A comparison of digital banking regulations

As technology revolutionises the banking sector, brick-and-mortar retail is increasingly becoming obsolete as regulators jump to set new standards for inclusive finance

India

Philippines

Thailand

INDIA

The onset of the pandemic has caused an unpredicted increase in the demand among consumers for digital banking, including instant access to banking services, products, and information. In such circumstances, there can be no better time than the present to welcome the future of banking with digital bank, particularly when the world is stricken by the ever-increasing variants of the covid-19 virus and its ensuant plague that requires the restriction of free movement and avoidance of public spaces.

The growing use of technology has also led to tremendous changes in conventional ways of finance and keeping its eye on the advancement of digital technology around the globe. India has kept its pace with the rest of the world in technology innovation for digital inclusion in the financial sector.

The Reserve Bank of India (RBI), the primary regulator of the financial sector in India, has been conscious of the importance of technology-based innovations and its growing use in India. In 2019, the RBI issued its “Enabling framework for regulatory sandbox” guidelines. Under this, fintech companies – including startups, banks, financial institutions and any other company partnering with or providing support to financial services businesses – which also satisfy the eligibility criteria, are selected to test their products in the regulatory sandbox. This allows for the testing of new products, innovations and technologies in a live environment within specified parameters and timeframes under the aegis of the RBI.

REGULATORY REGIME

Digitisation has become a prominent theme, which has transformed the way in which public services are delivered. The unified payment interface (UPI), a payment platform in India that enables real time, instantaneous, mobile-based bank-to-bank payment, has witnessed extraordinary adoption. As a result, payments can now be made with a click on mobile phones, not just at retail outlets but also peer to peer.

Although this success was witnessed in the retail payments and peer to peer transfers, the same success could not be replicated in the context of payment and credit needs of small businesses. Therefore, keeping in view this gap and to enable small businesses to have quicker access to finance from the formal sector, the NITI Aayog, an apex public policy think tank of the government of India, while examining the global scenario, has recommended a full-stack digital bank in its discussion paper titled “Digital banks – a proposal for licensing and regulatory regime for India” published in November 2021.

The NITI Aayog, in its discussion paper, has highlighted the need for licensed entities to leverage technology to mitigate the costs of acquisition and cost-to-serve and have the benefit of low-cost deposits to supply credit to small businesses sustainably. And therefore, it has recommended a two-stage approach with the introduction of a full-stack “digital business bank” licence in stage 1 and full-stack “digital universal bank” licence in stage 2. The RBI is to consider introducing the digital universal bank licence based on the regulatory experience gathered from the introduction of the digital business bank.

Taking a cue from policymakers globally, especially in Southeast Asia, the discussion paper has recommended a three-step licence process for the digital business bank, which are:

Step 1: Introduction of a restricted digital business bank licence. In this step, the RBI will vet all applicants and select ones to get a restricted licence to operate in a regulatory sandbox.

Step 2: The applicant acquiring the restricted licence (licensee) enlists in the regulatory sandbox and commences operations as a digital business bank in the sandbox. The relaxations applicable in the regulatory sandbox are to be decided by the RBI, in line with its guidelines. This process is expected to identify a set of metrics for which the licensee will be progressively monitored by the RBI.

Step 3: Based on the satisfactory performance of the licensee in the sandbox, the initial set of restrictions will be relaxed to advance the licensee to a full-stack digital business bank licence. The duration for which the licensee will operate in a regulatory sandbox will vary from case to case. The discretion is with the RBI to determine the licensee’s progress.

In case the metrics agreed on ex ante are not met over a defined period, the licensee will be given a window to unwind the liabilities created, including any term deposits, and exit the sandbox.

The discussion paper further describes other features and conditions of the digital business bank licence where the minimum paid-up capital for a company to qualify for a sandbox framework is specified at INR200 million (USD2.6 million) and upon progression from the sandbox into the final stage it is specified at INR2 billion for a full-stack digital business bank.

