In a decisive move, the Reserve Bank of India (RBI) has imposed a substantial ₹5.39 crore fine on Paytm Payments Bank, underlining a series of regulatory violations. The fines were levied due to Paytm Payments Bank’s failure to meet specific compliance requirements outlined by the RBI, encompassing Know Your Customer (KYC) protocols, cybersecurity standards, and various other regulatory prerequisites.
The RBI’s decision to impose this fine is rooted in multiple areas of non-compliance:
- KYC Protocol Breach: Paytm Payments Bank faced penalties for “non-compliance with certain provisions of the ‘Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016.'” The failure to adhere to these KYC guidelines was a critical concern for the RBI, given its pivotal role in ensuring the security and authenticity of customer accounts.
- Cybersecurity Lapses: In addition to KYC violations, the bank was found to be in breach of cybersecurity measures. It failed to adequately follow the RBI’s guidelines for licensing of payment banks and the “Cybersecurity framework in banks.” One significant issue revolved around the bank’s failure to promptly report cybersecurity incidents.
- Beneficial Ownership Identification: Paytm Payments Bank also fell short in identifying the beneficial owners of entities onboarded for providing payout services. Identifying the true owners of these entities is essential for maintaining transparency and preventing illicit activities.
- Inadequate Transaction Monitoring: The bank was found wanting in its ability to monitor payout transactions and perform risk profiling of entities using payout services. Effective monitoring and risk assessment are vital to guard against financial irregularities.
- Balance Ceiling Violation: Paytm Payments Bank also faced penalties for not adhering to the regulatory ceiling concerning the end-of-day balance in certain customer advance accounts that availed payout services. This non-compliance raises concerns about the security and integrity of customer funds.
- Technological Security Gaps: The bank was faulted for not correctly implementing specific technological security measures. It failed to execute device binding control measures related to ‘SMS delivery receipt check,’ and its V-CIP infrastructure could not prevent connections from IP addresses located outside India, posing a potential security risk.
The RBI’s decision to impose this substantial fine on Paytm Payments Bank followed an extensive review process. This involved a thorough analysis of deficiencies in regulatory compliance, an examination of a special scrutiny report, and an assessment of a comprehensive system audit report, among other documents.
It’s noteworthy that this isn’t the first time Paytm Payments Bank has faced regulatory action. In the previous year, the RBI had imposed restrictions on the bank, preventing it from acquiring new customers and ordering a comprehensive audit of its IT systems. These actions underscore a history of non-compliance and regulatory concerns surrounding the bank’s operations.