Playing catch-up with technology


Laws should ensure the well-being of customers by protecting them, and not Limit their access to financial services, writes Shivli Katyayan

When Greek philosopher Heraclitus (535-475 BC) said “nothing is permanent but change”, little did he know it would perfectly describe the relationship between law and technology more than 2,000 years later. The ancient quote still paints an appropriate picture of a tumultuous modern relationship. The evolution of law has mostly been a race to keep up with technology and to govern the implementation while protecting consumer interests.

Shivli KatyayanGeneral counselPolicybazaar & Group Companies
Shivli Katyayan
General counsel
Policybazaar & Group Companies

Consumer interests, in this context, is not merely about preventing misuse of technology to defraud customers, but also to ensure access to better facilities and economical products. This is especially relevant when it comes to the internet where customers are simultaneously both global and local in nature.

Customers use technology to buy domestic and global products but the laws applicable are local. A prime example of this is the financial technology (fintech) industry. Although there has been remarkable progress in the regulatory and statutory frameworks, regulators need to keep up with the technological changes and address related effects. These inadvertent gaps between regulation and technology trouble the consumer, who is at the receiving end of these laws, which in turn has an impact on the businesses.

For example, in the insurance segment, there is a need to align the digital processes for Know Your Customer (KYC) compliance and section 64VB of The Insurance Act, 1938. Online transactions are made through KYC-verified accounts and can be used for insurance payments. But even after using a KYC-verified bank account for an insurance payment, the customer needs to go through a separate and, mostly, duplicate process of submitting documents and obtaining KYC verification. This duplication is a burden for the customer and hinders the ease of transaction, business and legal recourse.

Similarly, in the online lending segment, though the law already recognises digital signatures under the Information Technology Act, 2000, and the Evidence Act, 1872, digital lenders face resistance to eSign (on digital loan agreements) during the recovery process, with courts asking for wet signatures on physical loan agreements or the police seeking hard copies to file undersection 138 of the Negotiable Instruments Act, 1881. While digital signatures are valid and should be enough for the police to lodge complaints, there is reluctance to rely on and implement the legal process, which needs to be addressed.

Another example would be the delay in loan disbursals because registering a physical mandate through the National Automated Clearing House system takes anywhere between 30 to 45 days and the process is largely restricted to a few banks. Using eMandates will allow for a faster turnaround. Allowing application programming interface (API)-based eMandates will also help to speed up the process. All scheduled banks could also be called on to support eMandates as early as possible. Further, eMandates cannot be registered for any business accounts (including current accounts or joint accounts). Allowing access to these accounts is critical for both micro, small and medium enterprises and consumer lending, as most borrowers tend to repay from current or joint personal accounts.

In April 2018, the Reserve Bank of India issued guidance on the “Storage of Payment System Data”, which requires that all data involving payment systems are only stored in India. While the intention is to protect customer data, it will have a deep impact on the operations of multinational corporations involved in the payments business. These companies will now have to fulfil data localization and, as a result, suffer increased costs. The inter se data sharing for group strategy purposes would also become difficult.

These are a few examples of where the law has not kept up with the technological advances or not sufficiently addressed the gaps. On the other hand, there is also technology such as smart contracts that are coded in, where the execution of the contract is automated, which the legislature has yet to address.

There are instances of proactive law making such as in some areas of the Personal Data Protection Bill, 2018, where the legislature has tried to strike a balance between evolving technology and the rights of the users. The bill tries to address the general principles that govern data protection and privacy, recognize principles of data collection, limitation of purpose/use and the right to be forgotten. Though, many point out that the bill does not address major issues such as surveillance.

While there are efforts to ensure that the law evolves, it is imperative that the technocrats in the legislature bear Heraclitus’ quote in mind to ensure overall growth and development.

Shivli Katyayan is general counsel of Policybazaar & Group Companies