IFSCA Authorisation: An Overview
India is currently considered the third largest fintech ecosystem and a part of the fastest growing fintech markets in the world, with an expected valuation of USD 150 Billion by 2025, owing to the wide range of fintech businesses operating across the country. The fintech industry in India has risen exponentially, especially with the entry of foreign players into this market. The competition for domestic entities has increased exponentially.
IFSCA is an acronym for International Financial Services Centres Authority, established in April 2020. It is established as a unified regulator with the vision to promote ease of doing business and provide a world-class regulatory environment. One of this Authority's main objectives is to develop a strong global connection focusing on the needs of the Indian economy and serving as an international financial platform for the entire region and the global economy.
The IFSCA has laid down a framework for obtaining Authorisation from the authority for Fintech businesses through the circular F.No. 521/IFSCA/FinTech/FE Framework/2022-23 dated 27.04.22 considering this industry's growth, development and importance.
How to Obtain Authorisation from IFSCA?
The Fintech Companies can obtain Authorisation from IFSCA by fulfilling the eligibility criteria and adhering to the prescribed process, including documentation and payment of requisite fees. A detailed description of all the aspects is discussed hereinunder-
Eligibility Criteria for Obtaining Authorisation from IFSCA
The applicant must satisfy the below-mentioned eligibility criteria to obtain authorisation from IFSCA-
If the Applicant is from India
The entity must be registered as a start-up relating to fintech with the Department for Promotion of Industry and Internal Trade (DPIIT) or
- An LLP, Company as per the provisions of the Companies Act 2013, a 'Branch' of an Indian company or LLP in IFSC; or
- an entity working either directly or indirectly in the ecosystem regulated by the domestic financial sector regulator
If the Applicant is from Outside India
- The entity must be from a country or jurisdiction compliant with the FATF (Financial Action Task Force)
- The applicant must propose using technology in its core product or service, business model, distribution model or methodology to solve the targeted problem.
- The applicant must have a deployable solution/working product and a revenue-earning track record in at least 1 of the previous three financial years.
- The applicant must undertake the permissible activities as prescribed for the authorisation that involves-
- Providing FinTech solutions resulting in new business models, process applications or products in financial services regulated by the Authority.
- Providing emerging or advanced technology solutions in allied areas/activities that provide aid and assistance in activities related to financial services, financial products and financial institutions (TechFin).
List of Permissible Activities / Areas of Fintech
The below-mentioned table enlists the permissible Activities / Areas in Fintech, which are –
Capital Markets and Funds Management
Remittance and payments
Innovative technologies for lifecycle management of insurance (underwriting, claims management of life/health products etc.)
Buy Now Pay Later
Digital innovation for global health insurance cover
Innovation in commercial insurance
Digital Bank (Neo Banking/Challenger bank)
Sustainable Finance products
Digital platform for the settlement of balances between insurance companies
Alternate trading platforms
Open insurance, Embedded insurance and Cyber Insurance
A list of Permissible allied areas/activities aiding and assisting activities in relation to a financial institution (TechFin) financial product or financial services is given below:
- Agri Tech
- Climate/Green/Sustainable Tech
- Defence Tech 2 (e) Regulatory Tech
- Space Tech
- Supervisory Tech
- Technology solutions supporting Digital banking like Core Banking etc
- Technology solutions aiding Trade Finance
- Solutions/services for BFSI domain leveraging:
- Artificial Intelligence/Machine Learning/
- Big Data
- Cyber security
- Digital Identity/KYC/AML/CFT
- Distributed Ledger Technology
- Fraud detection/prevention
- Internet of Things (IoT) (
- Longevity Finance
- Metaverse, inclusive of Augmented Reality and /or Virtual Reality
- Quantum Tech
- Web 3.0
List of Documents required for Authorisation
The applicant must furnish the following documents for the obtainment of authorisation of IFSCA.
- Certified copy of the COI /registration document of the Applicant or Parent/promoter
- Certified copy of MOA, AOA, LLP agreement or any document of similar nature) Parent/promoter or applicant, as may be applicable
- Certified copy of previous 3 years' audited consolidated financial statements of the Applicant and Parent/Promoter, as may be applicable.
- Declaration certifying the authenticity of the information supplied
Procedure for Authorisation of IFSCA
The applicant must adhere to the following procedure for authorisation from IFSCA.
Arrangement of Documents
The applicant must arrange all the relevant documents before proceeding with the procedure.
File the Application
The applicant shall file the application through the form provided by the authority, which includes information related to the applicant's details, details of the Parent/Promoter of the Applicant, and details about ongoing FinTech Activity (if any along with the Proposed Solution and Legal and Regulatory Assessment.
Submission of Form and Documents
After filling up the form in the prescribed manner, the applicant must submit the form along with the essential documents to the IFSCA for further evaluation.
Evaluation of Application
Upon submitting the application form and the documents, the same shall be evaluated by the evaluation Committee of IFSCA to check submissions on the basis of the fulfilment of eligibility criteria, relevance, priority focus areas, KYC AML compliance, Fintech pitch etc. Any discrepancy in this regard shall be communicated to the applicant within the prescribed time limit. Any delay in rectifying the same shall lead to the rejection of the application. Further, the committee would prepare a background note which shall be submitted to the IFSCA along with the recommendations with regard to the grant or rejection of Authorisation.
