Fin Tech 1 To 30

Introduction to Fintech
Issue 1.0
June 2020
1.1 What is FinTech
 Introduction
 Need for FinTech in context
of
 Banking industry
 Insurance Industry
 Wealth Management
Industry
2.1 Initiatives by Indian
Government to boost
fintech.
2
3
Recent Media buzz
The domain of fintech is expected to continue to pay

a very crucial role in a post COVID-19 world.
However, for that to happen, fintech will have to
evolve and adapt to a new world order. Experts are
working on ways in which Fintech companies can
stay relevant efficiently and profitably
Source : Economic Times, 4

Mint
What is
Fintech
• As the word suggests ‘Finance’ + ‘Technology’
• Financial industry innovates & improves financial services by use of technology
• Traditionally, large Banking and Financial institutions have been resistant to change
due to their legacy IT systems.
• Scope for innovation is restricted as they are under constant scrutiny by regulatory
bodies and their agility for customer acquisition and service was bound by tedious
processes.
• The FinTech industry came been under focus recently with Berkshire Hathaway’s
investment into Paytm for Rs 2500 crore marking Warren Buffett’s first investment in
India.
• “The Indian fintech ecosystem is the third largest in the globe. $6 billion investments
have already happened in fintech market in the country in the last 3-4 years. Fintech
market in India is likely to expand to $31 billion in 2020," – Niti Aayog CEO Amitabh
Kant in May 2019.
• FinTech is amongst the most thriving sectors at present in terms of both business
growth and employment generation. Globally, the FinTech software and services
industry is estimated to touch $ 45 billion by 2020, growing at a CAGR of 7.1% -
source : NASSCOM – February 2020
5
Traditional banks &
FI
Traditional Banking Institution Strengths
• Have a very strong existing customer base and relationships that have been in place for years. They
still retain the lion’s share of consumer accounts across the spectrum of financial services.
• Convenience of in-person touchpoints at branch offices to solidify relationships with clients — even
as they build out their digital strategies.
• Big national banks & NBFCs have better capital to invest in their own digital transformation
initiatives like such as mobility, artificial intelligence, machine learning, and big data analytics.
Traditional Banking Institution Weaknesses.
• The traditional financial institutions still have significant work to do to repair consumer trust
damaged during the last recession.
• concerns improving consumers’ digital experience. While financial resources are being allocated to
create new digital offerings, many of these initiatives are not well integrated with their more
established call center or operations.
• The complexity of existing systems — built on generations of difficult-to-integrate legacy
technologies — combined with an incumbent culture that may not be optimized for today’s digital
marketplace.
Example : The rigidity and complex procedure of availing unsecured loans from traditional route was
time-consuming, tedious, non-transparent and was not at all consumer friendly. Fintech’s with all its
process being done online has helped solving these issues. Applying, processing, verification of
application everything is done online so saves a considerable amount of time. Disbursal of loan is also
done online in fact even in 24 hours in some cases. The procedure here is really flexible and is really
transparent as well. Additionally the conventional system was more focused on lending to the
employees who were employees in A or A+ category companies whereas Fin techs were focused on all
employees of registered companies. This way Fintech were successful in winning the trust of customer
and in becoming their first choice for financial requirements
6
Fintech – Paradigm
shift
• The FinTech model is based on charging a premium for customer segment
that is inclined towards service and the ‘overall experience’.
• These companies combine agility with personalisation and
convenience. These start-ups leverage technology using API’s to deliver
results, real- time.
• They promise ‘credit in a minute’ with zero paperwork, transparency and
customer service. Features such as round the clock access, immediate
consultation, remote account opening, real-time fund transfers, multi-
channel repayments (auto-debit, payment gateway, wallets, UPI, eNACH
etc), real-time reconciliation, are their distinct differentiators.
• Compared to traditional FIs, new-age FinTech’s are more data-driven.
Their lean operating model focuses on agility and customer-centricity.
Their flatter organisational structures are more responsive, and can
quickly leverage technology innovations to provide a more
personalized customer experience.
• Also, as most FinTech’s operate on the mobile platform, mobile
penetration in India has given FinTech’s a distinct advantage
over traditional banks.
7
Key Fintech offerings in India by Financial services
companies
• Pre-paid payment instruments : PPIs are instruments that
facilitate the purchase of goods and services (including financial
services, remittance facilities etc.) against a “stored value” on such
instruments. In India, they are pre-paid cards or virtual wallets.
• UPI Payment : The Unified Payments Interface is a payments
platform managed and operated by the National Payments
Corporation of India (NPCI). The UPI enables real-time,
instantaneous mobile based bank to bank payments. It is low
cost, easily accessible and universally available facility.
• Digital Lenders : NBFCs offer credit products to SME and retail
clients. They have developed interactive applications and websites
to enable end-to-end customer journeys – starting with
onboarding and initial credit verification and checks, processing of
loan documents and disbursement.
• Peer-to-peer lending platforms : P2P platforms are online
platforms which offer loan facilitation services between lenders
registered on the platform and prospective borrowers. They act as
intermediaries providing an online marketplace for P2P lending in a
regulated environment.
8
Key Fintech offerings in India by Financial services companies
Contd.
• Payment aggregators/ intermediaries : These are entities
which facilitate online sale and purchase transactions
primary on e-commerce platforms. Such entities facilitate
collection of electronic payments from customers for
goods and services availed and the subsequent transfer of
payments to merchants.
• Payment banks : They are entities licensed by RBI to offer
basic banking services digitally to their customers.
Payments banks are permitted to accept small deposits
(upto Rs. 1 lakh) from their customers. However, payment
banks are not permitted to give loans, issue credit cards
or offer any credit products. The regulatory intent behind
payments bank licenses was primary to increase financial
inclusion, especially in the low-income segments and to
promote digital payments and digital banking services in
the country.
9
Drivers for
Fintech
• Generational shift – New generation more open to newer
technologies and mediums.
• Rapid growth of supporting platforms
– Mobile technology
– Internet
– Computing power
• Broader choice due to increased competition and decreased cost of
products and services
• government’s consistent efforts to promote digital services through
‘Digital India’.
• The government’s biometric identification database, Aadhaar,
contains information of over 1 billion Indian citizens, minimising
the effort required for first level verification of customers.
• government has introduced tax rebates for traders accepting more
than 50% as electronic payment
10
Key innovations related to Fintech
Smart Chip Technology
• Smart chip ATM cards have significantly helped in minimizing the financial
loss that occur in the case of mishaps. It comes with EMV technology that
is embedded in the chip. This technology uses a one-time password for
each transaction. This increases the security since the code is valid only
for one transaction; so, even if somebody steals it, he won’t be able to do
anything.
Biometric Sensors
• Biometric sensors along with Iris scanners are path breaking since it
would simply eliminate the need to carry your plastic card. Furthermore,
you won’t need to remember your pin.
• ATMs more secure than ever since you’ll be able to access your own
account without any password. The biometric ATMs use integrated mobile
applications, fingerprint sensors, palm, and eye recognition to identify the
account’s owner.
• The usage of biometric technology brings a huge sigh of relief for all the
customers who get panic even at the thought of losing their ATM card. It’s
because due to this, they would be able to access their funds even when
they have lost their card.
11
Online Transactions
• Massive increase in the online payments due to the emergence of e-Commerce
Omni-channel & branchless banking
• FinTech financial services is transforming the entire banking system from a branch-specific
process to various digital channels such as online, social, and mobile. It also reduces the
bank’s dependency on its brick and mortar branches to function.
Customer service chatbots
• Chatbots are nothing but bits of software that use machine learning and natural language
processing that enables them to constantly learn from human interaction.
• Chatbots are highly efficient as they streamline customer interactions like query handling and
directing customers to the required departments.
• Bank of America’s chatbot Erica, which can provide investment advice to its customers.
Whereas, the chatbot used by UBS can scan customer emails autonomously thus reducing
the total time taken in the task from 45 minutes to mind-boggling two minutes.
Artificial intelligence (AI)
• AI along with Machine learning is vital for fraud detection. The software that banks use for
fraud detection generates alerts whenever there’s a potential fraudulent transaction. Later it
is backed up by the human investigation that finally determines if the attack was real or false.
12
13
Source : https://www.makeinindia.com/article/-/v/growth-of-fintech-in-india
Close to real-time Customer fulfilment and service
Feature Banks NBFCs FinTech

Time to Get Money* Typically 3-5 days Typically 1-3 days Typically less than 1 day
Convenience Low Medium High
Reliability of Customer
Low Medium High
Service
Interest Rates 10-15% 14-20% 12-27%
Flexibility in Rules Low Low Medium
Paperwork Involved High Medium Low
Specialized Products Rarely Frequently Frequently
* New customer 14
Comparison of Processes
Process Step Banks NBFCs FinTech

Document
Generally manual Generally manual Generally automated
verification
Agreement signing Generally manual Generally manual Generally automated
Generally based on self
Generally based on
attestation, signing ofTypically eKYC or
self attestation,
KYC photo copies or eKYCscan image upload
signing of photo
for digitally advanced based
copies
NBFCs
Other paperwork (e.g.
Generally high Generally high Generally low
cheques)
Many banks, including Barclays, Citibank, Goldman Sachs working closely with
FinTech’s. Collaboration between ICICI Bank and Paytm is a good example of how
banks have started partnering with FinTech. BNP Paribas, HSBC, UBS and Deutsche
Bank have invested into FinTech firms, whereas some banks are even acquiring FinTech
start-ups to counter these challenges.
15
Fintech Strengths & weaknesses
Fintech Strengths.
• No legacy from past
• The media buzz trended positive in their favor
• Main strength revolves around the innovations that are closely associated with their brands.
• They bring a fresh image that has a certain appeal to those consumers who still carry some
bitter experiences with traditional banks.
• Fintechs focus on providing a focused best of breed service around specific financial
offerings. They do not pretend to be a one-stop shop for all financial needs. Consequently
they have been able to make inroads with consumers who care about narrow aspects of their
financial lives.
Fintech Weaknesses.
• Their narrow focus, however, is also the source of their biggest vulnerability. J.D. Power
research clearly indicates that there are serious concerns from consumers about managing a
fragmented set of financial resources.
• A significant percentage of consumers — even among Millennials — are not necessarily
excited about using different providers to manage deposits, borrow, invest, and plan their
retirement. The narrow focus also limits the touchpoints that lead to the development of
trusted relationships. This is a challenge exacerbated by most fintech's’ choice to limit their
interactions with consumers to digital channels.
16
Fintech -
Advantages
• Fintech by its very nature, eliminates / minimises the need for middlemen, thus reducing costs
• Complete transparency (no gap in information sharing) between the institution and its customers.
• Makes the processing far more efficient than with traditional players
• Saving. They say time is money, and never better. In this case, the possibility of carrying out the
procedures much faster and through automated processes, increases the efficiency in the day to day of
the companies (also at the user level). Which also translates into more than visible economic savings.
• Flexibility. Fintech allow you to perform all kinds of operations from wherever and whenever you want
in a very simple way. For example: being able to request a loan from home with just one click and no
paperwork at the bank.
• FinTech make it easier to distribute information, advise, and offer more basic aspects of financial services
including banking, investing, borrowing and saving to larger populations.
• For example, insurance sector :
– Benefits:
– It protects you against risks that no traditional insurance will cover.
– The power of decision belongs to you.
– Your peers can provide financial and emotional support, as well as advice.
– Any funds left over after your coverage has ended are returned to the members.
– Member knowledge becomes community knowledge, lessening the change of negative events
happening.
• FinTech firms are using different data sets and considering other factors during the underwriting processes
that traditional banks do not consider, consumers have great access to capital that grows the economy and
creates jobs.
17
Fintech – Concerns around it
• Small and sometimes inexperienced management teams who lack capacity
• Fewer financial resources that prevent appropriate scaling
• Limited credit and startup experience
• Lack of a sustainable business model
• Inability to attract analytics and personnel talent
• Limited knowledge of compliance
• Feeling of lack of security. Like any virtual platform and everything that is managed through
the Internet, in the use of these essentially technological products and services there are
certain risks associated with the rise of cybercrime. However, companies work every day to
fortify their security measures to avoid attacks. Although there are no guarantees that our
data is one hundred percent protected using, for example, traditional banking.
• Ignorance. Although the level of penetration of fintech in the business and financial fabric is
growing, there is still a wide sector that does not know what they are, what their benefits are
and how to use them.
18
Fintech & Banks partnership – Win win
situation
By combining the stability, product variety, customer knowledge and financial strength of
traditional banks and NBFCs with the data enrichment, user experience and modern platforms that
quality fintech firms can provide, both can build an amazingly rewarding experience for each
other and their customers.
• Emergence of FinTech companies has been a win-win situation for both start-ups and larger
institutions. Start-ups are typically more flexible and agile equipped with more modern
technology expertise and innovation capabilities. By collaboration, larger institutions can gain
access to new technologies, whereas start-ups can gain access to funding sources and large
customer bases.
• Challenging for start-ups to ensuring regulatory compliance and fraud free payment systems
are very difficult to manage for any start-up, so currently most FinTechs are still built on top
of existing processes and systems of well established institutions and payment systems. To
maintain the dominance banks have enjoyed up to this point, they need to radically redesign
their customer-facing assets. If banks fail to overhaul their exteriors to offer a personalized,
best-in-class product experience, they will be relegated to supplying the engine for sleeker-
looking tech companies in 10 years’ time.
• Additionally, the hectic pace of change in payment systems – online, mobile, virtual wallets
and smart watches, among others – means that all businesses need to remain alert to the
latest trends and developments. Central bank needs to support FinTech phenomena by
addressing customer protection issues and ensure authenticity of transactions.
19
situation
• Here are the top 5 reasons the combination of fintech solutions and legacy banking
organizations bring a winning synergy for the future:
• Fintech improves the health of traditional financial institutions by enhancing performance
and improving profitability. When traditional FI see fintech firms as partners in this journey,
rather than firms selling products, the opportunities begin to expand.
• Fintech solutions provide a way for legacy financial institutions to improve customer
retention and preference. Data enrichment is an extremely powerful tool that quality fintech
firms bring to the game.
• Fintech firms provide an opportunity to enhance loan portfolio diversification. When you
have the ability to become more granular with each customer, you are more likely to find
(and offer) consumers the exact products they need, when they need them.
• Fintech partnerships can help solve industry-specific points of pain, like securing credit card
processing, transferring money, and processing loans quickly. With a strong fintech
partnership, traditional financial organizations benefit from the leverage of a state of the art,
secure network that can manage time-consuming and lengthy tasks quickly and effortlessly.
• Fintech data can provide financial institutions a keener insight into what their customers are
doing with their money. This again speaks to the power of data enrichment fintech
partnerships can provide. Further, the power of the cloud that quality fintech firms have
tapped is another tool in delivering product offers and services specifically tailored to
individual customers in real time.
• .
20
Examples of initiatives by traditional
banks
• Response to challenges posed by fintech expansion
• Traditional lending institutions make a mark in the fintech space by launching online apps for
accessing banking and financial services, and speeding up the turnaround time.
– Manappuram Finance has come up with its own online “gold loan” app, which
consumers can download and manage the loan application within a few clicks. They can
even use the app to make instant repayments.
– Several banks have come up with new mobile phone applications to match pace with
fintech organisations. We see many digital transaction apps. For instance, HDFC Bank
and Axis Bank have launched mobile apps for online transactions. Barclays is set to
operate its fifth global fintech innovation centre in India.
– Federal Bank is intending to partner with Startup Village for launching innovative
banking products.
– Goldman Sachs Principal Strategic Investments Group (GSPSI) is planning to invest in
Bengaluru’s fintech sector..
21
Fintech in Insurance
world
• Insurance carriers are now making the leap into the 21st century. They have little choice. If
they fail to deliver against the ever increasing demands and expectations of customers they
will lose share to traditional rivals that do succeed in striking the right chord. And to new
entrants that have the advantage of digital DNA to leverage technology to provide lower
costs and better service.
• The insurance industry is facing intense competition as other industries have started
providing alternative financial solutions to insurance. For instance, banks are providing loans
to aid immediate financial losses, and industries like healthcare are providing medical
membership as an alternative to insurance. There is a need for insurance companies to stand
out from the competition, and they can achieve it with the help of fintech. Here are some of
the services that insurance companies can provide to get an edge over the competition:
• Personalized Insurance
– For instance, health insurers can make use of patient data to get an insight into the
medical condition and behaviour of a person. And they can offer personalized medical
insurance that covers normal or life-threatening medical conditions that the person
might suffer based on his or her behaviour.
– IoT can help vehicle insurers can monitor the driving habits of the insured. Insurers can
then provide personalized insurance based on the driving habits of the insured.
22
•
world
Improved Security
– Using advanced technologies like blockchain and AI can impact the insurance industry in many
different ways. For instance, the use of blockchain’s decentralized ledger will help insurers to keep
their customer’s data more secure.
– The consumers can also use blockchain technology to keep control over their data and only allow
the insurers to access it on an as-needed basis.
– Blockchain technology will also help insurers to detect fraud.
– Insurers can share transaction data on the blockchain and collaborate to find out any suspicious
activities across the industry.
• Enriched Connectivity
– Artificial Intelligence Solutions can avoid friction at many touch points in the customer journey.
Chatbots will be able to understand and act on customer query at any time. With deep learning,
chatbot solutions can understand interpret sentiment to identify when to introduce a human
agent.
• End-to-End Automation
– Customers are ready to leave the manual claims processing behind. It allows the user to report car
insurance claims to their providers in real-time and leave the accident site immediately providing
there is little damage to the vehicles. In the near future, enhanced data collection from cars,
wearables and smartphones will further enable claims automation. If accidents occur, diagnostics
from these devices will automatically contact insurance providers, process claims immediately,
and even automate payments.
23
Ways in which Fintech is impacting insurance
•
industry
Online Marketplace
– In the Indian insurance sector, From purchasing a policy to raising a claim, the process was time consuming,
resource driven, and paper intensive.
– Technology has addressed these concerns and awakens the giant.
– The online environment is available to consumers as well as brands. Insurance providers are meeting insurance
seekers in the online marketplace. They speak the same language and hence communicate quickly. Dealing with
the claim process used to be a tedious affair, it took weeks to receive the claim amount. In today’s tech-savvy
age, insurance claims can be settled within a day, if not hours.
• Exponential Growth
– FinTech has created an ecosystem which is conducive for exponential growth. Customers are used to purchasing
t-shirts online. FinTech has made it possible to replicate, if not better, this consumer experience in case of
insurance. A few clicks and you can avail your car insurance instantly.
– FinTech has enabled productive user interface, glitch-free user journey, and streamlined back-end processes.
This has changed the way insurance as a product, as a service, and as an industry is perceived by consumers.
• Customized Pricing
– Insurance premiums are traditionally priced based on certain generic factors. For example, car insurance
premium depends upon car’s make, model, age, location, etc. With technology, insurance companies can access
data that will shift the premium pricing model from generic to specific.
– Thus, a driver who is cautious doesn’t speed much, and travels a route which is not prone to accidents, will
pay less premium compared to a rash driver who often takes his car on long trips. Overall, FinTech will help
in risk assessment and customized policy pricing.
24
•
industry
Integrating Technology
– Technology integration must be holistic, not individualistic. Customers interact with online insurance providers
via their website or mobile app, however, the back-end processes related to them also need to be injected with
advanced technology.
– From customer acquisition to customer servicing, technology can increase efficiency and lower costs. The
entire insurance ecosystem needs an upgrade as far as technology is concerned and FinTech is playing a key role
in integrating technology across functions.
• In Trend
– Internet of Things (IoT), Big Data & Analytics, and Blockchain technology are buzzwords associated with
insurance. IoT enables physical objects to share data. Just as telematic devices provide data pertaining to a
driver’s profile, fitness trackers will give insights into a person’s health profile which can be analyzed to arrive at
tailored health insurance quotes.
– Big Data & Analytics aid precise customer profiling which facilitates customized marketing and cross selling.
Structured and secured record keeping will be possible due to Blockchain technology which is also useful in
ensuring transparency, detecting fraud, reducing redundancy, and increasing productivity.
• Breaking Barriers
– By going completely digital, insurance companies are no longer confined by geographical barriers. This reduces
operational costs and the cost advantage can be transferred to the customers. Insurance companies can explore
untapped markets by using technology as a vehicle which will be fuelled by data and innovation.
25
Business benefits to Insurance companies
1. Superb customer engagement : Solutions that help insurers to make a leap in customer engagement, to
become much more effective in every step of the customer journey.
2. Dramatic cost savings : Fintechs that provide innovative solutions that impact the key cost drivers. Think
of solutions for improved claims management, fraud detection, more cost effective customer acquisition
and cost efficient service.
3. Sophisticated underwriting and risk reduction : The core competence of insurance is ready for a
makeover thanks to all sorts of new technologies; machine learning and cloud computing.
4. Disruptive business models : Emergence of new digital first carriers, with a new business model that is
clear about how it creates value for its customers.
5. New roles in the value chain
Traditional agents and brokers are becoming less preferred in many mature markets because of high
commissions and lack of added value. Online alternatives now enter the insurance arena.
6. Innovation acceleration enablers
The systems of most insurance carriers are older than the customers they serve. Obviously, this is a major
hurdle to innovation. Several fintechs are offering powerful solutions that align IT with the business
demands for speed, flexibility, agility and cost efficiency.
7. Contextual data propositions
Connected objects will generate loads of new information, not only directly related to the insurance but
also about the context. This will spawn much deeper customer insights and in turn these should lead to
fascinating new directions for product and service innovation.
26
Fintech in wealth management
Asset management is a variety of bonds, stocks, and real estates of investors and how they’re
managed, whereas Wealth management is financial management services like retirement
planning, estate planning, investment management, etc. offered to high net worth individuals.
Wealthtech: the new wealth management
• Fintech is giving wealth managers the opportunity to improve their service offering at a lower
cost, and is giving rise to an entirely new toolset: wealthtech.
• Driven by artificial intelligence (AI) and machine learning (ML), wealthtech leverages complex
algorithms to advise clients on the best choice of investment or savings plan
• For example, robo advisors
These digital platforms take on the

role of human advisors, by using algo
rithms to calculate and select investm
ents based on the desired
risk and objectives of prospective
clients. Micro-investing
27
Benefits of Fintech to Wealth management Professionals
• Wealth-management professionals are now able to leverage fintech solutions to potentially
lower the cost of entry for their clients.
• The key to differentiating their firms in a fintech-driven world is personalisation.
• While robo-advisors are able to provide as-you-need-it support, they fall short when it comes
to personal interaction.
• By leveraging AI solutions to perform the behind-the-scenes operations of wealth
management – such as data entry and active investment management – wealth managers
can focus on their clients’ specific needs.
28
Govt. Initiatives to promote fintech
• The fintech space growth has been powered by the Government of India (GOI) with
introduction of innovation-supported startup landscape, friendly government
regulations and policies, and a large market base.
• NASSCOM revealed that 400 fintech firms are currently operating in India, and the number is
expanding every quarter
• Some of the leading fintech space services and technologies (apart from that for
cryptocurrency and software services) in India are:
– Remittance services: both outbound and inbound remittance transaction are being
taken up by start-ups including FX, Instarem, Remitly and others, which pose a challenge
to giants such as MoneyGram and Western Union.
– Personal finance and loans: several websites, Loanbaba among them, have come up
that are helping people access quick loans within 24 to 72 hours.
– Payment services: web and mobile apps for accepting and transferring payments from
businesses and individuals saw a rise after the demonetisation drive in 2016. Some
fintech firms that saw a peak from then on are Paytm, Mobikwik and Oxigen Wallet.
– Peer-to-peer (P2P) lending: a P2P lending platform allows borrowers and lenders to
communicate with each other for lending and borrowing cash, regulated by the Reserve
Bank of India (RBI) norms. For example faircent.
– Equity funding: crowdfunding platforms are also proliferating and adding to the finance
community initiatives; for example Start51 and Wishberry.
29
• The GOI established a regulatory environment in the country and encouraged new businesses
to take the lead and make a mark in finance industry.
• The year of 2018, saw more than 125 fintech start-ups emerge successfully. This is evident as
we have seen an increase in the investment and funding by both international and national
banks and grounds for India’s fintech start-ups for funding payment wallets, finance tools,
and other financial services.
• For technology innovators, the GOI has launched initiatives such as National Payments
Council of India (NPCI), Digital India Programme, and Jan Dhan Yojana.
• There are tax benefits for businesses and consumers as well on e-payments as surcharges on
electronic transactions stay relaxed.
• The authentication requirements for the same also show the active effort of the government
towards strengthening the fintech space in India.
• The promotion of entrepreneurial climate in the country via easy governance and policies for
the start-up sector in fintech, has secured a transparent growth for online platforms offering
services such as insurance schemes, personal loans, quick cash, credit cards, and more.
30
Fintech – here to stay
Use Fintech to Your Advantage
Accept Change
• Fintech is here to stay. As it continues to transform the industry and client expectations,
operating without technology won’t be acceptable.
• Many advisors rely on Excel and macros for planning, which takes up valuable time that they
could use to interact with clients. Things traditionally done via Excel can be done faster and
more accurately with technology, such as financial planning and portfolio rebalancing
software.
• It takes time to learn new technology, but it’s an investment that will pay dividends in the
future. Instead of resisting the inevitable, firms should consider how technology can apply to
their businesses.
Identify Value
• Technology may replace some of the work advisors currently perform, but it wont diminish
their value to clients. Just the opposite, in fact. Technology enables advisors to provide better
services, offer stronger advice and deliver more assistance.
Automation saves time, reduces human errors and minimizes costs. Fintech ultimately will
upgrade the relationship between individuals and advisors, and firms that recognize this
will thrive.
31
Trends in
Fintech
New Customer
250000
200000
150000
100000
FY 17-18 Qtr
1
50000
FY 18-19 Qtr
0
Fintech NBFC New
Loan New Bank
Accounts customers Accounts
Trends over past 18
Trends in
Fintech Rapid Growth of
70% Fintech
60%
63 %
50%
51 %
small ticket loan

40%
45 %
30% Fintech
20%
growth
Banks
10%
0% 11 %
FY 17-18 Qtr 1 FY 18-19 Qtr 2

Trends over past 18 months
Source : Economic Times 33

Fintech Innovation Lab
Fintech – where they fit in with traditional players
• Aggregators: Front end to various FI

– primarily in lending and insurance sectors
– may not have own product range most of the time, but do
customer fitment based on comparisons
• Backend processing requirements
– Large institutions outsource technology for customer
acquisition using latest mobile and internet
– customer behaviour analysis
– background checks
• Specialised players in the payments sector, POS
providers and institutions for MSME segment etc.
34
Indiastack – backbone of digital transactions
We are on the threshold of

exploring the potential of
Indiastack for close to real
Risks around data time transactions
privacy protection
35
Disruptions in Financial Services in India
36
Disruptions in Financial Services in India – Pioneered by
RBI
• RBI pioneering fintech growth
• RBI has given a boost to Bharat Bill Payments System
and Unified Payments Interface along with P2P lending,
digital payments etc. The use of automated algorithms
has disrupted the industry and has made it simpler for
consumers to utilise these facilities. RBI has granted
several fintech entities licences to introduce payment
banks that offer deposit, savings, and remittance
services.
• The GOI and budding entrepreneurs have taken the
fintech space by storm and the future of finance
technology does show a bright prospect
37
Aadhaar – Key enabler for
Fintech
• Challenge of financial inclusion has been significantly addressed by
Aadhaar and mobile access – from 557 million unbanked in 2011
to 233 million in 2015
• Key reported uses of one’s ID – financial and mobile services
• ~ 92% of Indians have the unique identification number, compared
to only 60% in low-income countries
• India’s cooking gas program (Ujjwala Yojana) is the world’s largest
cash transfer program for women
• The real test of the JAM trinity came recently, with crores of
accounts being credited during lockdown
– JAM stands for Jan Dhan Yojana, Aadhaar and Mobile number.
– The government intends to use these three modes of identification to
implement one of the biggest reforms in independent India – direct
subsidy transfers to the poor.
38
eKYC -fuelled by
Aadhaar
• Avoidance of repetitive onboarding processes and reviews
by leveraging on work already done by other Service
providers. Data collection cost estimated to have been
reduced by 50%
• Reducing friction and paper by cutting out client contact and
sign-offs. Time to revenue is shortened
• Privacy concerns, however, led to SC striking down mandatory
use of Aadhaar for eKYC process. Only regulated banks may
use Aadhaar as a non-binding document to open accounts
• Aadhaar paperless offline e-KYC started with card holder
downloading digitally signed XML, and sharing file with SP.
39
Disruptions in Financial Services in India – Unified Payments Interface
• Launched by NPCI in August, 2016 with participation of 21 banks. In April, 2020 the
number of banks live on UPI was 153. During same period, transaction volumes up
from 0.093 mn. (INR 31 mn.) to 999.57 (INR 1.511 tn.)
• Mobile-based real time payment platform, allowing users to instantly push or pull
funds
• Supports both peer-to-peer and peer-to-merchant financial transactions
• Single click, two-factor authentication (User entered UPI PIN + mobile number)
• Simple and interoperable – account in one bank can be linked to UPI app of another
bank or Fintech apps like Google Pay or PayTM.
• Unique identifier (VPA – Virtual Payment address) allows identification of customer
without providing card or account details
• Merchants can seamlessly accept payments and facilitate in-app payments
• Version 2.0 is more merchant centric with abilities to :
- pre-authorize a transaction with an option to pay later
- link overdraft accounts on UPI
• Fintechs have bolstered UPI adoption among consumers, with PhonePe, PayTM and
Google Pay accounting for ~ 85% of the volumes
• BHIM (Bharat Interface for Money)
40
PAYMENTS trends in the
world
• In financial services, the mobile phone has been the biggest
transformation agent, aided by the internet, which has become the
busiest channel
• In China, 92% of the mobile payments are handled by Alipay (world’s
largest payment network) and WeChat (volume exceeding both Visa and
Mastercard)
• In 2016, mobile payments overtook card payments in China, and more
than 80% of the population is comfortable leaving their homes
without cards or cash
• At least 40% of Kenya’s GDP rides on their mobile money service M-Pesa.
Their Central Bank estimates that the average Kenyan saves 20% more
today
• More than 20 countries where people have a value store on account
on their mobile phone rather than through a traditional bank
• Benefits of mobile banking and payments are most profound in rural
areas where access to a bank branch is costly and inconvenient
• US lagging behind China significantly in mobile payments volumes
(US$ 120 bn. versus US$ 17 tn. in 2017) ); 2/3rds. of the world’s
cheques are written in the US
41
PAYMENTS – Mobile
Wallets
• Dominated by IP-based players, bringing down the plastic world of
payments
• Evolution of a globally integrated wallet service with Alipay and
Ant Financial’s technologies powering the infrastructure of e-
wallets globally – Alibaba owns 42% of PayTM, rest with promoter
(38%) and Softbank (20%)
• Ant Financial’s forays into Europe (through partnerships with
Ingenico and Wirecard) and the US (with First Data)
• Ant’s vision of empowering digital FinLife globally, and beyond
being just a payments app or a mobile wallet – complete app
for commercial, financial and social systems
• Top mobile wallet companies in India – PayTM, Google Pay, Phone
(all with more than 100 mn. installs), Mobikwik, PayZapp and
Yono (10 mn.), Pockets (5 mn.), Amazon Pay, Citi MasterPass
• Types of mobile wallets in India – Open, semi-open, semi-closed
and closed
• India ranks 2nd. in Asia for digital payment adoption, with 40% of
respondents confirming usage of a smartphone wallet
42
RBI Steering committee on Fintech in 2019 -
Summary
• FinTechs working with Insurance companies should be allowed to use Drone and related
technologies to assess the crop insurance claims.
• RBI should consider development of a cash-flow based financing for MSMEs, development of an
open-API MSME stack based on TReDS data validated by GSTN and a standardised and trusted e-
invoice infrastructure designed around TREDS-GSTN integration.
• Department of Financial Services(DFS) to work with PSU banks to bring in more efficiency to their
work and reduce fraud and security risks. They should explore opportunities to increase the level of
automation using Artificial Intelligence (AI), cognitive analytics & machine learning in their back-
end processes.
• NABARD to take immediate steps to create a credit registry for farmers with special thrust for use of
FinTech along with core banking solutions (CBS) by agri-financial institutions, included Cooperative
societies.
• Should set up National Digital Land Records Mission based on a common National Land
Records Standards with involvement of State Land and Registration departments, with a view to
making available land ownership data.
• Comprehensive legal framework for consumer protection need to put in place keeping in mind the
rise of FinTech and digital services.
• Adoption of Regulation technology (or RegTech) by all financial sector regulators to develop
standards and facilitate adoption by financial sector service providers to adopt use-cases making
compliance with regulations easier, quicker and effective.
• Also, the committee has recommended that financial sector regulators to develop an institutional
framework for specific use-cases of Supervisory technology (or SupTech), testing, deployment,
monitoring and evaluation.
• Apart from this to ensure the implementation, Inter-Ministerial Steering Committee will be set up
on FinTech Applications in Department of Economic Affairs (DEA), Ministry of Finance, to continue
to carry on the tasks of implementing this report.
43
Thank you
44
Fintech Regulators and Regulations
June 2020
1
Need for Special Regulations for
Fintech
• Amalgamation of financial services, information
technology and telecom infrastructure.
• Heavy dependence on Information Technology and
internet, leads to a greater need for regulation as
online financial transactions are prone to several
security threats.
• Further, the FinTech space is exposed to the risk of
money laundering, terrorist financing, etc.
• FinTechs, unlike traditional banks, may not have a very
clear idea of regulators and governing bodies and the
rules and regulations that they have to adhere to.
• Every FinTech firm has a unique and dynamic business
model that functions on the premise of innovation.
Innovation leads to constant change and hence
governing such companies becomes difficult.
2
Regulations to mitigate risks in
Fintech
As the FinTech industry matures, regulations will need to keep
pace with its evolution so that the four areas below are
covered:
• Data Privacy – Misuse of data across the globe is a high
priority issue and FinTechs must adopt very high standards
of data security and privacy and allow only consent based
access to sensitive information.
• Data Security – Data must be protected against cyber
security attacks
• Risk Management – FinTechs must also follow the similar
risk standards as their larger counterparts to prevent
money laundering, terrorism financing, bad loans and
reputational risk losses.
• Operating Model – Even though they have a light and
dynamic operating model, well-defined governance model
and management of funds is necessary for sustenance.
3
Increase in use of Smartphones – Key to Fintech Growth
• Powerful, inexpensive, “customer-facing” technologies found in
smartphones, are expanding potential market size for services that
were once available only to very wealthy
• Customer segments that previously could not access or afford these
products and services may be less sophisticated than traditional
customers.
• FinTech innovation is cutting across regulatory jurisdictions because
different business models or delivery methods for services do not
conform to existing regulatory structures.
• Technology eliminates the distance barrier and allows competitors
to offer products to new markets on national and global levels.
• This can put pressure on regulatory systems that assume a material
geographic limitation.
• Regulators are seeing entrants to markets who lack the traditional
backgrounds and world views typically associated with incumbents
• Regulators have to deal with unprecedented pace of innovation as
technology enables faster iteration and experimentation of financial
services and products. .
4
What is a Regulation
Regulations are rules that govern how an activity is conducted, and provide a means of
enforcement if the rules are violated. Regulators are any actors who enforce those rules.
Regulation can be roughly divided into two parts
The creation and declaration of a rule
The enforcement of a rule.
How do they enforce a rule ??
• Regulators such as the RBI, SEBI and the IRDAI have extensive powers to oversee
compliance with applicable laws. These include the power to:
– authorise certain activities;
– refuse authorisation and blacklist certain fintech activities;
– impose conditions of business and operations;
– audit business and operations;
– require appropriate filings to be made with them; and
– impose penalties for non-compliance with applicable laws and regulations.
– Indian courts may be called to test the validity of certain laws and regulations. The
courts' jurisdiction may also be invoked in situations where the position adopted by
or the procedure followed by a regulator is questioned.
5
Stakeholders in the Fintech ecosystem
• Government
- Implementation and enforcement of policies
- Setting of regulatory environment
• Financial Institutions
- Private equity shops and Venture Capital funds
- Banks, NBFCs and Insurers
• Incubators – for seed funding, Accelerators – new companies in the process,
hackathons - brings together FinTech developers and designers to develop
financial products and discover new technologie
• Entrepreneurs
• Customers
- B2B
- B2C
• Infrastructure providers
- Technology vendors for hardware, software and services
- Mobile network operators and aggregators
6
Fintech Regulation – Multiple bodies
• FinTech has brought about efficiency improvements, risk reduction and greater financial
inclusion.
• However, Regulatory uncertainty and confusion in the FinTech sector is one of the major
challenges for the rapidly evolving FinTech sector.
• The problem starts firstly because of the involvement of several regulatory bodies
– RBI being the obvious stakeholder
– SEBI for intermediaries in the securities market
– Insurance Regulatory and Development Authority (IRDA) for insurance-related businesses.
– National Payments Corp. of India also fits in due to payment related services being at the
core of FinTech. The draft Payments and Settlements Systems Bill has set up an independent
payments regulator.
– The Unique Identification Authority of India (UIDAI) is in the mix too via Aadhaar’s use and
Indiastack APIs (for example e-KYC by FinTechs).
– Though, Supreme Court’s judgement left no scope for private companies using Aadhaar,
Finance ministry is working on passing new legislation that would allow private companies
back in.
– Then there’s the Srikrishna Committee for data privacy and security.
– PFRDA - Pension Fund Regulatory & Development Authority
– The Telecom Regulatory Authority of India (TRAI) due to the usage of internet based
technologies.
7
RB
I
• RBI (BFS constituted in 1994 to undertake consolidated supervision of financial sector comprising
Scheduled Banks, All India FIs, other Banks (Local Area, Small Finance, Payments), CICs, NBFCs
and Primary Dealers
• Inter-regulatory Working Group (with representations from RBI, SEBI, IRDAI, PFRDA, NPCI, IDRBT,
HDFC Bank, SBI, CRISIL, Faircent and Fintech consultants) issued their report in Feb., ’18
• Key recommendation was to set up a RS; enabling framework released in Aug., ‘19. Focus is to
increase innovation in areas where:
- there is absence of governing regulations
- there is a need to temporarily ease regulations for enabling the proposed innovation
- the proposed innovation shows promise of significant easing/effecting delivery of
services
• Innovations included and excluded outlined
• Regulatory requirements to be mandatorily complied with and which could be relaxed also
specified
• Selection to be from amongst applicants meeting the “Fit and Proper” criteria
• Boundary conditions to protect customer interests e.g. segment, and number of customers
involved, cap on customer losses, etc.
8
• Play p2p video
9
Key Regulations at RBI – P2P lending –
Contd.
• P2P Lending : The role of a NBFC P2P is to act as an intermediary providing an online
market or platform to the participants involved in Peer-to-Peer lending. They also
assist in disbursement and repayment of loans availed on NBFC P2P.
• All P2P lending platforms are required to be registered with the RBI as an NBFC.
• it is mandatory for a company to obtain Certificate of Registration (CoR) from Reserve
Bank of India (RBI) before commencing or to carry on business of a non-banking
financial institution
• Eligibility requirements for a company to register as a P2P lending platform include
– a minimum capital of 20 million rupees; (2 crores)
– that the company applying for registration is incorporated in India;
– there must be a viable business plan;
– a robust and secure information technology system must be in place;
– promoters and directors must fulfil the fit and proper criteria laid down by the
RBI.
10
Contd.
• Key Regulations
– P2P lending can only be done on an unsecured basis;
– Not to lend on it’s own, arrange or enhance credit
– Sell only loan-specific insurance products
– All data related to the business to be stored on hardware located in India
• Prudential norms ( across lenders)
– Aggregate exposure of a lender, across all P2P platforms, capped at ₹50,00,000/-
– Aggregate loans taken by a borrower, across all P2P platforms, capped at ₹ 10,00,000/
– Exposure of a single lender to the same borrower, across all P2Ps, shall not exceed ₹
50,000/-
– The maturity of the loans shall not exceed 36 months.
– Not permitted to allow international of funds
11
Contd.
• Regulations for funds transfer
- to be through escrow account mechanisms operated by a bank promoted trustee
- At least two escrow accounts, one for funds received from lenders and pending
disbursal, and the other for collections from borrowers
- All fund transfers shall be through and from bank accounts with cash transactions
being strictly prohibited
• What is an escrow account?

