Photo of Anu Tiwari

Partner and Co-Head in the Fintech Practice at the Mumbai office of Cyril Amarchand Mangaldas. Anu represents Indian and multinational banking, broker-dealer, exchange, asset management, speciality finance, fintech and information/ emerging technology companies on transactional, enforcement and regulatory matters. His transactional practice focus is on public & private M&A, capital raising, commercial agreements and activism matters. Anu advises financial services clients on matters before the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Ministry of Finance, Enforcement Directorate and appellate tribunals. He can be reached at anu.tiwari@cyrilshroff.com

 

 

INTRODUCTION

  • The Reserve Bank of India (“RBI”) has published the “Guidelines on Voluntary transition of Small Finance Banks to Universal Banks” dated April 26, 2024 (“SFB Guidelines 2024”), setting out the glide path for voluntary transition of Small Finance Banks (“SFBs”) to universal banks (“Universal Banks”) in terms of:
    • Guidelines for “on-tap” Licensing of Small Finance Banks in Private Sector dated December 5, 2019 (“SFB Guidelines 2019”);
    • Guidelines for “on tap” Licensing of Universal Banks in the Private Sector dated August 1, 2016 (“Universal Bank Guidelines”);
    • Reserve Bank of India (Acquisition and Holding of Shares or Voting Rights in Banking Companies) Directions, 2023 dated January 16, 2023 (“Acquisition Directions 2023”); and
    • Guidelines on Acquisition and Holding of Shares or Voting Rights in Banking Companies dated January 16, 2023 (“Acquisition Guidelines 2023”).

Continue Reading SFB to Universal Bank – New Glide Path

FIG Paper (No. 34 – Data Law Series 5) Balancing Sectoral Regulation and DPDP Act Compliance by NBFCs & Fintechs

Background

Indian regulators in recent times have shown a keen interest in monitoring the intersection between data, information technology, and cybersecurity with regulated entities—more so in relation to Non-Banking Financial Companies (“NBFCs”) and ‘fintechs’. With the expected enforcement of the Digital Personal Data Protection Act, 2023 (“DPDP Act”), and the promulgation of its rules, it becomes imperative for NBFCs and fintechs to map their journey of compliance from legal and regulatory perspectives.Continue Reading FIG Paper (No. 34 – Data Law Series 5) Balancing Sectoral Regulation and DPDP Act Compliance by NBFCs & Fintechs

FIG Paper (No. 33 – Series 2): Compulsory Registration of Off-shore Virtual Digital Asset Service Providers with FIU-IND?

Recently, the Financial Intelligence Unit – India (“FIU-Ind”) has issued show-cause notices to several offshore Virtual Digital Asset Service Providers (“VDASP”) for non-compliance with  provisions of the Prevention of Money Laundering Act, 2002 (“PMLA”) and for non-registration with the FIU-Ind, post amendment to PMLA on march 07, 2023, while catering to the Indian customers and operating in the Indian market.Continue Reading FIG Paper (No. 33 – Series 2): Compulsory Registration of Off-shore Virtual Digital Asset Service Providers with FIU-IND?

FIG Paper (No. 32) - Outsourcing of Financial Services: Harmonising the Law and Looking Ahead

Background

The Reserve Bank of India (“RBI”) issued the draft Master Direction – Reserve Bank of India (Managing Risks and Code of Conduct in Outsourcing of Financial Services) Directions, 2023 (“Draft MD”), on October 26, 2023. With the COVID-19 pandemic and the digitisation of financial services globally, financial institutions started becoming increasingly dependent on their service partners and agents to reduce costs and avail expertise not available internally.Continue Reading FIG Paper (No. 32 – Series 1): Outsourcing of Financial Services: Harmonising the Law and Looking Ahead

FIG Paper No. [29], Data Law Series [3]: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India

Introduction:

The Digital Personal Data Protection Act, 2023 (“DPDP Act”) is India’s foray into the global regulatory movement on personal data rights. In designing the DPDP Act, there has been a strong focus on simplicity, brevity, and standardisation. We note a marked effort to align with data regulation across the world, most significantly, the European Union’s General Data Protection Regulation (GDPR”). While principally similar, the Indian regime has peculiarities for which financial services entities will have to prepare themselves. Continue Reading FIG Paper No. 30, Data Law Series 4: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India

FIG Paper No 29 – Data Law Series 3: (Implications of Digital Personal Data Protection Act, 2023, on Asset Management Companies)

Background:

  • Asset Management Companies (“AMCs”) act as fiduciaries of unitholders (i.e. investors who hold units in funds managed by an AMC), due to which the Securities and Exchange Board of India (“SEBI”) has mandated various data privacy obligations for AMCs, either directly or through the Association of Mutual Funds of India (“AMFI”).
  • SEBI, in a private letter to AMCs, AMFI and registrar and transfer agents (“RTAs”) dated July 10, 2020 (“SEBI Letter”), required that digital platforms involved in distribution/ advisory and AMCs/ RTAs must respect unitholder’s data privacy. The letter included the following two mandates:
    • unitholder data should not be shared with group entities having multiple business/ products; and
    • products and services of group companies cannot be cross marketed.

Continue Reading FIG Paper No 29 – Data Law Series 3: (Implications of Digital Personal Data Protection Act, 2023, on Asset Management Companies)

FIG Paper No. 28, Data Law Series 2:
Implications of Digital Personal Data Protection Act, 2023 on Indian Banks

Introduction

In the current landscape, Indian banks are bound by data protection obligations under the provisions and rules of the Information Technology Act, 2000, the Prevention of Money Laundering Act, 2002 and relevant directives of the Reserve Bank of India (“RBI”). As we await the enforcement of the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the publishing of its rules (“DPDP Rules”), there will be a paradigm shift in the data processing protocols of banks amongst other financial entities.Continue Reading FIG Paper No. 28, Data Law Series 2: Implications of Digital Personal Data Protection Act, 2023 on Indian Banks

FIG Paper (No. 27 – Series. 1): Implications of Digital Personal Data Protection Act, 2023, on Payment Service Providers

Introduction:

The Reserve Bank of India (“RBI”) has allowed certain non-banks to operate in the financial ecosystem for payment processing under the Payment and Settlement Systems Act, 2007 (“PSS Act”), in addition to banks. These non-banks are typically operate Cross Border Money Transfer (“MTSS”); Prepaid Payment Instruments (“PPI”); Bharat Bill Payment Operating Units (“BBPOU”); White Label ATM Operators (“WLAO”), etc.Continue Reading FIG Paper (No. 27 – Data Law Series 1): Implications of Digital Personal Data Protection Act, 2023, on Payment Service Providers

FIG Paper - Navigating SEBI’s Definition of UPSI

Introduction:

The objective of the PIT Regulations is to prohibit insiders with access to Unpublished Price Sensitive Information (“UPSI”) from making illicit gains and to ensure timely, adequate and even disclosure of UPSI to the public. Hence, the determination of what constitutes as UPSI becomes necessary. In this regard, the Securities and Exchange Board of India (“SEBI”) has signalled a shift from a principle-based regime to a more prescriptive regime, which is likely to result in increased compliance obligations for the listed companies.Continue Reading FIG Paper (No. 26 – Series. 3): Navigating SEBI’s Definition of UPSI