A few years ago, a UK regulator cracked the whip on financial-market infrastructure firms, reacting to the disruptions caused by financial disruptions in the economy. The regulator made it mandatory for these consumer-facing firms to identify key business services that, if disrupted, could harm consumers or trigger volatility in financial markets. At the same time, they had to establish impact tolerances, or tolerable limits, for each critical business service, including the maximum level of interference that could be tolerated, and the action to be taken to stay within that range. Thus the regulator ensured that the market infrastructure firms planned the worst.
A pre-emptive approach to regulation is precisely a question of judgement. The Reserve Bank of India (RBI) has postponed the deadline for adopting card-on-file tokenization by six months till June 30. As a result, e-commerce and online payment service providers have six more months to transition to a new, secure system for storing credit and debit card details for digital transactions.
Is this a case where the regulator hammer is needed? Maybe not.
Indian regulators are often blamed for facing pressure from market participants or sovereigns. But with the RBI encouraging banks and others to move to a safer system, it is a case of the regulator’s emphasis on digital platforms and security upgrades for online transactions. RBI does not want to store customer card data on the servers of merchant establishments as they are not directly under its regulatory purview. Thus it is pushing for a new system in which the algorithm will generate a different token for each transaction. Adding this additional layer of security will reduce the risk of online fraud, including hacking or phishing incidents, and provide better protection for users of e-commerce or online payment services. Once a secure system is in place, public confidence in digital banking will surely increase. It is against that backdrop that the Indian central bank chief recently flagged cyber security and digital fraud as key areas of concern.
There’s also another approach that leans more towards light-touch regulation in the payments segment. But the velvet glove approach may not be the way forward in a country with low financial literacy and poor consumer redressal systems. Digital transactions have grown rapidly, including in Tier II and Tier III cities. At the current pace of adoption, digital transactions could top one billion by 2025. It can be argued that digital transactions and the payment systems that support them are essential services of the new age.
Since traders are outside its regulatory purview, as it is the banks that deal with them, RBI can only incentivize banks to incentivize them to bear the additional costs for security upgrades. Even India’s biggest banks have invested very little in technology. It makes business sense for banks to get serious about transitioning to a digital transaction system that is safer, more secure for users. Such a system would be like public interest to some extent. Secure systems, rapid growth in adoption and returns from this business.
Ticking the stress testing or operational resilience box may not be a practice. Ultimately, the system—that is, regulators, firms, and the government—has to provide protection. Indian consumers have no recourse to a comprehensive and speedy dispute resolution system. The presence of multiple regulators in the financial and other sectors creates complications. There are dual mandates from all the regulators involved: overseeing as well as promoting the development of the industry. Consumer protection and interests are not the main areas of regulation. Judicial delay doesn’t help. Therefore, setting up an effective consumer dispute and grievance redressal system is the next frontier.
Never miss a story! Stay connected and informed with Mint.
download
Our App Now!!
,