- An escrow account is an account where funds are held in trust whilst two or more
parties complete a transaction. This means a trusted third party such as Escrow.com
will secure the funds in a trust account. The funds will be disbursed to the
merchant after they have fulfilled the escrow agreement. If the merchant fails to
deliver their obligation, then the funds are returned to the buyer.
12
Contd.
• Transparency and disclosure requirements:
• To the Lender, details about:
a) the borrower - personal identity, required amount, interest rate sought and
credit score as arrived by the NBFC-P2P
b) all the terms and conditions of the loan, including likely return, fees and taxes
• To the Borrower, details about the lender including proposed amount, interest rate
offered but excluding personal identity /contact
• To the Public
a) overview of credit assessment/score methodology and factors considered
b) disclosures on usage/protection of data
c) grievance redressal mechanism
d) portfolio performance including share of non-performing assets on a monthly
basis and segregation by age and
e) its broad business model.
13
Responsibilities of P2P lending
company
14
company Credit
assessment Documentation
of loan Assistance in Services for
Due and risk profile disbursement recovery of
of the agreements and
diligence of other related and loans
the borrowers for repayments of originated on
sharing with documents
participants loan amount the platform
the lenders
15
Recent developments in RBI regulations for
Fintech
• RBI has recognised the emerging need for a dedicated, cost-free and expeditious
grievance redressal mechanism for strengthening consumer confidence in
digital payments.
• They launched an Ombudsman Scheme for Digital Transactions (OSDT) for the redressal
of complaints regarding digital transactions.
- Board approved FPC be put up on its web-site
- Obtain explicit declaration from the lender stating that he/ she has understood all
the risks
- Staff to be adequately trained in procedure for recovery of loans
- Prior consent of the participants before disclosing their information to any third
party
- Periodic review of FPC and functioning of GRM by the BoD
15
Regulatory Sandbox
• The Reserve Bank of India (RBI) has finalised guidelines for the regulatory sandbox to test
innovative financial products and technologies. The programme will help financial service
providers collect evidence on the benefits and risks of new innovations in a regulated
environment monitored by RBI.
• The unique advantage of a sandbox is that it allows FinTech start-ups to test out new
services and assess their risks before they are taken to market. FinTech firms and
regulators can work together and tweak existing regulations, enabling firms to test
their products for a limited time and among a limited number of customers.
• Application process for the sandbox programme :
– Fintech companies including startups, banks, financial institutions and companies
providing financial services can apply for the programme. The directors or promoters
or the applicant companies will have to satisfy the fit and proper criteria, according to
the guidelines issued.
– Mandatory compliances an applicant must satisfy include customer privacy, data
protection, security of transactions, secure storage and access to payments data of
stakeholders as well as KYC requirements.
16
Regulatory Sandbox
• The entities using the sandbox must
– define test scenarios and expected outcomes upfront.
– report results to the RBI on ongoing basis as agreed
– While some requirements can be relaxed for sandbox, data protect laws and KYC
requirements must be complied
• Five stages of sandbox process, which will be monitored by FinTech Unit at RBI
– Stage 1 : Preliminary Screening of applications to the cohort ( 4 weeks)
– Stage 2 : Finalisation of test design by the Fintech Unit at RBI (FTU) via interaction
with applications. ( 3 weeks)
– Stage 3 : Application assessment and vetting of test design by the FTU (3 weeks)
– Stage 4 : Testing by the FTU based on empirical evidence and data (12 weeks)
– Stage 5 : Testing of Final outcome of testing of product or technology that was
sandboxed by FTU ( 5 weeks)
17
Regulatory Sandbox
• RBI framework includes a list of indicative innovative products, services, and
technologies that could be considered for testing under its regulatory sandbox scheme.
• List of Innovative Products and Services are as follows:
– Retail Payment Mechanism
– Money transfer services
– Lending services at marketplace
– Digital KYC
– Services related to financial advisory
– Services which helps in managing the wealth of the individual
– Digital identification services
– Smart Contracts
– Products related to cybersecurity
• List of innovative technologies are as follows:
– Mobile applications related to Payments, Digital identity, etc.
– Data Analytics
– API’s related to finance
– Applications built on a blockchain mechanism
– AI and machine learning applications
18
Example – RBI regulation snapshot for Payment services
• Regulations comparatively well developed for payments space
• Digital payments in India are predominantly executed through prepaid payment
instruments (PPIs) and debit cards, and the Real-Time Gross Settlement system and
National Electronic Funds Transfer system.
• The PSSA (Payment and Settlement Systems Act) is the primary legislation governing
payment systems in India. Separately, the RBI, as the payments regulator, issues rules
and regulations covering different aspects of the payments ecosystem from time to time.
Examples include the following:
– Card network providers are governed by specific regulations issued by the RBI from
time to time regarding debit/credit card operations.
– PPIs, including mobile wallets, are governed by the RBI's Master Direction on
Issuance and Operation of Prepaid Payment Instruments. The PPI Master Direction
divides PPIs into three categories:
• closed loop;
• semi-closed loop; and
• open loop.
• The RBI mandates the implementation of two-factor authentication for all domestic
card-not-present transactions. Low-value transactions (less than INR 2,000) are exempt.
19
Appendix – Types of PPI
• What are the various types of PPIs?
• Ans. PPIs can be issued in the country under three types:
• Closed System PPIs: These are PPIs issued by an entity for facilitating the purchase of
goods and services from that entity only. No cash withdrawals are permitted. These
instruments cannot be used for payment or settlement for third party services. The
issuance and operation of such instruments is not classified as a payment system and
does not require approval / authorisation from the RBI.
• Semi-closed System PPIs: These are PPIs issued by banks (approved by RBI) and non-
banks (authorised by RBI) for purchase of goods and services, including financial
services, remittance facilities, etc., for use at a group of clearly identified merchant
locations / establishments which have a specific contract with the issuer (or
contract through a payment aggregator / payment gateway) to accept the PPIs as
payment instruments. These instruments do not also permit cash withdrawal,
irrespective of whether they are issued by banks or non-banks.
• Open System PPIs: These are PPIs issued by banks (approved by RBI) for use at any
merchant for purchase of goods and services, including financial services,
remittance facilities, etc. Cash withdrawal at ATMs / Points of Sale (PoS) terminals /
Business Correspondents (BCs) is also allowed through these PPIs.
20
NPCI (National Payments Corporation of India)
• NPCI, an initiative of the Reserve Bank of India (RBI) and Indian
Banks’ Association (IBA), is an umbrella organisation for
operating retail payments and settlement systems in India.
• NPCI has ten core promoter banks—State Bank of India, Punjab
National Bank, Bank of Baroda, Canara Bank, Bank of India, HDFC
Bank, Citibank, HSBC, and ICICI Bank. It is a not for profit
organization.
21
NPCI – Key
products
• NPCI has made its valuable contribution to the banking sector through its products
from time to time. The products and their significance are listed below:
• NFS: National Financial Switch (NFS) ATM network. As on 31 July 2019, there were
1,140 members with more than 2.41 lakh ATMs connected to the network.
• IMPS: Real time fund transfer offering an instant, 24X7, interbank EFT service that
could be accessed on Mobile, Internet, ATM, SMS, Branch and USSD. (NEFT and
RTGS facilities are limited to the bank working hours.).
• AePS: Aadhaar-enabled Payment Service (AePS) is aimed to further speed track
financial inclusion in the country. AePS is a bank-led model that allows online
interoperable financial inclusion transaction at PoS of any bank using the Aadhaar
authentication through the retail merchant. A customer must provide details such
as bank identification, Aadhaar number, and fingerprint to complete such a
transaction.
• RuPay: RuPay is a new card payment system launched to satisfy RBI’s vision to
offer a domestic, open-loop, and the multilateral system. This made it easier for
Indian banks and financial institutions to implement electronic payments. The
term ‘RuPay’ is a combination of Rupee and Payment. NPCI also developed RuPay
Contactless payments technology using open standards.
22
NPCI – Key
products
• NACH: National Automated Clearing House (NACH) is a web-based solution that facilitates interbank, high
volume electronic transactions that are repetitive in nature. They are well suited for bulk transactions
towards the distribution of dividends, interest, subsidies, salary, pension, and more.
• *99#: Unstructured Supplementary Service Data (USSD) allows users without a smartphone or data/internet
connection to use mobile banking through the *99# code. USSD-based mobile banking can be used for fund
transfers, checking account balance, generating bank statement, among other uses. The main objective is to
allow financial inclusion of the underbanked and economically weaker sections of the society, and integrate
them into mainstream banking.
• UPI: The UPI enables real-time, instantaneous mobile based bank to bank payments..
• Bharat BillPay: Bharat BillPay is a one-stop-shop for all bill payments, such as mutual funds, insurance
premiums, school fees, telecom, electricity, DTH, gas, water and more.
• NETC: National Electronic Toll Collection (NETC) is a nation-wide programme designed to meet the electronic
tolling requirements in India. It also enables customers to use FASTag as a payment mode at toll plazas
irrespective of who controls the toll plaza.
• BHIM: For the concept of UPI, Bharat Interface for Money (BHIM) was launched to make payments simpler and
easier. Instant bank-to-bank payments can be made using a mobile number or virtual payment address (UPI ID).
• BharatQR: Basically, a QR code is a series of black squares arranged in a square grid that can be read by a
camera. NPCI, together with the international card schemes, developed a common standard QR code
specification. This led to the creation of Bharat QR (BQR), a person-to-merchant mobile payment solution. When
a merchant displays a BQR code, the user can scan the code via BQR-enabled mobile banking app and make the
payment using a card-linked account.
• BHIM Aadhaar Pay: This is a payment interface through which you can make real-time payments to merchants
using Aadhaar number or VPA of the customer followed by a round of authentication through biometrics. Such a
transaction is limited to Rs.10,000 per transaction.
23
# Feature NEFT RTGS IMPS
1 Launched by RBI RBI NPCI
2 Year of launch 2005 2004 2010
3 Methodology of In batches, on half-hourly intervals Real-time Real-time
processing
4 Availability 24X7X365 On all days when most bank 24X7X365
branches are functioning
Available to banks from 7 am to 6
pm for settlement at RBI
5 Charges levied No levy by RBI on banks No levy by RBI on banks Various components of fees levied by NPCI on
on members members
6 Charges levied a) Advisory of no charges to savings bank Inward: Free As decided by individual banks and PPIs
by members on account customers for online NEFT Outward: Specified
customers * transactions
(Banks may b) Maximum charges which can be levied
charge at lower for outward transactions at originating
rates but not bank for other transactions specified
more than the c) No charges for inward transactions at
rates prescribed destination bank branches
by RBI).
7 Limit on No limit is imposed by the RBI. However, Minimum: Rs. 200,000 Remitter responsible for implementing:
remittance banks may place amount limits based on Maximum: No cap a) Transaction limit as per Mobile Payment
amount their own risk perception with the guidelines of RBI
approval of its Board. b) Maximum daily limit for transfer of funds from
Cash remittance by sender without bank a mobile or any other channel
account is capped at Rs. 50,000/- per
transaction
8 Recourse in case Destination banks are required to return Funds received by the RTGS Guidance to ensure strict compliance with RTGS
of failed credit the transaction (to the originating member bank to be returned to operational instructions of RBI
to beneficiary branch) within two hours of completion originating bank within one hour of
of the batch in which the transaction was receipt of payment at the Payment
processed Interface (PI) or before the end of
the RTGS Business day, whichever is
earlier.
NPCI – Regulations
Example
- UPI transaction value limit is Rs. 1 lakh
- Since Oct 2018, NPCI has reduced the number of transfers that a person can make
to another person/s in a 24-hour period to 10
- the limit is applicable only on person-to-person transactions and that too from a
single bank account.
- So if a person has three bank accounts, she can make 30 money transfers in a day
using UPI.
- The limit is not applicable to person-to-merchant transactions. The UPI platform
allows merchants to register themselves as merchants.
25
NPCI – Coming
up
- One Nation One Card : Inter-operable transport card Launched on RuPay platform
to allow the holders to pay for their bus travel, toll taxes, parking charges, retail
shopping and also withdraw money.
- UPI 2.0: Key features:
1. Linking of overdraft accounts (in addition to CASA accounts)
2. One time mandate (of paying later by providing commitment at present)
3. Invoice in the inbox
4. Signed intent and QR
26
SEBI (Securities and Exchange Board of
India)
• Digitisation of stock market operations and mutual fund houses has made SEBI a
stakeholder in fintech transactions in India, for market-linked financial products
offered by entities regulated by them.
• SEBI has approved regulatory sandbox for live testing of new products, services
and business models by market players on select customers
• Framework for industry-wide Innovation Sandbox issued in May, ’19
• The regulatory sandbox is expected to drive new business models and
technologies and be a support system for startups, particularly those in fintech.
• RS has been setup on the recommendation of committee on financial and
regulatory technologies under the chairmanship of T V Mohandas Pai with expert
members from the startup industry, fintech community and academicians.
• To begin with, all entities registered with SEBI under Section 12 of the SEBI Act
1992, shall be eligible for testing within the regulatory sandbox. An entity can
participate on its own or use the services of a fintech firm
27
India)
• Initially, only entities registered with SEBI eligible for testing; limited CoR to test
solutions in a domain different from the one registered
• Start-ups not regulated by SEBI may be allowed at a later stage
• No exemptions from the these requirements:
- Confidentiality of customer information
- “Fit and Proper” criteria, particularly on honesty and integrity
- Handling of customers’ moneys and assets by intermediaries
- Prevention of money laundering and countering terror financing
- Risk checks (like price check, order value check, etc.)
- Principles of KYC
• Requirements meriting relaxation include Net Worth, Track Record, Registration
fees, SEBI guidelines (e.g. Tech Risk management and outsourcing, Financial
soundness)
28
SEBI
regulations
The first regulator to issue guidelines on eKYC for entities regulated by it
- Entities in the securities market would be registered with UIDAI as KUA (KYC User User
Agency)
- Registered intermediaries/MF distributors who want to undertake Aadhaar authentication
services through KUAs, shall enter into an agreement with any one KUA and get themselves
registered with UIDAI as sub-KUAs
- Notification to be received from Central Government before commencement
- Process outlined for both assisted and un-assisted investors*
• Example : Robo advisors :
– Robo Advisors are financial advisors or wealth management companies, which offer
automated investment advice based on the pre-set algorithms. The algorithm takes
inputs in the form of answers to pre set questions from the investor and offers a
recommended portfolio for the user of the service.
– Robo Advisors come under the ambit of SEBI (Investment Advisors) Regulations, 2013.
– No separate guidelines for robo-advisors; SEBI’s consultation paper states that as per the
current Investment Advisor regulations, there is no express prohibition against use of
automated advice tools
• Mandate that RBI, SEBI, IRDAI and PFRDA to develop standards and use-cases for RegTech by
SPs to make compliance easier, faster and more automated
29
* Source: https://community.nasscom.in/communities/policy-advocacy/fintech-sebis-circular-on-
IRDAI (The Insurance Regulatory and Development Authority of
India)
• When technology is used to provide a disruptive insurance related service, it is
called InsurTech.
• IRDAI regulates Selling and marketing of insurance products is regulated in India.
• An insurer is required to justify the premium amount and terms and conditions of
the insurance policy to be offered to customers to IRDAI.
• A fintech company cannot offer any insurance product for sale unless the fintech
company is duly certified by IRDAI.
• IRDAI has also issued guidelines on advertisement, promotion and publicity of
insurance companies and insurance intermediaries. Fintech companies would
need to comply with these guidelines with respect to marketing insurance
products.
• Some of the leading InsurTech players in India are Acko, Policy Bazaar and Digit
Insurance
30
IRDAI regulations - the Regulatory Sandbox
(RS)
Regulatory Sandbox for InsurTech with the objective of striking a balance between the orderly development
of the insurance sector on one hand and the protection of interests of policyholders on the other, while at the
same time facilitating innovation. The IRDAI RS, which shall be in force for a period of 2 (two) years
from the date of its publication in the official gazette, allows an applicant to seek permission from IRDAI
for promoting or implementing innovation in insurance sector
• IRDAI’s RS guidelines issued in Aug., ‘19 to:
- Provide flexibility in dealing with regulatory requirements and focus on the core issue of policyholder
protection
- Help strike a balance between development of the insurance sector and protecting the interest of
the policyholders. Prior consent of customers required for them to participate in the proposal.
• Proposal for new product to end once number of enrolled customers touches 10k, or premium
collected is Rs. 50 lacs
• Application for innovation in underwriting or product categories or both will have to be filed in
association with an insurer
• IRDAI may revoke the permission if the product does not meet the conditions given in the regulation
or the products are violating the provisions of the Insurance Act
• Out of 173 proposals received, 33 have been approved:
- In Health, a comprehensive wellness programme with wearable device, short-term and need-based
insurance and an app-monitored diabetes mellitus wellness programme
- In non-life segment, eight proposals pertain to a pay-as-you-drive under the private car policy own
damage segment
31
IRDAI regulations for electronic
issue
Guidelines on Insurance Repositories and electronic issuance of insurance policies
- every insurer issuing and maintaining 'e-insurance policies' to mandatorily utilize
the services of an IR and enter into service level agreements with one or more IRs
- eligibility criteria for an entity to function as an IR (Insurance Repository)
- every IR to obtain a valid CoR (Certificate of Registration)
Issuance of e-insurance Policies Regulations:

- issuers to issue electronic insurance policies to persons paying certain prescribed
annual premiums and insured sums
- different thresholds for annual premiums and sums insured for different LOBs
(pure term, pension, individual health, etc.)
- Policy holders to whom policies are directly issued need to mandatorily have an
electronic insurance account
• Guidelines on Insurance e-commerce:
- enables insurers and intermediaries to set-up Insurance Self-Network Platforms
("ISNPs") to sell and service insurance policies
- manner and procedures of grant of permission for establishing an ISNP
• Insurance Web Aggregators Regulations to supervise and monitor such entities
32
PFRDA (Pension Fund Regulatory & Development
Authority)
PFRDA’s objective of speeding up the development of the NPS market, and for
the ease of doing business with the NPS
• Identification of areas which could utilise Fintech using the RS approach
for the benefit of subscribers and NPS as a whole:
- Onboarding process – paperless pension account generation, compliance
to KYC/Due Diligence and PML
- Financial inclusion
- Flow of subscriber contributions through banking channels, subsequent
investments, and credit in pension account near to real time
- Robo-advisory for enabling informed choices by subscribers
- Adoption of algorithmic trading by PFs, real time settlement of trades,
market valuation of investments, etc.
- Areas of recordkeeping exploring use of blockchain/distributed ledger
- Mechanism of grievance resolution
- Withdrawals/Exit process/Maturity
- RegTech and SupTech
• Paytm Money has added NPS to its app after approval from PFRDA.
33
Role of IDRBT (Institute of Development and Research in Banking Technology )
• Backed by RBI
• IDRBT, Hyderabad - an autonomous institute for higher education and research in areas of IT that
have a broad relevance to banking and finance.
• Primary role of IDRBT in the Indian financial segment is to spearhead technology absorption to
improve the functioning of the Indian banking and the financial sector. This mission is being
achieved through development and implementation of technologies, research in the areas
related to banking technology and consultancy and advisory services on focal areas of banking
technology and its applications.
• It is the certifying authority (CA) for the Indian banking and financial sector with responsibility of
registration, issuance, renewal, suspension and revocation of digital certificates to applicants.
• 4 Major areas of focus

- Financial network and application architecture
- Payment system and security technology
- Multimedia and Internet technologies
- Data mining, data warehousing and banking risk management.
• Developed structured financial managing system (SFMS) that can be used practically for all
purposes of communication within the bank and between banks. Pilot installed with Canara bank,
Bank of Maharashtra, PNB, Bank of Baroda, Andhra Bank, Indian Overseas Bank and
CCIL (Clearing Corporation of India).
34
Mobile Operators & Fintech – Precursor to TRAI role
• Mobile Operators and Fintech companies are obviously very different entities: different
industries, But there are strong reasons for them to join hands in bringing innovative
and secure solutions to market at scale.
Why should Fintech partner with operators?
• Fintech services are most popularly accessed via Mobile phones
• Mobile phones allow Fintech services to be offered to customer bases in any area
which is not easily accessible.
• Operators have already join forces with small, innovative companies to deliver
differentiating services to their customers.
• Operators provide powerful marketing and distribution channels, that can include : -
– Promotion and download through the operator's online channels or apps
– Other specific promotion activities
– Pre-load of partner application on handsets distributed by the operator
– Co-branding - First level of customer support
35
TRAI – background and
regulations
• Established in Feb-97 for independent regulation after entry of private service providers
• Main objective is to provide a fair and transparent policy environment which promotes a
level playing field and options for fair competition.
• Introduced Services Like : -
• Broadband : - which helped improve the flow of information across various
elements; it is directly correlated with the growth of economy.
• Unified License Regime : - Government to allow all communication services under
one license with an entry fee & all companies shall have to purchase the spectrum by
participating in auctions as declared by the government.
• VAS – Valued Added Services : - Being the lowest ( ARPU ) this add on services which
motivate telecom operators to shift their focus more towards customers.
• Key objectives:
- Affordable wireless broadband services to 90% of the population by 2022
- 1 GBPS data connectivity to all Gram Panchayats
36
regulations
• Regulates telecom services, including fixation of tariffs, key initiatives being:
- Mobile Number Portability
- Curbing on Unsolicited Commercial Communication (UCC)
- In-flight connectivity, Net neutrality
- Next Gen Public Protection and Disaster Relief
- Privacy, secrecy and ownership of data in telecom sector
- Digitizing process of Broadcasting and Cable services
- Close monitoring and penalty for non-compliance of regulations
• Mobile Apps for Consumer Protection and Empowerment (TRAI Apps):
- TRAI MyCALL
- DND 2.0
- TRAI MySpeed
- Channel Selector
- TRAI CMS
37
Example - TRAI regulations for SMS useful for Fintech
players
• Access Provider (AP) to ensure that commercial communication takes place with only
registered headers assigned to the senders
• 21 – 10 hrs will be default OFF for promotional SMSes irrespective of customers
registered for DND or not chosen any time band
• 24/7 delivery for transactional SMSes without NDNC restrictions
• More than 6 messages to the same destination number within an hour with the same
sender or text may be blocked
• AP to record customer preferences for commercial communication (categories, modes
and times), and to ensure that such communication is made only as per preferences
recorded
• No sender shall initiate calls with an Auto dialer that may result in silent/abandoned calls
• Any enterprise which fails to pre-register Distributed Ledger Technology, will become
non-compliant and will not be able to send A2P SMS/Voice to the end recipient via
domestic routes
• AP to establish Customer Complaint Registration facility
• IVRS, SMS, USSD options specified for customers to opt in or out of one or more
commercial communication categories
38
players
• No service provider shall activate or deactivate the data service on the Cellular Mobile
Telephone connection of a consumer without explicit consent
• Operators need to send data usage information through SMS or USSD after every Session:
Data used, Charges deducted, Balance.
• In case a consumer uses his telephone connection to send promotional messages, his
connection will be liable for disconnection on the first complaint and his name and
address may be blacklisted for a period of two years
• The service provider cannot activate any value added service, whether chargeable or free
of charge, without the explicit consent of a customer.
39
Indiastack
• As India as a country matures regarding the use of Aadhaar, much of the backbone
infrastructure for digital India in India, is on the framework of India Stack - driven
by Aadhaar and eKYC.
• Set of APIs that allows government, businesses and developers to utilise a
unique digital Infrastructure to solve India’s hard problems towards presence-
less, paperless, and cashless service delivery
• Minimal set of APIs and encourages the rest of the ecosystem to build custom
applications on top of these APIs
• The following APIs are considered to be a core part of the India Stack.
– Aadhaar Authentication
– Aadhaar e-KYC
– eSign
– Digital Locker
– Unified Payment Interface (UPI)
– Digital User Consent - still work in progress.
40
Appendix - Aadhaar stats – backbone of Indiastack
41
Indiastack – constituents - Aadhaar
• Aadhaar authentication is now fairly well established wherein Aadhaar Number, along with
other attributes including biometrics, are submitted online to the CIDR (Central Identities Data
Repository) for its verification on the basis of information or data or documents available
with it. At a high level, authentication can be ‘Demographic Authentication’ and/or ‘Biometric
Authentication’.
Aadhaar Generation Trend – 1.257 billion as of now
Aadhaar
captures 4
fields - name,
gender, DOB
and address &
biometrics
42
• Aadhaar – further trends
Aadhaar Authentication Trend
43
Aadhaar Roadblock – Supreme court ruling impact on Fintech
• Supreme court’s September 26, 2018 ruling barred private companies from accessing the
biometric database. It hit the banking and broader financial services sector hard since
Aadhaar had provided them with remote access to rural markets and urban poor
segments at a nominal cost.
• Since then, technology companies have been seeking viable alternatives.
• A new method has been suggested by the (UIDAI)
– any entity that wishes to access Aadhaar numbers online will have to download
either the new QR codes or XML format from the UIDAI website. This would keep
citizens’ biometric data safe and protect the privacy of the 12-digit unique
identification numbers.
– However, Aadhaar XML journey is complicated with many steps including obtaining
an OTP, selecting a range of permissions and downloading the XML file before
actually using it as an ID.
– Also, internet bandwidth in remote locations which might make any online process
across multiple hops cumbersome.
– Moreover, in many cases, mobile numbers do not match those in the Aadhaar
database.
– Hence, users would prefer to use other ID cards rather than Aadhaar at this point.”
44
Aadhaar Roadblock – Difficulty with customer
onboarding
• The biggest challenge is to onboard customers remotely. Aadhaar allowed consumers to
avoid lengthy paperwork and get services through their smartphones or computers
even from faraway places.
• Consumers could fill up forms in a few seconds, digitally sign the documents through
Aadhaar and authenticate themselves through biometrics – all this at a fraction of
the real cost.
• Among the companies that benefited from this were digital lending firms such as
Capital Float, Lendingkart, Early Salary and even investment startups like Zerodha
that were trying to reach out to consumers digitally.
• If a person has to physically collect documents, it pushes up cost. Also, chances of
errors in filling up these documents are many.
• Even banks were onboarding customers digitally, be it Kotak’s 811 scheme or State
Bank of India’s proposition to the new generation customers through YONO.
45
Appendix – Types of
signatures
• What is a wet signature?
• A wet signature is created when a person physically marks a document. In some cultures
this is done by writing a name in a stylized, cursive format (or even a simple “X”) on a piece of
paper. Other cultures use name seals to the same effect. In both cases, the word “wet”
implies that the signature requires time to dry, as it was made with ink or wax.
• What is an electronic signature?

– Various legal definitions exist for electronic signatures, but the term most generally
refers to the acknowledgement or adoption of an electronic message, transaction or
document. Some examples include:
– A typed name at the end of an email
– A typed name on an electronic form or document
– An image of a handwritten signature on a transmitted fax
– A personal identification number (PIN) entered into a bank ATM
– Clicking “agree” or “disagree” on an electronic “terms and agreements” contract
– A handwritten but digitally captured signature made on a touch device, such as a tablet
or smartphone (sometimes referred to as a “dynamic signature”)
46
signatures
• What is a digital signature?
• Sometimes referred to as a cryptographic signature, a digital signature is considered the
most “secure” type of electronic signature. It includes a certificate of authority, such as a
Windows certificate, to ensure the validity of the signatory (the signature’s author and
owner).
• The parties on either side of a digital signature can also detect whether the signed
document was altered or changed in any way that would invalidate it. In addition,
electronic messages are signed with the sender’s private decryption key and verified by
anyone who can access the sender’s public encryption key; this further ensures that both
parties are who they say they are and that the content of the message has not been changed
or intercepted.
47
Indiastack – eSign component
• E-Sign is a process that allows individuals, enterprises and government bodies to
easily and securely sign documents digitally anytime, anywhere and on any device.
• Allows applications to replace manual paper based signatures by integrating an API
which allows an Aadhaar holder to electronically sign a form/document anytime,
anywhere, and on any device legally in India.
• eSign service facilitates significant reduction in paper handling costs, improves
efficiency, and offers convenience to customers
• The eSign service is governed by e-authentication guidelines.
• Authentication of the signer is carried out using Aadhaar e-KYC services
• Signature on the document is carried out on a backend server of the e-Sign
provider. eSign services are facilitated by trusted third party service providers –
currently Certifying Authorities (CA) licensed under the IT Act.
48
49
Indiastack – eKYC
component
IndiaStack essentially consists of 4 technology stacks or layers - presence-less layer,
paperless layer, cashless layer and consent layer.
Objectives of each Layer :
1. Presence-less Layer - The presence-less layer is built to ensure that individuals
are able to provide verified identities at any time and place to anyone upon consent.
• This led to the creation of UIDAI & Aadhaar.
• Every citizen of the country can obtain a unique, permanent, 12 digit ID
• Aadhaar also captures individual biometric details, for the purpose of authentication.
This unique ID provides people the opportunity to easily provide identity proof,
without the need to carry additional documentation. This presence-less layer through
Aadhaar forms the foundation layer on which the other 3 layers rest.
2. Paperless Layer - Indiastack objective is to provide solutions that can easily
store and retrieve information and documentation digitally.
• This is best achieved through a paperless layer. The paperless layer constitutes of 3
solutions - Aadhaar eKYC, E-Sign and Digital Locker.. These three solutions together
powers a paperless ecosystem that verifies, authenticates and stores information and
documentation digitally.
50
Indiastack – Framework –
Contd.
3. Cashless Layer - To really move things into the digital age, payments and financial
transactions need to go cashless. Going cashless, increases transparency and ease
of use.
• The cashless layer primarily includes UPI in addition to AEPS (Aadhaar Enabled
Payment systems)
4. Consent Layer - The electronic consent architecture enables user controlled data
sharing, data flow and data retention.
• Enables people to securely provide consent for the data flow between data
providers like banks, hospitals and telcos to data requestors like banks, credit card
providers etc.
• For instance, if a person wants to apply for a credit card, he can provide consent to
the bank (where he has an account) to share relevant documentation to the credit
card company to verify his credit worthiness for the issuance of a credit card.
51
Indiastack – Digital
Locker
• A platform for issuance and verification of
documents & certificates in a digital way, thus
eliminating the use of physical documents.
• Indian citizens, who sign up for a DigiLocker
account get a dedicated cloud storage space
linked to their Aadhaar (UIDAI) number.
• Organizations that are registered with Digital
Locker can push electronic copies of
documents and certificates (e.g. driving
license, Voter ID, School certificates) directly
into citizen’s lockers.
Open API-based • Citizens can also upload & electronically sign
ecosystem driven scanned copies of their legacy documents in
Digital protection their accounts.
• To summarise, this solution enables secure
digital storage of documents for people to
store, retrieve and share digital documents.
52
Application
example
• Reliance Jio leveraged e-KYC and e-Sign to easily and efficiently issue mobile SIM
cards. The entire SIM activation process that previously took 3-5 days now takes
only a few minutes, thus significantly improving customer experience and overall
efficiency
• The application areas for this solution is practically limitless, for instance an
organisation can use e-Sign to digitally sign important documentation like HR offer
letters, vendor contracts and securely store them in the Digital Locker for retrieval
at any point in time.
• Similar applications of the two solutions can be used across several other
sectors like transportation, health care, banking etc in order to make processes
efficient and cost effective.
53
Indiastack –
UPI
54
Indiastack – UPI (Unified Payment
Interface)
• Enables bank account holders to send and receive money immediately from one bank
account to another through smartphones, without the need to enter lengthy account
information or other net banking details, like IFSC codes, user IDs etc.
• It uses a simple virtual payment address (VPA) similar to an email ID, that people can
create for themselves.
• An individual can attach any number of bank accounts to a single VPA and can pick
any specific individual bank account before making a transfer.
• UPI transactions can be completed via the BHIM app or other UPI enabled apps, like
banking and wallet apps.
• Thus, fundamentally, UPI removes the need for other payment infrastructure like POS
hardware of physical debit and credit cards, making payments friction free and
completely interoperable (transfer between accounts in different banks).
• Post demonetization, UPI has proven to be big advantage for people to easily switch
to digital transactions. For instance, post the demonetization various payments
platforms witnessed a spike of 50% in UPI transactions.
• UPI is very easy to use from the consumer front.
• UPI removes international switches like Mastercard and Visa (which have been
powering all online transactions so far), thus saving on high transaction costs.
55
Indiastack – Framework -
summary
56
Indiastack – A Future Perspective into a New Age Branchless Digital Bank
• Using IndiaStack, A Bank can transform to become a completely digital entity, efficiently
and effectively fulfilling all banking functionalities through secure, quick steps fulfilled
online.
• Multiple key banking functions like account opening, money transfers, payments, loan
approvals and disbursements can be built via the many layers of IndiaStack.
• For example,
– Account opening, as explained earlier can be completed instantly through a simple Aadhaar
eKYC verification process.
– Loan approvals can be completed online with the customer providing access to the required
information, documentation and other checks through the electronic consent architecture and
Digital Locker.
– All bank related documentation can also be digitally signed through E-sign and securely stored
and retrieved online as and when needed from the Digital Locker.
– Loan Disbursement can be routed digitally to the customer’s bank account and payments and
money transfers by the customer can be initiated effortlessly through the bank’s app via UPI.
– UPI allows for all kinds of transfers between individuals, merchants, enterprises, government
bodies etc. So, the customer has no real need to hold on to physical cash, be it making a
payment at a physical store or paying school fees or even making a loan repayment, he or she
can directly make payments online through UPI or other online payment modes.
57
• This unique technology stack provides organizations the power to re-imagine systems
and processes.
• For example, the healthcare sector can easily tap into Digital Locker to store
and retrieve relevant medical record, through the consent of patients.
• This makes healthcare portable, meaning that people can access healthcare facilities at
any place on short notice without the worry of having to carry patient medical history
documents.
• Similarly, the travel and tourism industry can tap on Aadhaar eKYC for passenger
verification, tickets can be purchased using UPI and stored on Digital Locker, and
retrieved at the time of travel through the consent layer.
• The application opportunities for IndiaStack is massive and both private and public
agencies can leverage the stack to optimise and digitize processes.
• While IndiaStack has the potential to transform things, the success of the entire
initiative is dependent on the success of Aadhaar, the foundation of the entire stack.
• Aadhaar has faced concerns with regards to privacy and security, from issues like fake
ID creation to compromise of fingerprints to more serious issues of data leakage.
• Resolving these issues and instituting sound mechanisms to prevent data breaches is
what will eventually lead to the success of IndiaStack.
58
Thank you
59
Blockchain & Cryptocurrency
June 2020
1
Imagine
….
• There's a hacker who wants to
steal from a bank.
• Banks run on a centralized
ecosystem, and that itself acts
as a center point of failure.
• If the hacker can get into the
system, all the customer
information available could
get corrupted and lead to
huge losses.
• Although the hackers can be
caught, the information that is
compromised is complicated
to secure at a later stage.
• This is where technology can
make a difference. The remedy
is setting up a block using
Blockchain..
2
Introductory Concepts -
Blockchain
• Blockchain is a list of records called blocks that store data publicly
and in chronological order.
• The information is encrypted using cryptography to ensure that the
privacy of the user is not compromised and data cannot be altered.
• Information on a Blockchain network is not controlled by a
centralized authority, unlike modern financial institutions.
• The participants of the network maintain the data, and they
hold the democratic authority to approve any transaction which
can happen on a Blockchain network. Therefore, a typical
Blockchain network is a public Blockchain.
• If you are a participant in the Blockchain network, you will have
the same copy of the ledger, which all other participants have.
Even if one node or data on one particular participant computer
gets corrupted, the other participants will be alerted immediately,
and they can rectify it as soon as possible.
4
Blockchain vs current financial
system
Current Financial system Blockchain System
Central authorities (bank, RBI, Distributed network of computers (nodes)

Escrow transfer funds between that maintain a shared source of
two parties information
Multiple intermediaries and Transaction data –immutable - cannot be
record-keeping may be required modified after it is created.
to facilitate transactions in Peer to peer transactions using digital
trustworthy manner tokens to represent assets and value
5
How does blockchain work – example of bitcoin
blockchain
Step 1 – Transaction data
Block 1 (1 MB) Block 2 (1 MB) Block 3 (1 MB)
Transaction data 1 Transaction data 13 Transaction data 28

Etc. etc. Etc. etc. Etc. etc.
• The blocks on the Bitcoin blockchain consist of approximately 1 MB of data each.

