Unified Payments Interface (UPI) Lies with National Payments Corporation of India (NPCI) RBI Can’t Ensure It to Comply with Regulation

(Judicial Quest News Network)

The Reserve Bank of India (RBI) has submitted in Supreme Court that the responsibility to ensure companies like Amazon, Google and WhatsApp to operate in compliance with laws governing Unified Payment Interface (UPI) lies with National Payments Corporation of India (NPCI).

The petitioner a Rajya Sabha MP from Communist party of India, Binoy Viswam, submitted that it has come to his knowledge through various media reports that WhatsApp Pay is all set to launch full scale operations in India, after obtaining the permission from RBI and NPCI, despite the above titled petition is pending before this Hon’ble Court, and without satisfying this Hon’ble Court regarding the requisite regulatory compliance in order to launch full-scale operations in India.

The plea seeks for directions to RBI and NCPI to ensure that the data of Indian Citizens collected on Unified payment Interface (UPI) platforms was not misused by WhatsApp, Google, Amazon and Face book.

A fresh Affidavit was submitted in Apex Court stating that the RBI has not given approval or authority to the Third-party Provider (TPAP).

And therefore, they cannot be defined as “system providers” as Section 2(q)of the Payment and Settlement System Act, 2007. Consequently, they do not fall under the regulatory domain of RBI directly.

On the other hand, NPCI is the system provider of UP and, therefore, comes under the regulatory radar of RBI. Since it was NPCI that allowed Amazon, Google and WhatsApp to operate under UPI, the responsible to ensure that these entities to comply with all the Rule/Regulations/Guidelines governing UPI lies with NPCI”, Contends the Affidavit.

The affidavit states that the NPCI has been advised to not permit full scale operation with regard to WhatsApp till the time they were full compliant with requirements of the RBI directions – NPCI subsequently allowed go live of WhatsApp was fully compliant with the circular.

The plea goes on to submit that RBI and NPCI “have permitted the three members of ‘Big Four Tech Giants’ i.e., Amazon, Google and Facebook/WhatsApp and in spite of blatant violent of UPI guidelines and RBI Regulations.

It is submitted that these two authorities, submits the plea, invariably puts the sensitive financial data of Indian users at huge risk, especially in light of the fact that the Big Four Tech Giants have been “Continuously accused of abusing dominance, and compromising data, among other things “there is also a reference to the fact that CEOs of these entities had been directed to testify in a hearing before the Judiciary Committee of US Congress.

Notice has been issued to Respondents, i.e., Reserve Bank of India, SEBI and other parties on 09.12.2020, however, RBI and SEBI furnished their reply on 28.01.2021. SEBI and RBI have taken similar stand of assuring that the TechFins are being adequately regulated. RBI said the decision to allow an entity to operate on Unified Payments Interface (UPI) is solely taken by the National Payments Corporation of India (NPCI) which has accordingly allowed Amazon, Google and WhatsApp under the multi-bank model to operate as Third-Party App Providers (TPAP’s).

RBI has said it also has authorized various non-bank companies over a period of time to issue and operate semi-closed prepaid payment instruments (PPls) in India in accordance with its powers under the Payment and Settlement Systems (PSS) Act, 2007.

    “Amazon was one such non-bank company which was authorized on March 22, 2017 to issue and operate a semi-closed prepaid payment instrument in India. Thus, in addition to being a TPAP under UPI, Amazon also operates a digital wallet (a form of PPI),”

RBI has further said that “with the increase in intermediation and rapid adoption of technology, there were growing concerns about the un-regulated players (payment gateways, payment aggregators, technology service providers, etc.) capturing personal information of the customers while carrying the payment transaction messages”.

    Therefore, RBI considered it important to have unfettered supervisory access to data stored with the system providers as also with their service providers, intermediaries, TPAPs and other entities in the payment ecosystem and issued a circular on April 6, 2018, “mandating all system providers to ensure that the entire data relating to payment systems operated by them is stored in a system only in India”.

    “This data should include the full end-to-end transaction details, information collected, carried, processed as part of the message or payment instruction,” it has said.