With over 1,500 start-ups dotting the fintech landscape, India’s financial and banking sector has witnessed an astoundingly rapid transformation. For a sector once governed by traditional banking and financial institutions that weren’t famed for their speed or ease of service, fintechs have hauled India’s financial space into the 21st century.

The government has also had a large role to play in this push towards the merging of financial and technology services. With the introduction of GST, UPI, linking of bank accounts to Aadhaar, and the Union Budget of 2018 that rolled out the National Programme on AI, there was a clear incentive for fintechs to grow.

This lightning speed of progress, however, is now gradually turning out to be a double-edged sword for fintechs in India and around the world. This is because more exposure and wider reach are translating to more scrutiny from domestic and foreign regulators who are increasingly cognisant of their operations and products. Hence, an industry that was once a prime disruptor now faces the risk of being disrupted due to the looming possibility of regulatory oversight.

Fintechs have always functioned on the premise that they are different from banks and other traditional financial institutions. Hence, they do not abide by the same principles and regulatory framework that govern such entities. Also, each fintech company has its own unique business model that constantly evolves in tandem with technology-led innovation. This is one of the many reasons why governing fintechs becomes a challenging task.

To add to this is the difference in regulatory mechanisms between each State that tends to upset the seamless fintech models. Also, the Indian Fintech space has multiple entities – TRAI, IRDA, Reserve Bank of India and SEBI – governing it and often passing contradictory rules. Hence, there is a lack of one single cohesive governing body that can lay down the guidelines for the functioning of fintechs in India.

From a strictly regulatory point of view, fintechs are heavily reliant on technology and the internet, and this leads to greater security threats. Fintechs today are constantly exposed to the risk of money laundering, cyber security threats, data privacy loopholes, bad loans, and much more.

Hence, from a regulatory and compliance standpoint, the prime focus has to undoubtedly be on risk management in the fintech industry. Regulators have to be certain that fintech firms are prioritising risk, and are taking actual measures to assess it, mitigate it, and make sure that risk management is a significant part of their self-governing mechanisms.

Given the more rapid rate of fintech adoption, there is an immediate need for more robust national data security and privacy policies. With a robust policy framework in place, digital lenders can rely on a more poignantly prescribed set of guidelines, rather than generalised ones set by large conglomerates. Having a unified Data Security and Privacy policy will allow the companies meeting it, to be verified using a third-party auditor and communicate the same to their customers.

Currently, the customer is not able to differentiate between identical-looking financial services providers — which ones are mindful of customer privacy and which ones are not. Akin to a PCI-DSS compliance — a Security & Privacy Compliance verified by annual third-party audits - will allow customers to build the right trust in compliant entities.

The writer is Founder and CEO, Kissht