This is one of the major relaxations, in comparison to incumbent banks, for digital banks, and is equivalent to that of small finance banks (SFBs), maybe because digital banks are not expected to have any physical branches.

The discussion paper also suggests that the branch mandates are to be interpreted in a progressive manner to allow banks to decide on the channel of delivery of services.

It is further proposed that digital banks have the same level of access to infrastructure enablers in India, like Aadhar electronic-know your customer (e-KYC), national electronic funds transfer (NEFT) or real-time gross settlement (RTGS), the ATM network, the deposit insurance and credit guarantee corporation, as the incumbent banks.

Further, since the operation of digital banks will be almost entirely dependent on technology, the regulatory requirements include additional regulations on digital banks. Given the digital native nature of banks, the licensee is also required to have an established track record in industries such as e-commerce, payments, and technology.

Following the above-mentioned foundational phases and requirements, the licensed digital bank, will also be required to fully comply with all the regulations touching upon banks’ conduct that is issued by the RBI from time to time under the Banking Regulation Act, 1949.

COMMENTS

The introduction of digital banks in India is at a very nascent stage, with the aforesaid discussion paper now in public upon which comments are sought from various stakeholders and the public at large. The potential of the digital banks to leverage data and platforms to lend remotely can definitely play a positive role in supporting small businesses amid the pandemic and is expected to have a direct correlation with their performance.

Nonetheless, right now, it will be premature to observe and analyse how successful digital banking in the country will be, but given the approach of policymakers, as well as the advancement of technology and advent of digitisation, one thing is sure that India, too, is ready to embrace brick-and-mortarless banks, i.e. digital banks very soon in the near future.

LexOrbis

709/710 Tolstoy House

15-17 Tolstoy Marg

New Delhi – 110 001

India

Mumbai | Bengaluru

Contact details
Tel: +91 11 2371 6565
Email: mail@lexorbis.com

www.lexorbis.com

Back to top

PHILIPPINES

The state of Philippine digital banking made significant headway after the publication by the central bank of the Philippines, the Bangko Sentral ng Pilipinas (BSP), of circular No. 1105, series of 2020, or the Guidelines for the Establishment of Digital Banks. This circular recognised digital banking institutions that can operate and deploy their banking products and services via fully digital platforms.

Aside from digital banks as strictly defined, there are various electronic products and services that Philippine banks can explore and offer to the domestic market.

SERVICES AND OPERATIONS

Prior to the issuance of circular No. 1105, digital banking in the Philippines was deployed by traditional BSP-licensed banks through electronic banking services and operations, as regulated under the BSP’s Manual of Regulations for Banks (MORB).

Under the MORB, banks that plan to offer or enhance existing electronic banking services must submit an application to the BSP, describing the services to offer or enhance, and how it fits in the bank’s overall strategy. The application must be accompanied by a certification signed by its president or equivalent ranking officer that the bank has complied with the BSP’s minimum pre-conditions, which entails adopting:

1. An adequate risk management process to assess, control, monitor and respond to potential risks arising from the proposed electronic banking activities;
2. A manual on corporate security policy and procedures that shall address all security issues affecting its electronic banking system;
3. A system that has been tested prior to its implementation and the test results are satisfactory – whereas a minimum standard, appropriate systems testing and user acceptance testing should have been conducted; and
4. A business continuity planning process and manuals, including a section on electronic banking channels and systems.

Traditional banks seeking to introduce electronic banking services and operations will undergo a pre-screening by the BSP’s technical working group on electronic banking to examine the overall financial condition and the applicant bank’s compliance with BSP rules and regulations, based on the latest available bank performance rating and report of examination, including the applicant bank’s capital adequacy, asset quality, management, earnings and liquidity rating.

The BSP shall evaluate the applicant bank’s overall financial condition to ensure that it can adequately support its electronic banking activities and comply with comprehensive prudential requirements.

