The International Financial Services Centres Authority (IFSCA) has introduced the Payment Services Regulations, 2024, under the powers vested by the IFSCA Act, 2019. These regulations aim to govern payment services within IFSC, ensuring compliance, authorisation, and risk management.
International Financial Services Centres Authority (Payment Services) Regulations, 20241
[As amended upto 2nd April, 2024]
In exercise of the powers conferred by sub-section (1) of Section 12 read with sub-section 1 of section 28 of the International Financial Services Centres Authority Act, 2019 (50 of 2019), the International Financial Services Centres Authority hereby makes the following regulations namely: –
Chapter I
Preliminary
Short title and commencement
1. (1) These regulations may be called the International Financial Services Centres Authority (Payment Services) Regulations, 2024.
(2) They shall come into force on the date of their publication in the Official Gazette.
Definitions
2. (1) In these regulations, unless the context otherwise requires, the terms defined herein shall bear the meanings as assigned to them below, and their cognate expressions shall be construed accordingly –
(a) “account issuance service” means any of the following services:
i. the service of issuing a payment account to a payment service user;
ii. the service required for operating a payment account, and includes:
a) the service (other than a cross-border money transfer service) that enables money to be placed in a payment account; or
b) the service (other than a cross-border money transfer service) that enables money to be withdrawn from a payment account;
(b) “Act” means the International Financial Services Centres Authority Act, 2019 (50 of 2019);
(c) “agent” means any person who acts on behalf of a payment service provider in relation to the payment services provided by him;
(d) “applicable funds” means-
i. funds received by a payment service provider from, or for the benefit of, a payment service user for the execution of a payment transaction; and
ii. funds received by a payment service provider from another payment service provider for the execution of a payment transaction on behalf of a payment service user;
(e) “Authority” means the International Financial Services Centres Authority established under sub-section (1) of Section 4 of the Act;
(f) “certificate of authorisation” means the certificate containing the details of the authorisation granted by the Authority to a payment service provider under regulation 10;
(g) “company” means a company as defined in sub-section 20 of section 2 of the Companies Act, 2013 (18 of 2013);
(h) “control” means control as defined in sub-section 27 of section 2 of the Companies Act, 2013 (18 of 2013)
(i) “cross‑border money transfer service” means either of the following services:
i. accepting money from a person in IFSC, whether as principal or agent, for the purpose of transmitting, or arranging for the transmission of, the money to any person outside IFSC;
ii. receiving money from a person outside IFSC or arranging for the receipt of money from a person outside IFSC whether as principal or agent, for the purpose of transmitting or arranging for the transmission of the money to any person in IFSC or any person outside IFSC.;
(j) “e‑money” means any electronically stored monetary value that —
i. is denominated in any specified foreign currency;
ii. has been paid for in advance to enable the making of payment transactions through the use of a payment account;
iii. is accepted by a person other than its issuer; and
iv. represents a claim on its issuer.
Explanation: The term “e-money” does not include deposit from any person.
(k) “e-money issuance service” means the service of issuing e-money to a payment service user for the purpose of allowing a payment service user to make payment transactions;
(l) 2[“escrow service” means the service provided by a payment service provider, under an agreement, whereby money is held by such payment service provider in an escrow account with an IFSC Banking Unit (‘IBU’) or an IFSC Banking Company (‘IBC’) for and on behalf of one or more parties that are in the process of completing a transaction;]
(m) ‘group entities’ means an arrangement involving two or more entities related to each other through any of the following relationships: (i) subsidiary – parent (as defined in Ind-AS 110/Accounting Standard 21); (ii) joint venture (as defined in Ind-AS 28/Accounting Standard 27); (iii) associate (as defined in Ind-AS 28/Accounting Standard 23); (iv) common brand name or (v) investment in equity shares of 20 per cent and above;
(n) “holding company”, means a company as defined in sub-section 46 of section 2 of the Companies Act, 2013 (18 of 2013);
(o) “IFSC” or “International Financial Services Centre” shall have the meaning assigned to it in clause (g) of sub-section (1) of section 3 of the Act;
(p) “key managerial personnel” shall have the meaning assigned to it in sub-section 50 of section 2 of the Companies Act, 2013 (18 of 2013) and any other person whom the payment service provider may declare as key managerial personnel;
(q) “merchant” means and includes all persons, in or outside IFSC, who accept payments for goods and services provided by them, through electronic/online payment modes;
(r) “merchant acquisition service” means any service of accepting and processing a payment transaction for a merchant under an agreement between the payment service provider and the merchant, which results in a transfer of money to the merchant pursuant to the payment transaction, regardless of whether the payment service provider comes into possession of any money in respect of the payment transaction;
(s) “money” includes e-money but excludes virtual digital asset and any excluded digital representation of value as may be specified by the Authority.
