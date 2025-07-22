Home / Finance / News / Fintech SRO FACE mandates a code of conduct for RegTech companies

Fintech SRO FACE mandates a code of conduct for RegTech companies

For the first time, FACE has issued a code of conduct for RegTech firms, ensuring cooperation with regulators, data security, and adherence to guidelines set by financial sector authorities

Financial services, especially payments and lending, are being embedded across many large consumer tech platforms to enhance customer experience. Companies are adding fintech capabilities to their incumbent services on the back of a high customer bas
FACE members providing regulatory technology products must implement the code of conduct within six months.
Ajinkya Kawale Mumbai
3 min read Last Updated : Jul 22 2025 | 3:42 PM IST
For the first time, the Fintech Association for Consumer Empowerment (FACE) has issued a code of conduct for RegTech firms, mandating cooperation with regulators and government authorities during inspections. This includes providing access to relevant IT systems, data, and documents, including those handled by subcontractors.
 
Such companies are required to adhere to guidelines mandated by financial sector regulators that may directly or indirectly apply to them. RegTech firms are not directly regulated by financial sector regulators.
 
FACE members providing regulatory technology products must implement the code of conduct within six months.
 
The code covers multiple policy themes such as engagement with regulators, responsible innovation, data privacy and security, partnerships, employee training and conduct, and grievance redressal.
 
A process for reporting and resolving security incidents, data breaches, or system failures must be established, along with conducting third-party audits of systems. Similarly, sensitive data is required to be secured with encryption, access controls, and regular audits of systems.
 
The code of conduct mandates companies to develop internal policies to comply with India’s data protection laws and sectoral regulations. This aspect deals with items such as obtaining user consent, data management, and the handling of personal sensitive information. 
 
“This initiative is a signal of maturity and intent — not just for FACE but for the broader FinTech and RegTech ecosystem. As regulatory technologies scale in scope and impact, the Code sets a much-needed foundation for self-regulation, enabling companies to build with trust, accountability, and integrity,” said Sugandh Saxena, Chief Executive Officer, FACE.
 
FACE is a self-regulatory organisation for the fintech sector recognised by the Reserve Bank of India (RBI).
 
RegTech companies service multiple firms, including regulated entities (REs) such as banks and non-banks, for compliance with regulatory guidelines, overseeing key compliance aspects such as verification, data protection, and fraud prevention.
 
Apart from REs, RegTech companies cater to industries such as pharma, energy, real estate, startups, and healthcare, among others.
 
FACE has stated that the code is not a substitute for existing regulations and does not override them. Existing norms take precedence in the event of a conflict, it said.
 
The code also requires companies to regularly conduct due diligence on all their partnerships. 
Stakeholders such as customers and employees should have accessible channels to report grievances.
 

Topics :Fintech sectorfinance sector

First Published: Jul 22 2025 | 3:42 PM IST

