The International Financial Services Centres Authority (IFSCA) has introduced the Payment Services Regulations, 2024, aimed at providing clarity on the authorization and operation of Payment Service Providers (PSPs). This article explores key FAQs regarding these regulations. Understanding the IFSCA (Payment Services) Regulations, 2024, is crucial for entities seeking authorization as Payment Service Providers. Adhering to the guidelines, compliance requirements, and rationales behind prohibitions ensures a smooth and regulatory-compliant operation.
INTERNATIONAL FINANCIAL SERVICES CENTRES AUTHORITY
FREQUENTLY ASKED QUESTIONS (FAQs) ON THE IFSCA (PAYMENT SERVICES) REGULATIONS, 2024
Disclaimer: These FAQs do not constitute legal advice but are intended to provide clarity on the concepts related to the IFSCA (Payment Services) Regulations, 2024 (“PS Regulations”). Any queries about the PS Regulations may be addressed to IFSCA at [email protected]. In case of any disparity between these FAQs and the provisions of relevant Acts/regulations/rules, the later shall prevail.
(1) What is the rationale behind issuance of the PS Regulations ?
The rationale behind issuance of PS Regulations (hereinafter referred to as “the regulations”) is to lay down the framework under which entities may apply to be authorised as a Payment Service Provider (PSP) and provide the permitted services to persons within and outside IFSC subject to adherence to the terms and conditions in the regulation.
(2) How are Payment Services different from Payment Systems ?
The term “payment system” refers to a set of instruments, rules, procedures, processes and interbank funds transfer systems that facilitate the transfer of money. It encompasses the entity operating the payment system (“payment system operator” or “PSO”) and the participants. Such participants include banks, clearing and settlement systems and payment service providers that offer payment services to the end use.
“Payment services” consists of the provision of transaction account that provides the source of funds (e.g., bank account, e-wallets) or the payment instrument through which the user initiates a payment order (e.g., cash, card, cheque) or the service channel used to initiate payment that connects the payer and the payee (e.g., bank branch, point-of-sale (POS) terminal, payment apps etc.)
In the diagram below, PSPs operate in the “Front End”, while PSO operates in the “Back End”.
(3) What is the authorisation and designation mechanism under the PS Regulations ?
The authorisation and designation mechanism in the regulations involve authorising an applicant satisfying the requirements therein as a Payment Service Provider (PSP). A PSP is permitted to provide all of the payment services mentioned in the regulations subject to satisfying the requirements provided in the regulations. The authorisation is perpetual in nature and remains in force till the same is either revoked/cancelled by the Authority or surrendered by the PSP.
A PSP whose business volumes exceed the limit and fulfil the conditions provided in the regulations is designated by the Authority as a “Significant” Payment Service Provider (SPSP). To differentiate SPSP from other PSPs, the other PSPs are referred to as Regular Payment Service Providers (RPSP).
Therefore, an application under the regulations has to be made for authorisation as a PSP. The authorisation, if granted, will be as a PSP and the authorised entity shall be referred to as a RPSP. Once the RPSP achieves the thresholds and conditions provided in Part C of Schedule I to the regulations, the Authority shall designate the said PSP as a SPSP.
In summary therefore :
a) Application shall be submitted for authorisation as a PSP.
b) SPSP is a designation granted by the Authority and cannot be applied for.
c) An existing PSP need not apply for designation as a SPSP once it achieves the designated business volumes.
(4) Are all activities relating to payments regulated under the PS Regulations? If not, then what is the rationale for excluding certain services ? Also, what is the rationale for excluding certain entities from the requirement of authorisation under the PS Regulations ?
As mentioned in (2) above, for a service to be included in the definition of payment service it has to involve a provision of account for initiating payment or provision of a mechanism for issuing an order to initiate the payment or provision of a channel that connects the payer and the payee. Based on this , five services/activities have been currently permitted under the regulations.
Services that have been excluded from the list of payment services are in the nature of transactions between related parties (e.g., holding company and its subsidiary), payment services provided by banks and services which are in the nature of technical support to enable payment services (e.g., provision and maintenance of terminals etc.).
Following from the above, certain entities like Banks, Card Networks etc. are not required to be authorised under the regulations as payment services constitute one of the natural services that such entities provide and they are already permitted to provide such services under their respective licencing/authorisation frameworks.
