SlideShare a Scribd company logo

Online wallets: part 2 (compliance)

M
Mathew Chacko

A summary of compliances for online wallets

Law
1 of 5
Download to read offline
PREPAID PAYMENT INSTRUMENTS – COMPLIANCE Below is a summary of the various compliances that are required to be followed by all Prepaid Payment Instrument (“PPI”) issuers as provided in the Master Direction on Issuance and Operation of Prepaid Payment Instruments (“Master Direction”): (i) Safeguards Against Money Laundering Provisions PPI issuers are required to ensure that all the Know Your Customer (“KYC”) procedures issued by the Department of Banking Regulation (“DBR”), Reserve Bank of India (“RBI”), in their Master Direction – Know Your Customer (KYC) Directions (“Master Guidelines”) updated from time to time, are duly applied. The agents involved must also be subjected to due diligence and KYC measures. PPI issuers are required to undertake the following: (a) ensure that all provisions of the Prevention of Money Laundering Act, 2002 and the subsequent Rules, as amended from time to time are complied with. (b) maintain a log of all the transactions undertaken, using the PPIs for at least ten years. This data must be made available for scrutiny to the RBI or any other agency/agencies as may be advised by the RBI. (c) file Suspicious Transaction Reports (“STRs”) with the Financial Intelligence Unit - India (“FIU-IND”). (ii) Security, Fraud Prevention And Risk Management Framework PPI issuers are further required to: (a) have a strong risk management system in order to put in place adequate information and data security infrastructure and systems for prevention and detection of frauds. (b) put in place, a board approved ‘Information Security Policy’ for the safety and security of the payment systems operated by them, and implement security measures in accordance with this policy to mitigate identified risks. (c) review the security measures on an on-going basis (minimum once a year), after any security incident or breach, and before/after a major change to their infrastructure or procedures. (d) put in place a centralised database/management information system (“MIS”) to prevent multiple purchase of PPIs at different locations, leading to circumvention of limits, if any, prescribed for their issuance. (e) ensure that the compliance with the regulatory requirements is strictly adhered by it and its agents. (f) establish a mechanism for monitoring, handling and follow-up of cyber security incidents and cyber security breaches, which must be reported immediately to the Department of Payment and Settlement Systems (“DPSS”), RBI, Central Office, Mumbai. It must also be
reported to Computer Emergency Response Team – India (“CERT-IN”) as per the details notified by CERT-IN. (g) ensure that the following framework is put in place to address the safety and security concerns for risk mitigation and fraud prevention in case of wallets: - ensure that if the same login is provided for the PPI and other services offered by the PPI issuer, then the same must be clearly informed to the customer by SMS/email/post or by any other means. Additionally, the option to logout from the website/mobile PPI account must be provided prominently; - an appropriate mechanism to restrict multiple invalid attempts to login/access the PPI, inactivity, timeout features, etc; - a system where every successive payment transaction in a wallet is authenticated by explicit customer consent; - cards (physical or virtual) are required to necessarily have Additional Factor of Authentication (“AFA”) as required for debit cards, except in case of PPIs issued under PPI-MTS (PPI - Mass Transit System); - provide customer induced options for fixing a cap on the number of transactions and transaction’s value for different types of transactions/beneficiaries. Customers must be allowed to change the caps, with additional authentication and validation; - a limit on the number of beneficiaries that may be added in a day, per PPI; - an alert system when a beneficiary is added; - suitable cooling period for funds transfer on opening the PPI or loading/reloading of funds into the PPI or after adding a beneficiary; - a mechanism to send alerts when transactions are done using the PPIs. In addition to the debit or credit amount intimation, the alert must also indicate the balance available/remaining in the PPI after completion of the said transaction; - a mechanism for velocity check on the number of transactions effected in a PPI per day/per beneficiary; - a suitable mechanism to prevent, detect and restrict occurrence of fraudulent transactions including loading/reloading funds into the PPI; - put in place suitable internal and external escalation mechanisms in case of suspicious operations, in addition to alerting the customer in case of such transactions. While the requirements prescribed in the guidelines are minimum. The issuing entities are permitted to undertake further checks and balances if required.
