India is rapidly digitising. There are good things and bad, speed-bumps on the way and caveats to be mindful of. The weekly column Terminal focuses on all that is connected and is not – on digital issues, policy, ideas and themes dominating the conversation in India and the world.The shift towards digitalisation in India has been led by the private sector, and Aadhaar is often cited as a driver of social and economic development. While civil society has largely focused on civil liberties concerns such as privacy, it is also important to consider the accountability implications of digitalisation. Systems are being made more opaque than ever and governments are insulated by regulators who hide behind technology when it comes to being transparent. This ends up denying the benefits of digitisation to the people, and instead bringing them great risks and hardships.Regulatory silences can be costlyIn a shocking incident, TamilNad Mercantile Bank mistakenly deposited Rs 9,000 crore in the account of a cab driver in Chennai. The driver was able to transact up to Rs 21,000 before the erroneous transaction was reversed. He was later contacted by the nearest branch officials who instructed him to remain tight-lipped about the incident, but subsequently he was threatened to repay the money spent or face consequences. An unknown cash deposit into his account for Rs 11,000 and offers for a car loan to remain silent about the episode later forced him to go public about the incident.The CEO of the bank has now resigned citing ‘personal reasons’. The mistake was caused by a combination of factors, including invalid account numbers and a software bug in the National Automated Clearing House (NACH) application, a system widely used for salary payments/EMIs. While the bank was able to reverse the transaction quickly, it is important to note that such incidents could have serious consequences for customers and financial institutions alike, especially in this era when individuals have instant payments at their fingertips and can move money faster than ever before. It must be remembered that a similar software bug in SWIFT (financial messaging system) was cited as the reason behind the Nirav Modi fraud involving the Punjab National Bank.The incident highlights serious gaps in critical legacy payment systems like the NACH system, run by the National Payments Corporation of India (NPCI), and the need for active regulation. The Reserve Bank of India, while being detailedly prescriptive citing consumer protection (to the extent of bringing them hardship like with the recurring payments fiasco) when it comes to card networks and prepaid instruments, actively chooses to remain blind when it comes to supervising and under-regulates the payments systems run by NPCI, leading to issues such as these.The RBI should actively publish detailed reports on the quality of its supervision of regulated entities and conduct periodic reviews of all payment systems with all stakeholders, including members of the public, to maintain public trust in the regulatory system.Moody’s commentary on AadhaarMoody’s Investors Service, a global rating agency, has raised concerns about security and privacy vulnerabilities in centralised identification systems like India’s Aadhaar programme. Moody’s in its report had said that Aadhaar’s system often results in service denials, and questioned the reliability of biometric technologies, especially for manual labourers in hot, humid climates.India’s Ministry of Electronics & IT while dismissing the concerns and said Moody’s report “does not cite either primary or secondary data or research in support of the opinions presented in it”.The UIDAI only publishes cumulative transaction data by provider on its dashboard and has not released any data on failures. This is also similar to how statistics on UPI/Aadhaar-based direct benefit transfers are published, but there is no official number of UPI fraudulent transactions/Aadhaar-Enabled Payment System biometric frauds. If the government/regulators don’t publish official data that is uncomfortable, it is impossible to cite. Moody’s does cite the CAG report on UIDAI while indicating biometric reliability.Indians have been the guinea pigs to pilot the Centralised Digital ID system and the success of Aadhaar equally lies in under-reporting failures and narrative management. The Moody’s report comes at a time when India is attempting to sell this technical prowess through the G20 and a credible reply to the allegations would be to publish hard data – on biometric reliability and data points on new facial authentication modality, which is touted as response to both failures and fraud prevention that is prevalent in fingerprint-based biometric verification.Central Bank Digital Currency about which the RBI has no dataThe Reserve Bank of India, in response to an RTI, has said it has no data on the Central Bank Digital Currency (CBDC), eRupee-Retail, it issues. CBDCs are piloted by several central banks as a regulated alternative to cryptocurrencies. The RBI came down strongly on cryptocurrencies originally through a shadow ban and was restrained by the Supreme Court, and the government later introduced crypto taxation to restrict the free outflow of money.While the monetary sovereignty arguments might have legitimate state interest, and would be well within the purview of the central bank to have a strong opinion on, the same has to be matched when it comes to transparency too. Demonetisation (including the ongoing removal of the Rs 2,000 note from supply, which got an additional one week extension) made the central bank far more transparent when it comes to money supply. We cannot go back to a world where the central bank says it has no data when it comes to the currency notes it issues.The no data response by the regulator is bizarre, given the fact that it gave approval to make CBDC transactions on UPI network. If such a decision was indeed taken without necessary data, the regulatory capability is seriously questionable.The RBI deputy governor, though, is open to spilling some numbers for industry – and had said 15,000 transactions happen daily through CBDC. CBDC pilot is run on a blockchain and that the RBI through NPCI has access to detailed data is the logical expectation. The only reason, then, for citing it has no data is that this is the default response mode and allergy to transparency when it comes to RTI queries. This lack of transparency – especially on crucial matters such as money supply/new digital currency – fails not just at democratic accountability levels, but also what the market expects. Cryptocurrencies, which are often criticised for their volatility, publish the entire transaction log publicly, making them more transparent than some centralised digital money systems. A Moody’s thumbs down on the rupee (even on CBDC) will be far more costly economically than the one on Aadhaar, and the effects of that will be on every person in the country.Regulators are the new power centres and regulatory accountability both via parliament and civil society is needed to prevent seemingly small, unknown excesses that have large, irreversible damages to society for the profits of a few.Srikanth Lakshmanan is part of CashlessConsumer, a consumer collective working on digital payments with a goal of moving towards a fair cashless society with equitable rights.
