The recent Master Directions issued by the Reserve Bank of India (RBI) on Credit cards and Debit cards – Issuance and Conduct Directions, 2022, dated April 21, 2022, is a consolidation of existing guidelines on the subject, except that it has brought about greater clarity by providing definitions on what is a credit card, credit limit and other related terminologies. In addition, it has spelt out more explicitly the scope of co-branding arrangements and the roles of card issuers and co-branding partners.
While the role of the co-branding partners in the 2015 Master Circular on Credit Card, Debit Card and Rupee Denominated Co-branded Pre-paid Card Operations of Banks and Credit Card issuing NBFCs, was limited to marketing and distribution of credit/ debit cards issued by card-issuers, the current Master Directions have gone a step ahead to specify that they shall not have access to information relating to transactions and neither shall they be involved in any of the processes or controls relating to the co-branded card, except for being the initial point of contact in case of grievances. In the 2015 Master Circular, card issuers could, with specific customer consent, share information furnished by the customer while applying for the credit card, with other agencies. Banks/NBFCs were, however, advised in the earlier guidelines to satisfy themselves that the information being sought from customers is not of such nature as will violate the provisions of the laws relating to secrecy in the transactions.
The clear thrust of these Directions is to safeguard the interest of card holders/ customers. Card-issuers are also now required to seek an OTP-based consent to activate their credit cards. If this is not initiated by the cardholder within 30 days from the date of issuance of the card, the card-issuer is required to close the credit card account within 7 working days from the date of seeking confirmation from the customer. Card-issuers also require express consent from the cardholder for any breach in the credit limit at any time beyond the limit sanctioned and informed to the cardholder. The Master Directions also require that in instances of co-branding arrangements between a card-issuer and a co-branding partner, information related to revenue-sharing between the two entities are indicated to the cardholder and displayed on the website of the card-issuer.
Card-issuers under the Master Directions are RBI-regulated entities, and these Directions set out the conditions under which co-branding arrangements may be undertaken. RBI-regulated entities can also outsource various activities to outsourced partners such as fintechs etc., but regulated entities are bound to strictly abide by the guidelines on ‘Managing Risks and Code of Conduct in Outsourcing of Financial Services by Banks’, as amended from time to time. The Hon’ble RBI Governor in his statement dated February 10, 2022, observed that regulated entities are extensively outsourcing critical IT services and customers are increasingly using digital channels, which may expose such regulated entities and their customers to significant financial, operational, and reputational risks. He further stated that in view of the aforesaid, two draft directions aimed at reviewing and consolidating the extant guidelines are proposed to be issued for public consultation, i.e. on (i) IT outsourcing; and (ii) on IT governance, risk, controls and assurance practices.
As far as NBFCs are concerned, the provisions for seeking prior approval to undertake credit card business were there earlier as well, in the Master Directions on NBFCs. Despite these enabling provisions, NBFCs were not granted permission to undertake credit card business, except for a few legacy entities. The view is that NBFCs need to have good governance practices, sound risk management systems, robust IT systems etc., in the absence of which, concerns relating to NBFCs undertaking credit card business would always remain. Perhaps on a case-to-case basis, the RBI may consider such requests from NBFCs, based on their supervisory track record, sound financial performance, good governance etc.
Going forward, once the scale-based regulations for NBFCs become operational in October this year, and stabilise, it is likely that some of the NBFCs, such as those in the upper layer, as identified by the RBI, may be examined for permission to undertake credit card business. These NBFCs would be subject to more bank-like regulations relating to governance, exposure norms, Internal Capital Adequacy Assessment Process, etc.