(iii) Customer Protection And Grievance Redressal Framework PPI issuers are required to: (a) disclose all important terms and conditions in clear and simple language to the customers at the time of issuing the PPIs. The disclosures that must be included are: - charges and fees associated with the use of the PPI; - expiry period and terms and conditions pertaining to the same. (b) set up a formal, publicly disclosed customer grievance redressal framework and appoint a nodal officer to look into the customer complaints and grievances. The complaint facility, when made available on the website/mobile, must be clearly and easily accessible. The framework must include, at the minimum, the following: - disseminate the information of their customer protection and grievance redressal policy in simple language (preferably in English, Hindi and the local language); - clearly indicate the customer care contact details, including details of nodal officials for grievance redressal (telephone numbers, email address, postal address, etc.) on the website, mobile wallet apps, and cards; - agents must display proper signage of the PPI issuer and the customer care contact details; - specific complaint numbers for the complaints lodged along with the facility to track the status of the complaint by the customer; - initiate action to resolve any customer complaint/grievance expeditiously, preferably within 48 hours and resolve the same not later than 30 days from the date of receipt of such complaint/grievance; - display the detailed list of their authorized/designated agents (name, agent ID, address, contact details, etc.) on the website/mobile app; - display Frequently Asked Questions (FAQs) on their website/mobile app related to the PPIs; - outline the amount and process of determining customer liability in case of unauthorised/fraudulent transactions involving PPIs as per the guidelines provided by the RBI. (c) provide an option for the PPI customers to generate/receive account statements for at least the past 6 months. The account statement, at the minimum, must provide details such as date of transaction, debit/credit amount, net balance and description of transaction. Additionally, the PPI issuers must provide transaction history for at least 10 transactions.
(d) non-banking PPI issuers must report regarding the receipt of complaints and action taken status, in the format prescribed in the Master Direction, on a quarterly basis by the 10th of the following month to the respective Regional Office of DPSS, RBI. (e) ensure transparency in pricing and the charge structure, such as : - uniformity in charges at agent level; - disclose charges for various types of transactions on its website, mobile app, agent locations, etc; - specific agreements with agents prohibiting them from charging any fee to the customers directly for services rendered by them on behalf of the PPI issuers; - require each retail outlet/sub-agent to post a signage indicating their status as service providers for the PPI issuer and the fees for all services available at the outlet; - acknowledging the amount collected from the customer by issuing a receipt (printed or electronic) on behalf of the PPI issuer. (iv) Information System Audit All PPI issuers are required to, at the minimum, put in place the following framework: (a) Application Life Cycle Security: The source code audits are required to be conducted by professionally competent personnel/service providers or have assurance from application providers/OEMs that the application is free from embedded malicious/fraudulent code. (b) Security Operations Centre (“SOC”): Integration of system level (server), application level logs of mobile applications (PPIs) with SOC for centralised and coordinated monitoring and management of security related incidents. (c) Anti-Phishing: Subscribe to anti-phishing/anti-rouge app services from external service providers for identifying and taking down phishing websites/rouge applications in the wake of increase of rogue mobile apps/phishing attacks. (d) Risk-based Transaction Monitoring: Risk-based transaction monitoring or surveillance process is required to be implemented as part of fraud risk management system. (e) Vendor Risk Management: PPI issuers are required to: - enter into an agreement with the service provider that amongst others, provides for right of audit/inspection by the regulators of the country; - give RBI access to all information resources (online/in person) that are present with them (PPI issuers), these must also be made accessible to RBI officials when sought,
though these infrastructure/enabling resources may not physically be located in the premises of the PPI issuers; - adhere to the relevant legal and regulatory requirements relating to geographical location of infrastructure and movement of data out of borders; - review the security processes and controls being followed by service providers regularly; - ensure service agreements include a security clause on disclosing the security breaches if any, specific to PPI issuer’s ICT infrastructure or process including, not limited to software, application and data as part of Security Incident Management Standards, etc. (f) Disaster Recovery: PPI issuers are required to consider having disaster recovery facilities to recover rapidly from cyber-attacks/other incidents and safely resume critical operations while ensuring security of processes and protection of data. Do reach out to our TMT Group, should you have any comments or question. Mathew Chacko Aashima Johur Ankita Hariramani mathew@spiceroutelegal.com aashima.johur@spiceroutelegal.com ankita.hariramani@spiceroutelegal.com Aadya Misra Abhinav Sharma Aishwarya Todalbagi aadya.misra@spiceroutelegal.com abhinav.sharma@spiceroutelegal.com aishwarya.todalbagi@spiceroutelegal.com