• As of May 2018, approximately it counted to about 525,000 blocks, meaning
roughly a total of 525,000 MB was stored on this blockchain
• It is a giant track record of all the Bitcoin transactions that have ever occurred, all
the way back to the very first Bitcoin transaction.
• Document 1 would then chronologically describe the first transactions that have
occurred up to 1 MB, the next transactions would be described in document 2
up to another MB, and so on. These documents are the blocks of data.
7
blockchain
Step 2 – Chaining the blocks (with a hash)

• These blocks now need to be linked (chained) together.

• To do this, every block gets a unique (digital) signature that corresponds to
exactly the string of data in that block.
• If anything inside a block changes, even just a single digit change, the block
will get a new signature.
• This happens through hashing.
What are cryptographic keys?

• A cryptographic key is a string of numbers and letters made by key
generators using very advanced mathematics involving prime numbers
8
Step 2 – Explain thru example -
Continued
Block 1 (1 MB)
Block 1 (1 MB)
Txn 1 : Damian – 100 BTC
Txn 1 : George + 100 BTC
Txn 1 : Damian – 100 Txn 2 : Bernard – 200 BTC
BTC Txn 1 : George + Txn 2 : Gerald + 200 BTC
100 BTC Txn 2 :
Bernard – 200 BTC Txn Unique Signature that corresponds
2 : Gerald + 200 BTC with this block is X32
• Let’s say block 1 registers two transactions, transaction 1

and transaction 2. Imagine that these transactions make
up a total of 1 MB (in reality this would be much more
transactions).
• This block of data now gets a signature for this specific
string of data. Let’s say the signature is ‘X32’.
9
Continued
• a single digit change to the data in block 1 would now
cause it to get a completely different signature
1
0
Step 2 - Continued
Block 1 (1 MB)
Block 2 (1 MB)
Txn 1 : Damian + 200 BTC

Txn 1 : Damian – 100 Txn 1 : George - 200 BTC
BTC Txn 1 : George +
Txn 2 : Bernard + 300 BTC
100 BTC Txn 2 :
Txn 2 : Gerald - 300 BTC
Bernard – 200 BTC Txn
2 : Gerald + 200 BTC X32
Unique Signature that corresponds
with this block is X32 Unique Signature that corresponds
with this block is 9BZ
• Add another block to this chain of blocks.

• The signature of block 2 is now partially based on
the signature of block 1, because it is included in
the string of data in block 2.
• The signatures link the blocks to each other,
making them a chain of blocks.
10
Step 2 - Continued
11
Step 2 - Continued Block 3 (1 MB)
Block 2 (1 MB)
Block 1 (1 MB) Txn 1 : Damian - 50 BTC
Txn 1 : Damian + 200 Txn 1 : George + 50 BTC
BTC Txn 1 : George - Txn 2 : Bernard - 200
200 BTC Txn 2 : BTC Txn 2 : Gerald +
Txn 1 : Damian – 100 Bernard + 300 BTC Txn
BTC Txn 1 : George + 200 BTC
2 : Gerald - 300 BTC
100 BTC Txn 2 :
Bernard – 200 BTC Txn 9BZ
2 : Unique
Gerald +Signature
200 BTC X32
Unique Signature
that corresponds Unique Signature that corresponds
with this block is that corresponds with this block is 74T
X32 with this block is 9BZ
• Suppose the data in block 1 is altered.

• For example, Let’s say that the transaction between Damian and George is
altered and Damian now supposedly sent 500 Bitcoin to George instead of
100 Bitcoin.
• The string of data in block 1 is now different, meaning the block also gets a
new signature. The signature that corresponds with this new set of data is
no longer X32. Let’s say it is, W10
12
Block 1 (1 MB)
Txn 1 : Damian - 50 BTC
Txn 1 : Damian + 100 TxnBlock 3 (1 +MB)
1 : George 50 BTC
Txn 1 : Damian – 500 BTC BTCBlock
Txn 12: (1 MB)-
George Txn 2 : Bernard - 200
Txn 1 : George + 500 BTC 100 BTC Txn 2 : BTC Txn 2 : Gerald +
Txn 2 : Bernard – 200 BTC Bernard + 200 BTC Txn 200 BTC
Txn 2 : Gerald + 200 BTC
Unique Signature that

corresponds with this 9BZ
block is W10 X32
Unique Signature
• The signature W10 does not
thatmatch the signature
corresponds that was previously
with this block is 74T
added to block 2 anymore.with this block is 9BZ
• So, Block 1 and 2 are now considered no longer chained to each other.
This indicates to other users of this blockchain that some data in block
1 was altered
• Because the blockchain should be immutable, the change is rejected by
network by shifting back to the previous record of the blockchain
where all the blocks are still chained together (the record where
Damian sent 100 BTC to George).
Block 3 (1 MB)
Block 2 (1 MB)
Block 1 (1 MB)
Txn 1 : Damian – 100 BTC BTC Txn 1 : George - Txn 2 : Bernard - 200
Txn 1 : George + 100 BTC 100 BTC Txn 2 : BTC Txn 2 : Gerald +
Txn 2 : Bernard – 200 BTC Bernard + 200 BTC Txn 200 BTC
Txn 2 : Gerald + 200 BTC 9BZ
W10 Unique Signature
Unique Signature that Unique Signature that corresponds
corresponds with this that corresponds
block is W10 with this block is 74T
with this block is PP4
• The only way that an alteration can stay undetected, is if all the blocks
stay chained to each other.
• This means for the alteration to go undetected, the new signature of
block 1 must replace the old one in the data of block 2.
• But if the data of block 2 changes, this will cause block 2 to have a
different signature as well.
• Let’s say the signature of block 2 is now ‘PP4’ instead of 9BZ. Now
block 2 and 3 are no longer chained together!
Step 3 – How signature (hash) is created
Block 1 (1 MB)
Txn 1 : Thomas – 100 BTC
Txn 1 : David + 100 BTC
• Block 1 is a record of only one transaction. Thomas sends 100 Bitcoin to David.
• This specific string of data now requires a signature. In blockchain, this signature
is created by a cryptographic hash function
• A cryptographic hash function is a very complicated formula that takes any string
of input and turns it into a unique 64-digit string of output.
• You could for example insert the word ‘Jinglebells’ and using this function get the
address like :
761A7DD9CAFE34C7CDE6C1270E17F773025A61E511A56F700D415F0D3E199868
• Suppose we add a period after Jinglebells, ‘Jinglebells.’ and using this function get
the address like :
B9B324E2F987CDE8819C051327966DD4071ED72D998E0019981040958FEC291B
• If we now remove the period again, we will get the same output as before
99868
14
Block 1 (1 MB)
• A cryptographic hash function always gives the

same output for the same input, but always a
different output for different input.
• This kind of cryptographic hash function is used by
the Bitcoin blockchain to give the blocks their
signatures.
• The input of the cryptographic hash function in
this case is the data in the block, and the output is
the signature that relates to that.
15
Block 1 (1 MB) Block 2 (1 MB)
Thomas – 100 BTC David David - 100 BTC

+ 100 BTC Jimi + 100 BTC
BAB5924FC47BBA57F461
BAB5924FC47BBA57F4
52
615230DDBC5675A81 30DDBC5675A81AB29E2E0
AB29E2E0FF85D0C0AD Signature of
F
1C1ACA05BFF block 1 gets
added to F85D0C0AD1C1ACA05BF
signature of F
block 2
• Go back to example, imagine that the string of data from this block looks like this.
• Block 1 Thomas -100 David +100
• If this string of data is inserted in the hashing algorithm, the output
(signature) will be this.
16
• BAB5924FC47BBA57F4615230DDBC5675A81AB29E2E0FF85D0C0AD1C1ACA05BF
F
• This signature is now added to the data of block 2. Let’s say that David now
transfers 100 Bitcoin to Jimi. The blockchain now looks like above.
17
Step 3 – How signature (hash) is created - Contd
Block 2 (1 MB)
Block 1 (1 MB)
David - 100 BTC
Jimi + 100 BTC
Thomas – 100 BTC David
+ 100 BTC BAB5924FC47BBA57F461
Signature of 52
block 1 gets
BAB5924FC47BBA57F4 30DDBC5675A81AB29E2E0
added to
615230DDBC5675A81 signature of F
AB29E2E0FF85D0C0AD block 2 25D8BE2650D7BC095
F85D0C0AD1C1ACA05BF
1C1ACA05BFF D3712B14136608E096
F
F060E32CEC7322D22
E 82EA526A3E5
• The string of data of block 2 now looks like
• Block 2 David -100 Jimi +100 and
BAB5924FC47BBA57F4615230DDBC5675A81AB29E2E0FF85D0C0AD1C1ACA05BF
F
• If this string of data is inserted in the hashing algorithm, the output (signature) will be this
• 25D8BE2650D7BC095D3712B14136608E096F060E32CEC7322D22E82EA526A3E5
• this is the signature of block 2.
• Hence The cryptographic hash function is used to create the digital signature for each
unique block. There is a large variety of hash functions, but the hashing function that is
used by the Bitcoin blockchain is the SHA-256 hashing algorithm.
17
• How do the signatures stop someone from simply

inserting a new signature for each block after altering
one
• Can one do a change, which goes undetected if all
blocks are properly linked, people won’t be able to
tell there was a change?
• The answer is that only hashes (signatures) that
meet certain requirements are accepted on the
blockchain. This is the mining process and is
explained in step 4.
18
Step 4 — When does the signature qualify, and who signs a block ?
• A signature doesn’t always qualify. A block will only be accepted on the blockchain if its digital
signature starts with — for example — a consecutive number of zeroes. For example, only blocks with
a signature starting with at least ten consecutive zeroes qualify to be added to the blockchain.
• Every string of data has only one unique hash bound to it. What if the signature (hash) of a block
doesn’t start with ten zeroes? Then, in order to find a signature that meets the requirements for a
block, the string of data of a block needs to be changed repeatedly until that specific string of data
leads to a signature starting with ten zeroes.
• But the transaction data and metadata (block number, timestamp, et cetera) need to stay the way they
are. So, a small specific piece of data is added to every block that has no purpose except for being
changed repeatedly in order to find an eligible signature.
• This piece of data is called the nonce of a block. The nonce is a completely random string of numbers
• To summarize, a block now contains;
– 1) transaction data,
– 2) the signature of the previous block,
– 3) a nonce
• The process of repeatedly changing the nonce and hashing the block’s data to find an eligible signature
is called mining and is what miners do.
• Miners constantly change the block composition (nonce) and perform hashing it until they find an
eligible signature (output). The more computational power they have, the faster they can hash
different block compositions and the more likely they are to find an eligible signature faster. It is a form
of trial and error.
19
Block 5 (1 MB) Block 6 (1 MB) Block 7 (1 MB) Miners are

computing in
order to insert as
Transaction data Transaction data Transaction data
many random
+ Signature block 4 + 0000000P3X22A + 0000000112LLK4
+ Random nonce : + Random nonce : + Random nonce : nonces as
p##@1 p##@1 ??? possible until they
find a nonce,
which when
combined with
Hashes to signature Hashes to signature Hash needs to start rest of block data,
: 0000000P3X22A : 0000000112LLK4 with atleast 7 leads to hash
consecutive zeroes output (signature)
that starts with
atleast 7 zeroes
Nonce : needs to be a number
20
Who can participate in generating hash
• Any user on a blockchain network can participate in this process
by downloading and starting the according mining software for
that specific blockchain.
• When a user does this, they will simply put their computational
power to work in order to try to solve the nonce for a block. Here
is an example of a block of transactions that was recently added to the
Bitcoin blockchain, block 521,477:
• As you can see, the hash (signature) of this block and the hash of the previous block
both start with a number of zeroes. Finding a hash like that is not easy, it requires a
lot of computational power and time due to random nature.
21
Step 5 — How does this make the blockchain immutable ? M.
•Imp.
As discussed previously in step 3, altering a block will unchain it
from the subsequent blocks.
• In order for an altered block to be accepted by the rest of
the network, it needs to be chained to the subsequent
blocks again.
• As we see, this requires every block that comes after it to get
a new signature. And that signature needs to meet the
requirements.
• Giving all of these blocks a new signature will be very costly
and time-consuming, although it doesn’t seem impossible on
paper, it is considered impossible practically.
• For example, Let’s say a corrupt miner has altered a block of
transactions and is now trying to calculate new signatures for
the subsequent blocks in order to have the rest of the
network accept his change.
• The problem for him is, the rest of the network is also
calculating new signatures for new blocks.
22
Step 5 — How corrupt transactions are avoided
• The corrupt miner will have to calculate new signatures for
these blocks too as they are being added to the end of the
chain. After all, he needs to keep all of the blocks linked,
including the new ones constantly being added. Unless the
miner has more computational power than the rest of the
network combined, he will never catch up with the rest of
the network finding signatures.
23
• Millions of users are mining on the Bitcoin blockchain, and
therefore it can be assumed that a single bad actor or entity
on the network will never have more computational power
than the rest of the network combined, meaning the network
will never accept any changes on the blockchain, making the
blockchain immutable.
• Once data has been added to the blockchain, it can never
be changed again.
• What if a bad actor has more computational power than
the rest of the network combined? Theoretically yes, this is
possible. It is called a 51% attack.
• In reality though, a 51% attack on the Bitcoin blockchain
would be far more costly to execute than it would yield in
return. It would require an immense amount of hardware,
cooling equipment and storage space for the computational
power.
24
Blockchain – Spread over
nodes
• Blockchain is spread over large number of computers, which are all
over the world. These computers are called nodes.
• Every time a transaction occurs it has to be approved by the
nodes, each of whom checks its validity. Once every node has
checked a transaction there is a sort of electronic vote, as some
nodes may think the transaction is valid and others think it is a
fraud.
• Each node has a copy of the digital ledger or Blockchain. Each
node checks the validity of each transaction. If a majority of nodes
say that a transaction is valid then it is written into a block.
25
Step 6 — How is blockchain governed
?
• The Bitcoin blockchain follows a governance model of democracy, and
therefore updates its’ record of transactions (and thus the Bitcoin balances)
according to what the majority of its’ users say is the truth.
• The blockchain protocol does this automatically by always following the
record of the longest blockchain that it has, because it assumes that
this chain is represented by the majority.
• After all, it requires the majority of the computational power to create
the longest version of the blockchain. This is also how an altered block is
automatically rejected by the majority of the network. The majority of
the network rejects an altered block automatically because it is no longer
chained to the longest chain.
• On the Bitcoin blockchain, all transaction history and wallet balances are
public (blockchain.info). Anyone can look up any wallet or transaction
that has ever occurred all the way back to the first transaction that was
ever made (on January 3rd, 2009).
• Although wallet balances can be checked by anyone publicly, the owners
of those wallets remain largely unknown. Here is an example of a wallet
still containing 69,000 Bitcoin, at the time of writing worth about roughly
500 million dollars. It was last used in April 2015, only to show no activity
ever since.
26
Principles of
blockchain
27
Principles of
blockchain
1. Distributed database
Types of databases
Centralised – One node Distributed – nodes Decentralised – nodes

does everything distribute work to sub- are only connected to
nodes peers
The database is the Blockchain and each node on a Blockchain has access to the
whole Blockchain.
No one node or computer regulates the information it contains.
Every node is able to validate the records of the Blockchain.
This is all done without one or several intermediaries in control of everything.
It is architecturally decentralized as there is no one point of failure that would bring
down the Blockchain.
28
2. Peer-to-peer P2P Transmission
Types of transmission
Centralised command Decentralised – peer to peer
& control
In line with the first principle, communication is always happening directly between peers,
rather than through some central node. Information about what is happening on the
Blockchain is stored on each node then passed to adjacent nodes. In this way information
spreads through the whole network.
3. Transparency yet pseudonymity
• Anyone inspecting the Blockchain is capable of seeing every transaction and its hash value.
• Someone using the Blockchain is able to be anonymous if they wish or they can give their
identification to others. All that you see on the Blockchain is a record of transactions
between Blockchain addresses.
• Block height is the count of how many blocks have been added to the block chain since the
first block in the chain.
• Block weight is somewhat about the size of the data in each block, but it’s not a
straightforward, simple count of how many bytes are in the block.
• Relaying company explanation :
1) Bixin - One of China's largest cryptocurrency custody and mining operators.
2) Bitfury - A cryptocurrency mining and blockchain development firm based in Japan.
Blockchain Principles -
summary
• Once the recording of a transaction is on the Blockchain and the
Blockchain has been updated, then the alteration of the records of this
transaction is impossible.
• Blockchain records are permanent, they are ordered chronologically,
and they are available to all the other nodes.
• As there are nodes throughout the world it is virtually impossible for the
entire network to be taken over by a single party.
• No one or several nodes control the Blockchain.
• All nodes are able to validate a transaction.
• All transactions occurring on a Blockchain are recorded there, so the
transactions of any person using the network are public and
completely transparent, even though they may be anonymous.
30
What is Distributed Ledger
Technology
• A distributed ledger is simply a database that exists across several locations or among
multiple participants. Most companies use a centralized database that exists in a
fixed location. But a distributed ledger removes third parties from the process, which
makes them quite attractive.
• Blockchain vs Distributed Ledger :
• Think of blockchain and distributed ledger in the same way as ‘Xerox’ and
‘Photocopy’. So blockchain is a type of Distributed ledger, but it is so popular that it is
engrained in minds of people as what the product actually is.
Blockchain Distributed Ledger Technology (DLT)

• A form of DLT comprising of • A record of consensus maintained & validated by
immutable, digitally recorded multiple parties/nodes.
data stored in packages called • A way to construct a ledger in a distributed way to
blocks. achieve consensus among participants who don’t
• Uses cryptography to make it trust each other.
hard for a malicious user to • Records new information in real time, only adds
manipulated the results in his entries if consensus among paticipants is
favour confirmed.
• All Distributed ledgers do not • Every entry is automatically time-stamped using a
necessarily employ blockchains. unique cryptographic signature.
31
Important concepts related to DLT - Smart contracts
• A self-executing contract trigger when pre-specified real-word conditions are met

and data confirming the event(s) is fed into the blockchain.
• Consists of programmable transaction protocol that defines the business terms of the
contract, and legal prose
• computer code constitutes part of the binding legal agreement between the parties
and is therefore also legally binding.
• Ethereum is an open-source blockchain platform that not only accepts smart contract
functionality, but also allows developers to write their own programs (i.e., write their
own smart contracts)
• Helps users create new decentralized applications (dapps) on top of the existing
platform.
• Smart contracts, then, are the building blocks for new solutions, business success,
and, most important, increased consumer trust.
32
Some Potential real world uses of blockchain technology
1. Payment processing and money transfers : with banks playing a central role
removed from the equation, and validation of transactions ongoing 24 X 7, most
transactions processed over a blockchain can be settled within a matter of seconds.
2. Monitor supply chains :
• By removing paper-based trails, businesses should be able to pinpoint
inefficiencies within their supply chains quickly, as well as locate items in real
time.
• Allow businesses, and possibly even consumers, to view how products
performed from a quality-control perspective as they traveled from their
place of origin to the retailer.
3. Digital IDs : More than 1 billion people worldwide face identity
challenges. Blockchain would give users a way to control their digital identities. This
would allow folks in impoverished regions to get access to financial services, or start
their own business, as an example.
4. Digital Voting : Blockchain offers the ability to vote digitally, but it's transparent
enough that any regulators would be able to see if something were changed on the
network. It combines the ease of digital voting with the immutability (i.e.,
unchanging nature) of blockchain to make your vote truly count.
33
5. Real estate, land, and auto title transfers : Blockchain takes paper out of the
equation. Paper trails are often a source of confusion. If you're buying or selling
land, a house, or a car, you'll need to transfer or receive a title. Instead of handling
this on paper, blockchain can store titles on its network, allowing for a transparent
view of this transfer, as well as presenting a crystal-clear picture of legal ownership.
6. Tax regulation and compliance : Companies can use blockchain as a means to
record their sales and demonstrate to lawmakers that they're abiding by local, state,
and/or federal laws. They provide clear record for the IRS that they've paid their fair
share of taxes to the federal government, assuming they're profitable.
7. Medical recordkeeping
In addition to storing patient records, the patient, who possesses the key to access
these digital records, would be in control of who gains access to that data. It would
be a means of strengthening the laws that are designed to protect patient privacy.
8. Equity trading
At some point, blockchain could rival or replace current equity trading platforms to
buy or sell stocks. Because blockchain networks validate and settle transactions so
quickly, it could eliminate the wait time investors encounter when selling stock(s)
and seeking access to their funds for the purpose of reinvestment or withdrawal.
.
34
Some countries using
Blockchain
CryptoDigest shows that there are eight countries working with blockchain technologies
trying to improve different industries
USA . It has over 40% of total blockchain startup market. Just like the internet boom,
the USA is leading the way in the smart economy. USA is a major player in the
blockchain and cryptocurrency ecosystem.
Singapore. The country’s central bank could be the first one to offer a national digital
currency based on blockchain technology. At the moment, there is a project that is
called UBIN which is led by the Monetary Authority of Singapore and that it would use
DLT for the clearing and settlement of payments.
South Korea. Although the country has banned Initial Coin Offerings (ICOs) in the
country and imposed some regulations on crypto exchanges, the Bank of Korea is trying
to implement a blockchain solution to replicate Interbank payments and settlement.
England has CryptoDigest included in the list. The Bank of England is one of the banks
that is analysing the possibility of issuing a Central Bank Digital Currency (CBDCThe
UAE is also working in Dubai in order to create a blockchain-based city. The proposal is
known as Smart Dubai. His goal is to make Dubai the first city fully powered by
Blockchain in 2020.
35
Blockchain
China, the second largest economy in the world after the United States is using
blockchain technology as well. Even when the country has banned virtual currencies and
Bitcoin, in 2017, China filed the largest amount of blockchain-related patents in the
world.
Japan is also known as a very open country towards digital assets and virtual currencies.
Although the Financial Services Agency (FSA) in the country has implemented different
regulations to control the market and its participants, the country is very open to new
technologies and cryptocurrencies.
Switzerland. The Swiss State-run postal service and the telecom services have presented
their initiative to create a completely private Swiss blockchain. Moreover, Swiss’s SIX
Exchange was the first exchange in Europe that had a cryptocurrency ETF approved –
called HODL. The Swiss banking system are also exploring blockchain technologies in
order to improve their services.
36
Limitations and
vulnerability
• Any Blockchain network largely depends on the amount of active users within it. In
order to operate to its full potential, a network has to be a robust one with a widely
distributed grid of nodes.
• Moreover, there is no Blockchain network in existence that could sustain the same
amount of transactions as major card issuers like Visa or MasterCard do. As of 2017,
Blockchain still has a very long way to go before it will be capable of replacing the
giants of the financial world.
• Finally, there is always a theoretical possibility of a large-scale capture of any given
Blockchain network. If a single organization will somehow manage to gain control
of the majority of the network’s nodes, it will no longer be decentralized in the full
sense of the word.
37
Cryptocurrency
As on 07-jun-2020
38
What is Cryptocurrency
?• A cryptocurrency is a digital currency.
• A cryptocurrency is one medium of exchange like traditional currencies such as USD
• It is designed to exchange the digital information through a process made possible by
certain principles of cryptography.
• The holder of the cryptocurrency has ownership.
Bitcoin :
• It is presently the dominant cryptocurrency of the world.
• Bitcoin was launched in 2009 by an unknown person called Satoshi Nakamoto.
• Bitcoin is a Peer-to-Peer technology which is not governed by any central authority or
banks.
• Currently, issuing Bitcoins and managing transactions are carried out collectively in
the network.
• It is open source and designed for the general public means nobody owns the control
of the Bitcoin.
• Anyone can use bitcoin without paying any process fees. If you are handling Bitcoin,
the sender and receiver transact directly without using a third party.
• https://coinmarketcap.com/currencies/bitcoin/
39
Cryptocurrency updates in India
• The Reserve Bank of India had virtually banned cryptocurrency trading in India as in a
circular issued on April 6, 2018, it directed that all entities regulated by it shall not
deal in virtual currencies or provide services for facilitating any person or entity in
dealing with or settling those.
Regulated entities that were already providing such services were told to exit the
relationship within three months.
• However, in March 2020, The Supreme Court on Wednesday struck down the curb on
cryptocurrency trade in India saying that the order lifted ban on trading in virtual
currency, cryptocurrency and bitcoins.
• Bitcoin, the most valued cryptocurrency in the world was at approx. $9200 and the
market cap of the currency stood at $118 billion as of April 2020.
• CoinDCX, which claims to be India’s largest crypto exchange, says it has seen a sharp
rise in users and trading volumes after the SC judgment. “We saw nearly a 10x spike
in sign-ups, post the Supreme Court judgment. The BTC/INR (Bitcoin to Indian
Rupees) trading pair has seen 78.36% growth in the past 50 days as reported in end
of April,2020.
40
How does cryptocurrency work ?
BlockChain and Bitcoin:
The blockchain is the technology behind Bitcoin. Bitcoin is the digital token, and
blockchain is the ledger that keeps track of who owns the digital tokens. You can't have
Bitcoin without blockchain, but you can have blockchain without Bitcoin.
Other prominent cryptocurrencies (totally over 2000 currencies)
• Ethereum
• Bitcoin Cash
• Ripple
• Litecoin
• Cryptocurrency is a form of payment that can be exchanged online for goods and
services. Many companies have issued their own currencies, often called tokens, and
these can be traded specifically for the good or service that the company provides.
Think of them as you would arcade tokens or casino chips. You’ll need to exchange
real currency for the cryptocurrency to access the good or service.
41
Why are they so popular
• Supporters see cryptocurrencies such as bitcoin as the
currency of the future and are racing to buy them now,
presumably before they become more valuable
• Some supporters like the fact that cryptocurrency removes
central banks from managing the money supply, since over
time these banks tend to reduce the value of money via
inflation
• Other supporters like the technology behind
cryptocurrencies, the blockchain, because it’s a decentralized
processing and recording system and can be more secure
than traditional payment systems
• Some speculators like cryptocurrencies because they’re
going up in value and have no interest in the currencies’
long-term acceptance as a way to move money
42
Are they a good investment ?
• Cryptocurrencies may go up in value, but many investors see them as mere speculations, not real
investments. The reason? Just like real currencies, cryptocurrencies generate no cash flow, so for you to
profit someone has to pay more for the currency than you did.
• Legendary investor Warren Buffett compared bitcoin to paper checks: “It’s a very effective way of
transmitting money and you can do it anonymously and all that. A check is a way of transmitting money
too. Are checks worth a whole lot of money? Just because they can transmit money?”
• To see cryptocurrencies such as bitcoin as the currency of the future, currency needs stability so that
merchants and consumers can determine what a fair price is for goods.
• Bitcoin and other cryptocurrencies have not been stable through much of their history. For example,
while bitcoin traded at close to $20,000 in December 2017, its value then dropped to as low as about
$3,200 a year later. In May 2019 it topped $8,000.
43
How to buy
Cryptocurrency
• While some cryptocurrencies, including bitcoin, are available for purchase with
U.S. dollars, others require that you pay with bitcoin or another cryptocurrency.
• To buy cryptocurrencies, you’ll need a “wallet,” an online app that can hold your
currency. Generally, you create an account on an exchange, and then you can transfer
real money to buy cryptocurrencies such as bitcoin or ethereum.
• Coindcx claims to be India’s largest cryptocurrency trading exchange where you can
create both a wallet and buy and sell bitcoin and other cryptocurrencies.
Are cryptocurrencies legal
• They’re legal in the United States, though China has essentially banned their use, and
ultimately whether they’re legal depends on each individual country.
• Also be sure to consider how to protect yourself from fraudsters who see
cryptocurrencies as an opportunity to cheat investors.
44
How does cryptocurrency work
Blockchain network and Cryptocurrency
• The transaction is known almost immediately by the whole network. But only after
a specific amount of time it gets confirmed.
• Confirmation is a critical concept in cryptocurrencies. You could say that
cryptocurrencies are all about confirmation.
• As long as a transaction is unconfirmed, it is pending and can be forged. When a
transaction is confirmed, it is set in stone. It is no longer forgeable, it can‘t be reversed,
it is part of an immutable record of historical transactions: of the so-called blockchain.
• Only miners can confirm transactions. This is their job in a cryptocurrency-
network. They take transactions, stamp them as legit and spread them in the
network. After a transaction is confirmed by a miner, every node has to add it to its
database. It has become part of the blockchain.
• For this job, the miners get rewarded with a token of the cryptocurrency, for example
with Bitcoins. The miner‘s activity is the single most important part of the
cryptocurrency-system.
• compensation for mining: "The amount of new bitcoin released with each mined
block is called the "block reward." The block reward is halved every 210,000 blocks
or roughly every 4 years. In 2009, it was 50. In 2013, it was 25, in 2018 it was 12.5,
and sometime in the middle of 2020, it will halve to 6.25". Source :
https://www.investopedia.com/terms/b/bitcoin-mining.asp.
47
Summarised Explanation of basic
flow
48
How does cryptocurrency work -
Appendix
What is cryptocurrency mining?
Principally everybody can be a miner. Since a decentralized network has no authority to
delegate this task, a cryptocurrency needs some kind of mechanism to prevent one
ruling party from abusing it. Imagine someone creates thousands of peers and spreads
forged transactions. The system would break immediately.
So, Satoshi set the rule that the miners need to invest some work of their computers to
qualify for this task. In fact, they have to find a hash – a product of a cryptographic
function – that connects the new block with its predecessor. This is called the Proof-
of- Work. In Bitcoin, it is based on the SHA 256 Hash algorithm.
It‘s only important you know that it can be the basis of a cryptologic puzzle the miners
compete to solve. After finding a solution, a miner can build a block and add it to the
blockchain. As an incentive, he has the right to add a so-called coinbase transaction that
gives him a specific number of Bitcoins. This is the only way to create valid Bitcoins.
Bitcoins can only be created if miners solve a cryptographic puzzle. Since the difficulty of
this puzzle increases the amount of computer power the whole miner’s invest, there is
only a specific amount of cryptocurrency token that can be created in a given amount of
time. This is part of the consensus no peer in the network can break.
49
Thank you
50
Data privacy and cyber security
1
Topic
s
1. What is privacy and why is it so important
2. Examples of data breaches
3. Freedom of speech, Privacy and Security
4. Differences between US and EU regulations
5. India’s Personal Data Protection Bill, 2019
6. Solutions against security breaches
7. Insurance to protect against cyber losses
Appendix:
1. European GDPR
2. US Data protection compliance and regulations
2
1. What is privacy and why is it so
important
• Definition: The aspect of IT that deals with the ability an
organization or individual has to determine what data in a
computer system can be shared with third parties since it is an
individual’s right or desire to be left alone and/or to have the ability
to control her own data
• Data Protection regulations require entities to ensure the
ongoing confidentiality, integrity, availability, and resilience of
processing systems and services
• While the protection of privacy is an important objective, privacy
also serves as a means to protecting other ends, such as free speech
• Customers entrust data to entities for agreed purposes only; those
collecting data should place a premium on protecting the
customers’ privacy
• Failure to ensure privacy is a breach of trust and the
defaulting companies are liable to prosecution and penalty
• Privacy may be compromised in two ways:
- Data stolen for malicious intent
- Custodian left customer data unprotected and exposed
3
1. 2013: The intruders stole data of 38 mn. customers from Adobe’s servers, including encrypted
payment card numbers and expiration dates, names, addresses, telephone numbers, e-mail
addresses, usernames and passwords. They also made off with digital truckloads of source code
for some of Adobe’s most valuable software properties — including Adobe Acrobat and Reader,
Photoshop and ColdFusion.
2. 2014: eBay reported that an attack exposed its entire account list of 145 mn. users,
including names, addresses, dates of birth and encrypted passwords. Hackers used the
credentials of three corporate employees to access its network and had complete access for 229
days. eBay asked customers to change their passwords. Financial information, such as credit card
numbers, was stored separately and was not compromised. The company was criticized for lack of
communication with its users and poor implementation of the password-renewal process.
3. 2017: Equifax, one of the largest credit bureaus in the US, said that an application vulnerability in
one of their websites led to a data breach that exposed about 148 mn. consumers. The breach
compromised the personal information (including SSNs, DOBs, addresses, and in some cases
drivers' license numbers). Equifax was faulted for a number of security and response lapses. Chief
among them was that the application vulnerability that allowed the attackers access was
unpatched. Equifax was also slow to report the breach.
4. 2008: In 2009 Visa and MasterCard notified Heartland of suspicious transactions from accounts
it had processed. Security analysts had warned retailers about the vulnerability (to perform a SQL
Injection attack) for several years. Because of the breach, the Payment Card Industry deemed
Heartland out of compliance with its Data Security Standard (PCIDSS) and did not allow it to
process payments of major credit card providers until May 2009. The company also paid an
estimated $145 million in compensation for fraudulent payments. This was a rare example where
authorities caught the attacker. A federal grand jury indicted Albert Gonzalez and two unnamed
Russian accomplices in 2009. Gonzalez, a Cuban American, was alleged to have masterminded
the international operation that stole the credit and debit cards. He was sentenced in March
2010 to 20 years in federal prison.
4
Examples of data breaches
….contd.
5. 2012 and 2016: LinkedIn has become an attractive proposition for attackers looking to conduct social
engineering attacks. In 2012, the company announced that 6.5 mn. unassociated passwords were stolen by
attackers and posted onto a Russian hacker forum. It was only in 2016 that the full extent of the incident was
revealed. The hacker was found to be offering the email addresses and passwords of around 165 mn. LinkedIn
users for just 5 bitcoins. LinkedIn acknowledged awareness, and said it had reset the passwords of affected
accounts.
6. 2014-’18: Marriott International announced in 2018 that attackers had stolen data on approximately 500 mn.
customers. The breach initially occurred on systems supporting Starwood hotel brands in 2014. The attackers
remained in the system after Marriott acquired Starwood in 2016 and were found in 2018. They took some
combination of contact and travel information, passport number, Preferred Guest numbers and other personal
information. The credit card numbers and expiration dates of more than 100 million customers were believed to
be stolen, but attackers were likely unable to decrypt the credit card numbers. The breach was attributed to a
Chinese intelligence group.
7. 2013-’14: Yahoo announced in 2016 that in 2014 it had been the victim of what would be the biggest data
breach in history. The attackers, which the company believed were “state-sponsored actors,” compromised the
real names, email addresses, dates of birth and telephone numbers of 500 mn. users. Yahoo claimed that most
of the compromised passwords were hashed. In 2016, Yahoo disclosed another breach from 2013 by a different
attacker that compromised the names, dates of birth, email addresses and passwords, and security questions
and answers of 1 bn. user accounts. Yahoo revised that estimate in October 2017 to include all of its 3 bn. user
accounts. The timing of the original breach announcement was bad, as Yahoo was in the process of being
acquired by Verizon, which eventually paid $4.48 bn. for Yahoo’s core internet business. The breaches knocked
an estimated $350 million off the value of the company.
8. 2018: In March, it became public that the personal information of more than a billion Indian citizens stored in
the world’s largest biometric database could be bought online. This massive data breach was the result of a
data leak on a system run by a state-owned utility company. The breach allowed access to private information
of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details. The
type of information exposed included the photographs, thumbprints, retina scans and other identifying details
of nearly every Indian citizen.
5
• Free speech will be restricted if individuals fear that their private
data may be accessed by law enforcement and intelligence services
• Tech companies face the threat of a trust deficit as federal rules
restrict them from revealing to the public requests received from
these agencies; relaxation provided by Obama administration,
allowing them to more fully disclose legal orders issued by the
NSA
• They normally provide access to customer data only when required
to do so by a legally binding subpoena
• Facing antitrust investigations and a growing backlash over
privacy, encryption, AI and content monitoring, tech giants are
calling for regulation
• Several leading companies in the US had formed an alliance –
Reform Government Surveillance – on limiting the authority of
the governments to collect users’ information, and calling for the
governments’ respect for free flow of information
• Governments of multiple countries could get involved, increasing
the difficulty for the companies to be fully compliant with the law.
6
Freedom of speech, Privacy and
Security….contd.
Cybersecurity: Protection against unauthorized access of internet-connected systems
such as hardware, software and data from cyber-threats designed to access, delete, or
extort an organization’s or user’s sensitive data. The forms include:
• Malware - malicious software i.e. any file or program e.g. worms, viruses, Trojan
horses and spyware that can harm a computer user
• Ransomware - malware using which an attacker locks the victim's computer
system files, usually through encryption, and demands a payment to decrypt and
unlock them
• Social engineering is an attack that relies on human interaction to trick users into
breaking security procedures to gain sensitive information that is typically
protected
• Phishing is a form of fraud where fraudulent emails are sent that resemble emails
from reputable sources; however, the intention of these emails is to steal sensitive
data, such as credit card or login information
Cyberwarfare: A state-on-state action equivalent to an armed attack or use of force in

cyberspace that may trigger a military response. In addition to the forms
aforementioned, the attack could entail hacking of data for the purpose of espionage
Development of new technology opens up new avenues for cyberattacks, making

cybersecurity continuously changing and challenging
7
Security….contd.
• Restricting companies to access data stored outside their countries
could hinder growth in global economy
Push-backs by Tech giants to provide data to Government:
o Microsoft: Prosecutor’s order in a narcotics case to turn over data
from an email account stored in a server in Dublin
o Apple: FBI’s suit to unlock the iPhone of one of the terrorists
involved in the attack in California, arguing that backdoors lead
to weakened security
• Legislative solution needed for a proper balance between security
and privacy, twin requirements of individuals
• Satya Nadella’s* equation, involving the three parties – Individuals,
Government and Companies :
E(Empathy) + SV (Shared Values) + SR (Safety and Reliability) = T/t
(Trust over time)
*”Trust in today’s digital world means everything”
8
Security….contd.
Elements of Cybersecurity: :
• Application security - developing, adding, and testing security features
within applications
• Information security - methodologies designed and implemented to
protect print, electronic, or any other form of confidential, private
and sensitive information or data
• Network security - policies and practices adopted to prevent and
monitor unauthorized access, misuse, modification, or denial of a
computer network and network-accessible resources
• Disaster recovery/business continuity planning - processes that help
organizations prepare for and implement during disruptive events
• Operational security - risk management process that encourages
managers to view operations from the perspective of an adversary in
order to protect sensitive information from falling into the wrong
hands
• End-user education
Advisory organizations are promoting a more proactive and adaptive

approach, recommending a shift toward continuous monitoring and real-time
assessments.
9
# US EU
1 Privacy laws change with each Privacy laws have less turnover when
administration administrations change because of
lesser polarization
2 Individuals have little ownership of their EU laws respect “private and family
online data, allowing large businesses to life” and allow citizens to delete their
monetize consumer behaviour/habits data
3 Privacy laws are often a messy Privacy laws are generally more
combination of public regulation, private comprehensive and geared towards
self-regulation and state-level legislation consumers
4 Enforcement of privacy laws are carried Enforcement of privacy laws is carried
out by several different government out by one authority, equally for all 27
organizations e.g Federal Communications member states
Commission and HIPAA
5 Numerous privacy organizations exist to Fewer privacy organizations
provide legal framework
6 Companies can keep data indefinitely, Citizens have the right to be forgotten
depending on their own terms of service – search results can be removed if
they are irrelevant or inadequate
10
5. India’s Personal Data Protection Bill, December,
2019
• Sets rules for how personal data should be processed and stored, and lists people’s
rights with respect to their personal information (currently, the usage & transfer of
personal data of citizens is regulated by the IT Rules, 2011 under the IT Act, 2000)
• Proposes creation of an independent new Indian regulatory authority, the Data
Protection Authority, to carry out this law
• Almost all businesses will have to meet the bill’s conditions. In addition to e-
commerce, social media and IT, brick-and-mortar shops, real estate and
pharmaceutical companies and hospitals will have to comply to:
1. collect and store evidence of the fact that notice was given about their data
collection practices and consent was received
2. set up systems to allow the consumers the right to withdraw their consent
3. create ways to give the consumers the right to access, correct, and erase their
data
4. allow consumers to transfer their data, including any inferences made by
businesses based on such data, to other businesses
5. make organizational changes to protect data better e.g. privacy-by-design
principles, security safeguards, and so on
6. Social media intermediaries must permit identity verification
11
India’s Personal Data Protection Bill, December,
2019….contd.
Key terms:
1. Data principal: an individual whose personal data is being processed
2. Data fiduciary: the entity or individual who decides the means and
purposes of data processing
3. (a) Personal data: pertains to characteristics, traits or attributes of
identity, which can be used to identify an individual - no localization or
data transfer restrictions apply to data that is not considered
“sensitive” or “critical.”
(b) Sensitive personal data: e.g. data relating to health, religion, sex life,
political beliefs and biometric and genetic data - may be transferred outside
of India, but such sensitive personal data shall continue to be stored in
India.
(c) Critical personal data: No restriction on government’s power to define
what data would be categorised as such. Bill to create an exception to strict
localization requirement for transfers to countries or organizations deemed
to provide an adequate level of protection (and where the state’s security or
strategic interests will not be prejudiced), or in limited circumstances to
protect vital interests.
4. Non-personal data includes aggregated data through which individuals
cannot be identified.
12
2019….contd.
Exemptions to these safeguards for processing of personal data:
• the central government can exempt any of its agencies in the
interest of security of state, public order, sovereignty and
integrity of India, and friendly relations with foreign states
• purposes such as prevention, investigation, or prosecution of any
offence, or research and journalistic purpose.
Personal data of individuals can be processed without their consent in
certain circumstances such as:
(i) if required by the State for providing benefits to the individual,
(ii) legal proceedings and
(iii) to respond to a medical emergency.
Changes from the draft bill:

