Lessons From the BluSmart Case: Why the RBI Must Act Now on Digital Wallets

Menu
हिंदी తెలుగు اردو
Home Politics Economy World Security Law Science Society Culture Editor's Pick Opinion
Support independent journalism. Donate Now
Government
Lessons From the BluSmart Case: Why the RBI Must Act Now on Digital Wallets
Sarthak Gupta
11 minutes ago
The BluSmart incident reflects a clear regulatory gap in the manner in which the RBI has decided to govern the digital wallets.
Reserve Bank of India. Photo: CC BY-SA 2.5, via Wikimedia Commons
Real journalism holds power accountable
Since 2015, The Wire has done just that.
But we can continue only with your support.
Contribute now
Another Indian financial watchdog has found itself quietly drawn into the BluSmart saga —this time, it's the Reserve Bank of India (RBI). According to reports, last month, the RBI initiated consultations with stakeholders to assess the viability and regulatory framework of digital wallets.
This comes in the wake of thousands of BluSmart users, who had preloaded funds into their BluSmart's digital wallet for booking airport and intra-city rides, suddenly finding themselves unable to use, withdraw, or transfer their money.
It was only after significant public outcry that the company announced it would refund the money, though it would take at least three months for users to get their funds back. It's important to note that BluSmart is one of India's largest consumer-facing mobility companies. Had this happened with some smaller regional business – say, a local coffee chain – users might not have got even a chance to recover a single rupee.
The business could have shut down overnight, leaving customers with little more than hope. The incident reflects a clear regulatory gap in the manner in which the RBI has decided to govern the digital wallets.
Differential treatment
In 2009, the RBI for the first time decided to regulate digital wallets in the country, and since then, it has broadly categorised digital wallets into two buckets – open system wallets and closed system wallets. The first one, i.e., open system wallet, allows users to make payments not just to the entity which has issued these wallets but also to certain third-party entities after users load them from their preferred payment option – debit card, netbanking, etc.
For example, the Phone Pe Wallet (not to be confused with Phone Pe UPI). The user just needs to load the Phone Pe Wallet and then can use the same for services within their Phone Pe app, like mobile recharges or insurance purchases and also on other platforms such as Amazon for shopping or Zomato for food delivery.
There are specific rules governing these open system wallets. For instance, all the money that is loaded by the user in the wallet is stored in an escrow account maintained in a bank, not with the wallet provider, ensuring the safety of funds.
Like a debit and credit card transaction, there has to be two-factor authentication (2FA) for all transactions that happen through the wallet, preventing unauthorised payments. Any grievance of the user has to be resolved within a strict and definitive timeline of 30 days. Further, there are cybersecurity norms, transaction monitoring, and reporting obligations to the RBI.
The second one, i.e., closed system wallets, allows users to make payments only to the entity that has issued the wallet after users load it. For instance, if you have a Myntra wallet, it can be used solely to purchase clothes and accessories from Myntra.
As per the RBI, since 'these instruments cannot be used for payment or settlement for third-party services,' their issuance and operation do not require approval or supervision from any regulatory authority. It is worth noting that this was not always the case.
In the initial years when the RBI began regulating such digital wallets in the country, it had imposed certain limits and reporting requirements on entities offering closed system wallets. However, the most recent regulatory framework—specifically the version issued in 2021 —does not impose any such obligations.
Hence, as long as funds are circulated internally within the entity which has issued the wallet, such arrangements are not subject to regulatory oversight. The only document that governs the relationship between the wallet issuer and user is the terms and conditions prepared by the wallet issuer and accepted by the user. Users hardly have any bargaining power to get any change accepted in the standard terms and conditions.
For instance, if you refer to Clause 10 of BluSmart's terms and conditions, it states that the company shall not be responsible for any unauthorised use of the user's e-wallet, credit card, debit card, or net banking account during or after availing the services on the application or website. This raises a critical question of fairness: Should a company that solely owns and operates the app or platform be allowed to disclaim liability for unauthorised payments made through its interface?