Grant of Authorisation by IFSCA
Upon the receipt of the recommendations of the Evaluation Committee, IFSCA shall grant the Authorisation to the applicant.
Post Authorisation Compliance Requirements
The Fintech Company is mandated to comply with the below-mentioned Post Authorisation Compliance Requirements-
Maintenance of Records, Books of Accounts and Documents
Every FinTech Entity must ensure to maintain its records, books of accounts and other documents in a freely convertible foreign currency other than INR as may be declared by the applicant when making an application.
Submissions of Report / Information
Every FinTech Entity must furnish the following information to the IFSCA.
- A certified copy of the annual financial statements is duly audited within 30 days of its finalisation.
- Details of regulatory action, if any, within the time period of 15 days from receipt of notice for initiation of regulatory action.
- The financial information must be submitted to the IFSCA in US Dollars unless otherwise specified by the authority.
- The IFSCA reserves the right to call for any information, documents, or records as it may deem necessary from the FinTech Entity from time to time.
Other Compliance Requirements
An authorised person must be appointed by the Fintech Company, as per the requirements stipulated under its constitutional documents, to represent the FinTech entity before the Authority and ensure compliance with the applicable regulatory requirements.
Every FinTech Entity must comply with the applicable and relevant regulatory obligations, guidelines and standards, and policies at all times.
Action in Case of Default
In case a FinTech Entity fails to comply with any of the requirements under the prescribed framework and /or any other applicable laws, the IFSCA has the power to initiate appropriate action as deemed necessary, giving a reasonable opportunity to make its written submissions.
If the authority finds out at any stage that the Authorisation was obtained based on incomplete or wrong information /disclosure, the Authorisation granted may be withdrawn/cancelled by the Authority.
Fintech Regulatory Sandbox
Every Fintech Company is required to adhere to certain requirements prescribed in the framework set up by a regulator allowing the FinTech start-ups and other innovators to conduct live experiments in a controlled environment under the supervision of such a regulator. The sandbox regulations for Fintechs under IFSCA are –
Permissible Activities under Sandbox
Activities are covered under permissible activities, and an applicant shall be permitted to undertake one or more of these activities. An Applicant would be permitted to undertake one or more of the following activities upon the fulfilment of the following requirements-
- Testing of FinTech ideas or solutions in IFSCA FinTech Regulatory Sandbox
- Developing and testing FinTech ideas or solutions in IFSCA FinTech Innovation Sandbox
- Testing the FinTech ideas or solutions in Inter- Operable Regulatory Sandbox (IRS)
- Providing FinTech ideas or solutions in the Overseas Regulatory Referral mechanism/FinTech Bridge offered by IFSCA.
The eligibility criteria are similar to those discussed above, such as registration with DPIIT, incorporation, adherence to FATF etc.
Eligibility Criteria for the Proposed Solution
The proposed solution by the applicant must possess the following:
- Genuineness of innovation
- A genuine need to test
- Limited prior testing
- Direct benefits to the users
- Absence of risks to the financial system
- Testing the readiness of the solution
- Deployment post-testing
Application Procedure for IFSCA Fin-Tech Regulatory Sandbox (FRS)
The applicant must comply with the following procedure for IFSCA Fin-Tech Regulatory Sandbox (FRS)
Gathering the Documents
The applicant must ensure to gather all the relevant documents beforehand to avoid any complexities at the time of following the application procedure.
Filing the Application
Once the applicant has fulfilled the eligibility criteria, he must proceed with filing the application for the sandbox regulation by filing the application form and duly signing the same in the manner prescribed by the Authority.
Screening of Application
The application submitted by the applicant shall undergo a screening process. The applicant shall be informed of the potential suitability for a sandbox within 30 working days from the submission of the complete application, including all the information necessary for assessment and
IFSCA may communicate with the applicant when screening the application, followed by issuing guidance to the applicant as per the specific characteristics and risks associated with the proposed solution, and any deficiencies shall be communicated within 30 days which must be rectified by the applicant to avoid the rejection of application
Approval Process within IFSCA FinTech Regulatory Sandbox
After the completion of the application procedure, the next stage shall be the approval process which is elaborated below -
- The applicant must assign a contact person to coordinate with a designated officer of IFSCA.
- During the Evaluation stage, the committee shall work with the applicant to determine the specific regulatory requirements and conditions, including the test parameters and control boundaries needed to be applied to the proposed solution.
- The time required for assessing the application depends on its completeness and complexity and the specific legal and regulatory requirements involved. If the applicant successfully meets the proposed regulatory requirements and /or conditions, the applicant shall obtain permission to develop and test the proposed FinTech innovation(s) in the sandbox.
- A Limited Use Authorisation as "FinTech Entity (FE)" may be accorded by IFSCA to the applicant for developing and testing the proposed solution in the IFSCA FinTech Regulatory Sandbox.