1. new class of significant data fiduciaries
2. expanded the scope of exemptions for the government
3. the government may direct data fiduciaries to provide it with
any non-personal or anonymised data for better targeting of
services
13
Differences between Indian Bill and
GDPR
# India EU
1 Central government has the power to GDPR offers EU member states similar
exempt any government agency from the escape clauses, but they are tightly
bill’s requirements; so, it may access regulated by other EU directives
individual data over and above existing
Indian laws such as the IT Act of 2000
2 Government can order firms to share any No such provision in the GDPR
of the non-personal data they collect
3 Sensitive personal data can be Doesn’t require businesses to keep EU
transferred outside India, but only to be data within the EU. Transfer allowed if
processed; it cannot be stored outside contractual clauses are met: codes of
India conduct, data protection, certification
systems approved before transfer
4 Financial data considered to be sensitive Financial data not considered sensitive
5 In addition to accountability mechanisms No requirement for annual audit
like in the GDPR, data fiduciaries have to
audit their processing activities annually.
14
1. Limit access to most valuable data - all records to be partitioned
off so that only those who specifically need access will have it
2. Third-party vendors must comply with privacy laws. Principal
responsible for background checks of third-party vendors
3. Conduct employee security awareness training- employees are
the weakest link in the data security chain - one training class
about cybersecurity is not enough; need for regular classes
each quarter or even monthly
4. Update software regularly - Network is vulnerable when programs
aren’t patched and updated regularly
5. Develop a cyber breach response plan - Response plan should
begin with an evaluation of exactly what was lost and when
and who was responsible. By taking swift, decisive action,
damages can be limited and public and employee trust
restored
6. Devise difficult-to-decipher passwords - usage of upper
case letters, numbers and special characters when
formulating passwords, and regularly changing all
passwords.
15
Cyber insurance protects against damages caused by electronic threats to
computer systems or data. These threats can lead to the theft, damage or
misuse of sensitive information or other vital technologies and can result in
downtime and recovery costs that often include specialized repairs and legal
fees. Who need this insurance?-
• Any business that stores or processes sensitive information like names,
addresses, national Identity numbers, medical records or credit card
information
• Also, third-parties who handle confidential data and information, such as
an accountant or IT service, should have their own cyber insurance
policy. The principal should get proof of coverage before hiring them.
• Options are available to cover incident response services, first-party

losses (investigative services, business interruption coverage and data
recovery) and third-party losses (those experienced by others for which
the insured is responsible e.g. legal fees, settlement costs, security failure
and media liabilities)
• In India, there are two such cyber insurance plans from General
Insurance companies – Bajaj Allianz’s Individual Cyber Safe Insurance
Policy and Cyber Security by HDFC Ergo.
16
Appendix - European
GDPR
The General Data Protection Regulation came into force in 2016 after passing
European Parliament, and required all organizations to be compliant by May,
2018:
• It applies to any organisation operating within the EU, as well as
organisations outside which offer goods or services to customers in the
EU. That ultimately means that almost every major corporation in the
world needs a GDPR compliance strategy
• It is an updation of the 1995 European Data Protection Directive,
establishing minimum data privacy and security standards
• Two tiers of penalties, which max out at €20 million or 4% of global
revenue (whichever is higher), plus data subjects have the right to
seek compensation for damages
• Personal data is any information that relates to an individual who can be
directly or indirectly identified (names, email addresses, location
information, ethnicity, gender, biometric data, religious beliefs, web
cookies, and political opinions)
• Data subjects have rights to : 1) be informed 2) access 3) rectification 4)
erasure 5) restrict processing 6) data portability 7) object 8) decide on
automated decision making and profiling
• Considered as the toughest privacy and security law in the world
17
Appendix - European GDPR
….contd.
Key legal terms:
• Data processing — Any action performed on data, whether automated or manual e.g. collecting,
recording, organizing, structuring, storing, using, erasing… so basically anything
• Data subject — The person whose data is processed. These are the customers or site visitors
• Data controller — The person who decides why and how personal data will be processed. An
owner or employee in an organization who handles data
• Data processor — A third party that processes personal data on behalf of a data controller e.g. cloud
servers or email service providers.
Protection and accountability principles:

• Lawfulness, fairness, transparency — Processing must be lawful, fair, transparent to the data subject
• Purpose limitation — Data must be processed for the legitimate purposes specified explicitly to the
data subject when it is collected
• Data minimization — Collection and processing of only as much data as absolutely necessary for the
purposes specified
• Accuracy — Personal data must be accurate and up to date
• Storage limitation — Personally identifying data must be stored for only as long as necessary for the
specified purpose
• Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate
security, integrity, and confidentiality (e.g. by using encryption)
• Accountability — The data controller is responsible for being able to demonstrate GDPR compliance
with all of these principles.
18
Appendix - US Data protection compliance and regulations
While there is no central federal level privacy law like the EU’s GDPR, there are several
vertically-focused federal privacy laws, as well as a new generation of consumer-
oriented privacy laws coming from the states (e.g. California Consumer Privacy Act
(CCPA) effective from 1/1/2020):
• US Privacy Act of 1974 - rights and restrictions on data held by US government
agencies covering access, correction, minimization, restricted on a need to know
basis, sharing of information between federal and non-federal agencies is
restricted and only allowed under certain conditions
• Health Insurance Portability and Accountability Act - healthcare provider or
“covered entity” has permission to use patient data if it’s related to treatment,
payment and health care operations.”
• Gramm- Leach-Bliley Act protects non-public personal information (NPI), which is
defined as any “information collected about an individual in connection with
providing a financial product or service, unless that information is otherwise
publicly available”. However, for third-party companies affiliated with the bank or
insurance company, consumers have no legal privacy controls under GLBA to
restrict the sharing of the NPI
• The Federal Information Security Management Act, a federal law part of the larger
E-Government Act of 2002, made it a requirement for federal agencies to develop,
document, and implement an information security and protection program
19
Money Laundering & Fintech
1. Money Laundering – Brief Intro

2. Traditional Money Laundering Scenarios
3. Fintech & Money Laundering Possibilities
4. Fintech & Money Laundering Risk
5. Anti Money Laundering Solutions (RegTech)
6. ML Risk Assessment of Fintech Solutions
7. Career Prospects in AML (Financial
Firms, Regulators & Fintechs)
1
Money Laundering – Brief
Intro
• Money laundering (ML) is the illegal process of making
large amounts of money generated by Corrupt / criminal
activities such as drug trafficking or terrorist funding and
make it seem to have come from a legitimate source.
• There are 3 stages:
– Placement – The origination of the transfer that places
dirty money into legitimate financial system.
– Layering – The routing of the funds through various channels,
jurisdictions, products, accounts etc. This is done to dilute,
erase or mask / conceal the source of the money through a
series of transactions and also bookkeeping / accounting tricks.
– Integration – The final leg where money is converted, received &
withdrawn through some legitimate means.
• Besides, national financial regulators, there is also
concerted global effort to curb ML and to this effect there is
the Financial Action Task Force (FATF) and Regional Groups.
2
Traditional Money Laundering
Scenarios
• Use of legitimate, cash-based business owned by a
criminal organization.
• In one common form of money laundering, called smurfing (also
known as "structuring"), the criminal breaks up large chunks of
cash into multiple small deposits, often spreading them over many
different accounts to avoid detection
• Money laundering can also be accomplished through the use of
currency exchanges, wire transfers, and "mules"—cash smugglers,
who sneak large amounts of cash across borders and deposit in
foreign accounts where money-laundering enforcement is less
strict.
• Other money-laundering methods involve investing in commodities
such as gems and gold that can easily be moved to other
jurisdictions, discreetly investing in and selling valuable assets such
as real estate, gambling, counterfeiting and using shell companies
(inactive companies or corporations that essentially exist on paper
only).
3
Fintech & Money Laundering
Possibilities
• The rise of online banking institutions, anonymous online
payment services and peer-to-peer (P2P) transfers with
mobile phones have made detecting the illegal transfer of
money even more difficult.
• Moreover, the use of proxy servers and anonymizing
software makes the third component of money laundering,
integration, almost impossible to detect—money can be
transferred or withdrawn leaving little or no trace of an IP
address.
• Money can also be laundered through online auctions and
sales, gambling websites, and virtual gaming sites, where
ill- gotten money is converted into gaming currency, then
back into real, usable, and untraceable "clean" money.
• Cryptocurrencies present new complications and
are already being viewed suspiciously by regulators.
4
Risk
• Thus, due to technology and new fintech products,
money laundering is both attractive and easy for
offenders because use of technology increases the
rate of initiation of transactions and unlimited
money flow, through anonymous accounts.
• Overlapping regulations across different products,
countries and loopholes therein are exploited and
get magnified by use of technology.
• We have seen many Financial Firms (usually
banks) being penalised regularly.
• So it is both Financial & Reputational risk.
5
Anti Money Laundering Solutions
(RegTech)
• Solutions enabling effective
– Customer Due Diligence (CDD),
– Enhanced Due Diligence (EDD),
– Transaction Monitoring
– Black List Filters for countries & individuals (Interpol, OFAC, FATF, EU,
ECGC, RBI etc.)
– Politically Exposed Persons (PEP’s)
– Pattern Detection (Using AI / ML),
– Red Flagging
– Reporting etc.
• These are part of RegTech solutions.
• Despite these solutions, challenges exists because of organisation & data
silos, coordination amongst various countries, agencies and
organisations, Volume of Transaction / False Alerts, Training issues, New
Products / Segments, Time Delays for Investigations etc.
6
ML Risk Assessment of Fintech
Solutions
7
Career Prospects in AML (Financial Firms, Regulators &
Fintechs)
• The Association of Certified Anti-Money
Laundering Specialists (ACAMS) offers a
professional designation known as a
Certified Anti-Money Laundering Specialist
(CAMS).
• Individuals who earn CAMS certification
may work as brokerage compliance
managers, Bank Secrecy Act officers,
financial intelligence unit managers,
surveillance analysts and financial crimes
investigative analysts.
8
Pitfalls of
Fintech
Long term visibility is hazy….

Industry is watching it cautiously….
1
Crucial Scenarios leading to
pitfalls
1. Investor expectations of early payback
2. Regulatory compliances
3. Difficulties in partnerships with incumbents
4. Competing with big financial brands
5. The LendingClub story
6. The Finomena story
7. The Loanmeet story
8. The Aditya Birla Payments Bank story
9. Problems with blockchains
2
pitfalls
3
1 - Investor expectations of early payback
• Fundamental strategic contradiction between Technology and Finance
– Technology companies typically get big faster & dominate the sector*
– In contrast, finance sector is slow moving, particularly lending. Growing a retail
customer base is expensive and time consuming
• Investors of all kinds are accustomed to the modern Tech growth curve and have a
three to five-year investment horizon
• People tend to forget that Finance is a very slow-moving sector, even if it is technology
enabled.
• Fintech (selling bank technology, small-business solutions, or acting as a lender) - it
takes time to break into the market
*: Facebook’s old motto for developers – “Move fast and break things”; in 2014, it was
changed to “Move Fast With Stable Infra”.
4
Investor expectations of early payback ….contd.
Fintechs are often pressurized by both existing and potential investors to demonstrate
the so-called “hockey stick” growth. This hinders long-term visionary thinking
Recommendation : Improper choice of VCs could compound problems; those with

Fintech experience should be preferred
Fast With Stable

*: Facebook’s old motto for developers – “Move fast and break things”; in 2014, it was changed to “Move 5
Fast With Stable

Investor expectations of early
payback….contd.
• The realities of the market and the demands of investors force
these organizations to abandon data and technology in favour of
traditional sales techniques
• Growth-at-all-costs mentality is incredibly damaging for the
industry. When Fintechs start using their investment dollars not for
innovation, but for quick growth - even at the cost of disregarding
business cycles - long-term viability becomes doubtful
• As competition increases, Fintechs begin making riskier and
riskier decisions. This could mean accepting clients and deals that
aren’t an ideal fit for their product. For online lenders, it means
riskier and less desirable loans
• The impact of competition in the lending space in the US is
evident from the Google AdWords prices. Over the past few
years, the price per click (PPC) for keywords such as “small
business loans” have risen to nearly $100 per click in some
instances.
6
2 – Tough to adhere to Regulatory compliances
• Dealing with regulation has become a daily norm. There is
increasing pressure on Fintech start-ups, globally, to address
and deal with existing or potential regulatory hurdles
• Most Fintechs are not as knowledgeable as large traditional
players about regulatory framework. It is still early days for
Fintechs and in the euphoria, they ignore/ do not give due
importance to the key issues that should be considered:
- Are there existing regulations today that regulate the company’s
products or services?
- If there are existing regulations, does the Fintech company comply?
- What licenses will be required?
- Does it make sense to partner with another company that already has
the required licenses?
- In case the decision is to partner, what would be the economic split?
What is required to partner from each company’s perspective? What is
the risk? Is this a long-term approach or an intermediary step?
7
Tough to adhere to Regulatory compliances
….contd.
Typical Regulations faced by Fintech are in the areas of:
1. Protection of consumers against unfair or deceptive
practices
2. Data protection laws – national and if
applicable, international
3. Restrictions on telemarketing
4. Restrictions on email marketing
5. Customer notification of security breaches involving
personal information
6. Consumer privacy laws
7. Anti Money Laundering laws
8. Transaction processing and storage of information
8
3. Difficulties in partnerships with large incumbents
• Incumbents in the finance sector are powerful and
complacent. Most don’t fear Fintech companies looking
to take their business because, few, if any, pose a real
threat
• BFSI is highly regulated and therefore inherently
conservative, where a commitment to innovation and
decisive action could be detrimental to a career. The
common wisdom amongst bankers is that maintaining
the status quo is the path to long-term success
• Fintechs have witnessed long sales-cycles, with a typical
deal taking 12-18 months to come to fulfilment. This
makes it difficult for them to raise capital and gain visible
traction
• Current procurement processes are very rigid and
essentially adapted to mature companies, making it
tough for start-ups to provide the requested information
9
and documentation. They risk being perceived as
unprofessional by incumbents.
1
0
Difficulties in partnerships with
incumbents….contd.
• Once the start-up is onboarded, the expectation is that the
integration and ongoing maintenance will run as smoothly as
with established technology providers
• Fintech start-ups believe they will evolve together with the client
as there are many opportunities for customization, but it also
means that one can expect delays, bugs, and larger integration
issues
• FinTechs often use technologies that are not in line with the
technical standards of financial institutions e.g. cloud computing is
widely used amongst start-ups, but not by established
institutions in financial services
• Under the pressure of forging as many partnerships as possible,
they often end up agreeing to operate at low or negative margins,
jeopardizing their long-term viability
• The employees of incumbents are often risk averse and work in a
siloed, rather than a collaborative way. That leads to a significant
clash of cultures causing frustrations on both sides and
ultimately yielding outcomes that are worse than expected.
10
Recommendations to make the partnership work
• Improve the ecosystem: With competition increasing, it can help to meet the right person by
getting involved in accelerators and innovation labs. Collaboration with an organization that
already works closely with incumbents can help secure privileged access to potential partners
and give an insight on their pressing issues
• Progress within the incumbent’s culture: Fintechs should prepare to reset their watch as
incumbents have slower processes due to legacy systems and bureaucracy. Incumbents can lack
the internal processes to fast track the embedding of new solutions. Fintechs may feel they are
following an unnecessarily convoluted route, but this is due to the complexities of scale. This
is frustrating, but also unavoidable
• Tackling regulation, compliance and cybersecurity: The incumbent’s need for control may be
bureaucratic but those restrictions deliver a high quality, stable product. Fintechs that
underestimate the enormity of milestones/ don’t do proper due diligence, run the risk of losing
the confidence of both the regulator and the market. Robust evidence has to be established that
their tech is fit for purpose, differentiated, and will address the customer need
• Managing change with structure and agility: Fintechs must adapt to structured governance with
Capability modelling, target operating models and process mapping. For example, a lack of
governance of the ecosystem and processes can lead to poor visibility on the project
• Preparing for scale: The pressure to expand a successful pilot and demonstrate proof of value as
soon as possible can lead to rapid growth that causes the architecture to creak at the seams.
Having a focus on quality in design and testing stages will provide confidence that the
technology will be successful at scale.
11
4. Competing with big financial
brands
• Fintechs don’t only compete with the large existing financial powerhouses,
but they have to contend with Amazon and other technology companies
expanding into financial services.
• A start-up cannot underestimate the spending power of incumbents
and their willingness to spend when it comes to direct consumer
marketing
• A Fintech B2C company should be able to answer the following to stay
competitive in a clear manner:
- What is the USP ? What is it that the Fintech company is offering that
incumbents are not ?
- What problem is being solved that the large incumbents are
not addressing, and why are they ignoring that market segment
or opportunity? Basing the business model on IP alone is
unwise
- Is it trying to change customer behaviour? If so, what is the approach and
why does it think it is possible?
- What are customers risking if they adopt the new solution versus an
incumbent’s product?
- Can it build trust with customers?
- How will incumbents react? And if they do, how long will it take?
12
brands
- Does it have any technology that is not vulnerable?
13
Competing with big financial
brands….contd.
• For a B2B company, the questions are centred around
product differentiation and the problem that is being
solved for the enterprise. The product needs to solve a
significant problem in order for a large company to bet
on a start-up versus a larger, more established
company. The most critical points are:
- Does the product solve a pain point today that is
causing the company either significant expense, loss of
business, or potential regulatory fines?
- Is the product robust enough to compete with the
incumbents and beat them in a head-to-head
matchup?
- Will the incumbents use it as a loss leader, eliminating
any potential margin?
13
5. The LendingClub story – the
journey
• LendingClub, a pioneer in the lending marketplace in the United
States, started operations in 2007
• The company raised $1 billion in what became the largest
technology IPO of 2014 in the US
• Based on the IPO prices, the investors Series A investors made 55
times their money, while Series B investors did even better (80
times)
• LendingClub experienced problems in early 2016, with difficulties
in attracting investors, a scandal over some of the firm's loans and
concerns by the board over the CEO’s disclosures, leading to a 34%
drop in its share price and his resignation
• Along with Funding Circle, it remains lossmaking amongst the
biggest publicly traded marketplaces. Shares are down over 70
per cent since they listed over the past few years.
• In April 2020, the company announced it will lay off around one
third of its employees in anticipation of the economic
downturn resulting from the COVID-19 pandemic
14
The LendingClub story – what went
wrong
• Until 2016, the problems in the P2P industry had not attracted the attention of
market watchdogs. Lending Club, in its guise as a P2P lending company with no
intermediary function, had escaped regulatory notice and remained unbound by
the rules governing banks when performing their intermediary functions
• After the financial crisis of 2008, interest rates remained relatively low until 2015,
when the Fed began to raise the federal funds rate, causing a corresponding rise in
the market interest rate. Investors became more willing to put their money in
banks rather than purchasing P2P loans, because the gap in interest rates became
small, but the bank deposit is almost risk-free
• The company is also suffering from fiercer competition and tighter regulation.
These circumstances lead to higher operating expenses because of spends on
sales, marketing and compliance
• As Lending Club itself is performing a credit rating function, a moral hazard
emerges. When it is in need of funds, it is likely to overestimate the value of loans
and the credit rating, creating bubbles in the market which would cause financial
crises. To expect that, unprompted by regulations, a company will choose to
protect a stable market instead of saving its own life seems unrealistic.
Note: US is not the only country where the P2P industry is beset with problems; even
in China the delinquency rates are near 25% ; by comparison, delinquencies on credit
cards are in the 3-5% range.
15
6. The Finomena story – the journey
• A Bengaluru-based Fintech lending start-up, Finomena was founded in
2015 by graduates of IIT Delhi and Stanford and ex-employees of
Facebook, Microsoft, Boston Consulting Group and Bain Capital.
• It facilitated students and young professionals in buying electronic
devices and appliances by providing them with small-ticket loans
• The company worked on a unique algorithm backed system that
checked the creditworthiness of buyers
• It was selected for the International Innovator of the Year award by
LendIt USA 2017, the world’s largest show in lending and fintech
• Finomena received USD 1.7 million in funding from Matrix Partners
and ten angel investors
• The owners were featured in 2016 Forbes 30 under 30 list
• Flipkart and other e-commerce firms partnered with Finomena where
the start-up allowed loan seekers to key in links of items on the e-
commerce marketplace they wanted to buy with a loan
• Failing to raise series-A funding, the company closed down in Dec.,’17
16
The Finomena story – what went wrong
• Intense competition from rivals such as ZestMoney,
CashCare, Capital Float and Lendingkart, among a
dozen other alternate loans start-ups that have
cropped up in India
• As per one analysis, 75% of their employees and
customers were not satisfied with the services
provided by the company
• Cash burn was unusually high for a start-up
• Cost of acquisition was too high for any plausible
buy out
• While the company finally managed to bring down
its costs, the average ticket size remained low
• Both buy-out offers did not fructify because of
valuation issues.
17
7. The Loanmeet story – the journey
• Catered to borrowers, who could not get personal and business loans from
banks and other financial institutions due to lack of credit history,
insufficient documentation or other reasons
• LoanMeet used to finance working capital requirements, B2B
marketplace financing, cash credit line, and channel financing in the
range of Rs 5k to Rs. 500k for short term periods ranging from 15 days to 9
months
• The Bengaluru-based platform provided ultra-short-term loans of 15, 20,
and 30 days to retailers to buy inventory and then repay the startup. With
an initial investment of Rs 2.5 mn. raised from friends and family,
LoanMeet competed with the likes of Capital Float and Loan Frame
• The firm had raised an undisclosed amount from a clutch of individual
investors including Chinese investors
• Until Jan 2017, Loanmeet was growing well at about 50% month over
month
• Its average ticket size was Rs 50k, at an interest rate of ~18%. The startup
shut shop in May, 2019 as it failed to raise follow-on capital. It had initially
raised an undisclosed amount from Chinese investors Cao Yibin and Huang
Wei.
18
The Loanmeet story – what went wrong
• The lending market is an overcrowded market

dominated by established players, and
Loanmeet couldn’t sustain the competition.
• One of the prominent reasons for failure in
lending space is that most of the lending
companies are good at solving credit access
problems. However, they don’t do in-depth
research (beyond collecting information from
customers) of the deep root cause why they have
failed to get funded by banks.
•
19
8. The Aditya Birla Payments bank story – the journey and what went wrong
• Launched in February, 2018, Aditya Birla Payments Bank Limited (ABPB) was the
fourth payment bank to get a license from RBI
• The venture was a JV between Aditya Birla Nuvo Ltd. and Idea Cellular in which
Aditya Birla Nuvo Limited held 51% shares. The remaining 49% was with Idea
Cellular
• In July 2019, Aditya Birla Payments Bank announced that it would shut its
operations subject to the receipt of requisite regulatory consents and approvals
• As observed by RBI, the key reason for operating profit of such banks being
negative was large capital expenditures involved in setting up the initial
infrastructure, leading to high operating expenses
• Further, there is still a considerable section in India that prefers traditional
methods while transacting, and there hasn’t been complete awareness and
comfort with the new techniques
• There were also lending and other limitations, such as investing only in
government securities, which offer lesser returns as compared to other options
like mutual funds
• All the above cumulated to an unviable business model for ABIPB and led to its
shut down.
20
9. Problems with
blockchains
• Decentralization is expensive - The amount of electricity required to drive the
mathematical problems is high, leading some miners to steal the power
• Decentralized control is hard to guarantee - The few groups with the capital and the
expertise are the only ones that dominate mining, and everyone else is unable
to compete at solving the puzzles. Some of the most efficient blockchains are said
to be "private"; they leave control in the hands of a few central groups
• Identity is hard to manage - Users define their identity with a cryptographic key and
must keep their part secret. If someone gets a copy of the key, they can
impersonate the so-called owner
• Lost identities - Many coins on the blockchain are frozen for eternity, controlled by
some key that wasn't backed up correctly. Similarly, in a blockchain tracking
ownership of real estate, the key to some important chunk of land could disappear.
Control of the asset depends upon control of the key
- Blockchain may not be as permanent - After all the calculations and complex
mathematics, the decision about whether to accept new transactions onto the
ledger depends upon some if-then statement. And that if-then statement can be
reprogrammed by the people who write the code running on the dominant fork.
21
Problems with blockchains – Bitcoin money
laundering
• Although cryptocurrency can be used for illicit activity, the overall impact of bitcoin and other
cryptocurrencies on money laundering and other crimes is sparse in comparison to cash
transactions. As of 2019, only $829 million in bitcoin has been spent on the dark web (0.5% of all
bitcoin transactions). Since blockchain technology provides a public record of each transaction,
exposure to the risk of money laundering is manageable.
• The most simplified form of bitcoin money laundering leans hard on the fact that transactions made
in cryptos are pseudonymous. The same concepts that apply to money laundering using cash apply to
money laundering using cryptocurrencies. There are three main stages of crypto money laundering:
- Placement: Legitimate exchanges follow regulatory requirements for identity verification and sourcing
of funds and are AML compliant. Other exchanges, with sub-par tools, are not as AML compliant
- Hiding: Criminals can use an anonymizing service to hide the dirty funds' source, breaking the links
between bitcoin transactions, citing the need for personal privacy. This can be accomplished both on
regular crypto exchanges or by participating in an Initial Coin Offering, where using one type of coin
to pay for another type can obfuscate the digital currency's origin
- Integration: The point at which dirty currency can no longer be traced back to criminal activity is the
integration point - the final phase of currency laundering. A simple method of legitimizing the illicit
income is to present it as the result of a profitable venture or other currency appreciation. This can be
very hard to disprove in a volatile altcoin market. Alternately, similar to how an offshore fiat currency
bank account can be used to launder dirty money, an online company that accepts bitcoin payments
can be created to legitimize income and transform dirty cryptocurrency into clean, legal bitcoin.
22
laundering
Introduction to Fintech
Issue 1.0
June 2020
23
laundering
1.1 What is FinTech

 Introduction
 Need for FinTech in context
of
 Banking industry
 Insurance Industry
 Wealth Management
Industry
2.1 Initiatives by Indian
Government to boost
fintech.
2
laundering
3
Recent Media buzz
The domain of fintech is expected to continue to pay

a very crucial role in a post COVID-19 world.
However, for that to happen, fintech will have to
evolve and adapt to a new world order. Experts are
working on ways in which Fintech companies can
stay relevant efficiently and profitably
Source : Economic Times, 4

Mint
What is
Fintech
• As the word suggests ‘Finance’ + ‘Technology’
• Financial industry innovates & improves financial services by use of technology
• Traditionally, large Banking and Financial institutions have been resistant to change
due to their legacy IT systems.
• Scope for innovation is restricted as they are under constant scrutiny by regulatory
bodies and their agility for customer acquisition and service was bound by tedious
processes.
• The FinTech industry came been under focus recently with Berkshire Hathaway’s
investment into Paytm for Rs 2500 crore marking Warren Buffett’s first investment in
India.
• “The Indian fintech ecosystem is the third largest in the globe. $6 billion investments
have already happened in fintech market in the country in the last 3-4 years. Fintech
market in India is likely to expand to $31 billion in 2020," – Niti Aayog CEO Amitabh
Kant in May 2019.
• FinTech is amongst the most thriving sectors at present in terms of both business
growth and employment generation. Globally, the FinTech software and services
industry is estimated to touch $ 45 billion by 2020, growing at a CAGR of 7.1% -
source : NASSCOM – February 2020
5
Traditional banks &
FI
Traditional Banking Institution Strengths
• Have a very strong existing customer base and relationships that have been in place for years. They
still retain the lion’s share of consumer accounts across the spectrum of financial services.
• Convenience of in-person touchpoints at branch offices to solidify relationships with clients — even
as they build out their digital strategies.
• Big national banks & NBFCs have better capital to invest in their own digital transformation
initiatives like such as mobility, artificial intelligence, machine learning, and big data analytics.
Traditional Banking Institution Weaknesses.
• The traditional financial institutions still have significant work to do to repair consumer trust
damaged during the last recession.
• concerns improving consumers’ digital experience. While financial resources are being allocated to
create new digital offerings, many of these initiatives are not well integrated with their more
established call center or operations.
• The complexity of existing systems — built on generations of difficult-to-integrate legacy
technologies — combined with an incumbent culture that may not be optimized for today’s digital
marketplace.
Example : The rigidity and complex procedure of availing unsecured loans from traditional route was
time-consuming, tedious, non-transparent and was not at all consumer friendly. Fintech’s with all its
process being done online has helped solving these issues. Applying, processing, verification of
application everything is done online so saves a considerable amount of time. Disbursal of loan is also
done online in fact even in 24 hours in some cases. The procedure here is really flexible and is really
transparent as well. Additionally the conventional system was more focused on lending to the
employees who were employees in A or A+ category companies whereas Fin techs were focused on all
employees of registered companies. This way Fintech were successful in winning the trust of customer
and in becoming their first choice for financial requirements
6
Fintech – Paradigm
shift
• The FinTech model is based on charging a premium for customer segment
that is inclined towards service and the ‘overall experience’.
• These companies combine agility with personalisation and
convenience. These start-ups leverage technology using API’s to deliver
results, real- time.
• They promise ‘credit in a minute’ with zero paperwork, transparency and
customer service. Features such as round the clock access, immediate
consultation, remote account opening, real-time fund transfers, multi-
channel repayments (auto-debit, payment gateway, wallets, UPI, eNACH
etc), real-time reconciliation, are their distinct differentiators.
• Compared to traditional FIs, new-age FinTech’s are more data-driven.
Their lean operating model focuses on agility and customer-centricity.
Their flatter organisational structures are more responsive, and can
quickly leverage technology innovations to provide a more
personalized customer experience.
• Also, as most FinTech’s operate on the mobile platform, mobile
penetration in India has given FinTech’s a distinct advantage
over traditional banks.
7
Key Fintech offerings in India by Financial services
companies
• Pre-paid payment instruments : PPIs are instruments that
facilitate the purchase of goods and services (including financial
services, remittance facilities etc.) against a “stored value” on such
instruments. In India, they are pre-paid cards or virtual wallets.
• UPI Payment : The Unified Payments Interface is a payments
platform managed and operated by the National Payments
Corporation of India (NPCI). The UPI enables real-time,
instantaneous mobile based bank to bank payments. It is low
cost, easily accessible and universally available facility.
• Digital Lenders : NBFCs offer credit products to SME and retail
clients. They have developed interactive applications and websites
to enable end-to-end customer journeys – starting with
onboarding and initial credit verification and checks, processing of
loan documents and disbursement.
• Peer-to-peer lending platforms : P2P platforms are online
platforms which offer loan facilitation services between lenders
registered on the platform and prospective borrowers. They act as
intermediaries providing an online marketplace for P2P lending in a
regulated environment.
8
Key Fintech offerings in India by Financial services companies
Contd.
• Payment aggregators/ intermediaries : These are entities
which facilitate online sale and purchase transactions
primary on e-commerce platforms. Such entities facilitate
collection of electronic payments from customers for
goods and services availed and the subsequent transfer of
payments to merchants.
• Payment banks : They are entities licensed by RBI to offer
basic banking services digitally to their customers.
Payments banks are permitted to accept small deposits
(upto Rs. 1 lakh) from their customers. However, payment
banks are not permitted to give loans, issue credit cards
or offer any credit products. The regulatory intent behind
payments bank licenses was primary to increase financial
inclusion, especially in the low-income segments and to
promote digital payments and digital banking services in
the country.
9
Drivers for
Fintech
• Generational shift – New generation more open to newer
technologies and mediums.
• Rapid growth of supporting platforms
– Mobile technology
– Internet
– Computing power
• Broader choice due to increased competition and decreased cost of
products and services
• government’s consistent efforts to promote digital services through
‘Digital India’.
• The government’s biometric identification database, Aadhaar,
contains information of over 1 billion Indian citizens, minimising
the effort required for first level verification of customers.
• government has introduced tax rebates for traders accepting more
than 50% as electronic payment
10
Smart Chip Technology
• Smart chip ATM cards have significantly helped in minimizing the financial
loss that occur in the case of mishaps. It comes with EMV technology that
is embedded in the chip. This technology uses a one-time password for
each transaction. This increases the security since the code is valid only
for one transaction; so, even if somebody steals it, he won’t be able to do
anything.
Biometric Sensors
• Biometric sensors along with Iris scanners are path breaking since it
would simply eliminate the need to carry your plastic card. Furthermore,
you won’t need to remember your pin.
• ATMs more secure than ever since you’ll be able to access your own
account without any password. The biometric ATMs use integrated mobile
applications, fingerprint sensors, palm, and eye recognition to identify the
account’s owner.
• The usage of biometric technology brings a huge sigh of relief for all the
customers who get panic even at the thought of losing their ATM card. It’s
because due to this, they would be able to access their funds even when
they have lost their card.
11
Online Transactions
• Massive increase in the online payments due to the emergence of e-Commerce
Omni-channel & branchless banking
• FinTech financial services is transforming the entire banking system from a branch-specific
process to various digital channels such as online, social, and mobile. It also reduces the
bank’s dependency on its brick and mortar branches to function.
Customer service chatbots
• Chatbots are nothing but bits of software that use machine learning and natural language
processing that enables them to constantly learn from human interaction.
• Chatbots are highly efficient as they streamline customer interactions like query handling and
directing customers to the required departments.
• Bank of America’s chatbot Erica, which can provide investment advice to its customers.
Whereas, the chatbot used by UBS can scan customer emails autonomously thus reducing
the total time taken in the task from 45 minutes to mind-boggling two minutes.
Artificial intelligence (AI)
• AI along with Machine learning is vital for fraud detection. The software that banks use for
fraud detection generates alerts whenever there’s a potential fraudulent transaction. Later it
is backed up by the human investigation that finally determines if the attack was real or false.
12
13
Source : https://www.makeinindia.com/article/-/v/growth-of-fintech-in-india
Close to real-time Customer fulfilment and service
Feature Banks NBFCs FinTech

