Recently, the Financial Intelligence Unit – India (“FIU-Ind”) has issued show-cause notices to several offshore Virtual Digital Asset Service Providers (“VDASP”) for non-compliance with provisions of the Prevention of Money Laundering Act, 2002 (“PMLA”) and for non-registration with the FIU-Ind, post amendment to PMLA on march 07, 2023, while catering to the Indian customers and operating in the Indian market.Continue Reading FIG Paper (No. 33 – Series 2): Compulsory Registration of Off-shore Virtual Digital Asset Service Providers with FIU-IND?
Anu Tiwari
Partner (Head - Fintech and FSRP) at Cyril Amarchand Mangaldas. Anu represents Indian and multinational banking, broker-dealer, exchange, asset management, speciality finance, fintech and information/ emerging technology companies on transactional, enforcement and regulatory matters. His transactional practice focus is on public & private M&A, capital raising, commercial agreements and activism matters. Anu advises financial services clients on matters before the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Ministry of Finance, Enforcement Directorate and appellate tribunals. He can be reached at anu.tiwari@cyrilshroff.com
FIG Paper (No. 32 – Series 1): Outsourcing of Financial Services: Harmonising the Law and Looking Ahead
Background
The Reserve Bank of India (“RBI”) issued the draft Master Direction – Reserve Bank of India (Managing Risks and Code of Conduct in Outsourcing of Financial Services) Directions, 2023 (“Draft MD”), on October 26, 2023. With the COVID-19 pandemic and the digitisation of financial services globally, financial institutions started becoming increasingly dependent on their service partners and agents to reduce costs and avail expertise not available internally.Continue Reading FIG Paper (No. 32 – Series 1): Outsourcing of Financial Services: Harmonising the Law and Looking Ahead
FIG Paper (No. 31 – Series 1): Draft Framework – New Licensing Regime for Authorised Persons under FEMA
FIG Paper No. 30, Data Law Series 4: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India
Introduction:
The Digital Personal Data Protection Act, 2023 (“DPDP Act”) is India’s foray into the global regulatory movement on personal data rights. In designing the DPDP Act, there has been a strong focus on simplicity, brevity, and standardisation. We note a marked effort to align with data regulation across the world, most significantly, the European Union’s General Data Protection Regulation (“GDPR”). While principally similar, the Indian regime has peculiarities for which financial services entities will have to prepare themselves. Continue Reading FIG Paper No. 30, Data Law Series 4: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India
FIG Paper No 29 – Data Law Series 3: (Implications of Digital Personal Data Protection Act, 2023, on Asset Management Companies)
Background:
- Asset Management Companies (“AMCs”) act as fiduciaries of unitholders (i.e. investors who hold units in funds managed by an AMC), due to which the Securities and Exchange Board of India (“SEBI”) has mandated various data privacy obligations for AMCs, either directly or through the Association of Mutual Funds of India (“AMFI”).
- SEBI, in a private letter to AMCs, AMFI and registrar and transfer agents (“RTAs”) dated July 10, 2020 (“SEBI Letter”), required that digital platforms involved in distribution/ advisory and AMCs/ RTAs must respect unitholder’s data privacy. The letter included the following two mandates:
- unitholder data should not be shared with group entities having multiple business/ products; and
- products and services of group companies cannot be cross marketed.
FIG Paper No. 28, Data Law Series 2: Implications of Digital Personal Data Protection Act, 2023 on Indian Banks
Introduction
In the current landscape, Indian banks are bound by data protection obligations under the provisions and rules of the Information Technology Act, 2000, the Prevention of Money Laundering Act, 2002 and relevant directives of the Reserve Bank of India (“RBI”). As we await the enforcement of the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the publishing of its rules (“DPDP Rules”), there will be a paradigm shift in the data processing protocols of banks amongst other financial entities.Continue Reading FIG Paper No. 28, Data Law Series 2: Implications of Digital Personal Data Protection Act, 2023 on Indian Banks
FIG Paper (No. 27 – Data Law Series 1): Implications of Digital Personal Data Protection Act, 2023, on Payment Service Providers
Introduction:
The Reserve Bank of India (“RBI”) has allowed certain non-banks to operate in the financial ecosystem for payment processing under the Payment and Settlement Systems Act, 2007 (“PSS Act”), in addition to banks. These non-banks are typically operate Cross Border Money Transfer (“MTSS”); Prepaid Payment Instruments (“PPI”); Bharat Bill Payment Operating Units (“BBPOU”); White Label ATM Operators (“WLAO”), etc.Continue Reading FIG Paper (No. 27 – Data Law Series 1): Implications of Digital Personal Data Protection Act, 2023, on Payment Service Providers
FIG Paper (No. 26 – Series. 3): Navigating SEBI’s Definition of UPSI
Introduction:
The objective of the PIT Regulations is to prohibit insiders with access to Unpublished Price Sensitive Information (“UPSI”) from making illicit gains and to ensure timely, adequate and even disclosure of UPSI to the public. Hence, the determination of what constitutes as UPSI becomes necessary. In this regard, the Securities and Exchange Board of India (“SEBI”) has signalled a shift from a principle-based regime to a more prescriptive regime, which is likely to result in increased compliance obligations for the listed companies.Continue Reading FIG Paper (No. 26 – Series. 3): Navigating SEBI’s Definition of UPSI
FIG Paper (No. 25 – Series 2): Shedding Light on Dark Patterns in FinTech: Impact of DPDP Act
Introduction:
The new draft guidelines titled ‘Guidelines for Prevention and Regulation of Dark Patterns, 2023’[1] (“Draft Dark Pattern Guidelines”), released by the Department of Consumer Affairs in September 2023, define dark patterns as “any practices or deceptive design patterns using UI/UX (user interface/user experience) interactions on any platform; designed to mislead or trick users to do something they originally did not intend or want to do; by subverting or impairing the consumer autonomy, decision making or choice; amounting to misleading advertisement or unfair trade practice or violation of consumer rights”.Continue Reading FIG Paper (No. 25 – Series 2): Shedding Light on Dark Patterns in FinTech: Impact of DPDP Act
FIG Paper (No. 24 – Series 1): New Data Law – Financial Services Implications
(Indian) Digital Personal Data Protection Act, 2023 (“DPDP Act”) received Presidential assent on August 11, 2023, and is awaiting notification by the Indian Government, which is expected soon. This FIG Paper examines: (i) the existing data protection/ privacy framework for the Indian financial services space; (ii) overlays DPDP Act considerations; and (iii) preferred approach to “gap” analysis, basis global learnings.Continue Reading FIG Paper (No. 24 – Series 1): New Data Law – Financial Services Implications