Mitigating risk in a complex fintech ecosystem
Regulatory spotlight on digital payment structures
Recent regulatory developments and scrutiny by the GST Enforcement Wing have put India's digital payments ecosystem compliance and governance frameworks in the spotlight.
Authorities are closely evaluating whether GST has been correctly charged, disclosed and remitted in line with the nature of services provided, particularly as evolving business models and technological complexities reshape the payments landscape.
Focus of regulatory scrutiny
A key area of review is the GST treatment of payout and commission-based transaction models widely used across the digital payments ecosystem.
Regulators are assessing whether intermediaries in the payments value chain are correctly accounting for GST on the fees and commissions earned through these structures.
The scrutiny centres on how transaction flows are structured, documented and reported, including whether intermediaries appropriately recognise taxable service income and apply the correct GST treatment to commissions, facilitation fees and other charges.
With regulators increasingly using data analytics and cross-agency information sharing, scrutiny of payout structures and commission models is expected to intensify.
Who is at risk right now?
Payout service providers
Companies processing bulk payouts — salary disbursements, merchant settlements, and benefit transfers.
Payment aggregators
Aggregators earning transaction-based commissions or MDR who have not uniformly applied GST across all transaction types.
Business correspondent networks
BCs and their fintech principals under scrutiny for the GST treatment of commissions paid and received across the correspondent banking chain.
The cost of inaction
|
18%
|
Interest per annum
On unpaid GST from the due date — compounding rapidly across multi-year investigations.
|
|
100%
|
Penalty exposure
Penalties range from 10% (non-fraud) to 100% of tax (fraud/suppression alleged) — potentially material for financial and operational continuity.
|
|
5 years
|
Criminal imprisonment
Where evasion exceeds INR 5 crore and fraud is alleged, executives face prosecution with imprisonment up to 5 years.
|
|
6 years
|
Audit look-back period
GST authorities can investigate transactions dating back 6 financial years in fraud cases, to FY2019-20.
|
Is your organisation exposed?
Use this diagnostic to assess your GST risk exposure across the most common areas of enforcement focus in the digital payments sector.
| Risk area | Common gap found | Urgency |
|---|---|---|
|
GST on payout/commission income |
Misclassified as exempt or financial service
|
Critical
|
|
ITC on technology and marketing costs
|
Claimed without proportionate apportionment
|
Critical
|
|
GSTR-1 vs GSTR-3B reconciliation
|
Unexplained mismatches in prior years
|
Critical
|
|
Triggers for GST demand
|
Flimsy documentation, not defining commercial substance
|
Critical
|
|
Incriminating communications implying intent
|
Tax saving intent misconstrued as tax evasion
|
Critical
|
|
BC/partner commission GST treatment
|
GST not charged or passed through incorrectly
|
High
|
|
Float income and nodal account income
|
Not recognised as taxable service income
|
High
|
|
Cross-border payment fees
|
IGST treatment and place-of-supply ambiguity
|
Medium
|
|
API and platform access fees to merchants
|
Inconsistent GST charging across customer segments
|
Medium
|
Why fintechs are especially vulnerable?
Many fintechs grew transaction volumes exponentially while compliance teams and
tax infrastructure lagged, creating systemic gaps in the GST treatment of new
product lines.
Fintechs often assumed that GST liability was “passed through” to partners or
merchants via contracts, without verifying if the counterparty actually discharged the liability, leaving the originating fintech exposed.
The intersection of the RBI’s payment regulations and GST provisions has
historically been a grey area, but authorities are now taking an aggressive
interpretive stance that may not align with how companies originally structured their tax positions.
In complex multi-party payment flows (aggregator → sub-aggregator →
merchant), each node creates a potential GST liability. Where intermediate parties
do not charge or remit GST, the entire chain is brought under scrutiny, and
liability may be attributed upstream.
A four-pillar response
Fintech organisations need to act swiftly and methodically. Waiting for regulatory notices is no longer a viable strategy. A coordinated response led by senior leadership and cross-functional teams is essential to assess exposure, strengthen compliance and prepare for regulatory engagement.
Operational review with an investigative lens
Map all revenue streams and determine the correct GST treatment. Conduct a comprehensive review of GST records against audited financials and bank statements across the last six financial years. Reassess ITC claims and quantify potential exposure under different risk scenarios.
Legal preparedness
Engage specialised indirect tax and legal experts early. Identify key personnel who may be subject to examination and place litigation holds on financial records and communications. Ensure responses to notices or summons are handled with appropriate legal oversight.
Mitigation and corrective action
Where reviews identify potential gaps, proactive rectification before formal investigation can significantly reduce penalties and interest exposure while lowering the likelihood of criminal proceedings.
Strategic communication
Maintain clear and fact-based communication with the Board, senior management and key stakeholders. Engage relevant industry bodies where appropriate and avoid speculative disclosures without expert and legal review.
Immediate actions: First 30 days
Triage and mobilisation
- Convene leadership including the CFO, Head of Tax, General Counsel and CEO to assess exposure and assign ownership.
- Engage external forensic and indirect tax specialists to begin an independent GST review.
- Implement an immediate litigation hold on financial records, GST filings and transaction data from FY2019–20 onwards.
- Brief the Board and Audit Committee and initiate formal oversight of the compliance response.
Assess and remediate
- Evaluate potential exposures across revenue streams and consolidate supporting evidence.
- Develop a mitigation plan and discharge any undisputed GST liabilities with interest where appropriate.
- Review partner, merchant and vendor agreements to incorporate GST compliance provisions.
- Establish a dedicated response team and protocols for handling GST notices or summons.
Key takeaway
The window for proactive remediation is narrowing. Early corrective action and voluntary disclosure can significantly reduce penalties, minimise litigation risk and accelerate resolution.
How Grant Thornton Bharat can help
Investigative transaction-level diagnostic
Independent review of revenue streams, payouts, commissions and ITC across multiple financial years with an investigative lens
End-to-end GST governance framework
Aligning product design, operations, systems, reconciliations and compliance into one defensible model
Proactive remediation and risk mitigation
Strategise and implement corrections, remediations and disclosures to significantly
reduce risk of escalation and penalties
Board and leadership preparedness
Clear response protocols, data readiness and regulatory engagement support