Time to Get Money* Typically 3-5 days Typically 1-3 days Typically less than 1 day
Convenience Low Medium High
Reliability of Customer
Low Medium High
Service
Interest Rates 10-15% 14-20% 12-27%
Flexibility in Rules Low Low Medium
Paperwork Involved High Medium Low
Specialized Products Rarely Frequently Frequently
* New customer 14
Process Step Banks NBFCs FinTech

Document
Generally manual Generally manual Generally automated
verification
Agreement signing Generally manual Generally manual Generally automated
Generally based on self
Generally based on
attestation, signing ofTypically eKYC or scan
self attestation,
KYC photo copies or eKYCimage upload based
signing of photo
for digitally advanced
copies
NBFCs
Other paperwork
Generally high Generally high Generally low
(e.g.
cheques)
Many banks, including Barclays, Citibank, Goldman Sachs working closely with
FinTech’s. Collaboration between ICICI Bank and Paytm is a good example of how
banks have started partnering with FinTech. BNP Paribas, HSBC, UBS and Deutsche
15
Bank have invested into FinTech firms, whereas some banks are even acquiring FinTech
start-ups to counter these challenges.
16
Fintech Strengths & weaknesses
Fintech Strengths.
• No legacy from past
• The media buzz trended positive in their favor
• Main strength revolves around the innovations that are closely associated with their brands.
• They bring a fresh image that has a certain appeal to those consumers who still carry some
bitter experiences with traditional banks.
• Fintechs focus on providing a focused best of breed service around specific financial
offerings. They do not pretend to be a one-stop shop for all financial needs. Consequently
they have been able to make inroads with consumers who care about narrow aspects of their
financial lives.
Fintech Weaknesses.
• Their narrow focus, however, is also the source of their biggest vulnerability. J.D. Power
research clearly indicates that there are serious concerns from consumers about managing a
fragmented set of financial resources.
• A significant percentage of consumers — even among Millennials — are not necessarily
excited about using different providers to manage deposits, borrow, invest, and plan their
retirement. The narrow focus also limits the touchpoints that lead to the development of
trusted relationships. This is a challenge exacerbated by most fintech's’ choice to limit their
interactions with consumers to digital channels.
16
Fintech -
Advantages
• Fintech by its very nature, eliminates / minimises the need for middlemen, thus reducing costs
• Complete transparency (no gap in information sharing) between the institution and its customers.
• Makes the processing far more efficient than with traditional players
• Saving. They say time is money, and never better. In this case, the possibility of carrying out the
procedures much faster and through automated processes, increases the efficiency in the day to day of
the companies (also at the user level). Which also translates into more than visible economic savings.
• Flexibility. Fintech allow you to perform all kinds of operations from wherever and whenever you want
in a very simple way. For example: being able to request a loan from home with just one click and no
paperwork at the bank.
• FinTech make it easier to distribute information, advise, and offer more basic aspects of financial services
including banking, investing, borrowing and saving to larger populations.
• For example, insurance sector :
– Benefits:
– It protects you against risks that no traditional insurance will cover.
– The power of decision belongs to you.
– Your peers can provide financial and emotional support, as well as advice.
– Any funds left over after your coverage has ended are returned to the members.
– Member knowledge becomes community knowledge, lessening the change of negative events
happening.
• FinTech firms are using different data sets and considering other factors during the underwriting processes
that traditional banks do not consider, consumers have great access to capital that grows the economy and
creates jobs.
17
Fintech – Concerns around it
• Small and sometimes inexperienced management teams who lack capacity
• Fewer financial resources that prevent appropriate scaling
• Limited credit and startup experience
• Lack of a sustainable business model
• Inability to attract analytics and personnel talent
• Limited knowledge of compliance
• Feeling of lack of security. Like any virtual platform and everything that is managed through
the Internet, in the use of these essentially technological products and services there are
certain risks associated with the rise of cybercrime. However, companies work every day to
fortify their security measures to avoid attacks. Although there are no guarantees that our
data is one hundred percent protected using, for example, traditional banking.
• Ignorance. Although the level of penetration of fintech in the business and financial fabric is
growing, there is still a wide sector that does not know what they are, what their benefits are
and how to use them.
18
situation
By combining the stability, product variety, customer knowledge and financial
strength of traditional banks and NBFCs with the data enrichment, user experience
and modern platforms that quality fintech firms can provide, both can build an
amazingly rewarding experience for each other and their customers.
• Emergence of FinTech companies has been a win-win situation for both start-ups and larger
institutions. Start-ups are typically more flexible and agile equipped with more modern
technology expertise and innovation capabilities. By collaboration, larger institutions can gain
access to new technologies, whereas start-ups can gain access to funding sources and large
customer bases.
• Challenging for start-ups to ensuring regulatory compliance and fraud free payment systems
are very difficult to manage for any start-up, so currently most FinTechs are still built on top
of existing processes and systems of well established institutions and payment systems. To
maintain the dominance banks have enjoyed up to this point, they need to radically redesign
their customer-facing assets. If banks fail to overhaul their exteriors to offer a personalized,
best-in-class product experience, they will be relegated to supplying the engine for sleeker-
looking tech companies in 10 years’ time.
• Additionally, the hectic pace of change in payment systems – online, mobile, virtual wallets
and smart watches, among others – means that all businesses need to remain alert to the
latest trends and developments. Central bank needs to support FinTech phenomena by
addressing customer protection issues and ensure authenticity of transactions.
19
situation
• Here are the top 5 reasons the combination of fintech solutions and legacy banking
organizations bring a winning synergy for the future:
• Fintech improves the health of traditional financial institutions by enhancing performance
and improving profitability. When traditional FI see fintech firms as partners in this journey,
rather than firms selling products, the opportunities begin to expand.
• Fintech solutions provide a way for legacy financial institutions to improve customer
retention and preference. Data enrichment is an extremely powerful tool that quality fintech
firms bring to the game.
• Fintech firms provide an opportunity to enhance loan portfolio diversification. When you
have the ability to become more granular with each customer, you are more likely to find
(and offer) consumers the exact products they need, when they need them.
• Fintech partnerships can help solve industry-specific points of pain, like securing credit card
processing, transferring money, and processing loans quickly. With a strong fintech
partnership, traditional financial organizations benefit from the leverage of a state of the art,
secure network that can manage time-consuming and lengthy tasks quickly and effortlessly.
• Fintech data can provide financial institutions a keener insight into what their customers are
doing with their money. This again speaks to the power of data enrichment fintech
partnerships can provide. Further, the power of the cloud that quality fintech firms have
tapped is another tool in delivering product offers and services specifically tailored to
individual customers in real time.
• .
20
Examples of initiatives by traditional
banks
• Response to challenges posed by fintech expansion
• Traditional lending institutions make a mark in the fintech space by launching online apps for
accessing banking and financial services, and speeding up the turnaround time.
– Manappuram Finance has come up with its own online “gold loan” app, which
consumers can download and manage the loan application within a few clicks. They can
even use the app to make instant repayments.
– Several banks have come up with new mobile phone applications to match pace with
fintech organisations. We see many digital transaction apps. For instance, HDFC Bank
and Axis Bank have launched mobile apps for online transactions. Barclays is set to
operate its fifth global fintech innovation centre in India.
– Federal Bank is intending to partner with Startup Village for launching innovative
banking products.
– Goldman Sachs Principal Strategic Investments Group (GSPSI) is planning to invest in
Bengaluru’s fintech sector..
21
world
• Insurance carriers are now making the leap into the 21st century. They have little choice. If
they fail to deliver against the ever increasing demands and expectations of customers they
will lose share to traditional rivals that do succeed in striking the right chord. And to new
entrants that have the advantage of digital DNA to leverage technology to provide lower
costs and better service.
• The insurance industry is facing intense competition as other industries have started
providing alternative financial solutions to insurance. For instance, banks are providing loans
to aid immediate financial losses, and industries like healthcare are providing medical
membership as an alternative to insurance. There is a need for insurance companies to stand
out from the competition, and they can achieve it with the help of fintech. Here are some of
the services that insurance companies can provide to get an edge over the competition:
• Personalized Insurance
– For instance, health insurers can make use of patient data to get an insight into the
medical condition and behaviour of a person. And they can offer personalized medical
insurance that covers normal or life-threatening medical conditions that the person
might suffer based on his or her behaviour.
– IoT can help vehicle insurers can monitor the driving habits of the insured. Insurers can
then provide personalized insurance based on the driving habits of the insured.
22
•
world
Improved Security
– Using advanced technologies like blockchain and AI can impact the insurance industry in many
different ways. For instance, the use of blockchain’s decentralized ledger will help insurers to keep
their customer’s data more secure.
– The consumers can also use blockchain technology to keep control over their data and only allow
the insurers to access it on an as-needed basis.
– Blockchain technology will also help insurers to detect fraud.
– Insurers can share transaction data on the blockchain and collaborate to find out any suspicious
activities across the industry.
• Enriched Connectivity
– Artificial Intelligence Solutions can avoid friction at many touch points in the customer journey.
Chatbots will be able to understand and act on customer query at any time. With deep learning,
chatbot solutions can understand interpret sentiment to identify when to introduce a human
agent.
• End-to-End Automation
– Customers are ready to leave the manual claims processing behind. It allows the user to report car
insurance claims to their providers in real-time and leave the accident site immediately providing
there is little damage to the vehicles. In the near future, enhanced data collection from cars,
wearables and smartphones will further enable claims automation. If accidents occur, diagnostics
from these devices will automatically contact insurance providers, process claims immediately,
and even automate payments.
23
•
industry
Online Marketplace
– In the Indian insurance sector, From purchasing a policy to raising a claim, the process was time consuming,
resource driven, and paper intensive.
– Technology has addressed these concerns and awakens the giant.
– The online environment is available to consumers as well as brands. Insurance providers are meeting insurance
seekers in the online marketplace. They speak the same language and hence communicate quickly. Dealing with
the claim process used to be a tedious affair, it took weeks to receive the claim amount. In today’s tech-savvy
age, insurance claims can be settled within a day, if not hours.
• Exponential Growth
– FinTech has created an ecosystem which is conducive for exponential growth. Customers are used to purchasing
t-shirts online. FinTech has made it possible to replicate, if not better, this consumer experience in case of
insurance. A few clicks and you can avail your car insurance instantly.
– FinTech has enabled productive user interface, glitch-free user journey, and streamlined back-end processes.
This has changed the way insurance as a product, as a service, and as an industry is perceived by consumers.
• Customized Pricing
– Insurance premiums are traditionally priced based on certain generic factors. For example, car insurance
premium depends upon car’s make, model, age, location, etc. With technology, insurance companies can access
data that will shift the premium pricing model from generic to specific.
– Thus, a driver who is cautious doesn’t speed much, and travels a route which is not prone to accidents, will
pay less premium compared to a rash driver who often takes his car on long trips. Overall, FinTech will help
in risk assessment and customized policy pricing.
24
• industry
Integrating Technology
– Technology integration must be holistic, not individualistic. Customers interact with online insurance providers
via their website or mobile app, however, the back-end processes related to them also need to be injected with
advanced technology.
– From customer acquisition to customer servicing, technology can increase efficiency and lower costs. The
entire insurance ecosystem needs an upgrade as far as technology is concerned and FinTech is playing a key role
in integrating technology across functions.
• In Trend
– Internet of Things (IoT), Big Data & Analytics, and Blockchain technology are buzzwords associated with
insurance. IoT enables physical objects to share data. Just as telematic devices provide data pertaining to a
driver’s profile, fitness trackers will give insights into a person’s health profile which can be analyzed to arrive at
tailored health insurance quotes.
– Big Data & Analytics aid precise customer profiling which facilitates customized marketing and cross selling.
Structured and secured record keeping will be possible due to Blockchain technology which is also useful in
ensuring transparency, detecting fraud, reducing redundancy, and increasing productivity.
• Breaking Barriers
– By going completely digital, insurance companies are no longer confined by geographical barriers. This reduces
operational costs and the cost advantage can be transferred to the customers. Insurance companies can explore
untapped markets by using technology as a vehicle which will be fuelled by data and innovation.
25
Business benefits to Insurance companies
1. Superb customer engagement : Solutions that help insurers to make a leap in customer engagement, to
become much more effective in every step of the customer journey.
2. Dramatic cost savings : Fintechs that provide innovative solutions that impact the key cost drivers. Think
of solutions for improved claims management, fraud detection, more cost effective customer acquisition
and cost efficient service.
3. Sophisticated underwriting and risk reduction : The core competence of insurance is ready for a
makeover thanks to all sorts of new technologies; machine learning and cloud computing.
4. Disruptive business models : Emergence of new digital first carriers, with a new business model that is
clear about how it creates value for its customers.
5. New roles in the value chain
Traditional agents and brokers are becoming less preferred in many mature markets because of
high
commissions and lack of added value. Online alternatives now enter the insurance arena.
6. Innovation acceleration enablers
The systems of most insurance carriers are older than the customers they serve. Obviously,
this is a major hurdle to innovation. Several fintechs are offering powerful solutions that align
IT with the business demands for speed, flexibility, agility and cost efficiency.
7. Contextual data propositions
Connected objects will generate loads of new information, not only directly related to the
insurance but also about the context. This will spawn much deeper customer insights and in
turn these should lead to fascinating new directions for product and service innovation.
26
Fintech in wealth management
Asset management is a variety of bonds, stocks, and real estates of investors and
how they’re managed, whereas Wealth management is financial management
services like retirement planning, estate planning, investment management, etc.
offered to high net worth individuals.
Wealthtech: the new wealth management
• Fintech is giving wealth managers the opportunity to improve their service offering at a lower
cost, and is giving rise to an entirely new toolset: wealthtech.
• Driven by artificial intelligence (AI) and machine learning (ML), wealthtech leverages complex
algorithms to advise clients on the best choice of investment or savings plan
• For example, robo advisors
These digital platforms take on the

role of human advisors, by using algo
rithms to calculate and select investm
ents based on the desired
risk and objectives of prospective
clients. Micro-investing
27
Benefits of Fintech to Wealth management Professionals
• Wealth-management professionals are now able to leverage fintech solutions to potentially
lower the cost of entry for their clients.
• The key to differentiating their firms in a fintech-driven world is personalisation.
• While robo-advisors are able to provide as-you-need-it support, they fall short when it comes
to personal interaction.
• By leveraging AI solutions to perform the behind-the-scenes operations of wealth
management – such as data entry and active investment management – wealth managers
can focus on their clients’ specific needs.
28
• The fintech space growth has been powered by the

Government of India (GOI) with introduction of innovation-
supported startup landscape, friendly government
regulations and policies, and a large market base.
• NASSCOM revealed that 400 fintech firms are currently operating in India, and the number is
expanding every quarter
• Some of the leading fintech space services and technologies (apart from that for
cryptocurrency and software services) in India are:
– Remittance services: both outbound and inbound remittance transaction are being
taken up by start-ups including FX, Instarem, Remitly and others, which pose a challenge
to giants such as MoneyGram and Western Union.
– Personal finance and loans: several websites, Loanbaba among them, have come up
that are helping people access quick loans within 24 to 72 hours.
– Payment services: web and mobile apps for accepting and transferring payments from
businesses and individuals saw a rise after the demonetisation drive in 2016. Some
fintech firms that saw a peak from then on are Paytm, Mobikwik and Oxigen Wallet.
– Peer-to-peer (P2P) lending: a P2P lending platform allows borrowers and lenders to
communicate with each other for lending and borrowing cash, regulated by the Reserve
Bank of India (RBI) norms. For example faircent.
29
– Equity funding: crowdfunding platforms are also proliferating and adding to the finance
community initiatives; for example Start51 and Wishberry.
30
• The GOI established a regulatory environment in the country and encouraged new businesses
to take the lead and make a mark in finance industry.
• The year of 2018, saw more than 125 fintech start-ups emerge successfully. This is evident as
we have seen an increase in the investment and funding by both international and national
banks and grounds for India’s fintech start-ups for funding payment wallets, finance tools,
and other financial services.
• For technology innovators, the GOI has launched initiatives such as National Payments
Council of India (NPCI), Digital India Programme, and Jan Dhan Yojana.
• There are tax benefits for businesses and consumers as well on e-payments as surcharges on
electronic transactions stay relaxed.
• The authentication requirements for the same also show the active effort of the government
towards strengthening the fintech space in India.
• The promotion of entrepreneurial climate in the country via easy governance and policies for
the start-up sector in fintech, has secured a transparent growth for online platforms offering
services such as insurance schemes, personal loans, quick cash, credit cards, and more.
31
Fintech – here to stay
Use Fintech to Your Advantage
Accept Change
• Fintech is here to stay. As it continues to transform the industry and client expectations,
operating without technology won’t be acceptable.
• Many advisors rely on Excel and macros for planning, which takes up valuable time that they
could use to interact with clients. Things traditionally done via Excel can be done faster and
more accurately with technology, such as financial planning and portfolio rebalancing
software.
• It takes time to learn new technology, but it’s an investment that will pay dividends in the
future. Instead of resisting the inevitable, firms should consider how technology can apply to
their businesses.
Identify Value
• Technology may replace some of the work advisors currently perform, but it wont diminish
their value to clients. Just the opposite, in fact. Technology enables advisors to provide better
services, offer stronger advice and deliver more assistance.
Automation saves time, reduces human errors and minimizes costs.
Fintech ultimately will upgrade the relationship between
individuals and advisors, and firms that recognize this will thrive.
31
Trends in
Fintech
New Customer
250000
200000
150000
100000
FY 17-18 Qtr
1
50000
FY 18-19 Qtr
0
Fintech NBFC New
Loan New Bank
Accounts customers Accounts
Trends over past 18
Trends in
Fintech Rapid
70%
60% Growth of
50%
Fintech
small ticket loan

40%
30% 63 % Fintech
20% 51 %
growth
Banks
10% 45 %
0%
11 %
FY 17-18 Qtr 1 FY 18-19 Qtr 2

Trends over past 18 months
Source : Economic Times 33

Fintech Innovation Lab
Fintech – where they fit in with traditional players
• Aggregators: Front end to various FI

– primarily in lending and insurance sectors
– may not have own product range most of the time, but do
customer fitment based on comparisons
• Backend processing requirements
– Large institutions outsource technology for customer
acquisition using latest mobile and internet
– customer behaviour analysis
– background checks
• Specialised players in the payments sector, POS
providers and institutions for MSME segment etc.
34
Indiastack – backbone of digital transactions
We are on the threshold of

exploring the potential of
Indiastack for close to real
time transactions
Risks around data
privacy protection
35
Disruptions in Financial Services in India
36
Disruptions in Financial Services in India – Pioneered by
RBI
• RBI pioneering fintech growth
• RBI has given a boost to Bharat Bill Payments
System and Unified Payments Interface along
with P2P lending, digital payments etc. The
use of automated algorithms has disrupted
the industry and has made it simpler for
consumers to utilise these facilities. RBI has
granted several fintech entities licences to
introduce payment banks that offer deposit,
savings, and remittance services.
• The GOI and budding entrepreneurs have taken the
fintech space by storm and the future of finance
technology does show a bright prospect
37
Aadhaar – Key enabler for
Fintech
• Challenge of financial inclusion has been significantly
addressed by Aadhaar and mobile access – from 557
million unbanked in 2011 to 233 million in 2015
• Key reported uses of one’s ID – financial and mobile services
• ~ 92% of Indians have the unique identification number, compared
to only 60% in low-income countries
• India’s cooking gas program (Ujjwala Yojana) is the world’s largest
cash transfer program for women
• The real test of the JAM trinity came recently, with crores of
accounts being credited during lockdown
– JAM stands for Jan Dhan Yojana, Aadhaar and Mobile number.
– The government intends to use these three modes of identification to
implement one of the biggest reforms in independent India – direct
subsidy transfers to the poor.
38
eKYC -fuelled by
Aadhaar
• Avoidance of repetitive onboarding processes and reviews
by leveraging on work already done by other Service
providers. Data collection cost estimated to have been
reduced by 50%
• Reducing friction and paper by cutting out client contact and
sign-offs. Time to revenue is shortened
• Privacy concerns, however, led to SC striking down mandatory
use of Aadhaar for eKYC process. Only regulated banks may
use Aadhaar as a non-binding document to open accounts
• Aadhaar paperless offline e-KYC started with card holder
downloading digitally signed XML, and sharing file with SP.
39
Disruptions in Financial Services in India – Unified Payments Interface
• Launched by NPCI in August, 2016 with participation of 21 banks. In April, 2020 the
number of banks live on UPI was 153. During same period, transaction volumes up
from 0.093 mn. (INR 31 mn.) to 999.57 (INR 1.511 tn.)
• Mobile-based real time payment platform, allowing users to instantly push or pull
funds
• Supports both peer-to-peer and peer-to-merchant financial transactions
• Single click, two-factor authentication (User entered UPI PIN + mobile number)
• Simple and interoperable – account in one bank can be linked to UPI app of another
bank or Fintech apps like Google Pay or PayTM.
• Unique identifier (VPA – Virtual Payment address) allows identification of customer
without providing card or account details
• Merchants can seamlessly accept payments and facilitate in-app payments
• Version 2.0 is more merchant centric with abilities to :
- pre-authorize a transaction with an option to pay later
- link overdraft accounts on UPI
• Fintechs have bolstered UPI adoption among consumers, with PhonePe, PayTM and
Google Pay accounting for ~ 85% of the volumes
• BHIM (Bharat Interface for Money)
40
PAYMENTS trends in the
world
• In financial services, the mobile phone has been the biggest
transformation agent, aided by the internet, which has become the
busiest channel
• In China, 92% of the mobile payments are handled by Alipay (world’s
largest payment network) and WeChat (volume exceeding both Visa and
Mastercard)
• In 2016, mobile payments overtook card payments in China, and more
than 80% of the population is comfortable leaving their homes
without cards or cash
• At least 40% of Kenya’s GDP rides on their mobile money service M-Pesa.
Their Central Bank estimates that the average Kenyan saves 20% more
today
• More than 20 countries where people have a value store on account
on their mobile phone rather than through a traditional bank
• Benefits of mobile banking and payments are most profound in rural
areas where access to a bank branch is costly and inconvenient
• US lagging behind China significantly in mobile payments volumes
(US$ 120 bn. versus US$ 17 tn. in 2017) ); 2/3rds. of the world’s
cheques are written in the US
41
PAYMENTS – Mobile
Wallets
• Dominated by IP-based players, bringing down the plastic world of
payments
• Evolution of a globally integrated wallet service with Alipay and
Ant Financial’s technologies powering the infrastructure of e-
wallets globally – Alibaba owns 42% of PayTM, rest with promoter
(38%) and Softbank (20%)
• Ant Financial’s forays into Europe (through partnerships with
Ingenico and Wirecard) and the US (with First Data)
• Ant’s vision of empowering digital FinLife globally, and beyond
being just a payments app or a mobile wallet – complete app
for commercial, financial and social systems
• Top mobile wallet companies in India – PayTM, Google Pay, Phone
(all with more than 100 mn. installs), Mobikwik, PayZapp and
Yono (10 mn.), Pockets (5 mn.), Amazon Pay, Citi MasterPass
• Types of mobile wallets in India – Open, semi-open, semi-closed
and closed
• India ranks 2nd. in Asia for digital payment adoption, with 40% of
respondents confirming usage of a smartphone wallet
42
RBI Steering committee on Fintech in 2019 -
Summary
• FinTechs working with Insurance companies should be allowed to use Drone and related
technologies to assess the crop insurance claims.
• RBI should consider development of a cash-flow based financing for MSMEs, development of an
open-API MSME stack based on TReDS data validated by GSTN and a standardised and trusted e-
invoice infrastructure designed around TREDS-GSTN integration.
• Department of Financial Services(DFS) to work with PSU banks to bring in more efficiency to their
work and reduce fraud and security risks. They should explore opportunities to increase the level of
automation using Artificial Intelligence (AI), cognitive analytics & machine learning in their back-
end processes.
• NABARD to take immediate steps to create a credit registry for farmers with special thrust for use of
FinTech along with core banking solutions (CBS) by agri-financial institutions, included Cooperative
societies.
• Should set up National Digital Land Records Mission based on a common National Land
Records Standards with involvement of State Land and Registration departments, with a view to
making available land ownership data.
• Comprehensive legal framework for consumer protection need to put in place keeping in mind the
rise of FinTech and digital services.
• Adoption of Regulation technology (or RegTech) by all financial sector regulators to develop
standards and facilitate adoption by financial sector service providers to adopt use-cases making
compliance with regulations easier, quicker and effective.
• Also, the committee has recommended that financial sector regulators to develop an institutional
framework for specific use-cases of Supervisory technology (or SupTech), testing, deployment,
monitoring and evaluation.
• Apart from this to ensure the implementation, Inter-Ministerial Steering Committee will be set up
on FinTech Applications in Department of Economic Affairs (DEA), Ministry of Finance, to continue
to carry on the tasks of implementing this report.
43
Thank you
44
Data privacy and cyber security
1
Topic
s
1. What is privacy and why is it so important
5. India’s Personal Data Protection Bill, 2019
Appendix:
1. European GDPR
2. US Data protection compliance and regulations
2
1. What is privacy and why is it so
important
• Definition: The aspect of IT that deals with the ability an
organization or individual has to determine what data in a computer
system can be shared with third parties since it is an individual’s
right or desire to be left alone and/or to have the ability to control
her own data
• Data Protection regulations require entities to ensure the ongoing
confidentiality, integrity, availability, and resilience of processing
systems and services
• While the protection of privacy is an important objective, privacy
also serves as a means to protecting other ends, such as free speech
• Customers entrust data to entities for agreed purposes only; those
collecting data should place a premium on protecting the
customers’ privacy
• Failure to ensure privacy is a breach of trust and the defaulting
companies are liable to prosecution and penalty
• Privacy may be compromised in two ways:
- Data stolen for malicious intent
- Custodian left customer data unprotected and exposed
3
1. 2013: The intruders stole data of 38 mn. customers from Adobe’s servers, including encrypted
payment card numbers and expiration dates, names, addresses, telephone numbers, e-mail
addresses, usernames and passwords. They also made off with digital truckloads of source code
for some of Adobe’s most valuable software properties — including Adobe Acrobat and Reader,
Photoshop and ColdFusion.
2. 2014: eBay reported that an attack exposed its entire account list of 145 mn. users,
including names, addresses, dates of birth and encrypted passwords. Hackers used the
credentials of three corporate employees to access its network and had complete access for 229
days. eBay asked customers to change their passwords. Financial information, such as credit card
numbers, was stored separately and was not compromised. The company was criticized for lack of
communication with its users and poor implementation of the password-renewal process.
3. 2017: Equifax, one of the largest credit bureaus in the US, said that an application vulnerability in
one of their websites led to a data breach that exposed about 148 mn. consumers. The breach
compromised the personal information (including SSNs, DOBs, addresses, and in some cases
drivers' license numbers). Equifax was faulted for a number of security and response lapses. Chief
among them was that the application vulnerability that allowed the attackers access was unpatched.
Equifax was also slow to report the breach.
4. 2008: In 2009 Visa and MasterCard notified Heartland of suspicious transactions from accounts
it had processed. Security analysts had warned retailers about the vulnerability (to perform a SQL
Injection attack) for several years. Because of the breach, the Payment Card Industry deemed
Heartland out of compliance with its Data Security Standard (PCIDSS) and did not allow it to
process payments of major credit card providers until May 2009. The company also paid an
estimated $145 million in compensation for fraudulent payments. This was a rare example where
authorities caught the attacker. A federal grand jury indicted Albert Gonzalez and two unnamed
Russian accomplices in 2009. Gonzalez, a Cuban American, was alleged to have masterminded
the international operation that stole the credit and debit cards. He was sentenced in March 2010 to
20 years in federal prison.
4
Examples of data breaches
….contd
5.
.
2012 and 2016: LinkedIn has become an attractive proposition for attackers looking to conduct social
engineering attacks. In 2012, the company announced that 6.5 mn. unassociated passwords were stolen by
attackers and posted onto a Russian hacker forum. It was only in 2016 that the full extent of the incident was
revealed. The hacker was found to be offering the email addresses and passwords of around 165 mn. LinkedIn
users for just 5 bitcoins. LinkedIn acknowledged awareness, and said it had reset the passwords of affected
accounts.
6. 2014-’18: Marriott International announced in 2018 that attackers had stolen data on approximately 500 mn.
customers. The breach initially occurred on systems supporting Starwood hotel brands in 2014. The attackers
remained in the system after Marriott acquired Starwood in 2016 and were found in 2018. They took some
combination of contact and travel information, passport number, Preferred Guest numbers and other personal
information. The credit card numbers and expiration dates of more than 100 million customers were believed to be
stolen, but attackers were likely unable to decrypt the credit card numbers. The breach was attributed to a Chinese
intelligence group.
7. 2013-’14: Yahoo announced in 2016 that in 2014 it had been the victim of what would be the biggest data breach
in history. The attackers, which the company believed were “state-sponsored actors,” compromised the real
names, email addresses, dates of birth and telephone numbers of 500 mn. users. Yahoo claimed that most of the
compromised passwords were hashed. In 2016, Yahoo disclosed another breach from 2013 by a different attacker
that compromised the names, dates of birth, email addresses and passwords, and security questions and answers
of 1 bn. user accounts. Yahoo revised that estimate in October 2017 to include all of its 3 bn. user accounts. The
timing of the original breach announcement was bad, as Yahoo was in the process of being acquired by Verizon,
which eventually paid $4.48 bn. for Yahoo’s core internet business. The breaches knocked an estimated $350
million off the value of the company.
8. 2018: In March, it became public that the personal information of more than a billion Indian citizens stored in
the world’s largest biometric database could be bought online. This massive data breach was the result of a data
leak on a system run by a state-owned utility company. The breach allowed access to private information of
Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details. The type
of information exposed included the photographs, thumbprints, retina scans and other identifying details of
nearly every Indian citizen.
5
• Free speech will be restricted if individuals fear that their private
data may be accessed by law enforcement and intelligence services
• Tech companies face the threat of a trust deficit as federal rules
restrict them from revealing to the public requests received from
these agencies; relaxation provided by Obama administration,
allowing them to more fully disclose legal orders issued by the
NSA
• They normally provide access to customer data only when required
to do so by a legally binding subpoena
• Facing antitrust investigations and a growing backlash over
privacy, encryption, AI and content monitoring, tech giants are
calling for regulation
• Several leading companies in the US had formed an alliance –
Reform Government Surveillance – on limiting the authority of the
governments to collect users’ information, and calling for the
governments’ respect for free flow of information
• Governments of multiple countries could get involved, increasing
the difficulty for the companies to be fully compliant with the law.
6
Security….contd.
Cybersecurity: Protection against unauthorized access of internet-connected systems such
as hardware, software and data from cyber-threats designed to access, delete, or extort an
organization’s or user’s sensitive data. The forms include:
• Malware - malicious software i.e. any file or program e.g. worms, viruses, Trojan
horses and spyware that can harm a computer user
• Ransomware - malware using which an attacker locks the victim's computer
system files, usually through encryption, and demands a payment to decrypt and
unlock them
• Social engineering is an attack that relies on human interaction to trick users into
breaking security procedures to gain sensitive information that is typically
protected
• Phishing is a form of fraud where fraudulent emails are sent that resemble emails
from reputable sources; however, the intention of these emails is to steal sensitive
data, such as credit card or login information
Cyberwarfare: A state-on-state action equivalent to an armed attack or use of force in

cyberspace that may trigger a military response. In addition to the forms
aforementioned, the attack could entail hacking of data for the purpose of espionage
Development of new technology opens up new avenues for cyberattacks, making

cybersecurity continuously changing and challenging
7
Security….contd.
• Restricting companies to access data stored outside their countries
could hinder growth in global economy
Push-backs by Tech giants to provide data to Government:
o Microsoft: Prosecutor’s order in a narcotics case to turn over data
from an email account stored in a server in Dublin
o Apple: FBI’s suit to unlock the iPhone of one of the terrorists
involved in the attack in California, arguing that backdoors lead to
weakened security
• Legislative solution needed for a proper balance between security
and privacy, twin requirements of individuals
• Satya Nadella’s* equation, involving the three parties – Individuals,
Government and Companies :
E(Empathy) + SV (Shared Values) + SR (Safety and Reliability) = T/t
(Trust over time)
*”Trust in today’s digital world means everything”
8
Security….contd.
Elements of Cybersecurity: :
• Application security - developing, adding, and testing security features
within applications
• Information security - methodologies designed and implemented to
protect print, electronic, or any other form of confidential, private and
sensitive information or data
• Network security - policies and practices adopted to prevent and monitor
unauthorized access, misuse, modification, or denial of a computer
network and network-accessible resources
• Disaster recovery/business continuity planning - processes that help
organizations prepare for and implement during disruptive events
• Operational security - risk management process that encourages
managers to view operations from the perspective of an adversary in
order to protect sensitive information from falling into the wrong hands
• End-user education
Advisory organizations are promoting a more proactive and adaptive

approach, recommending a shift toward continuous monitoring and real-time
assessments.
9
# US E
U
1 Privacy laws change with each Privacy laws have less turnover when
administration administrations change because of
lesser polarization
2 Individuals have little ownership of their EU laws respect “private and family
online data, allowing large businesses to life” and allow citizens to delete their
monetize consumer behaviour/habits data
3 Privacy laws are often a messy Privacy laws are generally more
combination of public regulation, private comprehensive and geared towards
self-regulation and state-level legislation consumers
4 Enforcement of privacy laws are carried Enforcement of privacy laws is carried
out by several different government out by one authority, equally for all 27
organizations e.g Federal Communications member states
Commission and HIPAA
5 Numerous privacy organizations exist to Fewer privacy organizations
provide legal framework
6 Companies can keep data indefinitely, Citizens have the right to be forgotten
depending on their own terms of service – search results can be removed if
they are irrelevant or inadequate 10
5. India’s Personal Data Protection Bill, December,
2019
• Sets rules for how personal data should be processed and stored, and lists people’s
rights with respect to their personal information (currently, the usage & transfer of
personal data of citizens is regulated by the IT Rules, 2011 under the IT Act, 2000)
• Proposes creation of an independent new Indian regulatory authority, the Data
Protection Authority, to carry out this law
• Almost all businesses will have to meet the bill’s conditions. In addition to e-
commerce, social media and IT, brick-and-mortar shops, real estate and
pharmaceutical companies and hospitals will have to comply to:
1. collect and store evidence of the fact that notice was given about their data
collection practices and consent was received
2. set up systems to allow the consumers the right to withdraw their consent
3. create ways to give the consumers the right to access, correct, and erase their
data
4. allow consumers to transfer their data, including any inferences made by
businesses based on such data, to other businesses
5. make organizational changes to protect data better e.g. privacy-by-design
principles, security safeguards, and so on
6. Social media intermediaries must permit identity verification
11
2019….contd.
Key terms:
1. Data principal: an individual whose personal data is being processed
2. Data fiduciary: the entity or individual who decides the means and
purposes of data processing
3. (a) Personal data: pertains to characteristics, traits or attributes of
identity, which can be used to identify an individual - no localization or
data transfer restrictions apply to data that is not considered “sensitive”
or “critical.”
(b) Sensitive personal data: e.g. data relating to health, religion, sex life,
political beliefs and biometric and genetic data - may be transferred outside of
India, but such sensitive personal data shall continue to be stored in India.
(c) Critical personal data: No restriction on government’s power to define
what data would be categorised as such. Bill to create an exception to strict
localization requirement for transfers to countries or organizations deemed to
provide an adequate level of protection (and where the state’s security or
strategic interests will not be prejudiced), or in limited circumstances to protect
vital interests.
4. Non-personal data includes aggregated data through which individuals
cannot be identified.
12
2019….contd.
Exemptions to these safeguards for processing of personal data:
• the central government can exempt any of its agencies in the
interest of security of state, public order, sovereignty and integrity
of India, and friendly relations with foreign states
• purposes such as prevention, investigation, or prosecution of any
offence, or research and journalistic purpose.
Personal data of individuals can be processed without their consent in
certain circumstances such as:
(i) if required by the State for providing benefits to the individual,
(ii) legal proceedings and
(iii) to respond to a medical emergency.
Changes from the draft bill:

1. new class of significant data fiduciaries
2. expanded the scope of exemptions for the government
3. the government may direct data fiduciaries to provide it with any
non-personal or anonymised data for better targeting of services
13
Differences between Indian Bill and
GDPR
# Indi E
a U
1 Central government has the power to GDPR offers EU member states similar
exempt any government agency from the escape clauses, but they are tightly
bill’s requirements; so, it may access regulated by other EU directives
individual data over and above existing
Indian laws such as the IT Act of 2000
2 Government can order firms to share any No such provision in the GDPR
of the non-personal data they collect
3 Sensitive personal data can be transferred Doesn’t require businesses to keep EU
outside India, but only to be processed; it data within the EU. Transfer allowed if
cannot be stored outside India contractual clauses are met: codes of
conduct, data protection, certification
systems approved before transfer
4 Financial data considered to be sensitive Financial data not considered sensitive
5 In addition to accountability mechanisms No requirement for annual audit
like in the GDPR, data fiduciaries have to
audit their processing activities annually.
14
1. Limit access to most valuable data - all records to be partitioned
off so that only those who specifically need access will have it
2. Third-party vendors must comply with privacy laws. Principal
responsible for background checks of third-party vendors
3. Conduct employee security awareness training- employees are
the weakest link in the data security chain - one training class
about cybersecurity is not enough; need for regular classes each
quarter or even monthly
4. Update software regularly - Network is vulnerable when programs
aren’t patched and updated regularly
5. Develop a cyber breach response plan - Response plan should
begin with an evaluation of exactly what was lost and when and
who was responsible. By taking swift, decisive action, damages
can be limited and public and employee trust restored
6. Devise difficult-to-decipher passwords - usage of upper case
letters, numbers and special characters when formulating
passwords, and regularly changing all passwords.
15
Cyber insurance protects against damages caused by electronic threats to
computer systems or data. These threats can lead to the theft, damage or
misuse of sensitive information or other vital technologies and can result in
downtime and recovery costs that often include specialized repairs and legal
fees. Who need this insurance?-
• Any business that stores or processes sensitive information like names,
addresses, national Identity numbers, medical records or credit card
information
• Also, third-parties who handle confidential data and information, such as
an accountant or IT service, should have their own cyber insurance policy.
The principal should get proof of coverage before hiring them.
• Options are available to cover incident response services, first-party losses

