FinTechBalancing Innovation and Risk: SEBI Proposes Amendments to Regulate Artificial Intelligence

January 3, 20250

INTRODUCTION

 

Artificial Intelligence (“AI”) has transformed the financial sector by facilitating advanced market analysis, stock selection, investment strategy formulation, and portfolio management. AI has improved efficiency and decision-making capacities by establishing a smooth link between financial institutions and investors.  The banking sector has also implemented machine learning techniques to process the structured and unstructured data and the critical need for detailed analysis to support policies and guidelines. However, this increased reliance on AI has also raised concerns regarding investor protection, data privacy, and ethical use. Hence, regulating these tools has become imperative to ensure transparency and accountability.

On December 18, 2024, the Securities and Exchange Board of India (“SEBI”) announced substantial regulatory measures governing the use of AI tools by regulated entities. SEBI has emphasized that any regulated entity employing AI interfaces, whether developed internally or acquired from third parties, would bear full accountability for their use. This includes adherence to data protection and privacy requirements, particularly for data held in a fiduciary capacity.

The directive extends to various categories of market participants, including:

  1. Market Infrastructure Institutions (“MIIs”), such as stock exchanges and clearing corporations.
  2. Registered intermediaries, including brokers and depository participants.
  3. Asset Management Companies (“AMCs”) and managers of pooled investment vehicles, such as mutual funds.

The regulator has emphasised that, “the regulations shall be applicable irrespective of the scale and scenario of adoption of such tools for conducting its business and servicing its investors.”

 

SEBI’s PROPOSED AMENDMENTS IN THE CONSULTATION PAPER ON AI TOOLS

On November 13, 2024, SEBI has released a consultation paper titled Proposed amendments with respect to assigning responsibility   for the use   of artificial   intelligence   tools   by   Market Infrastructure Institutions, Registered Intermediaries and other persons regulated by SEBI”.

It has recommended amendments in the following acts to hold regulated entities responsible for the consequences of the adoption of AI tools for providing any services to their client. The proposed regulations aim to:

  1. Balance technological innovation with investor welfare.
  2. Ensure transparency, privacy, confidentiality, and quality control over data sets.
  3. Assign responsibility for AI usage to regulated entities.

The SEBI has adopted a similar definition of Artificial Intelligence as “any application or software programme or executable system or a combination thereof, offered by the person regulated by the  Board, stock exchange or depository to investors/stakeholders or used internally by it to facilitate investing and trading or to disseminate investment strategies and advice, carry out its activities including compliance requirements and the same is portrayed as part of the public product offering or under usage for compliance or management or other business purposes.

To enforce these responsibilities, SEBI has recommended amendments to key regulatory statutes:

  1. Securities and Exchange Board of India (Intermediaries) Regulations, 2008 – Insertion of Chapter III B.
  2. Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Regulations, 2018 – Insertion of Regulation 39B.
  3. Securities and Exchange Board of India (Depositories and Participants) Regulations, 2018 – Insertion of Regulation 82 B.

The amendments says that any person regulated by the board, recognised stock exchange and depository that uses any artificial intelligence tools shall be responsible for:

  1. for the privacy, security and integrity of investors and stakeholders’ data including data maintained by it in a fiduciary capacity throughout the processes involved
  2. if the output arising from the usage of such tools and techniques is relied upon or dealt with; and
  3. for the compliance with applicable laws in force.

 

OTHER REGULATIONS

  1. Regulations for privacy

The Artificial Intelligence has been proven to be an effective combatant against cyber security and financial frauds and has helped investors reach more informed decision. However, such data is required to be protected.

The Digital Personal Data Protection Act, 2023 (“DPDPA”) recognises consent as a cornerstone for acquiring and maintaining data, however, it provides certain legitimate uses as an exception to this principle. Section 7 of the DPDPA specifies certain scenarios where data can be processed without it. These circumstances includes where the data principal has voluntarily provided their data and has not objected to its use for a defined purpose. Other exceptions include natural disasters, medical emergencies, employment-related matters, and the delivery of government services and benefits. This approach balances the need to protect personal data with the practical requirements of enabling essential services and addressing exceptional circumstances.

This can have an influence on AI development because they will be required to curate data with consent and deal with data that is not publicly available. Thus, consent will be required for data collection, storage, and processing.

The DPDPA also has extraterritorial applicability. According to Section 3(b), the DPDPA applies to entities processing personal data outside India if the processing is related to activities related to offering “goods or services” to data principals within India. This limits the scope of offshore AI system providers that do not offer goods or services to Indian data principals to profile and monitor their behaviour without being bound by the obligations set forth under the DPDPA.

 

  1. Regulations on cryptocurrency

The Reserve Bank of India has played a precautionary and proactive role with risks associated with cryptocurrency. This includes:

  1. Issuing advisories about the speculative nature of cryptocurrencies due to its inherent lack of transparency.
  2. Highlighting potential threats posed by digital assets to monetary stability and foreign exchange regulations.
  3. Advocating for international cooperation to create uniform regulations for crypto assets.
  4. Encouraging development and adoption of Central Bank Digital Currency against private cryptocurrency

SEBI has had a more positive approach towards cryptocurrency and aims to establish a framework to regulate digital assets to create a balance between innovation and investor protection. Its approach includes:

Cryptocurrencies are categorized into utility tokens and security tokens, each subject to specific regulatory requirements.

Issuers and exchanges must provide detailed disclosures to enhance transparency and minimize fraud risks.

Exchanges and service providers are required to obtain licenses, implement robust cybersecurity measures, comply with anti-money laundering (“AML”) and combat the financing of terrorism (“CFT”) regulations.