Recommended

Wallets an overview
Wallets an overviewWallets an overview
Wallets an overviewMathew Chacko
 
Forex laws update May and April 2015
Forex laws update May and April 2015Forex laws update May and April 2015
Forex laws update May and April 2015TAXPERT PROFESSIONALS
 
20180821 vfa investor_protection_consultationpaper
20180821 vfa investor_protection_consultationpaper20180821 vfa investor_protection_consultationpaper
20180821 vfa investor_protection_consultationpaperSilvan Mifsud
 
Payments Regulations
Payments RegulationsPayments Regulations
Payments RegulationsIIMBNSRCEL
 
Fin tech regulation in india jsa 14 02 2020
Fin tech regulation in india jsa 14 02 2020Fin tech regulation in india jsa 14 02 2020
Fin tech regulation in india jsa 14 02 2020IIMBNSRCEL
 
Investment in real estate sector in india
Investment in real estate sector in indiaInvestment in real estate sector in india
Investment in real estate sector in indiatapask7889
 
Investment in real estate sector in india 9899836806
Investment in real estate sector in india 9899836806Investment in real estate sector in india 9899836806
Investment in real estate sector in india 9899836806www.SearchAbode.com
 
Search abode bangalore
Search abode bangaloreSearch abode bangalore
Search abode bangalorewww.SearchAbode.com
 

Recommended

Wallets an overview
Wallets an overviewWallets an overview
Wallets an overviewMathew Chacko
 
Forex laws update May and April 2015
Forex laws update May and April 2015Forex laws update May and April 2015
Forex laws update May and April 2015TAXPERT PROFESSIONALS
 
20180821 vfa investor_protection_consultationpaper
20180821 vfa investor_protection_consultationpaper20180821 vfa investor_protection_consultationpaper
20180821 vfa investor_protection_consultationpaperSilvan Mifsud
 
Payments Regulations
Payments RegulationsPayments Regulations
Payments RegulationsIIMBNSRCEL
 
Fin tech regulation in india jsa 14 02 2020
Fin tech regulation in india jsa 14 02 2020Fin tech regulation in india jsa 14 02 2020
Fin tech regulation in india jsa 14 02 2020IIMBNSRCEL
 
Investment in real estate sector in india
Investment in real estate sector in indiaInvestment in real estate sector in india
Investment in real estate sector in indiatapask7889
 
Investment in real estate sector in india 9899836806
Investment in real estate sector in india 9899836806Investment in real estate sector in india 9899836806
Investment in real estate sector in india 9899836806www.SearchAbode.com
 
Search abode bangalore
Search abode bangaloreSearch abode bangalore
Search abode bangalorewww.SearchAbode.com
 
Ipm report
Ipm reportIpm report
Ipm reportpandyakomal
 
Market expansion through MBO
Market expansion through MBOMarket expansion through MBO
Market expansion through MBOMABSIV
 
CBDT Notification
CBDT NotificationCBDT Notification
CBDT NotificationKaran Puri
 
Prepaid instruments by rbi
Prepaid instruments by rbiPrepaid instruments by rbi
Prepaid instruments by rbiSooraj Nandan
 
Asia counsel Insights New Law on Investment
Asia counsel Insights New Law on InvestmentAsia counsel Insights New Law on Investment
Asia counsel Insights New Law on InvestmentMinh Duong
 
RBI guidelines for mobile banking: A brief report
RBI guidelines for mobile banking: A brief reportRBI guidelines for mobile banking: A brief report
RBI guidelines for mobile banking: A brief reportTirthankar Sutradhar
 
Cyber Law Bcom Hons
Cyber Law Bcom Hons Cyber Law Bcom Hons
Cyber Law Bcom Hons 21rahul1999
 
Imt
ImtImt
ImtJagadeesh Kumar
 
Related Party Transaction Policy And The Subsidiaries
Related Party Transaction Policy And The SubsidiariesRelated Party Transaction Policy And The Subsidiaries
Related Party Transaction Policy And The SubsidiariesAtishNayar
 
Lawyer in Vietnam Oliver Massmann Real Estate Business Issues and Solutions
Lawyer in Vietnam Oliver Massmann Real Estate Business Issues and Solutions Lawyer in Vietnam Oliver Massmann Real Estate Business Issues and Solutions
Lawyer in Vietnam Oliver Massmann Real Estate Business Issues and Solutions Dr. Oliver Massmann
 
Maha rera overview
Maha rera overviewMaha rera overview
Maha rera overviewreddvise
 
Reserve Bank imposes administrative sanctions
Reserve Bank imposes administrative sanctionsReserve Bank imposes administrative sanctions
Reserve Bank imposes administrative sanctionsSABC News
 
IMPS_for_e_com
IMPS_for_e_comIMPS_for_e_com
IMPS_for_e_comManoj Lulla
 
101 faq - banking, insurance and stock
101 faq - banking, insurance and stock101 faq - banking, insurance and stock
101 faq - banking, insurance and stockDeepak Kumar Jain
 
Real estate regulation ( a ca overview )
Real estate regulation ( a ca overview )Real estate regulation ( a ca overview )
Real estate regulation ( a ca overview )reddvise
 
New microsoft office word document
New microsoft office word documentNew microsoft office word document
New microsoft office word documentBvs Murthy
 
Imts
ImtsImts
ImtsJagadeesh Kumar
 
31 9138 handheld secured electronic doorstep banking (edit lafi)
31 9138 handheld secured electronic doorstep banking (edit lafi)31 9138 handheld secured electronic doorstep banking (edit lafi)
31 9138 handheld secured electronic doorstep banking (edit lafi)IAESIJEECS
 
Types of Licences required for opening hotel business
Types of Licences required for opening hotel business Types of Licences required for opening hotel business
Types of Licences required for opening hotel business Praveen Rathod
 
Basics of International Trade Unit 2
Basics of International Trade Unit 2Basics of International Trade Unit 2
Basics of International Trade Unit 2Asad Hameed
 