Based on the recommendation of the technical working group and clearance of the appropriate BSP sector, the BSP will approve the application for immediate launch and/or enhancements, subject to compliance with certain conditions for approval and additional documentary requirements to be required by the BSP post-launch, or enhancement of the electronic banking services and operations.

ELECTRONIC MONEY ISSUER

Another digital banking product or service that banks can engage in is the issuance of electronic money and operation as an electronic money issuer (EMI).

Preliminarily, electronic money is defined under BSP circular No. 649, series of 2009, as monetary value represented by a claim on its issuer, that is: (1) electronically stored in an instrument or device; (2) issued against receipt of funds of an amount not lesser in value than the monetary value issued; (3) accepted as a means of payment by persons or entities other than the issuer; (4) withdrawable in cash or cash equivalent; and (5) issued pursuant to other guidelines of BSP circular No. 649.

EMIs can be in the form of EMI banks, non-bank financial institutions, or non-bank institutions registered as a money transfer agent. Notably, electronic money issued by banks shall not be considered as deposits as they can only be redeemed at face value, which shall not earn interest, rewards and other similar incentives.

At present, the BSP has issued a draft amendment to the EMI Regulations for public comment, which allows banks to offer electronic money services subject to prior BSP approval under an electronic payment and financial services (EPFS) type A licence, and compliance with prudential criteria provided under the MORB.

The draft also provides classifications between a large versus small-scale EMI bank. Large-scale EMI banks must have a 12-month average value of aggregated inflow and outflow transactions equal to or greater than PHP25 billion (USD478 million). Otherwise, it shall be classified as a small-scale EMI bank.

Large-scale EMI banks require at least PHP200 million in capitalisation, while a small-scale EMI bank requires at least PHP100 million, unless a higher capital requirement is provided for by the MORB, depending on their inherent banking category (i.e. as a universal, commercial, digital, thrift or rural bank).

The BSP has issued a two-year moratorium on the issuance of non-bank EMI licences to incentivise and encourage the public to maximise the use of electronic money services by existing licensed entities.

DIGITAL BANKS

Amid the pandemic and due to the exponential rise in the demand for digital banking transactions, the BSP has issued the Guidelines on the Establishment of Digital Banks, which paved the way for the recognition and definition of a digital bank as a banking category of its own. A digital bank is defined as a bank that offers financial products and services that are processed end-to-end through a digital platform and/or electronic channels with no physical branch or sub-branch or branch-lite unit offering financial products and services.

Before the issuance of circular No. 1105, many banks had styled themselves as digital banks in marketing parlance. The circular has clarified that only banks granted a licence to operate as digital banks may claim and represent themselves as a digital bank.

Digital banks have a minimum capital requirement of PHP1 billion and, once licensed, can perform any of the following services: (1) grant loans, whether secured or unsecured; (2) accept savings and time deposits, including basic deposit accounts; (3) accept foreign currency deposits; (4) invest in readily marketable bonds and other debt securities, commercial papers and accounts receivable, drafts, bills of exchange, acceptances or notes arising out of commercial transactions; (5) act as a correspondent for other financial institutions; (6) act as a collection agent for non-government entities; (7) issue electronic money products; (8) issue credit cards; (9) buy and sell foreign exchange; (10) present, market, sell and service micro insurance products; and (11) other such activities as may be approved by the BSP’s monetary board.

A digital bank licence application goes through three key stages with the BSP: (1) the application for approval to establish a new bank; (2) the application for the issuance of a certificate of authority (COA) to register with the Philippine Securities and Exchange Commission; and (3) the application for the issuance of the COA to operate as a digital bank.

The most coveted BSP licence to date, digital bank licences – or at least those that have passed stage one – has been awarded to six entities before the BSP issued a moratorium on new digital bank licences.