SEBI has established grievance redressal mechanisms and launched investor education initiatives to raise awareness about the potential risks of cryptocurrency investments.

On 7 March 2023, the Indian Ministry of Finance took a significant step toward strengthening the regulatory framework for cryptocurrencies by amending the Prevention of Money Laundering Act (“PMLA”) to encompass Virtual Digital Assets (“VDAs”).

 

Section 2(47A) of the Income Tax Act defines Virtual Digital Assets as:

 “(a) any information or code or number or token (not being Indian currency or foreign currency), generated through cryptographic means or otherwise, by whatever name called, providing a digital representation of value exchanged with or without consideration, with the promise or representation of having inherent value, or functions as a store of value or a unit of account including its use in any financial transaction or investment, but not limited to investment scheme; and can be transferred, stored or traded electronically;

 (b) a non-fungible token or any other token of similar nature, by whatever name called; and

 (c) any other digital asset, as the Central Government may, by notification in the Official Gazette specify”.

This amendment introduced acquisition of accurate originator and beneficiary information in wire transfers, Customer Due Diligence, Know Your Customer (“KYC”) requirements, maintenance of transactions records, placing greater accountability on virtual digital asset service providers. Under this regulation, all entities engaged in cryptocurrency-related activities are now mandated to obtain a license from the Financial Intelligence Unit of India (“FIU-IND”) and report any suspicious activities to them. The Director of (FIU-IND) is empowered to impose any penalty if the entity fails to comply with the PMLA Rules.

“The Cryptocurrency and Regulation of Official Digital Currency Bill, 2021” has been introduced to create a framework to regulate digital assets. The bill initially aimed to prohibit all private cryptocurrencies while laying the groundwork for the Reserve Bank of India (“RBI”) to issue an official digital currency, the Central Bank Digital Currency (“CBDC”). However, there has been a shift from prohibition to regulation of private cryptocurrency.

The evolution of the Cryptocurrency Bill underscores India’s attempt to navigate the complexities of this transformative sector. By transitioning from an outright ban to a more nuanced regulatory approach, the government aims to create clear legal and operational guidelines to facilitate the growing financial ecosystem.

 

PRINCIPLES GOVERNING AI

The rapid advancements in AI and cryptocurrency technologies have significantly transformed the financial and regulatory landscape in India. While AI has streamlined processes, enhanced decision-making, and strengthened market analysis, its increasing adoption raises critical concerns related to data privacy, investor protection, and ethical use. Similarly, cryptocurrencies, with their growing popularity, have necessitated robust regulatory frameworks to ensure financial stability and transparency.

In February 2021, the NITI Aayog provides with the following ethical principles that should govern AI use:

  • The principle of safety and reliability
  • The principle of equality
  • The principle of inclusivity and non-discrimination
  • The principle of privacy and security
  • The principle of transparency
  • The principle of accountability
  • The principle of protection and reinforcement of positive human values

AI is an important financial tool can also pose a risk due to its unpredictable nature. Hence, the above should act as guidelines to ensure responsible use of AI and data usage. The organizations can implement the above by ensuring:

  • Fairness and Transparency: This would ensure that AI systems provide unbiased and comprehensible outcomes.
  • Accuracy and Consistency: It is important to maintain high standards in decision-making processes to provide better information to the investors.
  • Data Privacy: It should focus on safeguarding sensitive customer information to protect its investor.
  • Explainability and Accountability: The AI decisions should be understandable and it should also take accountability for the outcomes.
  • Robustness and Monitoring: It should guarantee system resilience and continuous performance evaluation.
  • Human Oversight: The entity should also prevent automation biases through active human intervention.

 

AMLEGALS REMARKS

The SEBI and RBI has recognised the need to regulate AI to ensure innovation and accountability, ensuring transparency, investor protection, and adherence to privacy standards. India’s proactive regulatory measures highlight its attempt to foster innovation and ensuring systemic accountability. By creating a dynamic and balanced environment for AI and cryptocurrencies, India is positioning itself to harness the potential of these transformative technologies while safeguarding the interests of stakeholders in the financial ecosystem.

 

– Team AMLEGALS assisted by Ms. Mahima Periwal (Intern)

For any queries or feedback, feel free to connect to mridusha.guha@amlegals.com or liza.vanjani@amlegals.com

https://amlegals.com/wp-content/uploads/2020/12/footerlogo.png
+91-8448548549
info@amlegals.com

Follow us:

Navigation

Practice Areas

GST | NCLT Law Firm | Legal Reviews | AMLEGALS | Mumbai | IPR | Litigation | Corporate Allied Laws | GST Advisory | Sitemap | Arbitration | Advisory in india | Litigation Strategy | Media

© 2020-21 AMLEGALS Law Firm in Ahmedabad, Mumbai, Kolkata, New Delhi, Bengaluru for IBC, GST, Arbitration, Contract, Due Diligence, Corporate Laws, IPR, White Collar Crime, Litigation & Startup Advisory, Legal Advisory.

 

Disclaimer & Confirmation As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
    • there has been no advertisements, personal communication, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
    • user wishes to gain more information about AMLEGALS and its attorneys for his/her own information and use;
  • the information about us is provided to the user on his/her specific request and any information obtained or materials downloaded from this website is completely at their own volition and any transmission, receipt or use of this site does not create any lawyer-client relationship; and that
  • We are not responsible for any reliance that a user places on such information and shall not be liable for any loss or damage caused due to any inaccuracy in or exclusion of any information, or its interpretation thereof.
However, the user is advised to confirm the veracity of the same from independent and expert sources.
I Agree I Disagree