Mfs
MfsMfs
MfsTufayel Ahmed
 
A-complete-Guide-on-licensing-process.pdf
A-complete-Guide-on-licensing-process.pdfA-complete-Guide-on-licensing-process.pdf
A-complete-Guide-on-licensing-process.pdfAlemayehu
 

More Related Content

What's hot

Market expansion through MBO
Market expansion through MBOMarket expansion through MBO
Market expansion through MBOMABSIV
 
CBDT Notification
CBDT NotificationCBDT Notification
CBDT NotificationKaran Puri
 
Prepaid instruments by rbi
Prepaid instruments by rbiPrepaid instruments by rbi
Prepaid instruments by rbiSooraj Nandan
 
Asia counsel Insights New Law on Investment
Asia counsel Insights New Law on InvestmentAsia counsel Insights New Law on Investment
Asia counsel Insights New Law on InvestmentMinh Duong
 
RBI guidelines for mobile banking: A brief report
RBI guidelines for mobile banking: A brief reportRBI guidelines for mobile banking: A brief report
RBI guidelines for mobile banking: A brief reportTirthankar Sutradhar
 
Cyber Law Bcom Hons
Cyber Law Bcom Hons Cyber Law Bcom Hons
Cyber Law Bcom Hons 21rahul1999
 
Related Party Transaction Policy And The Subsidiaries
Related Party Transaction Policy And The SubsidiariesRelated Party Transaction Policy And The Subsidiaries
Related Party Transaction Policy And The SubsidiariesAtishNayar
 
Lawyer in Vietnam Oliver Massmann Real Estate Business Issues and Solutions
Lawyer in Vietnam Oliver Massmann Real Estate Business Issues and Solutions Lawyer in Vietnam Oliver Massmann Real Estate Business Issues and Solutions
Lawyer in Vietnam Oliver Massmann Real Estate Business Issues and Solutions Dr. Oliver Massmann
 
Maha rera overview
Maha rera overviewMaha rera overview
Maha rera overviewreddvise
 
Reserve Bank imposes administrative sanctions
Reserve Bank imposes administrative sanctionsReserve Bank imposes administrative sanctions
Reserve Bank imposes administrative sanctionsSABC News
 
101 faq - banking, insurance and stock
101 faq - banking, insurance and stock101 faq - banking, insurance and stock
101 faq - banking, insurance and stockDeepak Kumar Jain
 
Real estate regulation ( a ca overview )
Real estate regulation ( a ca overview )Real estate regulation ( a ca overview )
Real estate regulation ( a ca overview )reddvise
 
New microsoft office word document
New microsoft office word documentNew microsoft office word document
New microsoft office word documentBvs Murthy
 
31 9138 handheld secured electronic doorstep banking (edit lafi)
31 9138 handheld secured electronic doorstep banking (edit lafi)31 9138 handheld secured electronic doorstep banking (edit lafi)
31 9138 handheld secured electronic doorstep banking (edit lafi)IAESIJEECS
 
Types of Licences required for opening hotel business
Types of Licences required for opening hotel business Types of Licences required for opening hotel business
Types of Licences required for opening hotel business Praveen Rathod
 
Basics of International Trade Unit 2
Basics of International Trade Unit 2Basics of International Trade Unit 2
Basics of International Trade Unit 2Asad Hameed
 

What's hot (20)

Ipm report
Ipm reportIpm report
Ipm report
 
Market expansion through MBO
Market expansion through MBOMarket expansion through MBO
Market expansion through MBO
 
CBDT Notification
CBDT NotificationCBDT Notification
CBDT Notification
 
Prepaid instruments by rbi
Prepaid instruments by rbiPrepaid instruments by rbi
Prepaid instruments by rbi
 
Asia counsel Insights New Law on Investment
Asia counsel Insights New Law on InvestmentAsia counsel Insights New Law on Investment
Asia counsel Insights New Law on Investment
 
RBI guidelines for mobile banking: A brief report
RBI guidelines for mobile banking: A brief reportRBI guidelines for mobile banking: A brief report
RBI guidelines for mobile banking: A brief report
 
Cyber Law Bcom Hons
Cyber Law Bcom Hons Cyber Law Bcom Hons
Cyber Law Bcom Hons
 
Imt
ImtImt
Imt
 
Related Party Transaction Policy And The Subsidiaries
Related Party Transaction Policy And The SubsidiariesRelated Party Transaction Policy And The Subsidiaries
Related Party Transaction Policy And The Subsidiaries
 
Lawyer in Vietnam Oliver Massmann Real Estate Business Issues and Solutions
Lawyer in Vietnam Oliver Massmann Real Estate Business Issues and Solutions Lawyer in Vietnam Oliver Massmann Real Estate Business Issues and Solutions
Lawyer in Vietnam Oliver Massmann Real Estate Business Issues and Solutions
 
Maha rera overview
Maha rera overviewMaha rera overview
Maha rera overview
 
Reserve Bank imposes administrative sanctions
Reserve Bank imposes administrative sanctionsReserve Bank imposes administrative sanctions
Reserve Bank imposes administrative sanctions
 
