The Reserve Bank of India (RBI) imposed a significant fine of ₹5.39 crore on Paytm Payments Bank, highlighting various instances of non-compliance with the RBI’s guidelines. The penalties were levied for failing to adhere to specific provisions concerning Know Your Customer (KYC) protocols, cybersecurity measures, and other regulatory requirements.
The RBI’s Action
The RBI’s decision to impose a ₹5.39 crore fine on Paytm Payments Bank stems from multiple instances where the bank failed to meet regulatory requirements. The penalties were imposed based on the following key areas of non-compliance:
KYC Guidelines Violations
Paytm Payments Bank was penalized for “non-compliance with certain provisions of the ‘Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016‘.” The failure to adhere to these KYC guidelines was a significant concern for the RBI, as it plays a vital role in ensuring the security and authenticity of customer accounts.
In addition to KYC violations, Paytm Payments Bank was found to be in breach of cybersecurity measures. The RBI guidelines for licensing of payment banks and the “Cybersecurity framework in banks” were not adequately followed. One of the key issues in this regard was the failure to report cybersecurity incidents promptly.
Beneficial Ownership Identification
The RBI also highlighted that Paytm Payments Bank had failed to identify the beneficial owners of entities onboarded for providing payout services. Identifying the true owners of these entities is crucial for maintaining transparency and preventing illicit activities.
Payout Transactions Monitoring and Risk Profiling
The bank was found lacking in its ability to monitor payout transactions and perform risk profiling of entities using payout services. Effective monitoring and risk assessment are essential to safeguard against financial irregularities.
Customer Advance Account Balances
Paytm Payments Bank was also penalized for not adhering to the regulatory ceiling concerning the end-of-day balance in certain customer advance accounts that availed payout services. This lack of compliance raises concerns about the security and integrity of customer funds.
Device Binding and V-CIP Infrastructure
Specific technological security measures were also not implemented correctly. Paytm failed to implement device binding control measures related to ‘SMS delivery receipt check.’ Additionally, its V-CIP infrastructure was unable to prevent connections from IP addresses located outside India, which poses a potential security risk.
RBI’s Review Process
The RBI’s decision to impose this substantial fine on Paytm Payments Bank was made following a comprehensive review process. The regulatory body conducted an analysis of deficiencies in regulatory compliance, examined a special scrutiny report, and assessed a comprehensive system audit report, among other documents.
It is worth noting that this isn’t the first instance of regulatory action against Paytm Payments Bank. Last year, the RBI had restricted the bank from acquiring new customers and had ordered a comprehensive audit of its IT systems. These actions indicate a history of non-compliance and regulatory concerns surrounding the bank’s operations.