While it can be argued that a user always has the option to approach a consumer court in case of any grievance, the practicality of this recourse is questionable. Consider the fact that the average transaction value for mobile wallets in India is almost just Rs. 450. Pursuing legal action for such small-ticket disputes is often disproportionate, akin to buying a 50-cent chicken but spending two dollars on spices.
The light-touch approach of the RBI
The RBI has emerged not just as a regulator but as a facilitator of innovation in the financial ecosystem in the recent years. It has allowed innovation, experimentation, and market-led development with minimal intervention.
Just a few weeks back, Sanjay Malhotra, RBI governor, in his speech at the inauguration of Digital Payments Awareness Week, observed, 'We have adopted a soft-touch approach to regulating the payments ecosystem and FinTechs, and through these regulations, the Reserve Bank attempts to balance these divergent sets of expectations'.
India's offline payment aggregation industry is one of the biggest examples of this approach. The RBI has allowed offline payment aggregators – companies that provide QR codes, sound boxes, or swipe machines and process payments to operate without specific licensing or compliance frameworks.
This has allowed rapid expansion of low-cost digital payments in rural and semi-urban areas, through players like Paytm, BharatPe, etc. Just for reference of readers who are not familiar with the fintech industry – the counterpart of offline payment aggregators, i.e, online payment aggregators – a company that processes payments for online payment transactions has to follow one of India's rigid compliance frameworks.
However, when a uniform approach is applied indiscriminately, it often causes more harm than good. That's exactly what happened during the period from 2018 to 2021, when the number of digital loan apps mushroomed across the country in the absence of any specific direction from the RBI. These apps simply partnered with any available Bank or NBFC and started disbursing loans with instant approvals.
Result – there were cases of excessive interest rates being charged, misuse of phonebook access to harass defaulting borrowers (and their relatives), and even instances of photo-morphing using borrowers' phone galleries, and suicides. The situation became so murky that the Union government had to step in. The finance minister directed the RBI to prepare a whitelist of legitimate digital lending apps, and the Ministry of Electronics and IT also blocked access to several unlawful platforms. Eventually RBI had to bring the Guidelines on Digital Lending, 2022, to specifically regulate the digital lending industry. This guideline did not just prohibit data misuse, but also fettered access to data by digital lenders.
RBI's 'light-touch' approach
With the closed system wallet, the RBI seems to have taken the same 'light-touch' approach, keeping in mind that no low money laundering risk the closed loop wallet present. Funds can only be used within a specific ecosystem and cannot be transferred to other users, restricting the movement of funds and thereby reducing the risk of concealing illicit transactions. However, incidents like the Bluesmart case have highlighted that risks extend beyond just money laundering.
While it is understandable that the RBI seeks to avoid overburdening the market with excessive regulation, it can instead lay down just foundational principle like defining ownership of users on the fund being loaded, until it is utilsed, accountability of closed loop wallet provider to resolve issues of customer, transparency by mandating disclosure by closed loop wallet provider of features of wallet – fund expiry, refund policy, reloadability, and usage restrictions etc at onboarding etc.
Closed system wallets continue to be the industry's preferred model, largely due to low customer acquisition costs and the absence of KYC requirements. A principle-based framework, rather than a prescriptive compliance-heavy one, would strike a balanced approach, avoiding burdens like escrow maintenance or mandatory two-factor authentication, while still establishing essential rules that safeguard consumer interests and foster trust.
Sarthak Gupta is a lawyer with a focus on technology law and Fintech. He is available on LinkedIn here.
The Wire is now on WhatsApp. Follow our channel for sharp analysis and opinions on the latest developments.
Make a contribution to Independent Journalism
Related News
The State of the Economy: India Inc's Profit Dips, Rupee Is Asia's Worst Performer
Is RBI's New Plan for Bad Loans Just Another Quick Fix?
India's Net Foreign Direct Investment Plummets by 96.5% to Reach Record Low
RBI's Potential Record Dividend: Fiscal Relief or Long-Term Risk?
Between Lenders' Access to Phone Data and Digital Privacy, RBI Must Strike the Right Balance
MHA, Which Once Denied Foreign Aid to Flood-Hit Kerala, Gives FCRA Permit to Maharashtra Relief Fund
Profit and Sales Growth Slow Down as Compared to Last Year Amid Rising Cost and Trade Uncertainties
'Gruff Genius': Tiger Conservationist Valmik Thapar Dies At 73
Pollution Markets May Hold Promise but Regulatory Mechanisms Remain Crucial in India
About Us
Contact Us
Support Us
© Copyright. All Rights Reserved.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Business Standard