(5) When is the Company (which shall be the holder of the authorisation as PSP) to be formed during the process of application for authorisation as a Payment Service Provider (PSP) under the PS Regulations?
The process of authorisation as PSP, including formation of the Company, is explained below :
APPLICATION
i. Any person wishing to seek authorisation as a PSP shall apply to the Authority in the form and manner specified1.
ii. As per the regulations, PSPs are permitted to be set up only in the form of a company. Such a company is however not required to be set up at the time of application. The application may be submitted by the Parent company wishing to set up a PSP as a subsidiary or any group company of the Parent company . Therefore, reference to the “Applicant” in the application form is in the context of a Parent company wishing to set up a PSP as a subsidiary or any group company of the Parent company.
IN-PRINCIPLE APPROVAL
iii. The Authority shall scrutinise the application submitted. During this process, the Authority may seek further information or clarifications from the applicant.
iv. On completion of the scrutiny, if the Authority is satisfied that the applicant prima facie, fulfils the requirements of authorisation as PSP, an In-principle approval would be issued with instructions to satisfy such conditions specified by the Authority.
ISSUE OF CERTIFICATE OF AUTHORISATION
v. One of the conditions in (iv) would be to set up a Company with its registered office in IFSC.
vi. At this stage a Company with its registered office in IFSC has to be created and necessary capital has to be inserted into the newly formed Company so that the minimum net worth requirement as specified in the regulations is satisfied.
vii. Deficiencies found during scrutiny of applications shall be referred to the applicant for closure/rectification within a specified number of days.
viii. Failure to rectify such deficiencies within the given time will lead to refusal of authorisation.
ix. The applicant may withdraw a previously submitted application any time before the grant of authorisation.
x. A Company that satisfies the requirements, inter alia, mentioned in (vi) and (vii) shall be issued a certificate of Authorisation by the Authority.
Process flow for authorisation as a PSP
The Authority views the formal submission of application as the last step in the process of setting up a PSP. Prospective applicants are encouraged to engage with the Authority and give an overview of its business model and plan of operations prior to submitting a formal application.
(6) When is a person considered to be providing payment services in or from IFSC ?
Requirement for authorisation as a PSP is mandatory for any person seeking to provide Payment Services in or from IFSC (regulation 3 of the regulations). For any person to be considered as providing payment services in or from IFSC, such a person should have a place of business in IFSC and should be providing one or more services specified in Part A of Schedule I of the regulations from such place of business (either on standalone basis or in addition to other activities).
(7) What are the types of service covered under the heading “merchant acquisition services”?
The merchant acquisition service under the regulations covers the service of payment aggregation. This service provides multiple payment methods to the merchants so that their customers can pay using their preferred mode of payment. Also, such a service provider undertakes settlement of funds, i.e., it moves the money from banks and other issuing entities to the merchants. It is clarified that the scope of merchant acquisition service under the regulations does not include the service of providing payment gateway as the same is considered to be a technical service and therefore excluded under clause 2(h) of Part B of schedule I of the regulations.
(8) What is the scope of cross-border money transfer service? Does it cover a scenario where a PSP transmits (or arranges for the transmission of) money between a sender and a recipient who are the same person?
Where a PSP carries on a business of accepting money from a person in IFSC for the purpose of transmitting the money or making arrangements for transmitting the money so collected to any person outside IFSC, the said activity would fall under the definition of cross-border money transfer service.
Further, receiving money from a person outside IFSC for transmitting to any person in IFSC would also be considered to be cross-border money transfer service.
Additionally, a PSP receiving money from a person outside IFSC and remitting the same to another person outside IFSC would also be considered to be cross-border money transfer service under these regulations.
Therefore, for a service to fall under the definition of cross-border money transfer service, presence of either the receiver or the sender in IFSC is not a compulsory requirement. Further, the scope of cross-border money transfer service covers any transfer of money from a sender from IFSC to a recipient in other country or territory (including India) or vice-versa, regardless of whether the sender or recipient of such money are the same person.
(9) How should a PSP comply with the requirement of safeguarding of money received from a Payment Service User in cases where the PSP provides a combination of payment services, say, cross border money transfer and merchant acquisition services in a single transaction ?
The requirement of safeguarding applicable funds, as mandated under regulation 23(1) read with Schedule VI of the regulations, applies to the total sum of applicable funds being held by the PSP at any point of time. Therefore, if two or more of the payment services are being provided as part of a single transaction, the sum of money that is being held by the PSP for giving effect to the transaction shall be covered by the safeguarding requirements till the transaction is complete and the money moves out of the possession of the PSP.