(investigative services, business interruption coverage and data recovery)
and third-party losses (those experienced by others for which the insured is
responsible e.g. legal fees, settlement costs, security failure and media
liabilities)
• In India, there are two such cyber insurance plans from General Insurance
companies – Bajaj Allianz’s Individual Cyber Safe Insurance Policy and
Cyber Security by HDFC Ergo.
16
Appendix - European
GDPR
The General Data Protection Regulation came into force in 2016 after passing
European Parliament, and required all organizations to be compliant by May,
2018:
• It applies to any organisation operating within the EU, as well as
organisations outside which offer goods or services to customers in the
EU. That ultimately means that almost every major corporation in the
world needs a GDPR compliance strategy
• It is an updation of the 1995 European Data Protection Directive,
establishing minimum data privacy and security standards
• Two tiers of penalties, which max out at €20 million or 4% of global
revenue (whichever is higher), plus data subjects have the right to seek
compensation for damages
• Personal data is any information that relates to an individual who can be
directly or indirectly identified (names, email addresses, location
information, ethnicity, gender, biometric data, religious beliefs, web
cookies, and political opinions)
• Data subjects have rights to : 1) be informed 2) access 3) rectification 4)
erasure 5) restrict processing 6) data portability 7) object 8) decide on
automated decision making and profiling
• Considered as the toughest privacy and security law in the world
17
Appendix - European GDPR
….contd.
Key legal terms:
• Data processing — Any action performed on data, whether automated or manual e.g. collecting,
recording, organizing, structuring, storing, using, erasing… so basically anything
• Data subject — The person whose data is processed. These are the customers or site visitors
• Data controller — The person who decides why and how personal data will be processed. An
owner or employee in an organization who handles data
• Data processor — A third party that processes personal data on behalf of a data controller e.g. cloud
servers or email service providers.
Protection and accountability principles:

• Lawfulness, fairness, transparency — Processing must be lawful, fair, transparent to the data subject
• Purpose limitation — Data must be processed for the legitimate purposes specified explicitly to the
data subject when it is collected
• Data minimization — Collection and processing of only as much data as absolutely necessary for the
purposes specified
• Accuracy — Personal data must be accurate and up to date
• Storage limitation — Personally identifying data must be stored for only as long as necessary for the
specified purpose
• Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate
security, integrity, and confidentiality (e.g. by using encryption)
• Accountability — The data controller is responsible for being able to demonstrate GDPR compliance
with all of these principles.
18
While there is no central federal level privacy law like the EU’s GDPR, there are
several vertically-focused federal privacy laws, as well as a new generation of
consumer- oriented privacy laws coming from the states (e.g. California Consumer
Privacy Act (CCPA) effective from 1/1/2020):
• US Privacy Act of 1974 - rights and restrictions on data held by US government
agencies covering access, correction, minimization, restricted on a need to know
basis, sharing of information between federal and non-federal agencies is
restricted and only allowed under certain conditions
• Health Insurance Portability and Accountability Act - healthcare provider or
“covered entity” has permission to use patient data if it’s related to treatment,
payment and health care operations.”
• Gramm- Leach-Bliley Act protects non-public personal information (NPI), which
is defined as any “information collected about an individual in connection with
providing a financial product or service, unless that information is otherwise
publicly available”. However, for third-party companies affiliated with the bank or
insurance company, consumers have no legal privacy controls under GLBA to
restrict the sharing of the NPI
• The Federal Information Security Management Act, a federal law part of the larger
E-Government Act of 2002, made it a requirement for federal agencies to develop,
document, and implement an information security and protection program
19
Fintech Regulators and Regulations
June 2020
1
Need for Special Regulations for
Fintech
• Amalgamation of financial services,
information technology and telecom
infrastructure.
• Heavy dependence on Information Technology and
internet, leads to a greater need for regulation as
online financial transactions are prone to several
security threats.
• Further, the FinTech space is exposed to the risk of
money laundering, terrorist financing, etc.
• FinTechs, unlike traditional banks, may not have a very
clear idea of regulators and governing bodies and the
rules and regulations that they have to adhere to.
• Every FinTech firm has a unique and dynamic
business model that functions on the premise of
innovation. Innovation leads to constant change and
hence governing such companies becomes difficult.
2
Regulations to mitigate risks in
Fintech
As the FinTech industry matures, regulations will need to keep
pace with its evolution so that the four areas below are covered:
• Data Privacy – Misuse of data across the globe is a high
priority issue and FinTechs must adopt very high standards
of data security and privacy and allow only consent based
access to sensitive information.
• Data Security – Data must be protected against cyber
security attacks
• Risk Management – FinTechs must also follow the similar
risk standards as their larger counterparts to prevent money
laundering, terrorism financing, bad loans and reputational
risk losses.
• Operating Model – Even though they have a light and
dynamic operating model, well-defined governance model
and management of funds is necessary for sustenance.
3
Increase in use of Smartphones – Key to Fintech Growth
• Powerful, inexpensive, “customer-facing” technologies found in
smartphones, are expanding potential market size for services that
were once available only to very wealthy
• Customer segments that previously could not access or afford these
products and services may be less sophisticated than traditional
customers.
• FinTech innovation is cutting across regulatory jurisdictions because
different business models or delivery methods for services do not
conform to existing regulatory structures.
• Technology eliminates the distance barrier and allows competitors
to offer products to new markets on national and global levels.
• This can put pressure on regulatory systems that assume a material
geographic limitation.
• Regulators are seeing entrants to markets who lack the traditional
backgrounds and world views typically associated with incumbents
• Regulators have to deal with unprecedented pace of innovation as
technology enables faster iteration and experimentation of financial
services and products. .
4
What is a Regulation
Regulations are rules that govern how an activity is conducted, and provide a means of
enforcement if the rules are violated. Regulators are any actors who enforce those rules.
Regulation can be roughly divided into two parts
The creation and declaration of a rule
The enforcement of a rule.
How do they enforce a rule ??
• Regulators such as the RBI, SEBI and the IRDAI have extensive powers to oversee
compliance with applicable laws. These include the power to:
– authorise certain activities;
– refuse authorisation and blacklist certain fintech activities;
– impose conditions of business and operations;
– audit business and operations;
– require appropriate filings to be made with them; and
– impose penalties for non-compliance with applicable laws and regulations.
– Indian courts may be called to test the validity of certain laws and regulations. The
courts' jurisdiction may also be invoked in situations where the position adopted by
or the procedure followed by a regulator is questioned.
5
Stakeholders in the Fintech ecosystem
• Government
- Implementation and enforcement of policies
- Setting of regulatory environment
• Financial Institutions
- Private equity shops and Venture Capital funds
- Banks, NBFCs and Insurers
• Incubators – for seed funding, Accelerators – new companies in the
process, hackathons - brings together FinTech developers and designers to
develop financial products and discover new technologie
• Entrepreneurs
• Customers
- B2B
- B2C
• Infrastructure providers
- Technology vendors for hardware, software and services
- Mobile network operators and aggregators
6
Fintech Regulation – Multiple bodies
• FinTech has brought about efficiency improvements, risk reduction and greater financial
inclusion.
• However, Regulatory uncertainty and confusion in the FinTech sector is one of the major
challenges for the rapidly evolving FinTech sector.
• The problem starts firstly because of the involvement of several regulatory bodies
– RBI being the obvious stakeholder
– SEBI for intermediaries in the securities market
– Insurance Regulatory and Development Authority (IRDA) for insurance-related businesses.
– National Payments Corp. of India also fits in due to payment related services being at the
core of FinTech. The draft Payments and Settlements Systems Bill has set up an independent
payments regulator.
– The Unique Identification Authority of India (UIDAI) is in the mix too via Aadhaar’s use and
Indiastack APIs (for example e-KYC by FinTechs).
– Though, Supreme Court’s judgement left no scope for private companies using Aadhaar,
Finance ministry is working on passing new legislation that would allow private companies
back in.
– Then there’s the Srikrishna Committee for data privacy and security.
– PFRDA - Pension Fund Regulatory & Development Authority
– The Telecom Regulatory Authority of India (TRAI) due to the usage of internet based
technologies.
7
RB
I
• RBI (BFS constituted in 1994 to undertake consolidated supervision of financial sector comprising
Scheduled Banks, All India FIs, other Banks (Local Area, Small Finance, Payments), CICs,
NBFCs and Primary Dealers
• Inter-regulatory Working Group (with representations from RBI, SEBI, IRDAI, PFRDA, NPCI, IDRBT,
HDFC Bank, SBI, CRISIL, Faircent and Fintech consultants) issued their report in Feb., ’18
• Key recommendation was to set up a RS; enabling framework released in Aug., ‘19. Focus is to
increase innovation in areas where:
- there is absence of governing regulations
- there is a need to temporarily ease regulations for enabling the proposed innovation
- the proposed innovation shows promise of significant easing/effecting delivery of
services
• Innovations included and excluded outlined
• Regulatory requirements to be mandatorily complied with and which could be relaxed also
specified
• Selection to be from amongst applicants meeting the “Fit and Proper” criteria
• Boundary conditions to protect customer interests e.g. segment, and number of customers
involved, cap on customer losses, etc.
8
• Play p2p video
9
Contd.
• P2P Lending : The role of a NBFC P2P is to act as an intermediary providing an online
market or platform to the participants involved in Peer-to-Peer lending. They also
assist in disbursement and repayment of loans availed on NBFC P2P.
• All P2P lending platforms are required to be registered with the RBI as an NBFC.
• it is mandatory for a company to obtain Certificate of Registration (CoR) from Reserve
Bank of India (RBI) before commencing or to carry on business of a non-banking
financial institution
• Eligibility requirements for a company to register as a P2P lending platform include
– a minimum capital of 20 million rupees; (2 crores)
– that the company applying for registration is incorporated in India;
– there must be a viable business plan;
– a robust and secure information technology system must be in place;
– promoters and directors must fulfil the fit and proper criteria laid down by the
RBI.
10
Contd.
• Key Regulations
– P2P lending can only be done on an unsecured basis;
– Not to lend on it’s own, arrange or enhance credit
– Sell only loan-specific insurance products
– All data related to the business to be stored on hardware located in India
• Prudential norms ( across lenders)
– Aggregate exposure of a lender, across all P2P platforms, capped at ₹50,00,000/-
– Aggregate loans taken by a borrower, across all P2P platforms, capped at ₹ 10,00,000/
– Exposure of a single lender to the same borrower, across all P2Ps, shall not exceed ₹
50,000/-
– The maturity of the loans shall not exceed 36 months.
– Not permitted to allow international of funds
11
Contd.
• Regulations for funds transfer
- to be through escrow account mechanisms operated by a bank promoted trustee
- At least two escrow accounts, one for funds received from lenders and pending
disbursal, and the other for collections from borrowers
- All fund transfers shall be through and from bank accounts with cash transactions
being strictly prohibited
• What is an escrow account?

- An escrow account is an account where funds are held in trust whilst two or more
parties complete a transaction. This means a trusted third party such as Escrow.com
will secure the funds in a trust account. The funds will be disbursed to the merchant
after they have fulfilled the escrow agreement. If the merchant fails to deliver their
obligation, then the funds are returned to the buyer.
12
Contd.
• Transparency and disclosure requirements:
• To the Lender, details about:
a) the borrower - personal identity, required amount, interest rate sought and
credit score as arrived by the NBFC-P2P
b) all the terms and conditions of the loan, including likely return, fees and taxes
• To the Borrower, details about the lender including proposed amount, interest rate
offered but excluding personal identity /contact
• To the Public
a) overview of credit assessment/score methodology and factors considered
b) disclosures on usage/protection of data
c) grievance redressal mechanism
d) portfolio performance including share of non-performing assets on a monthly
basis and segregation by age and
e) its broad business model.
13
company
14
company Credit
assessment Documentation Assistance in Services for
Due and risk profile of loan disbursement recovery of
diligence of of the agreements and and loans
the borrowers for other related repayments of originated on
participants sharing with documents loan amount the platform
the lenders
15
Recent developments in RBI regulations for
Fintech
• RBI has recognised the emerging need for a dedicated, cost-free and expeditious
grievance redressal mechanism for strengthening consumer confidence in
digital payments.
• They launched an Ombudsman Scheme for Digital Transactions (OSDT) for the redressal
of complaints regarding digital transactions.
- Board approved FPC be put up on its web-site
- Obtain explicit declaration from the lender stating that he/ she has understood all
the risks
- Staff to be adequately trained in procedure for recovery of loans
- Prior consent of the participants before disclosing their information to any third
party
- Periodic review of FPC and functioning of GRM by the BoD
15
Regulatory Sandbox
• The Reserve Bank of India (RBI) has finalised guidelines for the regulatory sandbox to
test innovative financial products and technologies. The programme will help financial
service providers collect evidence on the benefits and risks of new innovations in a
regulated environment monitored by RBI.
• The unique advantage of a sandbox is that it allows FinTech start-ups to test out new
services and assess their risks before they are taken to market. FinTech firms and
regulators can work together and tweak existing regulations, enabling firms to test
their products for a limited time and among a limited number of customers.
• Application process for the sandbox programme :
– Fintech companies including startups, banks, financial institutions and companies
providing financial services can apply for the programme. The directors or promoters
or the applicant companies will have to satisfy the fit and proper criteria, according to
the guidelines issued.
– Mandatory compliances an applicant must satisfy include customer privacy, data
protection, security of transactions, secure storage and access to payments data of
stakeholders as well as KYC requirements.
16
Regulatory Sandbox
• The entities using the sandbox must
– define test scenarios and expected outcomes upfront.
– report results to the RBI on ongoing basis as agreed
– While some requirements can be relaxed for sandbox, data protect laws and KYC
requirements must be complied
• Five stages of sandbox process, which will be monitored by FinTech Unit at RBI
– Stage 1 : Preliminary Screening of applications to the cohort ( 4 weeks)
– Stage 2 : Finalisation of test design by the Fintech Unit at RBI (FTU) via interaction
with applications. ( 3 weeks)
– Stage 3 : Application assessment and vetting of test design by the FTU (3 weeks)
– Stage 4 : Testing by the FTU based on empirical evidence and data (12 weeks)
– Stage 5 : Testing of Final outcome of testing of product or technology that was
sandboxed by FTU ( 5 weeks)
17
Regulatory Sandbox
• RBI framework includes a list of indicative innovative products, services, and
technologies that could be considered for testing under its regulatory sandbox scheme.
• List of Innovative Products and Services are as follows:
– Retail Payment Mechanism
– Money transfer services
– Lending services at marketplace
– Digital KYC
– Services related to financial advisory
– Services which helps in managing the wealth of the individual
– Digital identification services
– Smart Contracts
– Products related to cybersecurity
• List of innovative technologies are as follows:
– Mobile applications related to Payments, Digital identity, etc.
– Data Analytics
– API’s related to finance
– Applications built on a blockchain mechanism
– AI and machine learning applications
18
Example – RBI regulation snapshot for Payment services
• Regulations comparatively well developed for payments space
• Digital payments in India are predominantly executed through prepaid payment
instruments (PPIs) and debit cards, and the Real-Time Gross Settlement system and
National Electronic Funds Transfer system.
• The PSSA (Payment and Settlement Systems Act) is the primary legislation governing
payment systems in India. Separately, the RBI, as the payments regulator, issues rules and
regulations covering different aspects of the payments ecosystem from time to time.
Examples include the following:
– Card network providers are governed by specific regulations issued by the RBI from
time to time regarding debit/credit card operations.
– PPIs, including mobile wallets, are governed by the RBI's Master Direction on
Issuance and Operation of Prepaid Payment Instruments. The PPI Master Direction
divides PPIs into three categories:
• closed loop;
• semi-closed loop; and
• open loop.
• The RBI mandates the implementation of two-factor authentication for all domestic
card-not-present transactions. Low-value transactions (less than INR 2,000) are exempt.
19
Appendix – Types of PPI
• What are the various types of PPIs?
• Ans. PPIs can be issued in the country under three types:
• Closed System PPIs: These are PPIs issued by an entity for facilitating the purchase of
goods and services from that entity only. No cash withdrawals are permitted. These
instruments cannot be used for payment or settlement for third party services. The
issuance and operation of such instruments is not classified as a payment system and
does not require approval / authorisation from the RBI.
• Semi-closed System PPIs: These are PPIs issued by banks (approved by RBI) and non-
banks (authorised by RBI) for purchase of goods and services, including financial
services, remittance facilities, etc., for use at a group of clearly identified merchant
locations / establishments which have a specific contract with the issuer (or
contract through a payment aggregator / payment gateway) to accept the PPIs as
payment instruments. These instruments do not also permit cash withdrawal,
irrespective of whether they are issued by banks or non-banks.
• Open System PPIs: These are PPIs issued by banks (approved by RBI) for use at any
merchant for purchase of goods and services, including financial services,
remittance facilities, etc. Cash withdrawal at ATMs / Points of Sale (PoS) terminals
/ Business Correspondents (BCs) is also allowed through these PPIs.
20
NPCI (National Payments Corporation of India)
• NPCI, an initiative of the Reserve Bank of India (RBI) and Indian
Banks’ Association (IBA), is an umbrella organisation for
operating retail payments and settlement systems in India.
• NPCI has ten core promoter banks—State Bank of India, Punjab
National Bank, Bank of Baroda, Canara Bank, Bank of India,
HDFC Bank, Citibank, HSBC, and ICICI Bank. It is a not for
profit organization.
21
NPCI – Key
products
• NPCI has made its valuable contribution to the banking sector through its products
from time to time. The products and their significance are listed below:
• NFS: National Financial Switch (NFS) ATM network. As on 31 July 2019, there
were 1,140 members with more than 2.41 lakh ATMs connected to the network.
• IMPS: Real time fund transfer offering an instant, 24X7, interbank EFT service
that could be accessed on Mobile, Internet, ATM, SMS, Branch and USSD. (NEFT
and RTGS facilities are limited to the bank working hours.).
• AePS: Aadhaar-enabled Payment Service (AePS) is aimed to further speed track
financial inclusion in the country. AePS is a bank-led model that allows online
interoperable financial inclusion transaction at PoS of any bank using the Aadhaar
authentication through the retail merchant. A customer must provide details such
as bank identification, Aadhaar number, and fingerprint to complete such a
transaction.
• RuPay: RuPay is a new card payment system launched to satisfy RBI’s vision to
offer a domestic, open-loop, and the multilateral system. This made it easier for
Indian banks and financial institutions to implement electronic payments. The
term ‘RuPay’ is a combination of Rupee and Payment. NPCI also developed
RuPay Contactless payments technology using open standards.
22
NPCI – Key
products
• NACH: National Automated Clearing House (NACH) is a web-based solution that facilitates interbank, high
volume electronic transactions that are repetitive in nature. They are well suited for bulk transactions towards
the distribution of dividends, interest, subsidies, salary, pension, and more.
• *99#: Unstructured Supplementary Service Data (USSD) allows users without a smartphone or data/internet
connection to use mobile banking through the *99# code. USSD-based mobile banking can be used for fund
transfers, checking account balance, generating bank statement, among other uses. The main objective is to
allow financial inclusion of the underbanked and economically weaker sections of the society, and integrate
them into mainstream banking.
• UPI: The UPI enables real-time, instantaneous mobile based bank to bank payments..
• Bharat BillPay: Bharat BillPay is a one-stop-shop for all bill payments, such as mutual funds,
insurance premiums, school fees, telecom, electricity, DTH, gas, water and more.
• NETC: National Electronic Toll Collection (NETC) is a nation-wide programme designed to meet the
electronic tolling requirements in India. It also enables customers to use FASTag as a payment mode at toll
plazas irrespective of who controls the toll plaza.
• BHIM: For the concept of UPI, Bharat Interface for Money (BHIM) was launched to make payments simpler
and easier. Instant bank-to-bank payments can be made using a mobile number or virtual payment address (UPI
ID).
• BharatQR: Basically, a QR code is a series of black squares arranged in a square grid that can be read by a
camera. NPCI, together with the international card schemes, developed a common standard QR code
specification. This led to the creation of Bharat QR (BQR), a person-to-merchant mobile payment solution. When
a merchant displays a BQR code, the user can scan the code via BQR-enabled mobile banking app and make the
payment using a card-linked account.
• BHIM Aadhaar Pay: This is a payment interface through which you can make real-time payments to merchants
using Aadhaar number or VPA of the customer followed by a round of authentication through biometrics. Such a
transaction is limited to Rs.10,000 per transaction.
23
# Feature NEFT RTGS IMPS
1 Launched by RBI RBI NPCI
2 Year of launch 2005 2004 2010
3 Methodology of In batches, on half-hourly intervals Real-time Real-time
processing
4 Availability 24X7X365 On all days when most bank 24X7X365
branches are functioning
Available to banks from 7 am
to 6
pm for settlement at RBI
5 Charges levied No levy by RBI on banks No levy by RBI on banks Various components of fees levied by NPCI on
on members members
6 Charges levied a) Advisory of no charges to savings Inward: Free As decided by individual banks and PPIs
by members on bank account customers for online Outward: Specified
customers * NEFT transactions
(Banks may b) Maximum charges which can be
charge at lower levied for outward transactions at
rates but not originating bank for other transactions
more than the specified
rates c) No charges for inward transactions at
prescribed destination bank branches
by RBI).
7 Limit on No limit is imposed by the RBI. Minimum: Rs. 200,000 Remitter responsible for implementing:
remittance However, banks may place amount Maximum: No cap a) Transaction limit as per Mobile
amount limits based on their own risk Payment guidelines of RBI
perception with the approval of its b) Maximum daily limit for transfer of funds
Board. from
Cash remittance by sender without a mobile or any other channel
bank
account is capped at Rs. 50,000/- per
transaction
8 Recourse in Destination banks are required to Funds received by the RTGS Guidance to ensure strict compliance with
case of failed return the transaction (to the member bank to be returned to RTGS
credit to originating branch) within two hours originating bank within one hour operational instructions of RBI
beneficiary of completion of the batch in which of receipt of payment at the
NPCI – Regulations
Example
- UPI transaction value limit is Rs. 1 lakh
- Since Oct 2018, NPCI has reduced the number of transfers that a person can make
to another person/s in a 24-hour period to 10
- the limit is applicable only on person-to-person transactions and that too from a
single bank account.
- So if a person has three bank accounts, she can make 30 money transfers in a day
using UPI.
- The limit is not applicable to person-to-merchant transactions. The UPI platform
allows merchants to register themselves as merchants.
25
NPCI – Coming
up
- One Nation One Card : Inter-operable transport card Launched on RuPay platform
to allow the holders to pay for their bus travel, toll taxes, parking charges, retail
shopping and also withdraw money.
- UPI 2.0: Key features:
1. Linking of overdraft accounts (in addition to CASA accounts)
2. One time mandate (of paying later by providing commitment at present)
3. Invoice in the inbox
4. Signed intent and QR
26
India)
• Digitisation of stock market operations and mutual fund houses has made SEBI a
stakeholder in fintech transactions in India, for market-linked financial products
offered by entities regulated by them.
• SEBI has approved regulatory sandbox for live testing of new products, services
and business models by market players on select customers
• Framework for industry-wide Innovation Sandbox issued in May, ’19
• The regulatory sandbox is expected to drive new business models and
technologies and be a support system for startups, particularly those in fintech.
• RS has been setup on the recommendation of committee on financial and
regulatory technologies under the chairmanship of T V Mohandas Pai with expert
members from the startup industry, fintech community and academicians.
• To begin with, all entities registered with SEBI under Section 12 of the SEBI
Act 1992, shall be eligible for testing within the regulatory sandbox. An entity
can participate on its own or use the services of a fintech firm
27
India)
• Initially, only entities registered with SEBI eligible for testing; limited CoR to test
solutions in a domain different from the one registered
• Start-ups not regulated by SEBI may be allowed at a later stage
• No exemptions from the these requirements:
- Confidentiality of customer information
- “Fit and Proper” criteria, particularly on honesty and integrity
- Handling of customers’ moneys and assets by intermediaries
- Prevention of money laundering and countering terror financing
- Risk checks (like price check, order value check, etc.)
- Principles of KYC
• Requirements meriting relaxation include Net Worth, Track Record, Registration
fees, SEBI guidelines (e.g. Tech Risk management and outsourcing, Financial
soundness)
28
SEBI
regulations
The first regulator to issue guidelines on eKYC for entities regulated by it
- Entities in the securities market would be registered with UIDAI as KUA (KYC User User
Agency)
- Registered intermediaries/MF distributors who want to undertake Aadhaar authentication
services through KUAs, shall enter into an agreement with any one KUA and get themselves
registered with UIDAI as sub-KUAs
- Notification to be received from Central Government before commencement
- Process outlined for both assisted and un-assisted investors*
• Example : Robo advisors :
– Robo Advisors are financial advisors or wealth management companies, which offer
automated investment advice based on the pre-set algorithms. The algorithm takes
inputs in the form of answers to pre set questions from the investor and offers a
recommended portfolio for the user of the service.
– Robo Advisors come under the ambit of SEBI (Investment Advisors) Regulations, 2013.
– No separate guidelines for robo-advisors; SEBI’s consultation paper states that as per the
current Investment Advisor regulations, there is no express prohibition against use of
automated advice tools
• Mandate that RBI, SEBI, IRDAI and PFRDA to develop standards and use-cases for RegTech by
SPs to make compliance easier, faster and more automated
29
* Source: https://community.nasscom.in/communities/policy-advocacy/fintech-sebis-circular-on-
IRDAI (The Insurance Regulatory and Development Authority of
India)
• When technology is used to provide a disruptive insurance related service, it is
called InsurTech.
• IRDAI regulates Selling and marketing of insurance products is regulated in India.
• An insurer is required to justify the premium amount and terms and conditions of
the insurance policy to be offered to customers to IRDAI.
• A fintech company cannot offer any insurance product for sale unless the fintech
company is duly certified by IRDAI.
• IRDAI has also issued guidelines on advertisement, promotion and publicity of
insurance companies and insurance intermediaries. Fintech companies would
need to comply with these guidelines with respect to marketing insurance
products.
• Some of the leading InsurTech players in India are Acko, Policy Bazaar and Digit
Insurance
30
IRDAI regulations - the Regulatory Sandbox
(RS)
Regulatory Sandbox for InsurTech with the objective of striking a balance between the orderly development
of the insurance sector on one hand and the protection of interests of policyholders on the other, while at the
same time facilitating innovation. The IRDAI RS, which shall be in force for a period of 2 (two) years
from the date of its publication in the official gazette, allows an applicant to seek permission from IRDAI
for promoting or implementing innovation in insurance sector
• IRDAI’s RS guidelines issued in Aug., ‘19 to:
- Provide flexibility in dealing with regulatory requirements and focus on the core issue of policyholder
protection
- Help strike a balance between development of the insurance sector and protecting the interest of
the policyholders. Prior consent of customers required for them to participate in the proposal.
• Proposal for new product to end once number of enrolled customers touches 10k, or premium
collected is Rs. 50 lacs
• Application for innovation in underwriting or product categories or both will have to be filed in
association with an insurer
• IRDAI may revoke the permission if the product does not meet the conditions given in the regulation
or the products are violating the provisions of the Insurance Act
• Out of 173 proposals received, 33 have been approved:
- In Health, a comprehensive wellness programme with wearable device, short-term and need-based
insurance and an app-monitored diabetes mellitus wellness programme
- In non-life segment, eight proposals pertain to a pay-as-you-drive under the private car policy own
damage segment
31
IRDAI regulations for electronic
issue
Guidelines on Insurance Repositories and electronic issuance of insurance policies
- every insurer issuing and maintaining 'e-insurance policies' to mandatorily utilize
the services of an IR and enter into service level agreements with one or more IRs
- eligibility criteria for an entity to function as an IR (Insurance Repository)
- every IR to obtain a valid CoR (Certificate of Registration)
Issuance of e-insurance Policies Regulations:

- issuers to issue electronic insurance policies to persons paying certain prescribed
annual premiums and insured sums
- different thresholds for annual premiums and sums insured for different LOBs
(pure term, pension, individual health, etc.)
- Policy holders to whom policies are directly issued need to mandatorily have an
electronic insurance account
• Guidelines on Insurance e-commerce:
- enables insurers and intermediaries to set-up Insurance Self-Network Platforms
("ISNPs") to sell and service insurance policies
- manner and procedures of grant of permission for establishing an ISNP
• Insurance Web Aggregators Regulations to supervise and monitor such entities
32
PFRDA (Pension Fund Regulatory & Development
Authority)
PFRDA’s objective of speeding up the development of the NPS market, and for
the ease of doing business with the NPS
• Identification of areas which could utilise Fintech using the RS approach
for the benefit of subscribers and NPS as a whole:
- Onboarding process – paperless pension account generation, compliance
to KYC/Due Diligence and PML
- Financial inclusion
- Flow of subscriber contributions through banking channels, subsequent
investments, and credit in pension account near to real time
- Robo-advisory for enabling informed choices by subscribers
- Adoption of algorithmic trading by PFs, real time settlement of trades,
market valuation of investments, etc.
- Areas of recordkeeping exploring use of blockchain/distributed ledger
- Mechanism of grievance resolution
- Withdrawals/Exit process/Maturity
- RegTech and SupTech
• Paytm Money has added NPS to its app after approval from PFRDA.
33
Role of IDRBT (Institute of Development and Research in Banking Technology )
• Backed by RBI
• IDRBT, Hyderabad - an autonomous institute for higher education and research in areas of IT that
have a broad relevance to banking and finance.
• Primary role of IDRBT in the Indian financial segment is to spearhead technology absorption to
improve the functioning of the Indian banking and the financial sector. This mission is being
achieved through development and implementation of technologies, research in the areas related to
banking technology and consultancy and advisory services on focal areas of banking technology and
its applications.
• It is the certifying authority (CA) for the Indian banking and financial sector with responsibility of
registration, issuance, renewal, suspension and revocation of digital certificates to applicants.
• 4 Major areas of focus

- Financial network and application architecture
- Payment system and security technology
- Multimedia and Internet technologies
- Data mining, data warehousing and banking risk management.
• Developed structured financial managing system (SFMS) that can be used practically for all
purposes of communication within the bank and between banks. Pilot installed with Canara bank,
Bank of Maharashtra, PNB, Bank of Baroda, Andhra Bank, Indian Overseas Bank and
CCIL (Clearing Corporation of India).
34
Mobile Operators & Fintech – Precursor to TRAI role
• Mobile Operators and Fintech companies are obviously very different entities: different
industries, But there are strong reasons for them to join hands in bringing innovative and
secure solutions to market at scale.
Why should Fintech partner with operators?
• Fintech services are most popularly accessed via Mobile phones
• Mobile phones allow Fintech services to be offered to customer bases in any area
which is not easily accessible.
• Operators have already join forces with small, innovative companies to deliver
differentiating services to their customers.
• Operators provide powerful marketing and distribution channels, that can include : -
– Promotion and download through the operator's online channels or apps
– Other specific promotion activities
– Pre-load of partner application on handsets distributed by the operator
– Co-branding - First level of customer support
35
regulations
• Established in Feb-97 for independent regulation after entry of private service providers
• Main objective is to provide a fair and transparent policy environment which promotes a
level playing field and options for fair competition.
• Introduced Services Like : -
• Broadband : - which helped improve the flow of information across various
elements; it is directly correlated with the growth of economy.
• Unified License Regime : - Government to allow all communication services under
one license with an entry fee & all companies shall have to purchase the spectrum by
participating in auctions as declared by the government.
• VAS – Valued Added Services : - Being the lowest ( ARPU ) this add on services which
motivate telecom operators to shift their focus more towards customers.
• Key objectives:
- Affordable wireless broadband services to 90% of the population by 2022
- 1 GBPS data connectivity to all Gram Panchayats
36
regulations
• Regulates telecom services, including fixation of tariffs, key initiatives being:
- Mobile Number Portability
- Curbing on Unsolicited Commercial Communication (UCC)
- In-flight connectivity, Net neutrality
- Next Gen Public Protection and Disaster Relief
- Privacy, secrecy and ownership of data in telecom sector
- Digitizing process of Broadcasting and Cable services
- Close monitoring and penalty for non-compliance of regulations
• Mobile Apps for Consumer Protection and Empowerment (TRAI Apps):
- TRAI MyCALL
- DND 2.0
- TRAI MySpeed
- Channel Selector
- TRAI CMS
37
players
• Access Provider (AP) to ensure that commercial communication takes place with only
registered headers assigned to the senders
• 21 – 10 hrs will be default OFF for promotional SMSes irrespective of customers
registered for DND or not chosen any time band
• 24/7 delivery for transactional SMSes without NDNC restrictions
• More than 6 messages to the same destination number within an hour with the same
sender or text may be blocked
• AP to record customer preferences for commercial communication (categories, modes
and times), and to ensure that such communication is made only as per preferences
recorded
• No sender shall initiate calls with an Auto dialer that may result in silent/abandoned calls
• Any enterprise which fails to pre-register Distributed Ledger Technology, will become
non-compliant and will not be able to send A2P SMS/Voice to the end recipient via
domestic routes
• AP to establish Customer Complaint Registration facility
• IVRS, SMS, USSD options specified for customers to opt in or out of one or more
commercial communication categories
38
players
• No service provider shall activate or deactivate the data service on the Cellular Mobile
Telephone connection of a consumer without explicit consent
• Operators need to send data usage information through SMS or USSD after every Session:
Data used, Charges deducted, Balance.
• In case a consumer uses his telephone connection to send promotional messages, his
connection will be liable for disconnection on the first complaint and his name and
address may be blacklisted for a period of two years
• The service provider cannot activate any value added service, whether chargeable or free
of charge, without the explicit consent of a customer.
39
Indiastack
• As India as a country matures regarding the use of Aadhaar, much of the backbone
infrastructure for digital India in India, is on the framework of India Stack - driven
by Aadhaar and eKYC.
• Set of APIs that allows government, businesses and developers to utilise a unique
digital Infrastructure to solve India’s hard problems towards presence-less,
paperless, and cashless service delivery
• Minimal set of APIs and encourages the rest of the ecosystem to build custom
applications on top of these APIs
• The following APIs are considered to be a core part of the India Stack.
– Aadhaar Authentication
– Aadhaar e-KYC
– eSign
– Digital Locker
– Unified Payment Interface (UPI)
– Digital User Consent - still work in progress.
40
Appendix - Aadhaar stats – backbone of Indiastack
41
• Aadhaar authentication is now fairly well established wherein Aadhaar Number, along with
other attributes including biometrics, are submitted online to the CIDR (Central Identities Data
Repository) for its verification on the basis of information or data or documents available with
it. At a high level, authentication can be ‘Demographic Authentication’ and/or ‘Biometric
Authentication’.
Aadhaar Generation Trend – 1.257 billion as of now
Aadhaar
captures 4
fields - name,
gender, DOB
and address &
biometrics
42
• Aadhaar – further trends
Aadhaar Authentication Trend
43
Aadhaar Roadblock – Supreme court ruling impact on Fintech
• Supreme court’s September 26, 2018 ruling barred private companies from accessing the
biometric database. It hit the banking and broader financial services sector hard since
Aadhaar had provided them with remote access to rural markets and urban poor
segments at a nominal cost.
• Since then, technology companies have been seeking viable alternatives.
• A new method has been suggested by the (UIDAI)
– any entity that wishes to access Aadhaar numbers online will have to download
either the new QR codes or XML format from the UIDAI website. This would
keep citizens’ biometric data safe and protect the privacy of the 12-digit unique
identification numbers.
– However, Aadhaar XML journey is complicated with many steps including
obtaining an OTP, selecting a range of permissions and downloading the XML file
before actually using it as an ID.
– Also, internet bandwidth in remote locations which might make any online process
across multiple hops cumbersome.
– Moreover, in many cases, mobile numbers do not match those in the Aadhaar
database.
– Hence, users would prefer to use other ID cards rather than Aadhaar at this point.”
44
Aadhaar Roadblock – Difficulty with customer
onboarding
• The biggest challenge is to onboard customers remotely. Aadhaar allowed consumers to
avoid lengthy paperwork and get services through their smartphones or computers
even from faraway places.
• Consumers could fill up forms in a few seconds, digitally sign the documents through
Aadhaar and authenticate themselves through biometrics – all this at a fraction of the
real cost.
• Among the companies that benefited from this were digital lending firms such as
Capital Float, Lendingkart, Early Salary and even investment startups like
Zerodha that were trying to reach out to consumers digitally.
• If a person has to physically collect documents, it pushes up cost. Also, chances of
errors in filling up these documents are many.
• Even banks were onboarding customers digitally, be it Kotak’s 811 scheme or State
Bank of India’s proposition to the new generation customers through YONO.
45
signatures
• What is a wet signature?
• A wet signature is created when a person physically marks a document. In some cultures
this is done by writing a name in a stylized, cursive format (or even a simple “X”) on a piece of
paper. Other cultures use name seals to the same effect. In both cases, the word “wet” implies
that the signature requires time to dry, as it was made with ink or wax.
• What is an electronic signature?

