The Reserve Bank of India (RBI) wants to shift towards a principles and outcomes-based regulatory framework, its Deputy Governor M. Rajeshwar Rao mentioned during his speech at ‘Rethinking Regulations in an Interconnected Financial System’ at IIM Kozhikode. “We, at the Reserve Bank, are gradually shifting towards principle and outcome-based regulations, as it gives operational flexibility to the REs [regulated entities] for the conduct of their operations and [allows them to] tailor their activities to their unique needs, while adhering to the regulatory framework for delivering the outcomes expected from them,” Rao said.
He explained that principles-based regulations are high-level statements with an underlying idea of the intent behind the regulation. While these regulations do tend to offer flexibility to regulated entities, they are also open to interpretation, making them challenging for both regulators to enforce and the companies that have to implement them.
Similar to principles-based regulation, outcomes-based regulations also do not prescribe specific processes and tools. Instead, they focus on desired outcomes and results. “This approach sets ‘what’ is the desired outcome, while providing flexibility on ‘how’ to achieve it,” Rao pointed out. He added that a combination of these types of regulations is typically more suited to mature markets.
A third approach Rao talked about was the rules-based approach, wherein businesses have to comply with specific prescriptive requirements. This, he said, leads to better clarity and consistent compliance but could also cause companies to have a check-box mentality where they comply with regulations in letter but not in spirit. “Striking the right balance amongst these approaches is critical to creating an enabling and effective regulatory environment while encouraging innovation, given the complexities of today’s dynamic financial landscape,” Rao emphasised.
What does the shift towards principles & outcome-based regulation mean?
The RBI’s shift towards principles and outcomes-based regulation is consistent with broader trends like India’s approach with the Digital Personal Data Protection Act (DPDPA 2023), Kalindhi Bhatia, Partner, BTG Advaya, told MediaNama. “With this approach, companies will still need to meet critical requirements, like KYC [know your customer] and AML [anti-money laundering] controls, data security and data localisation, but they will have the flexibility to decide how to achieve them,” she explained.
Bhatia argued that up until now, most fintech compliance has been rule-bound because regulations were detailed and prescriptive. “This meant operational teams focused largely on documentation and audit requirements to prove compliance, rather than building processes that are customer-friendly. For customers, this often means providing excessive information to satisfy regulatory checks, which can create frustration and distrust,” she explained. She added that a prescriptive, rules-based approach to regulations works when businesses operate similarly but pointed out that fintech offerings differ significantly. “Moving to a principle-based approach will not necessarily make things easier, as it requires interpretation, which can be risky if it is wrong,” she explained. She added that fintechs will learn to adjust to a principle-based approach over time and, as a result, will build better governance systems.
On the other hand, Astha Srivastava, Principal Associate, Ikigai Law, believes that the RBI’s push for principles-based regulation isn’t necessarily a new development. “The RBI has always followed a mix of principles-based and rule-based approaches,” she pointed out. Just like Bhatia, Srivastava pointed to the DPDP Act as an example of principle-based regulation. “As opposed to it, if we look at, say, the Digital Lending Norms, they state very specific rules, such as an RE must take one-time access to the telephone book, and that too only for KYC/onboarding,” she explained.
Why the new RBI regulatory approach makes sense for emerging tech:
During his speech, Rao pointed out that new technologies pose a challenge to regulators. “There are three primary challenges in regulating these technologies: (i) the unpredictable nature of business models that rely on emerging technologies, (ii) data privacy, security, ownership, and control, and (iii) the artificial intelligence (AI) conundrum,” he explained.
Advertisements
Discussing the challenges associated with regulating emerging technologies, Srivastava pointed out that a principles-based approach is more suited to regulating them. “In a rule-based approach, there is also a risk of people complying with the letter of the law but not the spirit. Let’s go back to the Digital Lending Guidelines – they are rule-based. RBI restricts lenders from accessing phone resources like customer location after onboarding. However, the digital lenders can find a workaround by pulling location details from the bank statement. These situations can be avoided with principle-based and technology-agnostic rules,” Srivastava pointed out.
She further added that it is for this very reason that the RBI has kept the recent Framework for Responsible and Ethical Enablement of Artificial Intelligence (FREE-AI) principles-based. “Because we cannot predict how this technology will evolve, so with AI, there is no other way but principles-based regulation,” she pointed out. Srivastava emphasised that the regulator cannot simply follow one of the approaches exclusively. “In some cases, you need a rule-based approach to address specific problems. For example, the Digital Lending Guidelines specifically address the issue of lenders accessing people’s phone books and harassing borrowers by calling their family members and other contacts if they fail to repay loans,” she pointed out.
Also read:
Support our journalism:
For You
Source link