Team size:    25

What are the most significant cases, projects or transactions that you and/or your legal team have recently been involved in?

PayU is a group of companies in India backed by Prosus which is one of the largest technology investors in the world, with a significant portfolio of investments in India including in the fintech sector. As such, the range of work we do is very vast and covers a number of aspects at a macro level such as helping manage the investment portfolio, assisting in M&A activities, financing and fund raising and integrating any companies we acquire with the broader Prosus/PayU ecosystem.

This involves operating in a multinational environment within a nuanced matrixed structure involving multiple stakeholders across India, Southeast Asia and Europe.

At operating levels, given that most of our companies have a direct or indirect line of supervision mostly going into the RBI1 which is the regulator for payments and financing activities, we not only place a great amount of emphasis on operating in a compliant manner but also strive to set industry standards in terms of sustainable and compliant business practices. This also includes maintaining close coordination with regulators, industry associations and policy advocacy bodies.

On the payments side, being one of the foremost payments solutions providers in the country, our work involves multiple types of arrangements with banks, card networks, NPCI and other players in the ecosystem on the one hand and several top merchants and business houses on the other to who we offer our solutions.

On the credit side, our work involves setting up multiple sources of funding for our businesses and offering credit through digital means to a number of individuals and businesses. We also have a large presence in the banking ecosystem as a service provider to banks which requires setting up numerous types of arrangements with banks in India and overseas. PayU is also a user and provider of multiple types of services involving cutting edge technologies including AI that require an understanding of emerging technologies and associated legal/regulatory nuances.

The legal team works closely with business, technology, information security and product teams and provides frameworks in relation to matters such as information security, privacy, intellectual property, regulatory requirements and responsible Gen AI usage. These frameworks ensure that our overall businesses and products evolve in a manner that reduces multiple types of risks, including legal and regulatory, concentration, transaction-fraud and reputation risks.

One major development that the payment industry saw in recent years was the full regulation of the payments space. Such a transition in practical terms is a very complex process where the entire organisational approach needs to be aligned towards multiple branches of operational/compliance requiring granular changes and alignments in all processes relating to the payments business. These may not only cover revamping of policies and procedures but also ground level implementation of operational frameworks that can enable sustained operations in a regulated environment. Further, as we acquire new companies and integrate those in the group, our governance, compliance and operating standards need to be extended to such new acquisitions as well.

How do you approach managing legal aspects during periods of instability or crisis to ensure the organisation’s resilience? 

As the legal team responsible for managing legal and regulatory risks for the entire organisation, it is imperative that all our planning and roadmaps should take into account all worst-case scenarios right from the design stage. Further, we also need to devise processes and practices that could help the organisation continue its operations even during black swan types of events. To address some of these challenges, the legal team has incubated a product approval process that outlines all basic requirements right from the inception of a new product or business line. Our detailed policy framework that covers all major operational areas of our business underpins our structuring of any new products or business lines. These together with third line defences such as rigorous internal audit scrutiny go a long way in ensuring that we are able to continue operations in a resilient manner during any instabilities or crisis- situations.

What strategies do you employ to ensure the successful digital transformation of a legal department while maintaining compliance with your country’s data protection laws? 

In case of legal departments of regulated institutions such as ours, certain aspects of data sovereignty, date protection and data privacy assume a central role given the multiple regulatory requirements that apply. These are different from data related restrictions that apply to companies operating in the non-regulated space. Our strategies include the design and implementation of frameworks that ensure compliance with the data sovereignty and privacy by design aspects of all our businesses and related operations, including legal. These are implemented across departments based on a central data framework that then branches out into specifics that are applicable to other teams responsible for product development, implementation of various types of integrations and finally cyber security which includes multiple layers of policies and practices which are aimed at ensuring compliance with data protection, privacy and data sovereignty type of aspects.

What factors influence your team’s decision to use external legal services versus handling matters in-house, and what criteria are used to evaluate their performance? 

Our case is a bit unique simply because law firms may not have the practical expertise to understand the intricacies and dynamics of the payments and fintech business. However, as a time-constrained legal team, there are occasions when we require assistance from law firms to help us streamline our internal policies and documentation. Involving external law firms also means that we need to do extensive hand holding in order that they are they are able to deliver outcomes that are up to our expectations. Accordingly, when it comes to the core businesses, the team has adopted the approach of long-term engagement and mutual exchange of expertise. Some of the law firms that we work with have been with us since several years.

When it comes to other non-core areas, such as fund raising, mergers and acquisitions or governance aspects, we do have engagements with several Tier 1 and Tier 2 law firms, and we use them frequently. For specialised matters such as litigation and intellectual property, we have a panel of lawyers and law firms that assist us on a regular basis.

We are very careful in the selection of our law firms and are not simply influenced by brand value or size. My own approach has been to find out subject matter experts and evaluate them rigorously before taking the decision to give an assignment. In case of a law firm or lawyer that I have not dealt with previously, my typical approach will be to first identify individuals within the law firms that can deliver the value we seek, test their credentials by holding many conversations and also evaluating their past work.

How does your team contribute to the overall business strategy of the company? Can you share an example of a recent legal-led initiative that had a significant impact?

It goes without saying that functions such as legal need to evaluate and articulate the risk appetite of the organisation and create frameworks that enables business growth in a sustainable and compliant manner. At the same time, the legal team has to understand the needs of business partners and their imperatives, in order to play the role of an effective enabler. It is only with such a collaborative approach that the legal team can earn the trust of business partners which also helps in better absorption/acceptance of the boundaries by the business partners that control functions such as legal so keenly wish to achieve.