– Various legal definitions exist for electronic signatures, but the term most generally refers
to the acknowledgement or adoption of an electronic message, transaction or
document. Some examples include:
– A typed name at the end of an email
– A typed name on an electronic form or document
– An image of a handwritten signature on a transmitted fax
– A personal identification number (PIN) entered into a bank ATM
– Clicking “agree” or “disagree” on an electronic “terms and agreements” contract
– A handwritten but digitally captured signature made on a touch device, such as a tablet
or smartphone (sometimes referred to as a “dynamic signature”)
46
signatures
• What is a digital signature?
• Sometimes referred to as a cryptographic signature, a digital signature is considered the
most “secure” type of electronic signature. It includes a certificate of authority, such as a
Windows certificate, to ensure the validity of the signatory (the signature’s author and
owner).
• The parties on either side of a digital signature can also detect whether the signed
document was altered or changed in any way that would invalidate it. In addition,
electronic messages are signed with the sender’s private decryption key and verified by anyone
who can access the sender’s public encryption key; this further ensures that both parties are who
they say they are and that the content of the message has not been changed or intercepted.
47
• E-Sign is a process that allows individuals, enterprises and government bodies to

easily and securely sign documents digitally anytime, anywhere and on any device.
• Allows applications to replace manual paper based signatures by integrating an API
which allows an Aadhaar holder to electronically sign a form/document anytime,
anywhere, and on any device legally in India.
• eSign service facilitates significant reduction in paper handling costs, improves
efficiency, and offers convenience to customers
• The eSign service is governed by e-authentication guidelines.
• Authentication of the signer is carried out using Aadhaar e-KYC services
• Signature on the document is carried out on a backend server of the e-Sign
provider. eSign services are facilitated by trusted third party service providers –
currently Certifying Authorities (CA) licensed under the IT Act.
48
49
Indiastack – eKYC
component
IndiaStack essentially consists of 4 technology stacks or layers - presence-less layer,
paperless layer, cashless layer and consent layer.
1. Presence-less Layer - The presence-less layer is built to ensure that individuals
are able to provide verified identities at any time and place to anyone upon consent.
• This led to the creation of UIDAI & Aadhaar.
• Every citizen of the country can obtain a unique, permanent, 12 digit ID
• Aadhaar also captures individual biometric details, for the purpose of authentication.
This unique ID provides people the opportunity to easily provide identity proof,
without the need to carry additional documentation. This presence-less layer through
Aadhaar forms the foundation layer on which the other 3 layers rest.
2. Paperless Layer - Indiastack objective is to provide solutions that can easily
store and retrieve information and documentation digitally.
• This is best achieved through a paperless layer. The paperless layer constitutes of 3
solutions - Aadhaar eKYC, E-Sign and Digital Locker.. These three solutions together
powers a paperless ecosystem that verifies, authenticates and stores information and
documentation digitally.
50
Indiastack – Framework –
Contd.
3. Cashless Layer - To really move things into the digital age, payments and
financial transactions need to go cashless. Going cashless, increases transparency
and ease of use.
• The cashless layer primarily includes UPI in addition to AEPS (Aadhaar Enabled
Payment systems)
4. Consent Layer - The electronic consent architecture enables user controlled data
sharing, data flow and data retention.
• Enables people to securely provide consent for the data flow between data
providers like banks, hospitals and telcos to data requestors like banks, credit card
providers etc.
• For instance, if a person wants to apply for a credit card, he can provide consent to
the bank (where he has an account) to share relevant documentation to the credit
card company to verify his credit worthiness for the issuance of a credit card.
51
Indiastack – Digital
Locker
• A platform for issuance and verification of
documents & certificates in a digital way, thus
eliminating the use of physical documents.
• Indian citizens, who sign up for a
DigiLocker account get a dedicated cloud
storage space linked to their Aadhaar
(UIDAI) number.
• Organizations that are registered with Digital
Locker can push electronic copies of
documents and certificates (e.g. driving
license, Voter ID, School certificates)
directly into citizen’s lockers.
Open API-based • Citizens can also upload & electronically
ecosystem driven sign scanned copies of their legacy
Digital protection documents in their accounts.
• To summarise, this solution enables secure
digital storage of documents for people to
store, retrieve and share digital documents.
52
Application
example
• Reliance Jio leveraged e-KYC and e-Sign to easily and efficiently issue mobile
SIM cards. The entire SIM activation process that previously took 3-5 days now
takes only a few minutes, thus significantly improving customer experience and
overall efficiency
• The application areas for this solution is practically limitless, for instance an
organisation can use e-Sign to digitally sign important documentation like HR offer
letters, vendor contracts and securely store them in the Digital Locker for retrieval
at any point in time.
• Similar applications of the two solutions can be used across several other sectors
like transportation, health care, banking etc in order to make processes efficient
and cost effective.
53
Indiastack –
UPI
54
Indiastack – UPI (Unified Payment
Interface)
• Enables bank account holders to send and receive money immediately from one bank
account to another through smartphones, without the need to enter lengthy account
information or other net banking details, like IFSC codes, user IDs etc.
• It uses a simple virtual payment address (VPA) similar to an email ID, that people can
create for themselves.
• An individual can attach any number of bank accounts to a single VPA and can pick
any specific individual bank account before making a transfer.
• UPI transactions can be completed via the BHIM app or other UPI enabled apps, like
banking and wallet apps.
• Thus, fundamentally, UPI removes the need for other payment infrastructure like POS
hardware of physical debit and credit cards, making payments friction free and
completely interoperable (transfer between accounts in different banks).
• Post demonetization, UPI has proven to be big advantage for people to easily switch to
digital transactions. For instance, post the demonetization various payments
platforms witnessed a spike of 50% in UPI transactions.
• UPI is very easy to use from the consumer front.
• UPI removes international switches like Mastercard and Visa (which have been
powering all online transactions so far), thus saving on high transaction costs.
55
Indiastack – Framework -
summary
56
• Using IndiaStack, A Bank can transform to become a completely digital entity, efficiently
and effectively fulfilling all banking functionalities through secure, quick steps fulfilled
online.
• Multiple key banking functions like account opening, money transfers, payments, loan
approvals and disbursements can be built via the many layers of IndiaStack.
• For example,
– Account opening, as explained earlier can be completed instantly through a simple Aadhaar
eKYC verification process.
– Loan approvals can be completed online with the customer providing access to the required
information, documentation and other checks through the electronic consent architecture and
Digital Locker.
– All bank related documentation can also be digitally signed through E-sign and securely stored
and retrieved online as and when needed from the Digital Locker.
– Loan Disbursement can be routed digitally to the customer’s bank account and payments and
money transfers by the customer can be initiated effortlessly through the bank’s app via UPI.
– UPI allows for all kinds of transfers between individuals, merchants, enterprises, government
bodies etc. So, the customer has no real need to hold on to physical cash, be it making a payment
at a physical store or paying school fees or even making a loan repayment, he or she can directly
make payments online through UPI or other online payment modes.
57
• This unique technology stack provides organizations the power to re-imagine systems
and processes.
• For example, the healthcare sector can easily tap into Digital Locker to store and
retrieve relevant medical record, through the consent of patients.
• This makes healthcare portable, meaning that people can access healthcare facilities at any
place on short notice without the worry of having to carry patient medical history
documents.
• Similarly, the travel and tourism industry can tap on Aadhaar eKYC for passenger
verification, tickets can be purchased using UPI and stored on Digital Locker, and
retrieved at the time of travel through the consent layer.
• The application opportunities for IndiaStack is massive and both private and public
agencies can leverage the stack to optimise and digitize processes.
• While IndiaStack has the potential to transform things, the success of the entire initiative
is dependent on the success of Aadhaar, the foundation of the entire stack.
• Aadhaar has faced concerns with regards to privacy and security, from issues like fake
ID creation to compromise of fingerprints to more serious issues of data leakage.
• Resolving these issues and instituting sound mechanisms to prevent data breaches is
what will eventually lead to the success of IndiaStack.
58
Thank you
59
Money Laundering & Fintech
1. Money Laundering – Brief Intro

2. Traditional Money Laundering Scenarios
3. Fintech & Money Laundering Possibilities
4. Fintech & Money Laundering Risk
5. Anti Money Laundering Solutions (RegTech)
6. ML Risk Assessment of Fintech Solutions
7. Career Prospects in AML (Financial
Firms, Regulators & Fintechs)
1
Money Laundering – Brief
Intro
• Money laundering (ML) is the illegal process of making
large amounts of money generated by Corrupt / criminal
activities such as drug trafficking or terrorist funding and
make it seem to have come from a legitimate source.
• There are 3 stages:
– Placement – The origination of the transfer that places dirty
money into legitimate financial system.
– Layering – The routing of the funds through various channels,
jurisdictions, products, accounts etc. This is done to dilute, erase
or mask / conceal the source of the money through a series of
transactions and also bookkeeping / accounting tricks.
– Integration – The final leg where money is converted, received &
withdrawn through some legitimate means.
• Besides, national financial regulators, there is also concerted
global effort to curb ML and to this effect there is the
Financial Action Task Force (FATF) and Regional
Groups.
2
Traditional Money Laundering
Scenarios
• Use of legitimate, cash-based business owned by a criminal
organization.
• In one common form of money laundering, called smurfing (also
known as "structuring"), the criminal breaks up large chunks of cash
into multiple small deposits, often spreading them over many
different accounts to avoid detection
• Money laundering can also be accomplished through the use of
currency exchanges, wire transfers, and "mules"—cash smugglers,
who sneak large amounts of cash across borders and deposit in
foreign accounts where money-laundering enforcement is less strict.
• Other money-laundering methods involve investing in commodities
such as gems and gold that can easily be moved to other
jurisdictions, discreetly investing in and selling valuable assets such
as real estate, gambling, counterfeiting and using shell companies
(inactive companies or corporations that essentially exist on paper
only).
3
Possibilities
• The rise of online banking institutions, anonymous online
payment services and peer-to-peer (P2P) transfers with
mobile phones have made detecting the illegal transfer of
money even more difficult.
• Moreover, the use of proxy servers and anonymizing
software makes the third component of money laundering,
integration, almost impossible to detect—money can be
transferred or withdrawn leaving little or no trace of an IP
address.
• Money can also be laundered through online auctions and
sales, gambling websites, and virtual gaming sites, where
ill- gotten money is converted into gaming currency, then
back into real, usable, and untraceable "clean" money.
• Cryptocurrencies present new complications and are
already being viewed suspiciously by regulators.
4
Risk
• Thus, due to technology and new fintech products,
money laundering is both attractive and easy for
offenders because use of technology increases the
rate of initiation of transactions and unlimited
money flow, through anonymous accounts.
• Overlapping regulations across different products,
countries and loopholes therein are exploited and
get magnified by use of technology.
• We have seen many Financial Firms (usually
banks) being penalised regularly.
• So it is both Financial & Reputational risk.
5
Anti Money Laundering Solutions
(RegTech)
• Solutions enabling effective
– Customer Due Diligence (CDD),
– Enhanced Due Diligence (EDD),
– Transaction Monitoring
– Black List Filters for countries & individuals (Interpol, OFAC, FATF,
EU, ECGC, RBI etc.)
– Politically Exposed Persons (PEP’s)
– Pattern Detection (Using AI / ML),
– Red Flagging
– Reporting etc.
• These are part of RegTech solutions.
• Despite these solutions, challenges exists because of organisation & data
silos, coordination amongst various countries, agencies and organisations,
Volume of Transaction / False Alerts, Training issues, New Products /
Segments, Time Delays for Investigations etc.
6
ML Risk Assessment of Fintech
Solutions
7
Career Prospects in AML (Financial Firms, Regulators &
Fintechs)
• The Association of Certified Anti-Money
Laundering Specialists (ACAMS) offers a
professional designation known as a
Certified Anti-Money Laundering Specialist
(CAMS).
• Individuals who earn CAMS certification
may work as brokerage compliance
managers, Bank Secrecy Act officers,
financial intelligence unit managers,
surveillance analysts and financial crimes
investigative analysts.
8
Pitfalls of
Fintech
Long term visibility is hazy….

Industry is watching it cautiously….
1
pitfalls
1. Investor expectations of early payback

2. Regulatory compliances
3. Difficulties in partnerships with incumbents
4. Competing with big financial brands
5. The LendingClub story
6. The Finomena story
7. The Loanmeet story
8. The Aditya Birla Payments Bank story
9. Problems with blockchains
2
pitfalls
3
pitfalls
4
1 - Investor expectations of early payback
• Fundamental strategic contradiction between Technology and Finance
– Technology companies typically get big faster & dominate the sector*
– In contrast, finance sector is slow moving, particularly lending. Growing a retail
customer base is expensive and time consuming
• Investors of all kinds are accustomed to the modern Tech growth curve and have a
three to five-year investment horizon
• People tend to forget that Finance is a very slow-moving sector, even if it is technology
enabled.
• Fintech (selling bank technology, small-business solutions, or acting as a lender) - it
takes time to break into the market
*: Facebook’s old motto for developers – “Move fast and break things”; in 2014, it was
changed to “Move Fast With Stable Infra”.
4
Fintechs are often pressurized by both existing and potential investors to demonstrate
the so-called “hockey stick” growth. This hinders long-term visionary thinking
Recommendation : Improper choice of VCs could compound problems; those with

Fintech experience should be preferred
Fast With Stable

*: Facebook’s old motto for developers – “Move fast and break things”; in 2014, it was changed to “Move 5
Fast With Stable

Investor expectations of early
payback….contd.
• The realities of the market and the demands of investors force
these organizations to abandon data and technology in favour of
traditional sales techniques
• Growth-at-all-costs mentality is incredibly damaging for the
industry. When Fintechs start using their investment dollars not for
innovation, but for quick growth - even at the cost of disregarding
business cycles - long-term viability becomes doubtful
• As competition increases, Fintechs begin making riskier and
riskier decisions. This could mean accepting clients and deals
that aren’t an ideal fit for their product. For online lenders, it
means riskier and less desirable loans
• The impact of competition in the lending space in the US is evident
from the Google AdWords prices. Over the past few years, the
price per click (PPC) for keywords such as “small business
loans” have risen to nearly $100 per click in some instances.
6
2 – Tough to adhere to Regulatory compliances
• Dealing with regulation has become a daily norm. There is

increasing pressure on Fintech start-ups, globally, to address and
deal with existing or potential regulatory hurdles
• Most Fintechs are not as knowledgeable as large traditional players
about regulatory framework. It is still early days for Fintechs and in
the euphoria, they ignore/ do not give due importance to the key
issues that should be considered:
- Are there existing regulations today that regulate the company’s
products or services?
- If there are existing regulations, does the Fintech company comply?
- What licenses will be required?
- Does it make sense to partner with another company that already has
the required licenses?
- In case the decision is to partner, what would be the economic split?
What is required to partner from each company’s perspective? What is
the risk? Is this a long-term approach or an intermediary step?
7
Tough to adhere to Regulatory compliances
….contd.
Typical Regulations faced by Fintech are in the areas of:
1. Protection of consumers against unfair or deceptive
practices
2. Data protection laws – national and if applicable,
international
3. Restrictions on telemarketing
4. Restrictions on email marketing
5. Customer notification of security breaches involving
personal information
6. Consumer privacy laws
7. Anti Money Laundering laws
8. Transaction processing and storage of information
8
3. Difficulties in partnerships with large incumbents
• Incumbents in the finance sector are powerful and
complacent. Most don’t fear Fintech companies looking to
take their business because, few, if any, pose a real threat
• BFSI is highly regulated and therefore inherently
conservative, where a commitment to innovation and
decisive action could be detrimental to a career. The
common wisdom amongst bankers is that maintaining the
status quo is the path to long-term success
• Fintechs have witnessed long sales-cycles, with a typical
deal taking 12-18 months to come to fulfilment. This makes
it difficult for them to raise capital and gain visible traction
• Current procurement processes are very rigid and
essentially adapted to mature companies, making it tough
for start-ups to provide the requested information and
documentation. They risk being perceived as
unprofessional by incumbents.
9
Difficulties in partnerships with
incumbents….contd.
• Once the start-up is onboarded, the expectation is that the
integration and ongoing maintenance will run as smoothly as with
established technology providers
• Fintech start-ups believe they will evolve together with the client as
there are many opportunities for customization, but it also means
that one can expect delays, bugs, and larger integration issues
• FinTechs often use technologies that are not in line with the
technical standards of financial institutions e.g. cloud computing is
widely used amongst start-ups, but not by established
institutions in financial services
• Under the pressure of forging as many partnerships as possible,
they often end up agreeing to operate at low or negative margins,
jeopardizing their long-term viability
• The employees of incumbents are often risk averse and work in a
siloed, rather than a collaborative way. That leads to a significant
clash of cultures causing frustrations on both sides and ultimately
yielding outcomes that are worse than expected.
10
Recommendations to make the partnership work
• Improve the ecosystem: With competition increasing, it can help to meet the right person by
getting involved in accelerators and innovation labs. Collaboration with an organization that
already works closely with incumbents can help secure privileged access to potential partners
and give an insight on their pressing issues
• Progress within the incumbent’s culture: Fintechs should prepare to reset their watch as incumbents
have slower processes due to legacy systems and bureaucracy. Incumbents can lack the internal
processes to fast track the embedding of new solutions. Fintechs may feel they are following an
unnecessarily convoluted route, but this is due to the complexities of scale. This is frustrating,
but also unavoidable
• Tackling regulation, compliance and cybersecurity: The incumbent’s need for control may be
bureaucratic but those restrictions deliver a high quality, stable product. Fintechs that
underestimate the enormity of milestones/ don’t do proper due diligence, run the risk of losing the
confidence of both the regulator and the market. Robust evidence has to be established that their
tech is fit for purpose, differentiated, and will address the customer need
• Managing change with structure and agility: Fintechs must adapt to structured governance with
Capability modelling, target operating models and process mapping. For example, a lack of
governance of the ecosystem and processes can lead to poor visibility on the project
• Preparing for scale: The pressure to expand a successful pilot and demonstrate proof of value as
soon as possible can lead to rapid growth that causes the architecture to creak at the seams.
Having a focus on quality in design and testing stages will provide confidence that the technology
will be successful at scale.
11
brands
• Fintechs don’t only compete with the large existing financial powerhouses,
but they have to contend with Amazon and other technology companies
expanding into financial services.
• A start-up cannot underestimate the spending power of incumbents and
their willingness to spend when it comes to direct consumer marketing
• A Fintech B2C company should be able to answer the following to stay
competitive in a clear manner:
- What is the USP ? What is it that the Fintech company is offering that
incumbents are not ?
- What problem is being solved that the large incumbents are not
addressing, and why are they ignoring that market segment or
opportunity? Basing the business model on IP alone is unwise
- Is it trying to change customer behaviour? If so, what is the approach and
why does it think it is possible?
- What are customers risking if they adopt the new solution versus an
incumbent’s product?
- Can it build trust with customers?
- How will incumbents react? And if they do, how long will it take?
- Does it have any technology that is not vulnerable?
12
Competing with big financial
brands….contd.
• For a B2B company, the questions are centred around
product differentiation and the problem that is being
solved for the enterprise. The product needs to solve a
significant problem in order for a large company to bet
on a start-up versus a larger, more established
company. The most critical points are:
- Does the product solve a pain point today that is
causing the company either significant expense, loss of
business, or potential regulatory fines?
- Is the product robust enough to compete with the
incumbents and beat them in a head-to-head matchup?
- Will the incumbents use it as a loss leader, eliminating
any potential margin?
13
5. The LendingClub story – the
journey
• LendingClub, a pioneer in the lending marketplace in the United
States, started operations in 2007
• The company raised $1 billion in what became the largest
technology IPO of 2014 in the US
• Based on the IPO prices, the investors Series A investors made 55
times their money, while Series B investors did even better (80
times)
• LendingClub experienced problems in early 2016, with difficulties
in attracting investors, a scandal over some of the firm's loans and
concerns by the board over the CEO’s disclosures, leading to a 34%
drop in its share price and his resignation
• Along with Funding Circle, it remains lossmaking amongst the
biggest publicly traded marketplaces. Shares are down over 70 per
cent since they listed over the past few years.
• In April 2020, the company announced it will lay off around one
third of its employees in anticipation of the economic downturn
resulting from the COVID-19 pandemic
14
The LendingClub story – what went
wrong
• Until 2016, the problems in the P2P industry had not attracted the attention of
market watchdogs. Lending Club, in its guise as a P2P lending company with no
intermediary function, had escaped regulatory notice and remained unbound by
the rules governing banks when performing their intermediary functions
• After the financial crisis of 2008, interest rates remained relatively low until 2015,
when the Fed began to raise the federal funds rate, causing a corresponding rise in
the market interest rate. Investors became more willing to put their money in banks
rather than purchasing P2P loans, because the gap in interest rates became small,
but the bank deposit is almost risk-free
• The company is also suffering from fiercer competition and tighter regulation.
These circumstances lead to higher operating expenses because of spends on
sales, marketing and compliance
• As Lending Club itself is performing a credit rating function, a moral hazard
emerges. When it is in need of funds, it is likely to overestimate the value of loans
and the credit rating, creating bubbles in the market which would cause financial
crises. To expect that, unprompted by regulations, a company will choose to
protect a stable market instead of saving its own life seems unrealistic.
Note: US is not the only country where the P2P industry is beset with problems; even
in China the delinquency rates are near 25% ; by comparison, delinquencies on credit
cards are in the 3-5% range.
15
6. The Finomena story – the journey
• A Bengaluru-based Fintech lending start-up, Finomena was founded in

2015 by graduates of IIT Delhi and Stanford and ex-employees of
Facebook, Microsoft, Boston Consulting Group and Bain Capital.
• It facilitated students and young professionals in buying electronic
devices and appliances by providing them with small-ticket loans
• The company worked on a unique algorithm backed system that
checked the creditworthiness of buyers
• It was selected for the International Innovator of the Year award by
LendIt USA 2017, the world’s largest show in lending and fintech
• Finomena received USD 1.7 million in funding from Matrix Partners
and ten angel investors
• The owners were featured in 2016 Forbes 30 under 30 list
• Flipkart and other e-commerce firms partnered with Finomena where
the start-up allowed loan seekers to key in links of items on the e-
commerce marketplace they wanted to buy with a loan
• Failing to raise series-A funding, the company closed down in Dec.,’17
16
The Finomena story – what went wrong
• Intense competition from rivals such as ZestMoney,
CashCare, Capital Float and Lendingkart, among a
dozen other alternate loans start-ups that have
cropped up in India
• As per one analysis, 75% of their employees and
customers were not satisfied with the services
provided by the company
• Cash burn was unusually high for a start-up
• Cost of acquisition was too high for any plausible
buy out
• While the company finally managed to bring down its
costs, the average ticket size remained low
• Both buy-out offers did not fructify because of
valuation issues.
17
7. The Loanmeet story – the journey
• Catered to borrowers, who could not get personal and business loans from
banks and other financial institutions due to lack of credit history,
insufficient documentation or other reasons
• LoanMeet used to finance working capital requirements, B2B
marketplace financing, cash credit line, and channel financing in the
range of Rs 5k to Rs. 500k for short term periods ranging from 15 days to 9
months
• The Bengaluru-based platform provided ultra-short-term loans of 15, 20,
and 30 days to retailers to buy inventory and then repay the startup. With
an initial investment of Rs 2.5 mn. raised from friends and family,
LoanMeet competed with the likes of Capital Float and Loan Frame
• The firm had raised an undisclosed amount from a clutch of individual
investors including Chinese investors
• Until Jan 2017, Loanmeet was growing well at about 50% month over
month
• Its average ticket size was Rs 50k, at an interest rate of ~18%. The startup
shut shop in May, 2019 as it failed to raise follow-on capital. It had initially
raised an undisclosed amount from Chinese investors Cao Yibin and Huang
Wei.
18
The Loanmeet story – what went wrong
• The lending market is an overcrowded market

dominated by established players, and Loanmeet
couldn’t sustain the competition.
• One of the prominent reasons for failure in lending
space is that most of the lending companies are
good at solving credit access problems. However,
they don’t do in-depth research (beyond
collecting information from customers) of the
deep root cause why they have failed to get
funded by banks.
•
19
8. The Aditya Birla Payments bank story – the journey and what went wrong
• Launched in February, 2018, Aditya Birla Payments Bank Limited (ABPB) was the
fourth payment bank to get a license from RBI
• The venture was a JV between Aditya Birla Nuvo Ltd. and Idea Cellular in
which Aditya Birla Nuvo Limited held 51% shares. The remaining 49% was
with Idea Cellular
• In July 2019, Aditya Birla Payments Bank announced that it would shut its
operations subject to the receipt of requisite regulatory consents and approvals
• As observed by RBI, the key reason for operating profit of such banks
being negative was large capital expenditures involved in setting up the
initial infrastructure, leading to high operating expenses
• Further, there is still a considerable section in India that prefers traditional
methods while transacting, and there hasn’t been complete awareness and
comfort with the new techniques
• There were also lending and other limitations, such as investing only in
government securities, which offer lesser returns as compared to other options
like mutual funds
• All the above cumulated to an unviable business model for ABIPB and led to its
shut down.
20
9. Problems with
blockchains
• Decentralization is expensive - The amount of electricity required to drive the
mathematical problems is high, leading some miners to steal the power
• Decentralized control is hard to guarantee - The few groups with the capital and the
expertise are the only ones that dominate mining, and everyone else is unable
to compete at solving the puzzles. Some of the most efficient blockchains are said
to be "private"; they leave control in the hands of a few central groups
• Identity is hard to manage - Users define their identity with a cryptographic key and
must keep their part secret. If someone gets a copy of the key, they can impersonate
the so-called owner
• Lost identities - Many coins on the blockchain are frozen for eternity, controlled by
some key that wasn't backed up correctly. Similarly, in a blockchain tracking
ownership of real estate, the key to some important chunk of land could disappear.
Control of the asset depends upon control of the key
- Blockchain may not be as permanent - After all the calculations and complex
mathematics, the decision about whether to accept new transactions onto the
ledger depends upon some if-then statement. And that if-then statement can be
reprogrammed by the people who write the code running on the dominant fork.
21
laundering
• Although cryptocurrency can be used for illicit activity, the overall impact of bitcoin and other
cryptocurrencies on money laundering and other crimes is sparse in comparison to cash transactions.
As of 2019, only $829 million in bitcoin has been spent on the dark web (0.5% of all bitcoin
transactions). Since blockchain technology provides a public record of each transaction, exposure to
the risk of money laundering is manageable.
• The most simplified form of bitcoin money laundering leans hard on the fact that transactions made in
cryptos are pseudonymous. The same concepts that apply to money laundering using cash apply to
money laundering using cryptocurrencies. There are three main stages of crypto money laundering:
- Placement: Legitimate exchanges follow regulatory requirements for identity verification and sourcing
of funds and are AML compliant. Other exchanges, with sub-par tools, are not as AML compliant
- Hiding: Criminals can use an anonymizing service to hide the dirty funds' source, breaking the links
between bitcoin transactions, citing the need for personal privacy. This can be accomplished both on
regular crypto exchanges or by participating in an Initial Coin Offering, where using one type of coin
to pay for another type can obfuscate the digital currency's origin
- Integration: The point at which dirty currency can no longer be traced back to criminal activity is the
integration point - the final phase of currency laundering. A simple method of legitimizing the illicit
income is to present it as the result of a profitable venture or other currency appreciation. This can be
very hard to disprove in a volatile altcoin market. Alternately, similar to how an offshore fiat currency
bank account can be used to launder dirty money, an online company that accepts bitcoin payments can
be created to legitimize income and transform dirty cryptocurrency into clean, legal bitcoin.
22
laundering
Blockchain &
Cryptocurrency
June 2020
1
Imagine
….
• There's a hacker who wants to
steal from a bank.
• Banks run on a centralized
ecosystem, and that itself acts
as a center point of failure.
• If the hacker can get into the
system, all the customer
information available could get
corrupted and lead to huge
losses.
• Although the hackers can be
caught, the information that is
compromised is complicated to
secure at a later stage.
• This is where technology can
make a difference. The remedy
is setting up a block using
Blockchain..
2
Introductory Concepts -
Blockchain
• Blockchain is a list of records called blocks that store data publicly
and in chronological order.
• The information is encrypted using cryptography to ensure that the
privacy of the user is not compromised and data cannot be altered.
• Information on a Blockchain network is not controlled by a
centralized authority, unlike modern financial institutions.
• The participants of the network maintain the data, and they hold
the democratic authority to approve any transaction which can
happen on a Blockchain network. Therefore, a typical Blockchain
network is a public Blockchain.
• If you are a participant in the Blockchain network, you will have
the same copy of the ledger, which all other participants have. Even
if one node or data on one particular participant computer gets
corrupted, the other participants will be alerted immediately, and
they can rectify it as soon as possible.
4
Blockchain vs current financial
system
Current Financial system Blockchain System
Central authorities (bank, RBI, Distributed network of computers (nodes)

Escrow transfer funds between that maintain a shared source of
two parties information
Multiple intermediaries and Transaction data –immutable - cannot be
record-keeping may be required modified after it is created.
to facilitate transactions in Peer to peer transactions using digital
trustworthy manner tokens to represent assets and value
5
blockchain
Step 1 – Transaction data

• The blocks on the Bitcoin blockchain consist of approximately 1 MB of data each.

• As of May 2018, approximately it counted to about 525,000 blocks, meaning
roughly a total of 525,000 MB was stored on this blockchain
• It is a giant track record of all the Bitcoin transactions that have ever occurred, all
the way back to the very first Bitcoin transaction.
• Document 1 would then chronologically describe the first transactions that have
occurred up to 1 MB, the next transactions would be described in document 2 up
to another MB, and so on. These documents are the blocks of data.
7
blockchain
Step 2 – Chaining the blocks (with a hash)

• These blocks now need to be linked (chained) together.

• To do this, every block gets a unique (digital) signature that corresponds to
exactly the string of data in that block.
• If anything inside a block changes, even just a single digit change, the block
will get a new signature.
• This happens through hashing.
What are cryptographic keys?

• A cryptographic key is a string of numbers and letters made by key
generators using very advanced mathematics involving prime numbers
8
Continued
Block 1 (1 MB)
Block 1 (1 MB)
Txn 1 : Damian – 100
100 BTC Txn 2 :
Txn 1 : Damian – 100 Bernard – 200 BTC Txn
BTC Txn 1 : George + 2 : Gerald + 200 BTC
100 BTC Txn 2 :
Bernard – 200 BTC Txn Unique Signature that correspo nds
2 : Gerald + 200 BTC with this block is X32
• Let’s say block 1 registers two transactions, transaction 1 and

transaction 2. Imagine that these transactions make up a
total of 1 MB (in reality this would be much more
transactions).
• This block of data now gets a signature for this specific
string of data. Let’s say the signature is ‘X32’.
9
Continued
• a single digit change to the data in block 1 would now
cause it to get a completely different signature
1
0
Step 2 - Continued
Txn 1 : Damian + 200 BTC

Txn 1 : Damian – 100 Txn 1 : George - 200 BTC
BTC Txn 1 : George + Txn 2 : Bernard + 300
100 BTC Txn 2 : BTC Txn 2 : Gerald - 300
Bernard – 200 BTC Txn BTC
with this block is X32 Unique Signature that corresponds
with this block is 9BZ
• Add another block to this chain of blocks.

• The signature of block 2 is now partially based on
the signature of block 1, because it is included in
the string of data in block 2.
• The signatures link the blocks to each other,
making them a chain of blocks.
10
Step 2 - Continued
11
Step 2 - Continued Block 2 (1 MB)
Block 3 (1 MB)
Block 1 (1 MB) Txn 1 : Damian - 50 BTC
Txn 1 : Damian – 100 200 BTC Txn 2 : BTC Txn 2 : Gerald +
Bernard + 300 BTC Txn 200 BTC
100 BTC Txn 2 :
Bernard – 200 BTC Txn 9BZ
Unique Signature Unique Signature
that corresponds Unique Signature that corresponds
with this block is that corresponds with this block is 74T
X32 with this block is 9BZ
• Suppose the data in block 1 is altered.

• For example, Let’s say that the transaction between Damian and George is
altered and Damian now supposedly sent 500 Bitcoin to George instead of
100 Bitcoin.
• The string of data in block 1 is now different, meaning the block also gets a
new signature. The signature that corresponds with this new set of data is no
longer X32. Let’s say it is, W10
12
Block 1 (1 MB)
Txn 1 : Damian – 500 TxnBlock
1 : Damian + 100
2 (1 MB) TxnBlock 3 (1 +MB)
1 : George 50 BTC
BTC Txn 1 : George + BTC Txn 1 : George - Txn 2 : Bernard - 200
500 BTC Txn 2 : 100 BTC Txn 2 : BTC Txn 2 : Gerald +
Bernard – 200 BTC Txn Bernard + 200 BTC Txn 200 BTC
2 : Gerald + 200 BTC 2 : Gerald - 200 BTC
Unique Signature that
corresponds with this 9BZ
block is W10 X32
Unique Signature
• The signature W10 does notUnique
match Signature
the signature
that corresponds
that
thatwas previously
corresponds
added to block 2 anymore.with this block is 9BZ with this block is 74T
• So, Block 1 and 2 are now considered no longer chained to each other.
This indicates to other users of this blockchain that some data in block 1
was altered
• Because the blockchain should be immutable, the change is rejected by
network by shifting back to the previous record of the blockchain where
all the blocks are still chained together (the record where Damian sent
100 BTC to George).
Block 3 (1 MB)
Txn 1 : Damian – 100
100 BTC Txn 2 : BTC Txn 2 : Gerald +
100 BTC Txn 2 :
Bernard + 200 BTC Txn 200 BTC
Bernard – 200 BTC Txn
2 : Gerald + 200 BTC Unique 9BZ
Signature
Unique Signature that Unique W10
Signature that corresponds
corresponds with this that corresponds
with this block is 74T
block is W10 with this block is PP4
• The only way that an alteration can stay undetected, is if all the blocks
stay chained to each other.
• This means for the alteration to go undetected, the new signature of
block 1 must replace the old one in the data of block 2.
• But if the data of block 2 changes, this will cause block 2 to have a
different signature as well.
• Let’s say the signature of block 2 is now ‘PP4’ instead of 9BZ. Now
block 2 and 3 are no longer chained together!
Block 1 (1 MB)
• Block 1 is a record of only one transaction. Thomas sends 100 Bitcoin to David.
• This specific string of data now requires a signature. In blockchain, this signature
is created by a cryptographic hash function
• A cryptographic hash function is a very complicated formula that takes any string
of input and turns it into a unique 64-digit string of output.
• You could for example insert the word ‘Jinglebells’ and using this function get the
address like :
868
• Suppose we add a period after Jinglebells, ‘Jinglebells.’ and using this function get
the address like :
B9B324E2F987CDE8819C051327966DD4071ED72D998E0019981040958FEC291
B
• If we now remove the period again, we will get the same output as before
99868
14
Block 1 (1 MB)
• A cryptographic hash function always gives the same

output for the same input, but always a different
output for different input.
• This kind of cryptographic hash function is used by
the Bitcoin blockchain to give the blocks their
signatures.
• The input of the cryptographic hash function in this
case is the data in the block, and the output is the
signature that relates to that.
15
Thomas – 100 BTC David - 100 BTC

David + 100 BTC Jimi + 100 BTC
BAB5924FC47BBA57F461
BAB5924FC47BBA57
52
F4 30DDBC5675A81AB29E2E0
615230DDBC5675A81 Signature of
block 1 gets F
AB29E2E0FF85D0C0 F85D0C0AD1C1ACA05BF
AD added to
signature of F
block 2
• Go back to example, imagine that the string of data from this block looks like this.
• Block 1 Thomas -100 David +100
• If this string of data is inserted in the hashing algorithm, the output (signature)
will be this.
16
• BAB5924FC47BBA57F4615230DDBC5675A81AB29E2E0FF85D0C0AD1C1ACA
05BF F
• This signature is now added to the data of block 2. Let’s say that David now
transfers 100 Bitcoin to Jimi. The blockchain now looks like above.
17
Thomas – 100 BTC David - 100 BTC