IMPS_for_e_com
IMPS_for_e_comIMPS_for_e_com
IMPS_for_e_com
 
101 faq - banking, insurance and stock
101 faq - banking, insurance and stock101 faq - banking, insurance and stock
101 faq - banking, insurance and stock
 
Real estate regulation ( a ca overview )
Real estate regulation ( a ca overview )Real estate regulation ( a ca overview )
Real estate regulation ( a ca overview )
 
New microsoft office word document
New microsoft office word documentNew microsoft office word document
New microsoft office word document
 
Imts
ImtsImts
Imts
 
31 9138 handheld secured electronic doorstep banking (edit lafi)
31 9138 handheld secured electronic doorstep banking (edit lafi)31 9138 handheld secured electronic doorstep banking (edit lafi)
31 9138 handheld secured electronic doorstep banking (edit lafi)
 
Types of Licences required for opening hotel business
Types of Licences required for opening hotel business Types of Licences required for opening hotel business
Types of Licences required for opening hotel business
 
Basics of International Trade Unit 2
Basics of International Trade Unit 2Basics of International Trade Unit 2
Basics of International Trade Unit 2
 

Similar to Online wallets: part 2 (compliance)

A-complete-Guide-on-licensing-process.pdf
A-complete-Guide-on-licensing-process.pdfA-complete-Guide-on-licensing-process.pdf
A-complete-Guide-on-licensing-process.pdfAlemayehu
 
Know Your Customer - Tips and Tricks
Know Your Customer - Tips and TricksKnow Your Customer - Tips and Tricks
Know Your Customer - Tips and TricksIdentityMind
 
mobile payment in india operative guidelines for
mobile payment in india operative guidelines formobile payment in india operative guidelines for
mobile payment in india operative guidelines forAshish Barapatre
 
oct20.pdf IIBF banking current trends in banking
oct20.pdf IIBF banking current trends in bankingoct20.pdf IIBF banking current trends in banking
oct20.pdf IIBF banking current trends in bankingpxp2k8mdmf
 
Compliance for P2P lending platform
Compliance for P2P lending platformCompliance for P2P lending platform
Compliance for P2P lending platformHarsh Golchha
 
Fair practice code - DMI Housing Finance Pvt. Ltd.
Fair practice code - DMI Housing Finance Pvt. Ltd.Fair practice code - DMI Housing Finance Pvt. Ltd.
Fair practice code - DMI Housing Finance Pvt. Ltd.dmihousingfinance
 
Guide on Account aggregator License
Guide on Account aggregator LicenseGuide on Account aggregator License
Guide on Account aggregator LicenseEnterslice
 
Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1anthonywong
 
BBPS Workshop in partnership with NPCI | Product, Business & Technology Overview
BBPS Workshop in partnership with NPCI | Product, Business & Technology OverviewBBPS Workshop in partnership with NPCI | Product, Business & Technology Overview
BBPS Workshop in partnership with NPCI | Product, Business & Technology OverviewProductNation/iSPIRT
 
Licensing-Requirements-for-EMI-and-PSP-latest (1).pdf
Licensing-Requirements-for-EMI-and-PSP-latest (1).pdfLicensing-Requirements-for-EMI-and-PSP-latest (1).pdf
Licensing-Requirements-for-EMI-and-PSP-latest (1).pdfBuiltFinancialTechno
 
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...Dr. Oliver Massmann
 
Add Ons Based On Navision For Distribution Industry
Add Ons Based On Navision For Distribution IndustryAdd Ons Based On Navision For Distribution Industry
Add Ons Based On Navision For Distribution IndustryYogesh Manikpure
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationMarc Vael
 
DC030-202009 DOJ BAC Internal Rules for the Efficient Conduct of Procurement ...
DC030-202009 DOJ BAC Internal Rules for the Efficient Conduct of Procurement ...DC030-202009 DOJ BAC Internal Rules for the Efficient Conduct of Procurement ...
DC030-202009 DOJ BAC Internal Rules for the Efficient Conduct of Procurement ...ssuser2a3833
 

Similar to Online wallets: part 2 (compliance) (20)

Mfs
MfsMfs
Mfs
 
A-complete-Guide-on-licensing-process.pdf
A-complete-Guide-on-licensing-process.pdfA-complete-Guide-on-licensing-process.pdf
A-complete-Guide-on-licensing-process.pdf
 
Rbi circular
Rbi circularRbi circular
Rbi circular
 
Know Your Customer - Tips and Tricks
Know Your Customer - Tips and TricksKnow Your Customer - Tips and Tricks
Know Your Customer - Tips and Tricks
 
mobile payment in india operative guidelines for
mobile payment in india operative guidelines formobile payment in india operative guidelines for
mobile payment in india operative guidelines for
 
oct20.pdf IIBF banking current trends in banking
oct20.pdf IIBF banking current trends in bankingoct20.pdf IIBF banking current trends in banking
oct20.pdf IIBF banking current trends in banking
 
Compliance for P2P lending platform
Compliance for P2P lending platformCompliance for P2P lending platform
Compliance for P2P lending platform
 
Fair practice code - DMI Housing Finance Pvt. Ltd.
Fair practice code - DMI Housing Finance Pvt. Ltd.Fair practice code - DMI Housing Finance Pvt. Ltd.
Fair practice code - DMI Housing Finance Pvt. Ltd.
 