(t) “nodal bank” means an IFSC Banking Unit (‘IBU’) or an IFSC Banking Company (‘IBC’) identified by a payment service provider for maintenance of security deposits, if so specified by the Authority, or for holding of funds in escrow account or for any other purposes.
(u) “nth-party service provider” means a service provider that is part of a third- party service provider’s supply chain and supports the ultimate delivery of services to one or more payment service providers;
(v) “payment account” means an account or facility (either in physical or electronic form) held in the name of one or more payment service users and is used for initiation of a payment order or execution of payment transactions or both;
Explanation : The term “payment account” includes bank account, debit card, credit card and charge card.
(w) “payment instrument” means any written direction, personalised device or set of procedures through which a payment service user initiates a payment order;
(x) “payment order” means any instruction by a payment service user to the payment service provider requesting the execution of a payment transaction;
(y) “payment services” means any of the activities that is specified in Part A of Schedule I of these regulations but does not include activities specified in Part B of Schedule I of these regulations;
(z) “payment service provider” means a company authorised by the Authority, under these regulations, to provide one or more of the Payment Services;
(aa) “payment service user” means any person, in IFSC or outside IFSC, that makes use of a Payment Service provided by a Payment Service Provider in the capacity of a payer or a payee, or both;
(ab)“payment system” shall have the meaning assigned to it in clause (i) of sub-section (1) of section 2 of Payment and Settlement Systems Act, 2007 (51 of 2007);
(ac) “payment transaction” means the act of placing, transfer or withdrawal of money, whether for the purpose of paying for goods or services or for any other purpose, with or without any underlying obligations between the payer and payee;
(ad) “regular payment service provider” means a Payment Service Provider, authorised under regulation 10 of these regulations, other than significant payment service provider;
(ae) “safeguarding institution” means an IFSC Banking Unit (‘IBU’) or an IFSC Banking Company (‘IBC’), as defined in clause (ec) and (eb), respectively, of sub-regulation (1) of regulation 2 of the International Financial Services Centres (Banking) Regulations, 2020.
(af) “significant payment service provider” means any Payment Service Provider, who is designated as such under sub-regulation 4 of regulation 4 of these regulations;
(ag) “specified foreign currency” means the currencies specified in the First Schedule of the International Financial Services Centres Authority (Banking) Regulations, 2020 or any other regulation issued by the Authority;
(ah) “subsidiary” means a company as defined in sub-section 87of section 2 of the Companies Act, 2013 (18 of 2013);
(ai) “third-party service provider” means any person that provides services to one or more Payment Service Provider either directly or indirectly as part of the supply chain of another service provider;
(aj) “third-party service relationship” means a formal arrangement for the provision of one or more services, or parts thereof, in the form of activities, functions, processes and tasks, to a Payment Service Provider by a third party including:
i) arrangements for the provision of services to a Payment Service Provider by an intra-group service provider;
ii) services supporting transactions between a Payment Service Provider with their employees, customers or counterparties
(ak) “virtual digital asset” shall have the meaning assigned to it in sub-section 47A of section 2 of the Income Tax Act, 1961(43 of 1961);
(2) Words and expressions used and not defined in these regulations but defined in the Act or Acts mentioned in the First Schedule to the Act or the Companies Act, 2013 (18 of 2013) or any rules or regulations made thereunder shall have the same meanings respectively assigned to them in those Acts, rules or regulations or any statutory modification or re-enactment thereto, as the case may be.
Chapter II
Authorisation to Payment Service Providers
Requirement of authorisation for commencing or carrying on Payment Services
3. Any person seeking to provide Payment Services in or from IFSC shall require certificate of authorisation under these regulations.
Application for authorisation for providing Payment Services
4. (1) Any person desirous of providing Payment Services in or from IFSC (hereinafter referred to as “the Applicant”) shall submit an application to the Authority, for grant of authorisation as a Payment Service Provider, in the format and in the manner as may be specified by the Authority;
Provided that the persons specified in Schedule IV of these regulations shall be exempted from the requirement of obtaining authorisation under these regulations.
(2) The application under sub-regulation (1) shall be accompanied by a non-refundable application fee as may be specified by the Authority.
(3) A person authorised as a Payment Service Provider may provide one or more of Payment Services, as specified in Part A of the Schedule I to these regulations.
(4) Notwithstanding sub-regulation (3), a person shall be designated as a Significant Payment Service Provider, if in addition to satisfying the condition of sub-regulation (3), it satisfies the conditions in Part C of Schedule I to these regulations.
Legal form
5. An Applicant making an application for authorisation under regulation 4 shall be required to be incorporated as a Company with its registered office in IFSC.