David + 100 BTC Jimi + 100 BTC
BAB5924FC47BBA57 BAB5924FC47BBA57F461
Signature of 52
F4 block 1 gets
30DDBC5675A81AB29E2E0
615230DDBC5675A81 added to
signature of F
AB29E2E0FF85D0C0 25D8BE2650D7BC095
F85D0C0AD1C1ACA05BF
AD block 2
D3712B14136608E096
F
1C1ACA05BFF
F060E32CEC7322D22
E 82EA526A3E5
• The string of data of block 2 now looks like
• Block 2 David -100 Jimi +100 and
BAB5924FC47BBA57F4615230DDBC5675A81AB29E2E0FF85D0C0AD1C1ACA
05BFF
• If this string of data is inserted in the hashing algorithm, the output (signature) will be this
• 25D8BE2650D7BC095D3712B14136608E096F060E32CEC7322D22E82EA526A3E5
• this is the signature of block 2.
• Hence The cryptographic hash function is used to create the digital signature for each
unique block. There is a large variety of hash functions, but the hashing function that is
used by the Bitcoin blockchain is the SHA-256 hashing algorithm.
17
• How do the signatures stop someone from simply

inserting a new signature for each block after altering
one
• Can one do a change, which goes undetected if all
blocks are properly linked, people won’t be able to tell
there was a change?
• The answer is that only hashes (signatures) that meet
certain requirements are accepted on the blockchain.
This is the mining process and is explained in step 4.
18
• A signature doesn’t always qualify. A block will only be accepted on the blockchain if its digital
signature starts with — for example — a consecutive number of zeroes. For example, only blocks with
a signature starting with at least ten consecutive zeroes qualify to be added to the blockchain.
• Every string of data has only one unique hash bound to it. What if the signature (hash) of a block
doesn’t start with ten zeroes? Then, in order to find a signature that meets the requirements for a
block, the string of data of a block needs to be changed repeatedly until that specific string of data
leads to a signature starting with ten zeroes.
• But the transaction data and metadata (block number, timestamp, et cetera) need to stay the way they are.
So, a small specific piece of data is added to every block that has no purpose except for being changed
repeatedly in order to find an eligible signature.
• This piece of data is called the nonce of a block. The nonce is a completely random string of numbers
• To summarize, a block now contains;
– 1) transaction data,
– 2) the signature of the previous block,
– 3) a nonce
• The process of repeatedly changing the nonce and hashing the block’s data to find an eligible signature
is called mining and is what miners do.
• Miners constantly change the block composition (nonce) and perform hashing it until they find an
eligible signature (output). The more computational power they have, the faster they can hash different
block compositions and the more likely they are to find an eligible signature faster. It is a form of trial
and error.
19
Block 5 (1 MB) Block 6 (1 MB) Block 7 (1 MB) Miners are

computing in
order to insert as
Transaction data Transaction data Transaction data
many random
+ Signature block 4 + 0000000P3X22A + 0000000112LLK4
+ Random nonce : + Random nonce : + Random nonce : nonces as
p##@1 p##@1 ??? possible until they
find a nonce,
which when
combined with
Hashes to signature Hashes to signature Hash needs to start rest of block data,
: 0000000P3X22A : 0000000112LLK4 with atleast 7 leads to hash
consecutive zeroes output (signature)
that starts with
atleast 7 zeroes
Nonce : needs to be a number
20
Who can participate in generating hash
• Any user on a blockchain network can participate in this process by
downloading and starting the according mining software for that
specific blockchain.
• When a user does this, they will simply put their computational
power to work in order to try to solve the nonce for a block. Here is
an example of a block of transactions that was recently added to the
Bitcoin blockchain, block 521,477:
• As you can see, the hash (signature) of this block and the hash of the previous block
both start with a number of zeroes. Finding a hash like that is not easy, it requires a
lot of computational power and time due to random nature.
21
Step 5 — How does this make the blockchain immutable ? M.
Imp.
• As discussed previously in step 3, altering a block will unchain it
from the subsequent blocks.
• In order for an altered block to be accepted by the rest of the
network, it needs to be chained to the subsequent blocks
again.
• As we see, this requires every block that comes after it to get a
new signature. And that signature needs to meet the
requirements.
• Giving all of these blocks a new signature will be very
costly and time-consuming, although it doesn’t seem
impossible on paper, it is considered impossible practically.
• For example, Let’s say a corrupt miner has altered a block of
transactions and is now trying to calculate new signatures for
the subsequent blocks in order to have the rest of the network
accept his change.
• The problem for him is, the rest of the network is also
calculating new signatures for new blocks.
22
• The corrupt miner will have to calculate new signatures for
these blocks too as they are being added to the end of the
chain. After all, he needs to keep all of the blocks linked,
including the new ones constantly being added. Unless the
miner has more computational power than the rest of the
network combined, he will never catch up with the rest of the
network finding signatures.
23
• Millions of users are mining on the Bitcoin blockchain, and
therefore it can be assumed that a single bad actor or entity on
the network will never have more computational power than
the rest of the network combined, meaning the network will
never accept any changes on the blockchain, making the
blockchain immutable.
• Once data has been added to the blockchain, it can never
be changed again.
• What if a bad actor has more computational power than the
rest of the network combined? Theoretically yes, this is
possible. It is called a 51% attack.
• In reality though, a 51% attack on the Bitcoin blockchain
would be far more costly to execute than it would yield in
return. It would require an immense amount of hardware,
cooling equipment and storage space for the computational
power.
24
Blockchain – Spread over
nodes
• Blockchain is spread over large number of computers, which are all
over the world. These computers are called nodes.
• Every time a transaction occurs it has to be approved by the nodes,
each of whom checks its validity. Once every node has checked a
transaction there is a sort of electronic vote, as some nodes may
think the transaction is valid and others think it is a fraud.
• Each node has a copy of the digital ledger or Blockchain. Each
node checks the validity of each transaction. If a majority of nodes
say that a transaction is valid then it is written into a block.
25
Step 6 — How is blockchain governed
•? The Bitcoin blockchain follows a governance model of democracy, and
therefore updates its’ record of transactions (and thus the Bitcoin balances)
according to what the majority of its’ users say is the truth.
• The blockchain protocol does this automatically by always following the
record of the longest blockchain that it has, because it assumes that this
chain is represented by the majority.
• After all, it requires the majority of the computational power to create the
longest version of the blockchain. This is also how an altered block is
automatically rejected by the majority of the network. The majority of the
network rejects an altered block automatically because it is no longer
chained to the longest chain.
• On the Bitcoin blockchain, all transaction history and wallet balances are
public (blockchain.info). Anyone can look up any wallet or transaction that
has ever occurred all the way back to the first transaction that was ever
made (on January 3rd, 2009).
• Although wallet balances can be checked by anyone publicly, the owners of
those wallets remain largely unknown. Here is an example of a wallet still
containing 69,000 Bitcoin, at the time of writing worth about roughly 500
million dollars. It was last used in April 2015, only to show no activity ever
since.
26
Principles of
blockchain
27
Principles of
blockchain
1. Distributed database
Types of databases
Centralised – One node Distributed – nodes Decentralised – nodes

does everything distribute work to sub- are only connected to
nodes peers
The database is the Blockchain and each node on a Blockchain has access to the
whole Blockchain.
No one node or computer regulates the information it contains.
Every node is able to validate the records of the Blockchain.
This is all done without one or several intermediaries in control of everything.
It is architecturally decentralized as there is no one point of failure that would bring
down the Blockchain.
28
2. Peer-to-peer P2P Transmission
Types of transmission
Centralised command Decentralised – peer to peer
& control
In line with the first principle, communication is always happening directly between peers,
rather than through some central node. Information about what is happening on the
Blockchain is stored on each node then passed to adjacent nodes. In this way information
spreads through the whole network.
3. Transparency yet pseudonymity
• Anyone inspecting the Blockchain is capable of seeing every transaction and its hash value.
• Someone using the Blockchain is able to be anonymous if they wish or they can give their
identification to others. All that you see on the Blockchain is a record of transactions
between Blockchain addresses.
• Block height is the count of how many blocks have been added to the block chain since the
first block in the chain.
• Block weight is somewhat about the size of the data in each block, but it’s not a
straightforward, simple count of how many bytes are in the block.
• Relaying company explanation :
1) Bixin - One of China's largest cryptocurrency custody and mining operators.
2) Bitfury - A cryptocurrency mining and blockchain development firm based in Japan.
Blockchain Principles -
summary
• Once the recording of a transaction is on the Blockchain and the Blockchain
has been updated, then the alteration of the records of this transaction is
impossible.
• Blockchain records are permanent, they are ordered chronologically, and
they are available to all the other nodes.
• As there are nodes throughout the world it is virtually impossible for the
entire network to be taken over by a single party.
• No one or several nodes control the Blockchain.
• All nodes are able to validate a transaction.
• All transactions occurring on a Blockchain are recorded there, so the
transactions of any person using the network are public and completely
transparent, even though they may be anonymous.
30
What is Distributed Ledger
Technology
• A distributed ledger is simply a database that exists across several locations or among
multiple participants. Most companies use a centralized database that exists in a fixed
location. But a distributed ledger removes third parties from the process, which makes
them quite attractive.
• Blockchain vs Distributed Ledger :
• Think of blockchain and distributed ledger in the same way as ‘Xerox’ and
‘Photocopy’. So blockchain is a type of Distributed ledger, but it is so popular that it is
engrained in minds of people as what the product actually is.
Blockchai Distributed Ledger Technology
n (DLT)
• A form of DLT comprising of • A record of consensus maintained & validated by
immutable, digitally recorded multiple parties/nodes.
data stored in packages called • A way to construct a ledger in a distributed way to
blocks. achieve consensus among participants who don’t
• Uses cryptography to make it trust each other.
hard for a malicious user to • Records new information in real time, only adds
manipulated the results in his entries if consensus among paticipants is
favour confirmed.
• All Distributed ledgers do not • Every entry is automatically time-stamped using a
necessarily employ blockchains. unique cryptographic signature.
31
Important concepts related to DLT - Smart contracts
• A self-executing contract trigger when pre-specified real-word conditions are met

and data confirming the event(s) is fed into the blockchain.
• Consists of programmable transaction protocol that defines the business terms of the
contract, and legal prose
• computer code constitutes part of the binding legal agreement between the parties
and is therefore also legally binding.
• Ethereum is an open-source blockchain platform that not only accepts smart contract
functionality, but also allows developers to write their own programs (i.e., write their
own smart contracts)
• Helps users create new decentralized applications (dapps) on top of the existing
platform.
• Smart contracts, then, are the building blocks for new solutions, business success,
and, most important, increased consumer trust.
32
1. Payment processing and money transfers : with banks playing a central role
removed from the equation, and validation of transactions ongoing 24 X 7, most
transactions processed over a blockchain can be settled within a matter of seconds.
2. Monitor supply chains :
• By removing paper-based trails, businesses should be able to pinpoint
inefficiencies within their supply chains quickly, as well as locate items in
real time.
• Allow businesses, and possibly even consumers, to view how products
performed from a quality-control perspective as they traveled from their place
of origin to the retailer.
3. Digital IDs : More than 1 billion people worldwide face identity
challenges. Blockchain would give users a way to control their digital identities. This
would allow folks in impoverished regions to get access to financial services, or start
their own business, as an example.
4. Digital Voting : Blockchain offers the ability to vote digitally, but it's transparent
enough that any regulators would be able to see if something were changed on the
network. It combines the ease of digital voting with the immutability (i.e.,
unchanging nature) of blockchain to make your vote truly count.
33
5. Real estate, land, and auto title transfers : Blockchain takes paper out of the
equation. Paper trails are often a source of confusion. If you're buying or selling
land, a house, or a car, you'll need to transfer or receive a title. Instead of handling
this on paper, blockchain can store titles on its network, allowing for a transparent
view of this transfer, as well as presenting a crystal-clear picture of legal ownership.
6. Tax regulation and compliance : Companies can use blockchain as a means to
record their sales and demonstrate to lawmakers that they're abiding by local, state,
and/or federal laws. They provide clear record for the IRS that they've paid their fair
share of taxes to the federal government, assuming they're profitable.
7. Medical recordkeeping
In addition to storing patient records, the patient, who possesses the key to access
these digital records, would be in control of who gains access to that data. It would
be a means of strengthening the laws that are designed to protect patient privacy.
8. Equity trading
At some point, blockchain could rival or replace current equity trading platforms to
buy or sell stocks. Because blockchain networks validate and settle transactions so
quickly, it could eliminate the wait time investors encounter when selling stock(s)
and seeking access to their funds for the purpose of reinvestment or withdrawal.
.
34
Blockchain
CryptoDigest shows that there are eight countries working with blockchain technologies
trying to improve different industries
USA . It has over 40% of total blockchain startup market. Just like the internet boom,
the USA is leading the way in the smart economy. USA is a major player in the
blockchain and cryptocurrency ecosystem.
Singapore. The country’s central bank could be the first one to offer a national digital
currency based on blockchain technology. At the moment, there is a project that is
called UBIN which is led by the Monetary Authority of Singapore and that it would use
DLT for the clearing and settlement of payments.
South Korea. Although the country has banned Initial Coin Offerings (ICOs) in the
country and imposed some regulations on crypto exchanges, the Bank of Korea is trying
to implement a blockchain solution to replicate Interbank payments and settlement.
England has CryptoDigest included in the list. The Bank of England is one of the
banks that is analysing the possibility of issuing a Central Bank Digital Currency
(CBDCThe UAE is also working in Dubai in order to create a blockchain-based city.
The proposal is known as Smart Dubai. His goal is to make Dubai the first city fully
powered by Blockchain in 2020.
35
Blockchain
China, the second largest economy in the world after the United States is using
blockchain technology as well. Even when the country has banned virtual currencies and
Bitcoin, in 2017, China filed the largest amount of blockchain-related patents in the
world.
Japan is also known as a very open country towards digital assets and virtual currencies.
Although the Financial Services Agency (FSA) in the country has implemented different
regulations to control the market and its participants, the country is very open to new
technologies and cryptocurrencies.
Switzerland. The Swiss State-run postal service and the telecom services have presented
their initiative to create a completely private Swiss blockchain. Moreover, Swiss’s SIX
Exchange was the first exchange in Europe that had a cryptocurrency ETF approved –
called HODL. The Swiss banking system are also exploring blockchain technologies in
order to improve their services.
36
Limitations and
vulnerability
• Any Blockchain network largely depends on the amount of active users within it. In
order to operate to its full potential, a network has to be a robust one with a widely
distributed grid of nodes.
• Moreover, there is no Blockchain network in existence that could sustain the same
amount of transactions as major card issuers like Visa or MasterCard do. As of 2017,
Blockchain still has a very long way to go before it will be capable of replacing the
giants of the financial world.
• Finally, there is always a theoretical possibility of a large-scale capture of any given
Blockchain network. If a single organization will somehow manage to gain control
of the majority of the network’s nodes, it will no longer be decentralized in the full
sense of the word.
37
Cryptocurrency
As on 07-jun-2020
38
What is Cryptocurrency
?• A cryptocurrency is a digital currency.
• A cryptocurrency is one medium of exchange like traditional currencies such as USD
• It is designed to exchange the digital information through a process made possible by
certain principles of cryptography.
• The holder of the cryptocurrency has ownership.
Bitcoin :
• It is presently the dominant cryptocurrency of the world.
• Bitcoin was launched in 2009 by an unknown person called Satoshi Nakamoto.
• Bitcoin is a Peer-to-Peer technology which is not governed by any central authority or
banks.
• Currently, issuing Bitcoins and managing transactions are carried out collectively in
the network.
• It is open source and designed for the general public means nobody owns the control
of the Bitcoin.
• Anyone can use bitcoin without paying any process fees. If you are handling Bitcoin,
the sender and receiver transact directly without using a third party.
• https://coinmarketcap.com/currencies/bitcoin/
39
Cryptocurrency updates in India
• The Reserve Bank of India had virtually banned cryptocurrency trading in India as in
a circular issued on April 6, 2018, it directed that all entities regulated by it shall not
deal in virtual currencies or provide services for facilitating any person or entity in
dealing with or settling those.
Regulated entities that were already providing such services were told to exit the
relationship within three months.
• However, in March 2020, The Supreme Court on Wednesday struck down the curb on
cryptocurrency trade in India saying that the order lifted ban on trading in virtual
currency, cryptocurrency and bitcoins.
• Bitcoin, the most valued cryptocurrency in the world was at approx. $9200 and the
market cap of the currency stood at $118 billion as of April 2020.
• CoinDCX, which claims to be India’s largest crypto exchange, says it has seen a
sharp rise in users and trading volumes after the SC judgment. “We saw nearly a 10x
spike in sign-ups, post the Supreme Court judgment. The BTC/INR (Bitcoin to
Indian Rupees) trading pair has seen 78.36% growth in the past 50 days as reported
in end of April,2020.
40
How does cryptocurrency work ?
BlockChain and Bitcoin:
The blockchain is the technology behind Bitcoin. Bitcoin is the digital token, and
blockchain is the ledger that keeps track of who owns the digital tokens. You can't have
Bitcoin without blockchain, but you can have blockchain without Bitcoin.
Other prominent cryptocurrencies (totally over 2000 currencies)
• Ethereum
• Bitcoin Cash
• Ripple
• Litecoin
• Cryptocurrency is a form of payment that can be exchanged online for goods and
services. Many companies have issued their own currencies, often called tokens, and
these can be traded specifically for the good or service that the company provides.
Think of them as you would arcade tokens or casino chips. You’ll need to exchange
real currency for the cryptocurrency to access the good or service.
41
Why are they so popular
• Supporters see cryptocurrencies such as bitcoin as the currency
of the future and are racing to buy them now, presumably before
they become more valuable
• Some supporters like the fact that cryptocurrency removes
central banks from managing the money supply, since over time
these banks tend to reduce the value of money via inflation
• Other supporters like the technology behind cryptocurrencies,
the blockchain, because it’s a decentralized processing and
recording system and can be more secure than traditional
payment systems
• Some speculators like cryptocurrencies because they’re going
up in value and have no interest in the currencies’ long-term
acceptance as a way to move money
42
Are they a good investment ?
• Cryptocurrencies may go up in value, but many investors see them as mere speculations, not real
investments. The reason? Just like real currencies, cryptocurrencies generate no cash flow, so for you to
profit someone has to pay more for the currency than you did.
• Legendary investor Warren Buffett compared bitcoin to paper checks: “It’s a very effective way of
transmitting money and you can do it anonymously and all that. A check is a way of transmitting money
too. Are checks worth a whole lot of money? Just because they can transmit money?”
• To see cryptocurrencies such as bitcoin as the currency of the future, currency needs stability so that
merchants and consumers can determine what a fair price is for goods.
• Bitcoin and other cryptocurrencies have not been stable through much of their history. For example,
while bitcoin traded at close to $20,000 in December 2017, its value then dropped to as low as about
$3,200 a year later. In May 2019 it topped $8,000.
43
How to buy
Cryptocurrency
• While some cryptocurrencies, including bitcoin, are available for purchase with
U.S. dollars, others require that you pay with bitcoin or another cryptocurrency.
• To buy cryptocurrencies, you’ll need a “wallet,” an online app that can hold your
currency. Generally, you create an account on an exchange, and then you can transfer
real money to buy cryptocurrencies such as bitcoin or ethereum.
• Coindcx claims to be India’s largest cryptocurrency trading exchange where you can
create both a wallet and buy and sell bitcoin and other cryptocurrencies.
Are cryptocurrencies legal
• They’re legal in the United States, though China has essentially banned their use, and
ultimately whether they’re legal depends on each individual country.
• Also be sure to consider how to protect yourself from fraudsters who see
cryptocurrencies as an opportunity to cheat investors.
44
How does cryptocurrency work
Blockchain network and Cryptocurrency
• The transaction is known almost immediately by the whole network. But only after a
specific amount of time it gets confirmed.
• Confirmation is a critical concept in cryptocurrencies. You could say that
cryptocurrencies are all about confirmation.
• As long as a transaction is unconfirmed, it is pending and can be forged. When a
transaction is confirmed, it is set in stone. It is no longer forgeable, it can‘t be reversed,
it is part of an immutable record of historical transactions: of the so-called blockchain.
• Only miners can confirm transactions. This is their job in a cryptocurrency-
network. They take transactions, stamp them as legit and spread them in the network.
After a transaction is confirmed by a miner, every node has to add it to its database. It
has become part of the blockchain.
• For this job, the miners get rewarded with a token of the cryptocurrency, for example
with Bitcoins. The miner‘s activity is the single most important part of the
cryptocurrency-system.
• compensation for mining: "The amount of new bitcoin released with each mined
block is called the "block reward." The block reward is halved every 210,000
blocks or roughly every 4 years. In 2009, it was 50. In 2013, it was 25, in 2018 it
was 12.5, and sometime in the middle of 2020, it will halve to 6.25". Source :
https://www.investopedia.com/terms/b/bitcoin-mining.asp.
47
Summarised Explanation of basic
flow
48
How does cryptocurrency work -
Appendix
What is cryptocurrency mining?
Principally everybody can be a miner. Since a decentralized network has no authority to
delegate this task, a cryptocurrency needs some kind of mechanism to prevent one ruling
party from abusing it. Imagine someone creates thousands of peers and spreads forged
transactions. The system would break immediately.
So, Satoshi set the rule that the miners need to invest some work of their computers to
qualify for this task. In fact, they have to find a hash – a product of a cryptographic
function – that connects the new block with its predecessor. This is called the Proof-
of- Work. In Bitcoin, it is based on the SHA 256 Hash algorithm.
It‘s only important you know that it can be the basis of a cryptologic puzzle the miners
compete to solve. After finding a solution, a miner can build a block and add it to the
blockchain. As an incentive, he has the right to add a so-called coinbase transaction that
gives him a specific number of Bitcoins. This is the only way to create valid Bitcoins.
Bitcoins can only be created if miners solve a cryptographic puzzle. Since the difficulty of
this puzzle increases the amount of computer power the whole miner’s invest, there is only
a specific amount of cryptocurrency token that can be created in a given amount of time.
This is part of the consensus no peer in the network can break.
49
Thank you
50
Session No. : 21 - 30
Topic Discussed : Fintech Project Management
Session Takeaways : Working in FinTech companies
FinTech and managing projects & Improved Customer Experience - Application of

Dashboarding and other tools for Data visualization; Tableau as a tool for business
proposals; Agile methodology - creative and agile FinTech solutions
Managing Fintech Projects

The term project refers to a temporary endeavour that is intended to produce a unique product
within a predetermined period of time. Projects are usually undertaken to meet unique goals
of adding value to an enterprise. Project management involves planning, initiating, executing
and controlling a team’s work to meet specific goals and success criteria. Finance institutions
have discovered the importance of incorporating financial technology into their operations
including project management. This has given rise to fintech project management. As part of
our introduction to fintech project management, we bring you some of its salient
characteristics.
Wide Possibilities
There is more to fintech projects than just functional design and delivery. You need to give
yourself sufficient time to reflect as this will help you in broadening the horizons.
Consequently, you will end up discovering new possibilities that you would not have
otherwise discovered. A fintech project should, therefore, have a discovery phase involving
workshops, focus groups, market research and product reviews.
Flexibility
Fintech project management makes it possible to deliver a complex project in an agile way.
To achieve this capability, you will need to take some time and learn from experiences of
others including the best practices that they apply in fintech project management.
Requires Cooperation among Experts

Fintech project management is not one of the things that can be done by people with a single
expertise as it is naturally multidisciplinary. More importantly, the essence of an agile project
management is to iterate, which means that the processes of testing and verification take
place throughout the entire project. As such, you must have different skill-sets. You have to
resist the urge to deploy business-only or IT-only teams. You will need a professional from
almost all departments of your firm including IT, Marketing, business development, and
innovation.
Page 51 of 451
Priority of Customer Journey
In fintech project management, customer journey should be properly defined. As opposed to
having a detailed an in-depth list of project requirements, prototypes and mockups are used to
communicate each step of a user journey to the team members. At the critical path
identification stage, you will need to balance schedule, scope, and cost. Above all, you must
ensure that all the steps contribute to satisfying the customer journey as defined earlier in
your project. In other words, you need to incorporate potential users from an early stage and
do so throughout the process.
Must be properly phased

Good project management has the potential of speeding up iteration and decreasing time-to-
market. Therefore, planning a well-phased project that is achievable is of great significance.
In developing agile fintech projects, you will need classic project management techniques
such as capacity based scheduling, critical path calculations, and risk analysis.
Creating a Positive Vendor Relationship is Essential

It is not enough that your project is up and running. Much more remains to be done to create
a positive vendor relationship. At this stage, coaching, team leadership, and emotional
intelligence become critical. You will require leaders as opposed to bosses to steer the
project.
Read More https://techbullion.com/managing-fintech-projects-introduction-fintech-project-
management/
Fintech Project in a Banking

Industry
1. Fintech is powerful and most of the times you have huge web traffic. Even otherwise, one
big mistake can be fatal because it is regulated and in the age of social media, people use it if
they find anything wrong.
2. Due to the above, it is very important for the projects team to understand some financial
basics. Before beginning any development work, I would highly encourage sessions where
the team does explorations with domain experts on learning the same.
3. Banking regulations will pose deadlines too, which are usually non-negotiable because the
government sets them. So, while agile doesn't like the concept of deadlines, this is where we
need to bring in the risk management hat of waterfall. Make risks visible to your management
and document it so that people know. Get your PO to prioritize (which could be making hard
decisions to drop requirements) should such a situation arise.
4. We did a lot of MVP i.e. minimum viable product planning in order to figure out the
number of sprints it would take us to deliver a feature. It helped the team to understand the
big picture and drove better conversations leading to better requirements. Your estimates will
improve over time but this is important so that you don't commit to an unreasonable date.
Page 52 of 451
5. Always have cards that capture your production and post-production monitoring efforts
because a customer complaint could mean that you might have to put in a hotfix or rollback a
release. Invest in the due diligence part and you would see better results.
6. Due to the sheer volume of traffic, fintech industry especially is always on the forefront of
technology, which means that spikes, hackathons etc. would be necessary for exploring
technology.
7. Other than the above, it is all standard practice that you see in the books. But, again you
would have to figure out what works for your team and tweak it based on the organization.
Case study on Bank of

America: How robots help
serve and protect the bank
Robotic process automation (RPA) is a crunch technology that is relatively easy and
quick to implement and promises a strong return-on-investment (ROI), but a recent
string of failed RPA projects across the industry has us all resetting our expectations.
Launches and pilot projects have become stuck for several reasons – all of which can be
avoided.
It starts with the misuse of the word “process” in robotic process automation. Robots are
purposely designed to automate tasks, not to fix end-to-end business processes. Pedantic but
an important distinction, because the automation of manual tasks is critical to the
streamlining and improvement of end-to-end processes.
• Bank of America’s RPA programme is successful because it is predicated on strong
governance and advanced planning, with the ability to make simple changes through
development, testing, and when the robot is in production.
• In a bank of this size, there are many potential areas that would benefit from the
automation of repetitive tasks that are currently carried out manually. Bank of
America has established best practice business and technology criteria that filter and
prioritise use cases.
• Bank of America recognises that RPA is a tool within a tool box. Alone, it will not
modernise the bank’s processes, but layered on top of a robust foundation it can
automate and streamline current burdensome and inefficient processes.
Page 53 of 451
Introduction
Bank of America deployed robots in a challenging environment across multiple use cases,
resulting in cost efficiencies, increased productivity, and reduced risks. For a large incumbent
bank, Bank of America shows that a culture of innovation, spread across many parts of a
large and complicated organisation, can yield impressive results.
Table 1 gives an overview of the bank.
Since 2010, Bank of America has invested roughly $25 billion in new technology initiatives.
Investment is driven by operational excellence – creating efficiency and investment in the
future. This includes the reworking of the bank’s major systems and adding innovative
capabilities, while also building an internal cloud and software architecture for maximum
efficiency and speed to market. Part of the reworking is the upgrade of integration across
systems and investment in robotic process automation.
Opportunity
RPA has become a go-to technology across the banking industry. At its simplest, it’s the next
generation of automation tools: the application of software-coded scripts governed by
business logic and structured inputs that mimic routine user tasks such as interpreting
interfaces, transforming data, and initiating and responding to events. At its most complex, it
Page 54 of 451
is smart automation powered by algorithms and decision-making, based on machine learning
and synthesis of large data-sets.
Figure 1 shows the degrees of automation complexity aligned to process complexity. AI-
powered RPA is the Holy Grail of process automation. It automates tasks that require
algorithms and language interaction on processes of large amounts of unstructured data.
Examples of suitable use cases for AI-powered RPA are trade surveillance and
communications, transaction triage and data analysis, and the closure of batch false positives.
Most banks that have initiated RPA projects fall in the first column and have deployed a basic
task robot, while a handful of leading banks have deployed meta-task robots to automate
tasks across more complex and scalable processes by leveraging application programming
interfaces (APIs).
Although Bank of America only uses task and meta-robots, it has put in place a program that
will quickly expand the use of RPA in-house across the front, middle, and back office
functions and sets up the bank to be able to introduce machine learning and AI techniques.
RPA is proving to be a good jump-off point for the use of AI. There are numerous functions
across Bank of America where decisions are reached through data-intensive processes and
highly manual repetitive tasks. The bank prioritised RPA as an enabler of business
transformation across customer servicing operations, regulatory compliance, and foreign
money transactions.
The sponsor of the RPA initiative is Bank of America’s executive for consumer and shared
services operations technology group, Prasanna Gopalkrishnan, and the stated objectives are:
1. Create more reliable and consistent experience for customers and clients.
2. Improve transparency with regulators.
3. Increase efficiency and speed-to-market of services and products.
4. Reduce operational risk.
5. Improve and reduce the cost-to-serve.
6. Build capability to expand RPA use cases across business areas.
Page 55 of 451
7. Gain knowledge to responsibly move to machine learning and AI-powered RPA.
8. Continue to build expertise in Agile methodologies to implement new process
quickly and securely.
Solution
Bank of America worked with Pegasystems and deployed its Pega Robotic Automation
solution. The solution features robots that interpret applications for processes that involve
manipulating data, executing transactions, triggering responses, and handling exceptions. It
has a non-invasive object-level integration that equips the bank to bridge legacy systems,
close data integration gaps, and wrap legacy system integrations, without making changes to
their underlying technology. Using an event-driven approach to automation it integrates with
business process management and case management to improve straight through processes
and operational efficiencies.
A management console allows the user to orchestrate, manage, and prioritise the queuing of
work and processing activity of the software robots. Dashboards, reports, and drill-downs
monitor robot health, work status, service-level agreement (SLA) compliance, and auditing.
Automation authoring has a visual design surface that makes it easy for Bank of America to
create workflows and apply business rules through shapes, or by recording workflows. The
ability for businesses across the bank to implement simple changes without having to engage
IT represents a considerable saving to the bank. This is particularly important in areas where
laws and guidelines are subject to frequent change.
So far, Bank of America has implemented RPA across the following operations, and it
intends is to continue to grow the programme:
• Mortgage and vehicle servicing.
• Enterprise Shared Services for exceptions.
• Servicing customers for mortgage and card disputes.
• Foreign money transaction operations and global payments operations.
RPA is most suited to high-volume throughput of structured data, with a clear processing
flow that is driven by business rules and does not change frequently. In the most basic case,
the employee receives inputs, examines those inputs, applies a rule to them, with no
discretion in this scenario, and then sends the output forward to the next step in the process.
The “yes” decision and prioritisation of use cases is made jointly by the business group and
by the shared services operations team, which acts as the gatekeeper to what is a practical use
case. It is the intent of Bank of America to continue to grow the program and add more robots
where there is a business case and the process meets the criteria of the program. Technology
qualification requirements for a “Yes” decision are based on the complexity of the following
components:
1. Activities to be automated.
2. Processes.
3. Data.
4. Transaction volume.
5. Technology compatibility.
6. Scalability
Page 56 of 451
Project team and milestones
The project was run by Bank of America’s global technology & operations organisation and
involved multiple stakeholder and team members from mortgage and vehicle servicing
operations, consumer banking, global information security, and enterprise architecture
groups.
The project took 18 months from the idea’s inception to production, and the formal project
kick-off was in 2016. Figure 2 shows the chronology of RPA deployments by the bank.
The fast-paced nature of RPA requires agility, accuracy, and flexibility. The shared
operations services team quickly realised that Agile methodologies for development, testing,
and deployment of the robots would be the best approach to managing the program. Agile
provides full visibility, enables flexibility of constructing software code, and keeps the
management of risk at the forefront. Agile also drives short development cycles that deliver
incremental, iterative work sequences that work well with the structure of RPA technology.
The use of strong security and deployment model along with Agile deployment practices led
the team to make the decision to patent its intellectual property around its lifecycle approach.
Furthermore, through the initiative, Bank of America has developed internal knowledge and
expertise of RPA techniques that will play well with new AI techniques such as machine
learning.
Results, lessons learned and future plans
Bank of America has derived substantial benefits from the ability to reuse RPA, components,
design, and methodologies across businesses and different use cases. As a lightweight tool
that pulls from the presentation layer of information systems, it does not carry the same risks
of full system implementations.
The deployed robots directly integrate into existing infrastructure and don’t require invasive
actions to any of the bank’s underlying systems. It doesn’t touch the business logic of the
system or the data access layer, and investment levels required are much less than would be
needed for full system integration.
Page 57 of 451
The results have simplified its operating environment and improved productivity and
efficiency. Its ease of use has meant that business users are trained to configure scripts, and
this has reduced the costly dependency on the bank’s IT group for implementation and
support. Where robots are in operation the bank has seen a marked improvement in customer
service, risk management, and cost reductions.
Immediate qualitative benefits include:
Greater consistency, speed, and accuracy of key processes across mortgage and vehicle
servicing. For example, the bank has implemented higher standard servicing routines for
bankruptcy hold removals, payoff and reinstatement requests, and CRM for loan modification
activities.
Within foreign cash operations and global payments operations, RPA has automated wire
repaid exceptions and verifications, and data collection for potential anti-money laundering.
Again, improving standards, consistency, and speed of operations. Importantly, the ability to
extract and manage large amounts of data has lowered the number of anti-money laundering
false positive alerts.
Automating dispute resolutions for mortgage disputes on credit reports, as well as credit card
disputes, has improved the experience of its customer, and improved operational efficiencies
of the department.
Metrics from the RPA project have also been substantial, and continued improvement of key
measurements is expected.
Immediate quantitative benefits include:
• The bank achieved 95% of targeted benefits under budget.
• Within its Enterprise Shared Operations Services group, RPA deployment has reduced
manually worked exceptions by 95% and aged exceptions of more than 15 days by 70%.
This has resulted in a 40% reduction in manual repairs/workarounds, and defects per
million fell from 30 to 0.
• RPA across mortgage and vehicle servicing has reduced the average time taken to
service 4,000 cases per month from 20 minutes per case to 4 minutes: 1,975 cases were
reduced from 5 minutes to real time, and 5,302 cases were reduced from 2 minutes to
real time. This has led to an 89% reduction in the need for manual reviews. The
improvement in the mortgage and vehicle services functions was delivered via a single
robotic desktop automation for about 300 user desktops. It also reduced per-call
savings (24,000 calls per month) by 20%.
• Operational saves per automation including business user self-serve coding capabilities
have produced cost savings of $100,000 per code request and $350,000 per code
change.
• RPA has reduced customer service call time by 10–15% and ensured compliance.
• Operating hours are far more predictable, and therefore service hours are more
manageable, which has led to a reduction in overtime required.
• Notable improvement in error rates by up to 95% manual exceptions on a weekly
average.
Future plans
Page 58 of 451
Bank of America believes its initiative has positioned the bank to introduce more advanced
technologies such as machine learning and advanced analysis to power its robots. AI-
powered RPA is the next stage in the evolution of process automation. Smart process
automation (SPA) joins robotics with artificial intelligence (usually machine learning) to
enable the automation of workflow tasks that currently require inference and decisions, truly
allowing its employees to focus on high-value activities.
Summary
The scope of Bank of America’s initiative is by its nature very large and complex. It was a
work in progress to identify potential RPA use cases. Starting from a blank sheet, the Shared
Operations Services team was able to plan with strong governance and project management
excellence in mind. Adopting such an approach has meant that Bank of America avoided the
common pitfalls we are seeing across the first flurry of RPA proofs of concept and launches
in banking — poor governance, lack of planning, skunk work, prescriptive controls at launch
of the automation initiative, and one-size-fits-all projects. Moreover, the use of Agile
methodology is far better suited to RPA than the Waterfall approach. It has created the ability
for easy configuration and code changes in an iterative and visible approach.
Bank of America has positioned itself to continue the roll-out of robotic process automation
in an efficient, streamlined manner with low risk, and the bank is setting itself up for the
same approach to the introduction of more advanced machine learning and AI techniques.
https://www.fintechfutures.com/2019/11/case-study-on-bank-of-america-how-robots-help-
serve-and-protect-the-bank/
Page 59 of 451

Fin Tech 1 To 30

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Fin Tech 1 To 30

Uploaded by

Copyright:

Available Formats

Introduction to Fintech

The domain of fintech is expected to continue to pay

Source : Economic Times, 4

Feature Banks NBFCs FinTech

Paperwork Involved High Medium Low

Specialized Products Rarely Frequently Frequently

Process Step Banks NBFCs FinTech

These digital platforms take on the

small ticket loan

FY 17-18 Qtr 1 FY 18-19 Qtr 2

Source : Economic Times 33

• Aggregators: Front end to various FI

We are on the threshold of

• What is an escrow account?

Issuance of e-insurance Policies Regulations:

• Insurance Web Aggregators Regulations to supervise and monitor such entities

• 4 Major areas of focus

Aadhaar Authentication Trend

• What is an electronic signature?

Central authorities (bank, RBI, Distributed network of computers (nodes)

Transaction data 1 Transaction data 13 Transaction data 28

• The blocks on the Bitcoin blockchain consist of approximately 1 MB of data each.

Transaction data 1 Transaction data 13 Transaction data 28

• These blocks now need to be linked (chained) together.

What are cryptographic keys?

• Let’s say block 1 registers two transactions, transaction 1

Txn 1 : Damian + 200 BTC

• Add another block to this chain of blocks.

• Suppose the data in block 1 is altered.

Unique Signature that

• A cryptographic hash function always gives the

Block 1 (1 MB) Block 2 (1 MB)

Thomas – 100 BTC David David - 100 BTC

• How do the signatures stop someone from simply

Block 5 (1 MB) Block 6 (1 MB) Block 7 (1 MB) Miners are

Nonce : needs to be a number

Centralised – One node Distributed – nodes Decentralised – nodes

Blockchain Distributed Ledger Technology (DLT)

• A self-executing contract trigger when pre-specified real-word conditions are met

Cyberwarfare: A state-on-state action equivalent to an armed attack or use of force in

Development of new technology opens up new avenues for cyberattacks, making

*”Trust in today’s digital world means everything”

Advisory organizations are promoting a more proactive and adaptive

Changes from the draft bill:

• Options are available to cover incident response services, first-party

Protection and accountability principles:

1. Money Laundering – Brief Intro

Long term visibility is hazy….

Recommendation : Improper choice of VCs could compound problems; those with

Fast With Stable

Fast With Stable

• The lending market is an overcrowded market

1.1 What is FinTech

The domain of fintech is expected to continue to pay

Source : Economic Times, 4

Feature Banks NBFCs FinTech

Paperwork Involved High Medium Low

Specialized Products Rarely Frequently Frequently

Process Step Banks NBFCs FinTech

These digital platforms take on the

• The fintech space growth has been powered by the

small ticket loan

FY 17-18 Qtr 1 FY 18-19 Qtr 2