- Upon receiving such authorisation, the FinTech Entity shall proceed towards the "Testing Stage", wherein the FE shall disclose to its users about the solution being operated in a sandbox along with the potential key risks associated with the solution. The FE must also obtain the user's acknowledgement that they have read and understood the risks associated with the solution.
- During the testing stage, the FE requires prior approval from IFSCA to affect any material changes to the solution.
- The maximum duration of the sandbox testing stage shall be twelve months, extendable further by six months only upon request of the FE.
- In case the application is rejected at any stage. The FE shall be informed about the same. The reasons for such rejection could include failure to comply with the objective of the sandbox or any of the eligibility criteria. The Financial Entity can make the reapplication for the sandbox upon being ready to comply with the eligibility criteria and objective of the sandbox only after an appropriate cooling-off period as decided by IFSCA.
Evaluation Criteria within Sandbox
The below-mentioned parameters shall be used as evaluation criteria by the authority for evaluating within the Sandbox by IFSCA, inter-alia, as per the parameters given below:
- Profile of the Financial Institution
- Usage of innovative solutions, inclusive of its processes; and/or technology
- Identified benefits to the investors/ customers and/or the Capital Market.
- Appropriate disclosure requirements and protection for their users
- Banking, Insurance Funds Management, etc.;
- A Compilation of the meaningful test scenarios and expected/desired outcomes;
- Graded testing conditions / Risk measured and parameters to ensure safety and protection of the markets/investors
- A well-defined mechanism for grievance redressal and rights of users
- Requisite disclosure regarding the potential risks to participating users
- Prior declaration containing confirmation from users about fully understanding and accepting the attendant risks ;
- The deployment and monitoring strategy post-testing (if the tests are considered successful) or the exit strategy (if the tests are not successful);
- Intent and feasibility for deploying the proposed FinTech solution post-testing;
- Any other relevant factors as per IFSCA.
Upon successful exit from the Sandbox, the financial entity intending to operate t its business as FinTech under any existing or the modified regulatory dispensation specified by the authority shall be Authorised as a "FinTech Entity" to operate under the appropriate regulatory regime. However, suppose the authority does not approve the testing. In that case, the entity can use either exit on its own from the sandbox by giving a 30 days advance notice or request for an extension of the testing period.
- The Authority can exempt certain regulatory requirements, depending on the FinTech solution to be tested.
- The applicant can seek the grant of exemption by mentioning the exemptions in the submitted application.
- The authority shall grant the exemptions after analysing specific sandbox testing applications.
- Upon the completion of the testing period, the financial entity shall exit the regulatory sandbox.
Revocation of Approval
IFSCA has the authority to revoke the approval of participation in the sandbox at any point time prior to the end of the testing period if the Financial Entity
- Fails to place the mitigating risk measures;
- Submit false, misleading or inaccurate information or has concealed or failed to disclose material facts in the application;
- Is in contravention with any law which adversely affects its functioning in IFSC;
- Suffers a loss of reputation that could likely impact the engagement of the users with the product or solution
- An Order for initiation of insolvency or liquidation process has been passed against it or its parent.
- Compromisation of the digital security and integrity of the service or product or elevates the risk of a cyber-security attack;
- Conducts the business in a manner detrimental to users or the public at large;
- Fails to address effectively any technical defects, flaws or vulnerabilities in the product, service or solution which give rise to recurring service disruptions or fraudulent activities; or
- Fails to implement any directions provided by the Authority.
IFSCA Fin-Tech Innovation Sandbox (FIS)
- The FinTech firms may access the "Innovation Sandbox", a testing environment wherein the FinTechcompanies can test their solutions in isolation from the live market as per the market-related data made available by the regulated entities in IFSC.
- The regulated entities operating in IFSC shall assemble the necessary systems and infrastructure for operationalising the Innovation Sandbox.
- The eligibility criteria and the procedure remain the same as in the regulatory sandbox.
- Upon successfully exiting the FIS, the applicant shall be eligible to apply for IFSCA FinTech Regulatory Sandbox.
Inter-operable Regulatory Sandbox (IoRS) with IFSCA being the Principal Regulator
- Foreign FinTechs who seek entry to Indian markets shall be considered for IoRS only if that entity has a fintech business. Whose business models/activities/features fall within the remit of more than one domestic financial sector regulator act as Associate Regulator(s) under IoRS.
- IFSCA, after consulting with Associate Regulator(s), can reserve the right on the admissibility of the hybrid product/solution/innovation as per its FinTech Regulatory Sandbox Framework and accordingly communicate to the applicant.
- After a successful exit from the IoRS, the entity shall approach the Authority and the Associate Regulator(s) for authorisation and seek regulatory dispensation before launching the product in the market.
- The process must comply with Standard Operating Procedure (SoP) as specified by the coordination group for IoRS (with the support of Inter Regulatory Technical Group on FinTech).
FinTech Bridges/Overseas Regulatory Referral Mechanism of IFSCA
- This would be governed as per the provisions of the (MoU) or collaboration or special arrangement between the Authority and corresponding overseas Financial Sector Regulator(s).
- In writing, the Financial Entity may exit the sandbox on its own by giving a prior notice of 30 working days to IFSCA of its intention to exit the sandbox.