EPFS LICENCE

Under BSP circular No. 1033, series of 2019, the EPFS licence generally applies across all BSP-supervised financial institutions seeking to provide electronic payment and financial services. It is an inherent part of EMI and digital banking where the requirements are embedded within EMI and digital bank application processes. Notably, whenever the IT infrastructure of an EPFS-licensed entity is set to undergo significant change or enhancement (e.g. due to a new service offering or technology), BSP approval must be secured before the implementation of the proposed change or enhancement.

DIGITAL ECONOMY GOALS

Digital banks, and electronic financial products and services in general, are key to the BSP’s digital payments transformation roadmap, where digital banks are expected “to provide a cost-effective and convenient banking experience, especially to retail clients and micro, small and medium enterprises” to develop an inclusive, safe and stable financial ecosystem.

While the moratorium for the digital bank licence is presently in place, the early entrants that have been thoroughly vetted by the BSP are expected to significantly expose and popularise digital banking products and services. Outside of this, banks and other financial institutions can also explore other digital financial products such as issuing electronic money or more under an EPFS licence application or enhancement.

For other innovative financial technologies or products or services, the BSP has fostered a very conducive and open regulatory climate with its forthcoming regulatory sandbox framework, and other amendments to existing banking rules and regulations, to entice both capital and technology to enter and support the Philippine digital financial ecosystem.

GORRICETA AFRICA CAUTON & SAAVEDRA

15/F Strata 2000, F. Ortigas Jr. Road

Ortigas Center, Pasig City

Metro Manila – 1605

Philippines

 

Contact details
Tel: +632 8696 0687
Email: counselors@gorricetalaw.com

www.gorricetalaw.com

Back to top

THAILAND

Thailand’s approach is carefully calibrated to engineer the specific set of outcomes outlined in a newly published consultation paper from the BoT in February titled “Repositioning Thailand’s financial sector for a sustainable digital economy”.

This paper envisions a near-future, society-wide transition to a digital economy, which is characterised by technological advancement within a balanced competitive environment. The paper also emphasises the need for stable and sustainable growth without the industry sidestepping into areas that the BoT considers dubious or of unproven value.

To that end, businesses offering digital asset services are tightly regulated by the Ministry of Finance (MoF) and the Securities and Exchange Commission (SEC). Each newly issued digital token and its affiliated portal service provider must be granted special approval by the MoF through the SEC before market activity may begin.

This approval is by no means guaranteed, particularly for foreign-based entities, as every licence holder must also be a company registered under Thai law and having a certain amount of paid-up registered capital, depending on the type of licence, which varies from THB1 million (USD30,000) to THB50 million, as well as other specific characteristics.

Regarding cryptocurrencies, only Bitcoin (BTC), Ethereum (ETH), Ripple (XRP) and Stellar (XLM) have been approved for use in transactions at the date this article was written; these transactions must likewise be mediated by entities that have obtained SEC approval. Notable regulations also apply to offshore businesses that provide fintech services. Although several cross-border payment agreements are in place to facilitate such financial activity across Asean, each foreign fintech business must satisfy Thai licensing or registration requirements. These requirements typically include the need to establish a corporation in Thailand, of which a set minimum percentage must be owned by Thai individuals or corporate entities – as well as compliance with the PDPA.

The PDPA, which comes into effect on 1 June, is in many ways significantly influenced by the EU’s General Data Protection Regulation (GDPR). It imposes clear rules that dictate the circumstances under which the personal data of people in Thailand may be collected over the internet and then stored, analysed, or shared. These rules intended to safeguard the privacy of data subjects, including internet users, and require each organisation to designate an official data controller who will be personally responsible for how all user data are handled, and personally liable for policy violations or privacy breaches, in addition to the legal exposure faced by the organisation as a whole.

