STRUCTURE OF NOTW

INTRODUCTION: WHAT IS A NEOBANK?

I. Co-Branded Cards and PPIs

Debit, Credit and Corporate Cards

Regulatory Framework for Co-Branded Cards

Approval requirement for issuance of Co-Branded Cards

Banks

NBFCs

Conditions for Issuance of Co-Branded Debit/Credit Cards

‘Prominent display’ of Bank’s branding in Co-branded Cards

Marketing of Co-branded Cards

Liability of the Card Issuer

Limitation on Neo-banks’ role as Co-Branding Partners

Issuance of virtual cards without physical cards

PPIs and PPI Cards

Regulatory Framework for PPI

Types of PPIs

Approval and eligibility requirement for issuance of Co-Branded PPIs

Banks

Non-Bank Entities (NBFCs/FinTech entities)

Issuance of PPI through virtual or physical cards.

Conditions for issuance of co-branded PPIs and PPI Cards
Prominent display of Bank/Neobank’s branding on Co-Branded PPIs
Liability of PPI Issuers
Limitation on the role of co-branding entity
Interest on PPIs

II. Outsourcing by Banking Services

Outsourcing by Banks

Services permitted to be outsourced

Liability of the Bank for outsourced services
Issuance of Co-branded cards
Responsibilities of the Bank outsourcing services
Internal Audit of Outsourced Activities
Enhanced Scrutiny on Sub-Contractors
Outsourcing by NBFCs
Disclosure requirement for outsourcing within a Group/Conglomerate

III. Digital Lending by Neobanks and Role of NBFCs

Regulatory Framework for digital lending

Disclosure requirements with regard to Loan Agreement and Lending Partner

Fair practice compliance for recovery of debt

Prepaid Cards loaded through Credit Lines

Regulation of BNPL market: Report of Working Group

IV. Payment Gateway Services and Payment Aggregators

Regulatory Framework for Payment Gateways and Payment Aggregators

Approval requirement for undertaking PA Business

Banks

Non-Bank Entities (Neobanks)

Eligibility requirement for authorisation

MoA must entail proposed activity of operating as PA

Capital Requirements
Fit and Proper Criteria for Promoters of PA
Disclosure of Takeover/Acquisition
Grievance Compliance – Appointment of Nodal Officer

Board Approved Policies and reporting requirement

Tokenisation of Card Details 

Outsourcing of Services by PA

V. Escrow Account
Payment Aggregators

Regulatory framework

Creation of Escrow Account

Settlement of Funds through Escrow Account
Management of funds

Compliance requirement for PA and Bank.

Interest on core portion.
Reporting requirements for PA.

Prepaid Payment Instruments

Regulatory framework
Settlement of funds through Escrow Account
Onward payment undertaking from E-commerce platforms

Reporting requirements for non-bank PPI user

VI. Investments
Fixed Deposits and Recurring Deposits
Mutual Funds and Model Portfolios
 DESCRIPTION OF REGULATIONS

1. Master Direction – Credit Card and Debit Card – Issuance and Conduct
Directions, 2022 dated April 21, 2022.1

The Card Directions cover the general and conduct regulations relating to credit, debit
and co-branded cards. It is applicable to SCBs, UCBs and NBFCs with a net worth
and net owned fund of over 100 crores. It covers the eligibility criteria for issuance of
debit, credit and co-branded cards, governance-framework for issuance of such cards,
co-branding arrangement, closure of cards, interest rates and other charges. Data
sharing restrictions, intimation to customers before reporting default to credit bureaus
also forms part of the regulations. 

2. Guidelines for issue of debit cards by banks dated December 12, 2012.2

The Debit Card Guidelines are applicable to banks that issue debit cards. It inter alia,
broadly provides guidelines for issuance of debit cards and co-branded cards to
customers, KYC compliance, interest payment, security aspects, reporting
requirements and grievance mechanism.

