-savvy, fall prey to fraudulent activities. It can happen to anyone. Hence, to safeguard their money, a trend analysis can be conducted to understand customer behaviour to create a framework of customer sets who need guidance and awareness.”
Another trend analysis can be conducted around the websites which are most used in such cases of fraudulent activity, he said, adding that this will in turn be beneficial in keeping a check and list out websites that customers should stay away from. Such steps would help create general awareness about safe and secure digital payments.
‘Customer Protection Shouldn’t Be At The Cost of Business’
For any service-oriented or product company, particularly in the digital space, customers are always at the forefront. When it comes to the prevention of fraud, though earnest efforts have been taken from time to time, fintech players leave much to be desired.
They, however, would have no hesitation in joining hands with the RBI in the battle against fraud. One thing is clear though, as Juhunjhunwal said, “consumers need to be protected, but not at the expense of the business”.