(10) What are the types of payment account that are envisaged under the service of account issuance?
Account issuance service includes the service of issuing a payment account to any person in IFSC or outside IFSC. The definition of payment account in the regulations covers accounts issued by the PSP in both physical (e.g., charge card) and virtual (e.g., e-wallet) forms. When deciding whether an account that is being issued by them is a payment account under the regulations, PSPs are encouraged to consider the complete definition of the term payment account including whether such account can be used for initiation of a payment order or execution of payment transactions.
(11) Is topping up an e-wallet considered to be an activity of account issuance under the PS Regulations ?
No, topping up an e-wallet (issued by a PSP) by a third party (other than “agents” of PSPs) shall not be considered to be an account issuance service activity being undertaken by such third party under the regulations.
(12) Can an e-wallet issued by a PSP hold cryptocurrencies like Bitcoin etc. and/or stable coins?
An e-wallet issued by a PSP cannot store cryptocurrencies like Bitcoin etc. and/or stable coins.
(13) Which are the currencies that an e-wallet, issued by a PSP, may hold ?
Currently, an e-wallet, issued by a PSP, may hold the following currencies : USD, EUR, JPY, GBP, CAD,AUD, CHF, HKD, SGD, AED and RUB. These currencies are collectively referred to as “specified currencies”.
(14) Can an e-wallet issued by a PSP hold Indian Rupee (INR) ? An e-wallet issued by a PSP cannot hold Indian Rupee (INR) in any form or manner.
(15) What are the issues relating to foreign exchange laws that a Company set up in India consider before applying for authorisation as a PSP ? Can companies set up outside India apply for authorisation as a PSP ?
As clarified in (5) above, the application for authorisation of a PSP may be submitted by a Parent company wishing to set up a PSP as a subsidiary or any group company of the Parent company. As the company to be set up in IFSC for holding the PSP authorisation shall be a person resident outside India under the provisions of the Foreign Exchange Management Act, 1999 (FEMA), the applicant (parent company) in this case, being a person resident in India is advised to consider the provisions of FEMA including those relating to opening of foreign subsidiaries, transmission of capital from the resident company to the non-resident subsidiary etc. before submitting its application.
A Parent company set up outside India wishing to set up a PSP as a subsidiary or any group company of the Parent company set up outside India may apply for authorisation as a PSP. In such cases both the applicant as well as the company set up in IFSC for holding the PSP authorisation shall be a person resident outside India.
(16) Are PSPs required to comply with AML/CFT requirements?
The IFSCA (Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022 (“the guidelines”) defines a “regulated entity” as a unit/entity which has been granted license, recognition, registration or authorisation by the Authority. Therefore, a PSP authorised under the regulations would be a regulated entity and would have to comply with the requirements of the guidelines.
(17) Is the power to direct PSPs to maintain security deposits meant to guarantee the funds held by the payment service users with the PSPs ?
No. The regulations empower the Authority to require a PSP to maintain security deposit of a specified amount either at the time of authorisation or at any time thereafter. Where a PSP surrenders the authorisation granted to it or the authorisation granted to it has been revoked by the Authority, the Authority may apply the security deposit, to the extent required, to pay any sums outstanding and claimed by payment service users who are customers of the concerned PSP. While this may result in such payment service users recovering a part of the sums outstanding and claimed by them against the PSP, it is not intended to nor can it insure customers against all losses.
(19) When is IFSCA likely to require a PSP to maintain security deposit and how would the quantum of security deposit to be maintained be arrived at ?
IFSCA is likely to require a PSP to maintain security deposit if it is of the opinion that the business model and/or the operational structure of the applicant/PSP warrants such a requirement to be placed on the PSP. A PSP may be asked to place such deposit either prior to commencement of operations or any time thereafter. The quantum of the security deposit will primarily be a function of the volume of business being undertaken by the PSP suitably adjusted to take into account the future growth trajectory of such business.
(20) How will IFSCA apply the security deposit collected from PSPs?