Notably, Thailand’s PDPA has no regard for borders and applies with equal force to domestic and foreign businesses, as long as they are in a position to collect or interact with the personal data of internet users in Thailand. Other laws helping to shape the development of Thailand’s digital banking ecosystem include:

• The Electronic Transactions Act, 2001 (as amended), which aligns with international standards to help businesses synchronise transactions both regionally and globally.
• The Payment Systems Act, 2017 (PSA), lets fintech and e-payment service providers work within a single licensing framework to minimise risks for all concerned parties, while also providing some flexibility towards the adoption of future e-payment systems. Currently, regulated businesses under the PSA include: key payment systems, e.g. the Bank of Thailand automated high-value transfer network, and the imaged cheque clearing system and archive system operated by the BoT; supervised payment systems (subject to an MoF licence), i.e. inter-institution fund transfer systems, payment card networks and settlement systems; and supervised payment services including the provision of debit cards, credit cards and ATM card services, extensive-scope e-money services, acceptance of electronic payment services, and fund transfer or money remittance services, which are to be included in the BoT’s regulatory sandbox.
• The Emergency Decree on Digital Asset Businesses, 2018, which made Thailand one of the 29 countries that recognise digital assets and tokens as legitimate investments, while simultaneously regulating their use to support and protect investors as well as other stakeholders.
• The Cybersecurity Act, 2019, which aims to protect from and prevent cyber attacks against, among others, digital banking operations and critical information infrastructure.

UNIFIED FRAMEWORK

The BoT and other official bodies are actively using their influence to optimise and guide the industry towards healthy and sustainable development. This public-private alignment has already led to impressive results in several areas:

• Ten years ago, Thailand had just 500,000 mobile bank accounts, compared to 75 million today.
• In 2011, Thais conducted 95 million online money transactions, compared to 9.6 billion today.
• By the end of 2020, Thailand had 116 million mobile phone numbers in use, while the country’s population is just under 70 million.
• 85% of Thai consumers currently use contactless payments.
• PromptPay, Thailand’s real-time digital payment system, grew by 9 million users from 2020 to 2021, with total transactions increasing fourfold.

Thailand’s emerging digital banking norms also have the effect of forcing traditional banks to embrace a more tech-based service model. To facilitate this move, the BoT is pursuing a “3 O’s” approach to bring about an “open environment for various players, open infrastructure for greater access by stakeholders, and open data for further utilisation”.

The open environment has given rise to hundreds of fintech startups, many of which have taken advantage of special tax and non-tax incentives introduced by the Board of Investment (BoI) as a means of encouraging foreign investment and private sector development. Recently, the BoI amended its promoted business activities under the Investment Promotion Act, 1979, by repealing the promotion of software, e-commerce and digital services, and adding a new category involving the development of software, a platform for digital services and digital content activities.

The privileges under these new BoI-promoted businesses include, among others, eight-year corporate income tax and machinery import duty exemptions. To qualify for these BoI privileges, business owners must fulfil requirements and conditions prescribed by the act and its related regulations. The country also plans to begin issuing virtual banking licences and remove limits on investment for subsidiaries and other affiliates of banking groups.

Open infrastructure initiatives include RegTech for electronic know your customer, digital and mobile banking with biometrics, alternative credit, and peer-to-peer lending. The BoT continues to build market-ready retail and sustainability disclosure standards consistent with international norms to help financial institutions demonstrate their commitment to the environment – and potentially qualify them for additional tax benefits.

Regarding open data, the BoT intends to establish interoperability standards that allow for the seamless transfer of data when switching between service providers. Such efforts, together with the ongoing development of a viable Digital ID infrastructure, are aimed at facilitating progress towards a frictionless open banking environment.

The BoT has also established a regulatory sandbox to encourage private sector innovation across the financial services landscape. Participation in the sandbox is also mandatory under some limited circumstances, such as when setting up a peer-to-peer lending platform. In such a case, the successful completion of a sandbox test is a prerequisite for obtaining an operating licence.

KUDUN AND PARTNERS

23/F, Units C&F, Gaysorn Tower

127 Ratchadamri Rd, Lumphini

Pathum Wan District

Bangkok – 10330

Thailand

 

Contact details
Tel: +662 838 1750
Email: contact@kap.co.th

www.kap.co.th

Back to top