The Indian telecom industry has come a long way from its humble beginnings. Post-liberalisation growth has seen the industry become the world’s second-largest communications market. Telecommunication services today are a critical infrastructure that facilitates the functions of the economy, administration, and society. Even with a one billion+ subscriber base and 800 million+ internet users, the overall teledensity is just above 84%, with the rural market remaining largely untapped. While the industry has been going through a sustained period of growth, it is also weighed down by the complex regulatory framework. Telecom companies are in direct contact with petabytes and exabytes of sensitive user data on a daily basis. As such, it is imperative that the industry be carefully and thoroughly regulated. Consequently, specifying these businesses’ responsibility, accountability, and liability is essential.
A typical telecom company with a multiple-state operation is liable for over 1,200 compliance obligations. These obligations arise from at least 90 acts, rules, and regulations. These include the Quality of Service of Broadband Service Regulations, 2006; Policy Guidelines for Uplinking and Downlinking of Television Channels, International Telecommunication Access to Essential Facilities at Cable Landing Stations Regulations, 2007; Telecommunication Levy Act, 2011; Remote Access Guidelines, 2013; The Cable Television Networks (Regulations) Ordinance, 1994; and various tariff guidelines, to name a few.
Among the compliance requirements, companies need to submit quarterly customer service reports, quarterly network service reports, performance monitoring reports of consumer complaints against UCCs (Unsolicited Commercial Communications), and maintain records of the complaints. Companies operating an uplinking hub are required to obtain a security clearance from the Ministry of Home Affairs (MHA) and comply with any conditions put forth by the MHA. In addition, they must submit the application for renewal of permission at least 6 months prior to its expiry. They also need prior approval from the Ministry of Information and Broadcasting (MIB) before using uplinking facilities. DTH (direct-to-home) service providers are required to pay quarterly license fees and an annual fee. Businesses are required to display their vendor licenses in their outlets. DTH operators are further required to submit a report to the licensor to establish and install the uplink earth station within 12 months of SACFA clearance. They must also furnish all technical and operational details of channels to be uplinked. Operators must also appoint a dedicated grievance redressal team for VAS (Value Added Services) complaints. For every new customer onboarding, the operator is obligated to upload the KYC documents to the database within a month of the SIM card activation. Telecom service providers are obligated to maintain records of all M2M (Machine-to-Machine) SIMs. Moreover, they must ensure that no third party has access to communication between the licensing authority and the licensee.
Service providers are obligated to serve a 30-day advance notice before terminating the tariff plans of both prepaid and postpaid users. For customers porting to another service provider, the operator must have suitable mechanisms in place to protect the data of the subscriber from being intercepted during the port. Operators are also required to ensure that the user connections meet the quality of service benchmark (>=95%) every quarter. Customer deposits must be refunded within 60 days from the date of closure. In the event of a fault or repair, the restoration of service must be within the next three days with a >90% average benchmark for restoration within the next working day.
Telecom licensees are further required to establish facilities to continuously monitor their networks for intrusions, attacks, and fraud and report it to the licensing authorities and CERT-In. They must conduct annual security audits of the network or get the network audited by a third-party agency. They must also keep a record of all operation and maintenance command logs for a period of 12 months. The corporation itself should ensure that a majority of its board members are Indian citizens.
These are some of the various obligations and requirements a telecom operator must fulfil. These complexities grow exponentially with an increase in the scale and size of operations given the sheer volume of data and millions of customers of these businesses. These complexities are also affected by the ever-changing regulatory and policy landscape. In the last 12 months, TRAI published 116 regulatory updates for the industry. As the businesses grow, their ad-hoc, paper-based, and people-dependent processes fail to keep up. Compliance teams struggle to keep track of ongoing, pending, and upcoming obligations.
Furthermore, there are ongoing efforts to build guardrails around the use of data. The recently passed Digital Personal Data Protection Act, 2023 (DPDP Act) establishes the rights, obligations, and accountability of all stakeholders. Telecom service providers are privy to huge volumes of data on a daily basis. During the lifecycle of a customer relationship, they collect and process extensive amounts of personal data. This includes names, addresses, phone numbers, emails of contacts, call and browsing history, payment details, and other preferences. Partnerships and collaborations with third-party service providers are also an integral part of their business model. They are dependent on numerous partners and vendors to oversee operations and manage their networks, IT systems, distribution networks, customer service, collections, etc. The DPDP Act introduces new compliance requirements that enhance the privacy and security around user data and improve transparency in the industry. Businesses must comply with obligations such as appointing a Data Protection Officer, adopting robust cybersecurity practices, consent management, data usage transparency, breach reporting, data impact assessments, and routine privacy audits.
Digital solutions that harness regulatory technology can help these companies create a transparent, accountable, and timely compliance ecosystem. Technology-based compliance management processes can allow companies to keep up with regulatory updates and requirements published by TRAI and other regulators. A technology-driven compliance culture can significantly aid the business in staying on the right side of the law. Smart and automated compliance solutions improve control and visibility over compliance functions. They provide features that keep senior management informed and ahead. These solutions prevent lapses, delays, and defaults with tracking and management. New technology platforms are essential for businesses due to their customisable checklists, integrated databases, and real-time regulatory updates. They deliver relevant updates within 24 hours by tracking regulatory changes across thousands of government websites. This lets employers address urgent updates quickly.
These platforms also streamline the compliance programme for the telecom service providers. It integrates all paperwork with digital, verified, and tamper-proof copies. The central digital document repository is one place to store, manage, and access compliance paperwork. Digitally integrated document management saves employers time, energy, and resources, letting them focus on priorities. With more regulations on every aspect of a business, compliance is no longer the compliance department’s sole responsibility. KMPs must define compliance roles and responsibilities across all levels and departments. Enforcement of internal processes for inter-level and inter-department coordination is crucial for compliance management. Risk assessments, period assessments, and corrective interventions must be part of the compliance agenda.
The telecommunications industry is only going to grow as we become privy to more and more innovations and breakthroughs in technology. The digital economy is heavily reliant on the underlying information technology infrastructure. As such, it is critical to ensure that telecom service providers align with the regulators’ vision and are on the right side of the regulatory framework. Enlisting the aid of RegTech can enable corporations to efficiently navigate the complex regulatory waters and inspire the trust of their shareholders, customers, and investors by being compliant.
