India has seen a significant growth in the digital payments landscape over the last few years and the Reserve Bank of India (RBI) is also set to increase its regulatory focus on online & physical payment aggregators and payment gateways to ensure safety and security in these environments. As per the latest draft guidelines issued by the RBI, the expectations from payment aggregators (PA) are set to increase significantly around merchant onboarding, merchant classification, and ongoing monitoring processes. While the new regulation is still at a draft stage and with the RBI inviting feedback from the industry on it, it is obvious that the regulatory scrutiny on the digital payments and payment gateway landscape is definitely going to be more stringent than what it is right now. These regulations come at a time when newer typologies evolve in the fraud and money laundering space, where fraudsters and money launderers constantly seek to abuse the financial system using evolving technologies and by taking advantage of limitations in detection mechanisms.

Increasing abuse of the digital payments landscape is expected to push fintech companies to explore and invest in technology-driven solutions to help meet with regulatory requirements, alongside investing in intensive training programs for their employees to detect and prevent their platforms from being misused by fraudsters and money launderers.

Some of the key challenges faced by payment aggregators/fintech companies in this space are given below:

1. Segregating merchants basis the risk they bring to the platform to devise relevant monitoring strategies to eliminate risks, e.g. segregation basis products or services the merchants are associated with, income channel (subscriptions, pay-on delivery, online payments, etc.), credit worthiness of UBOs (Ultimate Beneficial Owners), and so on.

2. Dynamic risk assessments and implementation of decisions in the operating environments, e.g. volume of chargebacks, sudden change in volume of transactions, and so on.

3. Preventing illegal usage of payment gateways by smartphone-based loan applications controlled by entities outside the country.

4. Access to enriched information both from regulatory and adverse media sources for screening during the onboarding (KYC) and ongoing monitoring processes.

5. Consistent monitoring of merchants to identify transactional or behavioural inconsistencies.

6. Lack of larger risk and compliance teams, given fintech solutions are tech driven.

7. Detection of fraudulent websites and applications that support the following –

   1. Use of technology (like Deepfake) in creating websites that are identical to legitimate sites but are fraudulent. While a technology like Deepfake can be put to good use for a variety of things like helping people with disabilities express themselves online, create content by bringing in historical figures to reality for educational purposes, etc., scamsters are utilising this in creating promotional contents and websites that impersonate real people and genuine websites to commit fraud. As the saying goes, “it takes a thorn to remove a thorn”, the situation warrants extensive use of combative mechanisms involving artificial intelligence (AI) and machine learning (ML) technologies to counter this and prevent financial institutions (FIs) and end customers from falling prey to this.

   2. Promotion of gambling and illegal betting (game of chance), both of which are banned in India. The recent investigations by Enforcement Directorate (ED), which targeted dozens of foreign betting applications, reveal that fraudsters used multiple accounts and took advantage of gaps in certain crypto platforms to launder money. At times, even fraudulent payments were made for services that were never rendered and investments were made in the stock market as well. It is estimated that the losses from these illegal applications may even be more than INR 1 lakh crores. Such fraudsters do not give up easily and if one application is taken down by the authorities, then they come up with another one, making it a difficult task for the authorities to crack down their operations.

Also, from a regulatory viewpoint, reports indicate a surge in penalties on FIs by the RBI by 88% in the last 3 years, a significant portion of which were relating to deficiencies noted in the existing KYC- and AML-related controls. The regulator’s approach on public disclosure of key concerns and regulatory actions is set to enhance transparency and accountability in the sector and, at the same time, bring potential reputational damages for FIs, apart from fines, prosecutions, litigations, and other legal risks.

At Facctum, we aim to equip FIs and fintech companies with unmatched watchlist management, transaction screening, and transaction monitoring capabilities through our solutions that use cutting-edge technologies. With intelligent algorithms and a rich library of rules, our tools can unearth complex suspicious behaviour and emerging patterns that not only help FIs and fintech companies comply with regulatory obligations but also safeguard businesses by combatting fraud and money laundering crimes.