Guide on Account aggregator License
Guide on Account aggregator LicenseGuide on Account aggregator License
Guide on Account aggregator License
 
PSD 2 - Ocean of requirements
PSD 2 - Ocean of requirementsPSD 2 - Ocean of requirements
PSD 2 - Ocean of requirements
 
Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1
 
CelcomBillingV3
CelcomBillingV3CelcomBillingV3
CelcomBillingV3
 
BBPS Workshop in partnership with NPCI | Product, Business & Technology Overview
BBPS Workshop in partnership with NPCI | Product, Business & Technology OverviewBBPS Workshop in partnership with NPCI | Product, Business & Technology Overview
BBPS Workshop in partnership with NPCI | Product, Business & Technology Overview
 
Licensing-Requirements-for-EMI-and-PSP-latest (1).pdf
Licensing-Requirements-for-EMI-and-PSP-latest (1).pdfLicensing-Requirements-for-EMI-and-PSP-latest (1).pdf
Licensing-Requirements-for-EMI-and-PSP-latest (1).pdf
 
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...
 
Add Ons Based On Navision For Distribution Industry
Add Ons Based On Navision For Distribution IndustryAdd Ons Based On Navision For Distribution Industry
Add Ons Based On Navision For Distribution Industry
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentation
 
Assignment
AssignmentAssignment
Assignment
 
RBI guidelines for mobile banking
RBI guidelines for mobile bankingRBI guidelines for mobile banking
RBI guidelines for mobile banking
 
DC030-202009 DOJ BAC Internal Rules for the Efficient Conduct of Procurement ...
DC030-202009 DOJ BAC Internal Rules for the Efficient Conduct of Procurement ...DC030-202009 DOJ BAC Internal Rules for the Efficient Conduct of Procurement ...
DC030-202009 DOJ BAC Internal Rules for the Efficient Conduct of Procurement ...
 

More from Mathew Chacko

Overview of digital payments in india
Overview of digital payments in india Overview of digital payments in india
Overview of digital payments in india Mathew Chacko
 
Competition law and Joint Ventures
Competition law and Joint Ventures Competition law and Joint Ventures
Competition law and Joint VenturesMathew Chacko
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill Mathew Chacko
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
Video on Demand: Indian Law
Video on Demand: Indian LawVideo on Demand: Indian Law
Video on Demand: Indian LawMathew Chacko
 
The defence india start up challenge
The defence india start up challengeThe defence india start up challenge
The defence india start up challengeMathew Chacko
 
Anatomy of a simple India - Delaware flip
Anatomy of a simple India - Delaware flip Anatomy of a simple India - Delaware flip
Anatomy of a simple India - Delaware flip Mathew Chacko
 
The long arm of the gdpr
The long arm of the gdprThe long arm of the gdpr
The long arm of the gdprMathew Chacko
 
Spice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy UpdateSpice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy UpdateMathew Chacko
 
The Law on Token sales
The Law on Token salesThe Law on Token sales
The Law on Token salesMathew Chacko
 
Blockchain & the law 101
Blockchain & the law 101Blockchain & the law 101
Blockchain & the law 101Mathew Chacko
 

More from Mathew Chacko (17)

Overview of digital payments in india
Overview of digital payments in india Overview of digital payments in india
Overview of digital payments in india
 
Abuse of dominance
Abuse of dominanceAbuse of dominance
Abuse of dominance
 
Competition law and Joint Ventures
Competition law and Joint Ventures Competition law and Joint Ventures
Competition law and Joint Ventures
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 
Blockchain (2019)
Blockchain (2019)Blockchain (2019)
Blockchain (2019)
 
Video on Demand: Indian Law
Video on Demand: Indian LawVideo on Demand: Indian Law
Video on Demand: Indian Law
 
An eye in the sky?
An eye in the sky? An eye in the sky?
An eye in the sky?
 
