Photo of Anu Tiwari

Partner in the Corporate, M&A and Financial Institutions Advisory Practice at the Mumbai office of Cyril Amarchand Mangaldas. Anu has over 15 years of experience and advises clients on matters related to public and private M&A, raising capital, commercial agreements, and activism. Anu represents both Indian and multinational fintech, banking, broker-dealer, exchange, asset management, speciality finance and information technology companies on transactional, enforcement and regulatory matters.

Anu has been a member of RBI’s Committee on Household Finance, SEBI’s Working Group on Mutual Fund Regulation, Fintech Committee of the Confederation of Indian Industries (CII) and a visiting faculty at the SP Jain School of Global Management.

Mr. Tiwari has been recognised by Chambers & Partners, IFLRMergerMarket and as Lawyer of the Year 2021, India, by Global Law Experts for his work in the M&A, Financial Regulatory and Blockchain/  Cryptocurrency space. He can be reached at anu.tiwari@cyrilshroff.com

 

 

FIG Paper (No. 34 – Data Law Series 5) Balancing Sectoral Regulation and DPDP Act Compliance by NBFCs & Fintechs

Background

Indian regulators in recent times have shown a keen interest in monitoring the intersection between data, information technology, and cybersecurity with regulated entities—more so in relation to Non-Banking Financial Companies (“NBFCs”) and ‘fintechs’. With the expected enforcement of the Digital Personal Data Protection Act, 2023 (“DPDP Act”), and the promulgation of its rules, it becomes imperative for NBFCs and fintechs to map their journey of compliance from legal and regulatory perspectives.Continue Reading FIG Paper (No. 34 – Data Law Series 5) Balancing Sectoral Regulation and DPDP Act Compliance by NBFCs & Fintechs

FIG Paper (No. 33 – Series 2): Compulsory Registration of Off-shore Virtual Digital Asset Service Providers with FIU-IND?

Recently, the Financial Intelligence Unit – India (“FIU-Ind”) has issued show-cause notices to several offshore Virtual Digital Asset Service Providers (“VDASP”) for non-compliance with  provisions of the Prevention of Money Laundering Act, 2002 (“PMLA”) and for non-registration with the FIU-Ind, post amendment to PMLA on march 07, 2023, while catering to the Indian customers and operating in the Indian market.Continue Reading FIG Paper (No. 33 – Series 2): Compulsory Registration of Off-shore Virtual Digital Asset Service Providers with FIU-IND?

FIG Paper (No. 32) - Outsourcing of Financial Services: Harmonising the Law and Looking Ahead

Background

The Reserve Bank of India (“RBI”) issued the draft Master Direction – Reserve Bank of India (Managing Risks and Code of Conduct in Outsourcing of Financial Services) Directions, 2023 (“Draft MD”), on October 26, 2023. With the COVID-19 pandemic and the digitisation of financial services globally, financial institutions started becoming increasingly dependent on their service partners and agents to reduce costs and avail expertise not available internally.Continue Reading FIG Paper (No. 32 – Series 1): Outsourcing of Financial Services: Harmonising the Law and Looking Ahead

FIG Paper No. [29], Data Law Series [3]: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India

Introduction:

The Digital Personal Data Protection Act, 2023 (“DPDP Act”) is India’s foray into the global regulatory movement on personal data rights. In designing the DPDP Act, there has been a strong focus on simplicity, brevity, and standardisation. We note a marked effort to align with data regulation across the world, most significantly, the European Union’s General Data Protection Regulation (GDPR”). While principally similar, the Indian regime has peculiarities for which financial services entities will have to prepare themselves. Continue Reading FIG Paper No. 30, Data Law Series 4: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India

FIG Paper No 29 – Data Law Series 3: (Implications of Digital Personal Data Protection Act, 2023, on Asset Management Companies)

Background:

  • Asset Management Companies (“AMCs”) act as fiduciaries of unitholders (i.e. investors who hold units in funds managed by an AMC), due to which the Securities and Exchange Board of India (“SEBI”) has mandated various data privacy obligations for AMCs, either directly or through the Association of Mutual Funds of India (“AMFI”).
  • SEBI, in a private letter to AMCs, AMFI and registrar and transfer agents (“RTAs”) dated July 10, 2020 (“SEBI Letter”), required that digital platforms involved in distribution/ advisory and AMCs/ RTAs must respect unitholder’s data privacy. The letter included the following two mandates:
    • unitholder data should not be shared with group entities having multiple business/ products; and
    • products and services of group companies cannot be cross marketed.

Continue Reading FIG Paper No 29 – Data Law Series 3: (Implications of Digital Personal Data Protection Act, 2023, on Asset Management Companies)

FIG Paper No. 28, Data Law Series 2:
Implications of Digital Personal Data Protection Act, 2023 on Indian Banks

Introduction

In the current landscape, Indian banks are bound by data protection obligations under the provisions and rules of the Information Technology Act, 2000, the Prevention of Money Laundering Act, 2002 and relevant directives of the Reserve Bank of India (“RBI”). As we await the enforcement of the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the publishing of its rules (“DPDP Rules”), there will be a paradigm shift in the data processing protocols of banks amongst other financial entities.Continue Reading FIG Paper No. 28, Data Law Series 2: Implications of Digital Personal Data Protection Act, 2023 on Indian Banks

FIG Paper (No. 27 – Series. 1): Implications of Digital Personal Data Protection Act, 2023, on Payment Service Providers

Introduction:

The Reserve Bank of India (“RBI”) has allowed certain non-banks to operate in the financial ecosystem for payment processing under the Payment and Settlement Systems Act, 2007 (“PSS Act”), in addition to banks. These non-banks are typically operate Cross Border Money Transfer (“MTSS”); Prepaid Payment Instruments (“PPI”); Bharat Bill Payment Operating Units (“BBPOU”); White Label ATM Operators (“WLAO”), etc.Continue Reading FIG Paper (No. 27 – Data Law Series 1): Implications of Digital Personal Data Protection Act, 2023, on Payment Service Providers

FIG Paper - Navigating SEBI’s Definition of UPSI

Introduction:

The objective of the PIT Regulations is to prohibit insiders with access to Unpublished Price Sensitive Information (“UPSI”) from making illicit gains and to ensure timely, adequate and even disclosure of UPSI to the public. Hence, the determination of what constitutes as UPSI becomes necessary. In this regard, the Securities and Exchange Board of India (“SEBI”) has signalled a shift from a principle-based regime to a more prescriptive regime, which is likely to result in increased compliance obligations for the listed companies.Continue Reading FIG Paper (No. 26 – Series. 3): Navigating SEBI’s Definition of UPSI

FIG Paper (No. 25 – Series 2): Shedding Light on Dark Patterns in FinTech: Impact of DPDP Act

Introduction:

The new draft guidelines titled ‘Guidelines for Prevention and Regulation of Dark Patterns, 2023’[1] (“Draft Dark Pattern Guidelines”), released by the Department of Consumer Affairs in September 2023, define dark patterns as “any practices or deceptive design patterns using UI/UX (user interface/user experience) interactions on any platform; designed to mislead or trick users to do something they originally did not intend or want to do; by subverting or impairing the consumer autonomy, decision making or choice; amounting to misleading advertisement or unfair trade practice or violation of consumer rights”.Continue Reading FIG Paper (No. 25 – Series 2): Shedding Light on Dark Patterns in FinTech: Impact of DPDP Act