27 minutes ago

• Business Standard

DGCA launches comprehensive special audit plan to end siloed safety checks

The Directorate General of Civil Aviation (DGCA) has rolled out a new 'comprehensive special audit' framework for India's aviation sector that aims to move beyond siloed safety assessments and carry out integrated evaluations across airlines, airports, maintenance firms, training institutes, and ground handling agencies. 'Traditionally, regulatory and safety oversight functions within Indian aviation have been conducted in silos, with different directorates (of DGCA) performing inspections and audits specific to their respective domains. These activities include planned/unplanned surveillance inspections, random spot checks and ramp inspections, which primarily assess compliance and safety within individual aviation segments,' the regulator stated. On June 12, Air India's London-bound AI171 flight crashed shortly after take-off from Ahmedabad, killing 229 passengers, 12 crew members, and 34 people on the ground. Issued on June 19, the DGCA circular mentioned the need for 'a 360-degree evaluation of the aviation ecosystem, reflecting both its strengths and areas needing improvement'. Going beyond the annual surveillance audits currently in place, the special audits will be carried out by multidisciplinary teams led by senior officials from the regulator. These teams will include personnel from various DGCA divisions—such as flight standards, air safety, airworthiness, aerodrome standards, and air navigation—and may also bring in external experts when needed. The audits will examine three broad areas: the effectiveness of an organisation's Safety Management System (SMS), the robustness of its operational practices, and compliance with regulatory provisions. Each audit will involve a combination of techniques, including on-site inspections, document reviews, interviews with operational staff, safety data analysis, and training record checks. 'These audits will be over and above the Regulatory Audits carried out as per the Annual Surveillance Programme,' the DGCA said. They will apply to all major players in the civil aviation system, including not just airlines and airports but also Maintenance, Repair and Overhaul (MRO) providers, training academies, and even entities that manage emergency response systems and supply chains. The regulator will initiate these audits either routinely—such as through annual assessments or post-implementation reviews—or in response to specific triggers like serious incidents, regulatory violations, or findings by UN body International Civil Aviation Organisation (ICAO). In urgent cases, audits may begin without notice. Otherwise, entities will be given between three to fourteen working days to prepare. Audit findings will be categorised by severity. The most critical will require corrective action within seven days, while others may be resolved over 30 or 90 days. 'Audited entities must submit a Corrective Action Plan… detailing root cause analysis, remedial actions, preventive measures, implementation timelines, and success metrics,' the circular stated. The DGCA has also made it clear that enforcement will follow in cases where findings are not addressed. 'Non-compliance… may result in progressive enforcement actions, including advisory guidance, formal warnings, operational restrictions, financial penalty, suspension, or revocation of licences,' it noted. To encourage transparency, the regulator has promised confidentiality of audit findings in line with international norms. 'The Special Audit upholds a confidential approach, aligned with ICAO Annex 19 principles, to foster open reporting and positive safety culture,' it said. The new audits, DGCA said, will 'provide a holistic evaluation of the aviation sector, meticulously examining safety, operational efficiency, and regulatory compliance'. The goal is to proactively identify systemic vulnerabilities, enhance resilience, and ensure alignment with international standards and India's own aviation safety objectives.

Business Standard

27 minutes ago

• Business Standard

Markets may dip as US strikes on Iran stoke oil fears, global volatility

Indian markets may open lower on Monday due to fears of crude oil disruption from the West Asia though domestic institutional investors may support valuations Sundar Sethuraman Mumbai Listen to This Article Investors may have to brace for a spike in volatility on Monday following the US military's direct involvement in the Israel–Iran conflict over the weekend. Experts believe benchmark Sensex and Nifty may correct 1–1.5 per cent if oil prices surge and Asian markets fall due to the widening of the West Asia conflict. However, domestic institutional investor (DII) buying could cushion the fall. Last week, the domestic markets had gained over 1.5 per cent even as hostilities between Iran and Israel escalated. On Saturday, President Donald Trump announced targeted strikes on three of Iran's key nuclear facilities—Fordow, Natanz, and Isfahan—using

Mint

33 minutes ago

• Mint

Vivek Oberoi's Net Worth: Bollywood actor credits early stock market exposure for building ₹1,200 crore fortune

Actor Vivek Oberoi, whose acting career didn't went well, has turned himself into a successful businessman by creating a ₹ 1,200 crore biz empire. During a recent interview on Owais Andrabi's Dubai Property Insider podcast, Vivek revealed that his father only played the role of a mentor in his life and never helped him financially. Vivek, son of actor and politician Suresh Oberoi, made his Bollywood debut in 2002 with Ram Gopal Verma's film 'Company', and became a household name with movie 'Saathiya' (2002), directed by Shaad Ali. Talking about how he built such a big empire, Vivek said that his father groomed him regarding economics and business from a very young age. 'He would bring me a product and would ask me to create an entire business plan about how I was going to sell it. I started understanding the nuances of business from the age of 10 because I was going from door to door to sell that stuff.' Vivek further said that his father used to tell him 'I am a rich man; you are not. You will get there, but you have to do it on your own.' He also credited his exposure to the stock market trading and real estate investments during his teenage years for shaping up his entrepreneurial journey. He said: 'I was able to raise $3 million for my first company, and I was only 19, and I made a lot of money for my investors and myself, and I sold the company by the time I was 23. If I hadn't been applying myself for all those years, it never would have been possible. Because I put in that work, now I have been able to take nine companies public on the Indian stock market, and I am planning to take four more.' As of April 2025 Vivek Oberoi has a net worth of ₹ 1200 crore, according to Forbes India. His ventures include BNW Real Estate Developers, a prominent player in the UAE luxury market, and Solitario, a lab-grown diamond brand. Other business ventures in which Vivek has invested include global brand accelerator Impresario Global, a gin brand called Rutland Square Spirits, and vehicle care platform ReadyAssist.