3. Master Circular on Credit Card Operations of banks dated Jule 2, 2007.3

This circular provides a framework of rules/regulations/standards/practices to the

credit card issuing banks/NBFCs for their credit card business and ensure that these
are in alignment with the best customer practices. It lays down the basic features of
credit cards and its associated operations such as issuance of credit card, fair practice
conduct, protection of customer rights, interest rates and monitoring systems.

4. Master Direction - Non-Banking Financial Company - Systemically Important

Non-Deposit taking Company and Deposit taking Company (Reserve Bank)
Directions, 20164

These NBFC-NDSI directions are applicable to non-deposit taking and deposit taking
NBFCs having total assets of ₹500 crore and above. It inter alia regulates the capital
requirement, prudential requirements, fair practice code, governance issues and
provides specific directions to NBFC-F, IDF-NBFC, NBFC-MFIs.

5. Master Direction - Non-Banking Financial Company – Non-Systemically

Important Non-Deposit taking Company (Reserve Bank) Directions, 20165

These NBFC ND-NSI directions are applicable to non-deposit taking NBFCs having
1
https://rbidocs.rbi.org.in/rdocs/notification/PDFs/
92MDCREDITDEBITCARDC423AFFB5E7945149C95CDD2F71E9158.PDF
2
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=7743&Mode=0
3
https://www.rbi.org.in/scripts/BS_CircularIndexDisplay.aspx?Id=3646
4
https://rbidocs.rbi.org.in/rdocs/notification/PDFs/45MD01092016B52D6E12D49F411DB63F67F2344A4E09.PDF
5
https://rbidocs.rbi.org.in/rdocs/notification/PDFs/MD44NSIND2E910DD1FBBB471D8CB2E6F4F424F8FF.PDF
 its total asset below ₹500 crore. Similar to the NBFC-NDSI, it regulates the capital
requirement, prudential requirements, fair practice code, governance issues and
provides specific directions to NBFC-F, IDF-NBFC, NBFC-MFIs.

6. Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial

Services by banks dated November 3, 20066

The Bank Outsourcing Guidelines address the risks that bank would be exposed to in
a milieu of growing outsourcing activity and to ensure that the bank concerned and
the Reserve Bank of India have access to all books, records and information available
with service provider. The guidelines also cover issues relating to safeguarding of
customer interests. It thus outlines the activities that cannot be outsourced, Bank's role
and regulatory and supervisory requirements, risk management protocol, T&C for
outsourcing agreement, offshore outsourcing, monitoring and reporting requirements.

7. Issuance and Operation of Pre-paid Payment Instruments in India (Reserve

Bank) Directions, 2009 dated April 27, 2009.7

These guidelines lay down the eligibility criteria and the basic conditions for payment
system operators involved in the issuance of Pre-paid Payment Instruments. It broadly
covers the eligibility criteria, exemptions, capital requirement, KYC requirement,
issuance and reloading of PPIs and protection of customer issues.

8. Reserve Bank of India (Issuance and Operation of PPI) Directions, 2017 dated
October 11, 2017 which stands updated vide Reserve Bank of India Master
Directions on Prepaid Payment Instruments, 2021 dated November 12, 2021.8

The PPI Directions collectively with MD-PPI provide a framework for authorisation,
regulation and supervision of entities (bank and non-bank) operating payment systems
for issuance of PPIs and is applicable to Prepaid Payment Instrument (PPI) Issuers
and System Participants. It outlines the eligibility requirements, authorisation process,
issuance, loading and reloading of PPIs, co-branding arrangement criteria, cross-
border transactions types of PPIs and their interoperability.

9. Master Circular on Credit Card, Debit Card and Rupee Denominated Co-
Branded Pre-paid Card Operations of Banks and Credit Card issuing NBFCs
dated July 1, 20159

The Prepaid Card Circular provides a framework of

rules/regulations/standards/practices to the credit, debit, prepaid card issuing banks
and to the credit card issuing NBFCs and consolidates the instructions contained in
the circulars up to June 30, 2015. It covers the basic features of credit cards, debit
cards and Rupee dominated co-branded prepaid cards and prudential requirements.