The defence india start up challenge
The defence india start up challengeThe defence india start up challenge
The defence india start up challenge
 
Anatomy of a simple India - Delaware flip
Anatomy of a simple India - Delaware flip Anatomy of a simple India - Delaware flip
Anatomy of a simple India - Delaware flip
 
The long arm of the gdpr
The long arm of the gdprThe long arm of the gdpr
The long arm of the gdpr
 
ICOs: A Primer
ICOs: A Primer ICOs: A Primer
ICOs: A Primer
 
Transparency gdpr
Transparency gdprTransparency gdpr
Transparency gdpr
 
Spice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy UpdateSpice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy Update
 
consent:gdpr
consent:gdprconsent:gdpr
consent:gdpr
 
The Law on Token sales
The Law on Token salesThe Law on Token sales
The Law on Token sales
 
Blockchain & the law 101
Blockchain & the law 101Blockchain & the law 101
Blockchain & the law 101
 

Recently uploaded

John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书Fir L
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书SD DS
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书Fs Las
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxAbhishekchatterjee248859
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书Fir L
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书Fir sss
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书FS LS
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书Fir sss
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Dr. Oliver Massmann
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书Fir sss
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一st Las
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
An Analysis of the Essential Commodities Act, 1955
An Analysis of the Essential Commodities Act, 1955An Analysis of the Essential Commodities Act, 1955
An Analysis of the Essential Commodities Act, 1955Abheet Mangleek
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionNilamPadekar1
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaAbheet Mangleek
 

Recently uploaded (20)

John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
 
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Serviceyoung Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptx
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
An Analysis of the Essential Commodities Act, 1955
An Analysis of the Essential Commodities Act, 1955An Analysis of the Essential Commodities Act, 1955
An Analysis of the Essential Commodities Act, 1955
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 sedition
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in India
 

Online wallets: part 2 (compliance)