It is to be noted that security deposit, wherever mandated and collected, does not constitute and is not intended to be, a mechanism for repaying the customers of or suppliers of goods and services to the PSP in case of the failure of the PSP to do so. The safeguarding requirements of customer funds in the regulations means that, ordinarily, customer dues of the PSP would not fall below the amount held in the escrow account and therefore would not require a payout from the security deposit collected from PSPs. Similarly, suppliers of goods and services to the PSP are expected to monitor their credit lines to the PSP based on their internal assessment and not depend on the security deposit to cover the shortfall that may result due to inability of a PSP to pay its dues. While the Authority may use the security deposit to pay the customers and suppliers, this cannot be claimed as a right or as a matter of course.
(21) Why is the rationale behind the requirements of the regulations pertaining to third party service providers?
The rationale behind the requirements for third party service providers is to ensure that when PSPs make use of such service providers as part of their business plan for providing payment services, due regard is given to issues like onboarding of such service providers, ongoing monitoring of such service providers both in terms of quality of service provided as well as their financial strength and preparation of contingency plans in case of a service provider ceasing its operations etc. The Authority while deciding on an application under regulation 8 of the regulations, shall also take into account the extent to which the business plan of the applicant proposes to use the services of third-party service providers while providing payment services.
(22) Why is the PSP prohibited from lending or advancing money to any person or extend credit to the payment service user or any other person ?
The authorisation as a PSP is based on the premise that such PSPs shall provide only those payment services which are permitted under the regulations while managing the risks arising out of such activities. One of the major risks that a PSP faces is Operational risk and the provisions in the regulations seek to ensure that the PSPs properly identify and protect against such risk. Lending/advancing money would expose PSPs to Credit risk as well, the management of which requires a different set of skills as well as larger capital provision. The Authority is of the opinion that the operation as a PSP is best isolated from the Credit risk that the activities like lending/advancing money would entail.
(23) Why are PSPs prohibited from providing their payment service users the ability to withdraw their e-wallet balances in cash ?
The restriction is consistent with IFSCA’s stated policy of not permitting cash transactions in IFSC. Further, given that the goal of regulations is to promote use of electronic means of transactions, withdrawal of e-wallet balances in cash is inconsistent with this approach. This approach is also in alignment with international practice regarding permissible transactions for e-wallet balances.
(24) Why has IFSCA not specified a cap on the amounts that can be stored on personal e-wallets ?
Specification of a standard cap on the amounts that can be stored on personal e-wallets would not be in line with IFSCA’s principle-based approach towards regulations. Further, given that cash withdrawal of e-money balance is not permitted, the concern about large size of cash withdrawal through the e-money wallets and their attendant concerns does not exist for PSPs. IFSCA would assess the quality of the internal risk management of the applicants based on their ability to identify the need for such caps in specific cases and the process of arriving at the cap based on the transaction history of the respective Payment Service User and any other attendant factors. IFSCA would also encourage PSPs to provide Payment Service Users the facility to set discretionary caps on their e-money wallets. Therefore, while IFSCA does not mandate a “one size fits all” cap for personal e-money accounts, it would expect applicants to set such caps in a differentiated and dynamic manner.
(25) How will IFSCA treat breaches in e-money thresholds arising out of the variation in exchange rates of currencies stored in an e-wallet ?
Breaches in e-money thresholds on account of variation in exchange rates will be treated by IFSCA based on a consideration of the factors contributing to the breach and whether the concerned PSP had taken necessary measures to anticipate the possibility of such breach and had taken reasonable measures to prevent such breach.
(25) What is the rationale behind a PSP needing to have a nodal bank ? Apart from the Nodal bank can a PSP have accounts with other banks in IFSC ?
The Nodal bank is to be the bank (IBU/IBC) through which a PSP undertakes its transactions are mandated by the regulations e.g., maintenance of escrow account, holding of security deposit etc. IFSCA needs to have information about such a bank for the purpose of supervising the PSPs. PSPs providing services like Escrow services may need to hold accounts with multiple banks for operational reasons e.g., handling a situation where the system of the Nodal bank is unavailable etc. Taking this into consideration, PSPs may hold additional accounts with banks (IBU/IBC) apart from those with its Nodal bank. In all cases, the PSP has to justify the need for opening multiple accounts in light of the transactions being undertaken by them.
Notes
1 Refer to Circular on “Format and manner of seeking authorisation as Payment Service Provider” dated February 6, 2024. Schedule I of the application form is common for all financial institutions in IFSC. Therefore, some of the references/information items therein may not be relevant to the application as a PSP. Applicants are requested to follow the provisions of the regulations while filling the application form and leave references/information items not in line with the regulations unfilled.