The recently guidelines as published by the RBI is as can be expected from a Central Bank taking their role seriously. The guidelines are on the strict side of what will enable mobile banking services to be rolled-out with very little risk to the monetary system. The RBI should be complemented on this. In reading the guidelines, the following are particularly interesting:
2.2 Restricting the service to proper KYC/AML complaint accounts is wise, but will impact many services based on viral or light wallet type solutions. Also pre-paid debit cards will adversely be impacted. Some schemes currently implemented in India will have to be modified.
2.3. Limiting the service to "only Rupee based services" means that services like money remittance and transactions involving Card Association services will have to be re-evaluated.
3.3 The requirement of a signed document to subscribe to the service have massive impacts. The definition of "Standard Services" should possibly extended to also cater for payments to previously defined beneficiaries and to ad hoc payments.
4.1 The implication of this requirement, if analised properly have major implications. I would argue that none of the services deployed currently comply with confidentiality nor non-repudiation as the bearer channels utilised are all not bank-grade secure.
5.1 The requirement of having all services available on all networks are almost unattainable, unless network operators will be forced to co-operate.
5.2 The requirement to conform to ATM-type 8583 will be very difficult to implement if this requirement requires this to originate on the handset (as one would expect)
Annex II The requirements described in this annexure (especially application level encryption and many of the requirements regarding the management of PIN's) are not deployed in any of the Indian mobile banking solutions based on my limited understanding of what has been deployed. The RBI will have to relax this requirement or all mobile banking deployments will have to be re-designed.
What is of interest for me, is reference in Annex I of countries where regulatory guidelines exist. We at Fundamo have been pioneering mobile payments and banking in all of these countries (and others). We have always worked with the Central Banks, and it seems to be paying off.