  • 1. PREPAID PAYMENT INSTRUMENTS – COMPLIANCE Below is a summary of the various compliances that are required to be followed by all Prepaid Payment Instrument (“PPI”) issuers as provided in the Master Direction on Issuance and Operation of Prepaid Payment Instruments (“Master Direction”): (i) Safeguards Against Money Laundering Provisions PPI issuers are required to ensure that all the Know Your Customer (“KYC”) procedures issued by the Department of Banking Regulation (“DBR”), Reserve Bank of India (“RBI”), in their Master Direction – Know Your Customer (KYC) Directions (“Master Guidelines”) updated from time to time, are duly applied. The agents involved must also be subjected to due diligence and KYC measures. PPI issuers are required to undertake the following: (a) ensure that all provisions of the Prevention of Money Laundering Act, 2002 and the subsequent Rules, as amended from time to time are complied with. (b) maintain a log of all the transactions undertaken, using the PPIs for at least ten years. This data must be made available for scrutiny to the RBI or any other agency/agencies as may be advised by the RBI. (c) file Suspicious Transaction Reports (“STRs”) with the Financial Intelligence Unit - India (“FIU-IND”). (ii) Security, Fraud Prevention And Risk Management Framework PPI issuers are further required to: (a) have a strong risk management system in order to put in place adequate information and data security infrastructure and systems for prevention and detection of frauds. (b) put in place, a board approved ‘Information Security Policy’ for the safety and security of the payment systems operated by them, and implement security measures in accordance with this policy to mitigate identified risks. (c) review the security measures on an on-going basis (minimum once a year), after any security incident or breach, and before/after a major change to their infrastructure or procedures. (d) put in place a centralised database/management information system (“MIS”) to prevent multiple purchase of PPIs at different locations, leading to circumvention of limits, if any, prescribed for their issuance. (e) ensure that the compliance with the regulatory requirements is strictly adhered by it and its agents. (f) establish a mechanism for monitoring, handling and follow-up of cyber security incidents and cyber security breaches, which must be reported immediately to the Department of Payment and Settlement Systems (“DPSS”), RBI, Central Office, Mumbai. It must also be
  • 2. reported to Computer Emergency Response Team – India (“CERT-IN”) as per the details notified by CERT-IN. (g) ensure that the following framework is put in place to address the safety and security concerns for risk mitigation and fraud prevention in case of wallets: - ensure that if the same login is provided for the PPI and other services offered by the PPI issuer, then the same must be clearly informed to the customer by SMS/email/post or by any other means. Additionally, the option to logout from the website/mobile PPI account must be provided prominently; - an appropriate mechanism to restrict multiple invalid attempts to login/access the PPI, inactivity, timeout features, etc; - a system where every successive payment transaction in a wallet is authenticated by explicit customer consent; - cards (physical or virtual) are required to necessarily have Additional Factor of Authentication (“AFA”) as required for debit cards, except in case of PPIs issued under PPI-MTS (PPI - Mass Transit System); - provide customer induced options for fixing a cap on the number of transactions and transaction’s value for different types of transactions/beneficiaries. Customers must be allowed to change the caps, with additional authentication and validation; - a limit on the number of beneficiaries that may be added in a day, per PPI; - an alert system when a beneficiary is added; - suitable cooling period for funds transfer on opening the PPI or loading/reloading of funds into the PPI or after adding a beneficiary; - a mechanism to send alerts when transactions are done using the PPIs. In addition to the debit or credit amount intimation, the alert must also indicate the balance available/remaining in the PPI after completion of the said transaction; - a mechanism for velocity check on the number of transactions effected in a PPI per day/per beneficiary; - a suitable mechanism to prevent, detect and restrict occurrence of fraudulent transactions including loading/reloading funds into the PPI; - put in place suitable internal and external escalation mechanisms in case of suspicious operations, in addition to alerting the customer in case of such transactions. While the requirements prescribed in the guidelines are minimum. The issuing entities are permitted to undertake further checks and balances if required.
  • 3. (iii) Customer Protection And Grievance Redressal Framework PPI issuers are required to: (a) disclose all important terms and conditions in clear and simple language to the customers at the time of issuing the PPIs. The disclosures that must be included are: - charges and fees associated with the use of the PPI; - expiry period and terms and conditions pertaining to the same. (b) set up a formal, publicly disclosed customer grievance redressal framework and appoint a nodal officer to look into the customer complaints and grievances. The complaint facility, when made available on the website/mobile, must be clearly and easily accessible. The framework must include, at the minimum, the following: - disseminate the information of their customer protection and grievance redressal policy in simple language (preferably in English, Hindi and the local language); - clearly indicate the customer care contact details, including details of nodal officials for grievance redressal (telephone numbers, email address, postal address, etc.) on the website, mobile wallet apps, and cards; - agents must display proper signage of the PPI issuer and the customer care contact details; - specific complaint numbers for the complaints lodged along with the facility to track the status of the complaint by the customer; - initiate action to resolve any customer complaint/grievance expeditiously, preferably within 48 hours and resolve the same not later than 30 days from the date of receipt of such complaint/grievance; - display the detailed list of their authorized/designated agents (name, agent ID, address, contact details, etc.) on the website/mobile app; - display Frequently Asked Questions (FAQs) on their website/mobile app related to the PPIs; - outline the amount and process of determining customer liability in case of unauthorised/fraudulent transactions involving PPIs as per the guidelines provided by the RBI. (c) provide an option for the PPI customers to generate/receive account statements for at least the past 6 months. The account statement, at the minimum, must provide details such as date of transaction, debit/credit amount, net balance and description of transaction. Additionally, the PPI issuers must provide transaction history for at least 10 transactions.
  • 4. (d) non-banking PPI issuers must report regarding the receipt of complaints and action taken status, in the format prescribed in the Master Direction, on a quarterly basis by the 10th of the following month to the respective Regional Office of DPSS, RBI. (e) ensure transparency in pricing and the charge structure, such as : - uniformity in charges at agent level; - disclose charges for various types of transactions on its website, mobile app, agent locations, etc; - specific agreements with agents prohibiting them from charging any fee to the customers directly for services rendered by them on behalf of the PPI issuers; - require each retail outlet/sub-agent to post a signage indicating their status as service providers for the PPI issuer and the fees for all services available at the outlet; - acknowledging the amount collected from the customer by issuing a receipt (printed or electronic) on behalf of the PPI issuer. (iv) Information System Audit All PPI issuers are required to, at the minimum, put in place the following framework: (a) Application Life Cycle Security: The source code audits are required to be conducted by professionally competent personnel/service providers or have assurance from application providers/OEMs that the application is free from embedded malicious/fraudulent code. (b) Security Operations Centre (“SOC”): Integration of system level (server), application level logs of mobile applications (PPIs) with SOC for centralised and coordinated monitoring and management of security related incidents. (c) Anti-Phishing: Subscribe to anti-phishing/anti-rouge app services from external service providers for identifying and taking down phishing websites/rouge applications in the wake of increase of rogue mobile apps/phishing attacks. (d) Risk-based Transaction Monitoring: Risk-based transaction monitoring or surveillance process is required to be implemented as part of fraud risk management system. (e) Vendor Risk Management: PPI issuers are required to: - enter into an agreement with the service provider that amongst others, provides for right of audit/inspection by the regulators of the country; - give RBI access to all information resources (online/in person) that are present with them (PPI issuers), these must also be made accessible to RBI officials when sought,
  • 5. though these infrastructure/enabling resources may not physically be located in the premises of the PPI issuers; - adhere to the relevant legal and regulatory requirements relating to geographical location of infrastructure and movement of data out of borders; - review the security processes and controls being followed by service providers regularly; - ensure service agreements include a security clause on disclosing the security breaches if any, specific to PPI issuer’s ICT infrastructure or process including, not limited to software, application and data as part of Security Incident Management Standards, etc. (f) Disaster Recovery: PPI issuers are required to consider having disaster recovery facilities to recover rapidly from cyber-attacks/other incidents and safely resume critical operations while ensuring security of processes and protection of data. Do reach out to our TMT Group, should you have any comments or question. Mathew Chacko Aashima Johur Ankita Hariramani mathew@spiceroutelegal.com aashima.johur@spiceroutelegal.com ankita.hariramani@spiceroutelegal.com Aadya Misra Abhinav Sharma Aishwarya Todalbagi aadya.misra@spiceroutelegal.com abhinav.sharma@spiceroutelegal.com aishwarya.todalbagi@spiceroutelegal.com