6
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=3148&Mode=0
7
https://rbidocs.rbi.org.in/rdocs/notification/PDFs/RFGF280409.pdf
8
https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12156
9
https://www.rbi.org.in/Scripts/BS_ViewMasCirculardetails.aspx?id=9838#3
 10. Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial
Services by Banks dated March 11, 2015. 10

The Additional Outsourcing Guideline was issued in light of non-adherence of the

2006 Guidelines and stresses on the provision that outsourcing contract should
provide for prior approval/ consent by the bank of the use of subcontractors by the
service provider for all or part of an outsourced activity. Before giving consent, banks
should review the subcontracting arrangements and ensure that these are in
compliance with the guidelines on outsourcing.

11. Directions on Managing Risks and Code of Conduct in Outsourcing of Financial

Services by Banks dated November 09, 2017.

The NBFC Outsourcing Directions address the risks that NBFC would be exposed to.
The directive regulates issues relating to safeguarding of customer interests. It thus
outlines the activities that cannot be outsourced, Bank's role and regulatory and
supervisory requirements, risk management protocol, T&C for outsourcing
agreement, offshore outsourcing, monitoring and reporting requirements.

12. Clarification to all Banks and NBFCs vide Loans Sourced by Banks and NBFCs
over Digital Lending Platforms: Adherence to Fair Practices Code and
Outsourcing Guidelines dated June 24, 2020.11

The clarification was issued in order to bring about transparency regarding the
functioning of a digital lending platform. It provides for disclosure requirements with
regards to the loan agreement and the lending partner.

13. Guidelines on Regulation of Payment Aggregators and Payment Gateways dated

March 17, 2020 further revised through Guidelines on Regulation of Payment
Aggregators and Payment Gateways dated March 31, 2020.12

The PA Guidelines along with the New PG Guidelines and technology stipulations are
strictly applicable to all payment aggregators, whereas payment gateways are only
required to adhere with the technology related recommendations as a good practice
measure and comply with the RBI guidelines on outsourcing of financial services.

14. Tokenisation – Card Transactions: Permitting Card-on-File Tokenisation

(CoFT) Services dated September 07, 202113

RBI post issuing the advice that neither the authorised Payment Aggregators (PAs)
nor the merchants on-boarded by them shall store customer card credentials, issued
the Tokenisation Rules which extends certain conditions of the Tokenisation
Framework dated Jan 8, 2019 to Card-on-File.

10
https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=9597&Mode=0
11
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11920&Mode=0
12
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12050&Mode=0#ANN1
13
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12159&Mode=0
 15. Tokenisation – Card transactions dated January 08, 201914

This Tokenisation Framework permit authorised card networks to offer card

tokenisation services subject to the conditions listed therein. Initially limited to mobile
phones and tablets, this facility was subsequently extended to laptops, desktops,
wearables (wrist watches, bands, etc.), Internet of Things (IoT) devices, etc., It
enumerates the conditions for tokenisation and de-tokenisation services, registration
of customer, certification and secure transaction etc.

16. Framework for Outsourcing of Payment and Settlement-related Activities by

Payment System Operators dated August 03, 2021.15

It is applicable to non-bank PSOs insofar as it relates to their payment and / or

settlement-related activities. the activities that cannot be outsourced, PSO's role and
regulatory and supervisory requirements, role of the board and responsibilities of the
senior management, risk management compliance, T&C for outsourcing agreement,
offshore outsourcing, outsourcing within group/conglomerate, monitoring and
reporting requirements etc.

17. Securities and Exchange Board of India (Investment Advisers) Regulations,

201316

In terms of these regulations, no person shall act as an investment adviser or hold

itself out as an investment adviser unless he has obtained a certificate of registration
from SEBI. The regulations specify conditions for registration, certification, capital
adequacy, risk profiling and suitability, disclosures to made, code of conduct, records
to be maintained, manner of conducting inspection, etc.

14
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11449&Mode=0
15
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12136&Mode=0#F1
16
https://www.sebi.gov.in/legal/regulations/aug-2021/securities-and-exchange-board-of-india-investment-advisers-
regulations-2013-last-amended-on-august-03-2021-_48742.html