Minimum Net worth requirement
6. (1) A Payment Service Provider shall, inter-alia, comply with the minimum net worth requirements, as specified in Schedule V of these regulations, on an ongoing basis.
(2) The minimum net worth requirement of a Payment Service Provider shall be reviewed by the Authority from time to time to ensure their continued effectiveness and relevance and the Authority may also make adjustments to the minimum net worth requirements as needed to address emerging risks and changes in the financial landscape in which the Payment Service Provider is operating.
(3) Requirement of additional net worth, if any, as a result of the review undertaken under sub-regulation (2), shall be satisfied by a Payment Service Provider, within 180 days from the date of communication by the Authority about the additional net worth requirement.
(4) The Authority may establish a framework for prompt corrective action in case the net worth of a Payment Service Provider falls below the requirements specified in sub-regulation (1) and (2) above.
(5) The Authority may require a Payment Service Provider to undertake stress tests on their net worth to assess their ability to withstand adverse economic scenarios.
Fit and Proper requirement
7. (1) An Applicant or a Payment Service Provider shall ensure that its directors, Key Managerial Personnel and persons exercising control over it (hereinafter collectively referred to as “Relevant Persons”) satisfy the “fit and proper requirements” (‘FPR’), specified in Schedule II of these regulations.
(2) The Authority may undertake an evaluation of any Relevant Person(s) under the FPR during the time of processing the request for authorisation as a Payment Service Provider or any time thereafter.
(3) In case of any variance in the outcome of the evaluation under the FPR undertaken by an Applicant or a Payment Service Provider and that undertaken by the Authority, the outcome of the evaluation undertaken by the Authority shall prevail.
Authorisation requirements
8. While evaluating an application under sub-regulation (1) of regulation 4, the Authority shall take into account all matters which it deems relevant for grant of authorisation, including, whether:
a. Relevant persons of the Applicant possess adequate experience, including an existing authorisation to provide similar services in any other jurisdiction, in the activities that it seeks to provide as a Payment Service Provider;
b. the applicant possesses the necessary infrastructure like adequate office space, equipment, communication facilities and manpower to effectively discharge its activities;
c. the Applicant satisfies the net worth requirement, as specified in these regulations;
d. the financial soundness of the Applicant;
e. the Applicant and Relevant Persons satisfy the “fit and proper” requirements;
f. the Applicant or its Group Entities have in the past been refused authorisation by the Authority and if so, the ground for such refusal;
g. the Applicant or the Relevant Persons are not subject to any proceeding for breach of law by the Authority; and
h. the interests of Payment Services Users, including the terms and conditions governing their relationship with a Payment Service Provider shall be adequately protected if such authorisation is granted.
Issuance of in-principle approval
9. (1) After considering an application for authorisation, if the Authority is satisfied that the said application, prima facie, satisfies the conditions for granting authorisation, the Authority may issue an “in-principle approval” letter to the Applicant and shall require the Applicant to satisfy such conditions as may be specified by the Authority in the “in-principle approval” letter before grant of authorisation.
(2) Grant of authorisation to an Applicant who has been issued “in-principle approval” shall be at the sole discretion of the Authority and the issue of “in-principle approval” by the Authority shall not automatically entitle the Applicant to be granted an authorisation under regulation 10.
(3) The Applicant shall intimate to the Authority about any change of ownership or control of the Applicant during the period when an “in-principle approval” is in force.
(4) The Authority, after receipt of intimation under sub-regulation (3) or when it otherwise becomes aware of any change of ownership or control of the Applicant to whom an “in-principle approval” has been issued, shall undertake a review of its decision to grant “in-principle approval” to the Applicant.
(5) The outcome of the review undertaken at sub-regulation (4) shall be communicated to the Applicant.
(6) If as a result of the review under sub-regulation (4), the Authority decides to revoke the “in-principle approval” granted to the Applicant, the Authority shall provide a reasonable opportunity of hearing to the Applicant before taking a final decision in the matter.
Grant of authorisation
10. (1) The Authority may, on being satisfied that the Applicant has complied with the conditions laid down in these regulations and is eligible to act as a Payment Service Provider, grant a Certificate of Authorisation to the Applicant subject to such conditions as the Authority may deem fit.
(2) The Certificate of Authorisation granted under sub-regulation (1) shall be valid unless revoked by the Authority or surrendered by the Payment Service Provider.
(3) Every application for authorisation shall be processed by the Authority as soon as possible and an endeavour shall be made to dispose of such application within six months from the date of filing such application.
(4) The Authority may, if it so desires, either at the time of grant of authorisation or at any other time thereafter, require a Payment Service Provider to maintain security deposit of such amount and in such form as may be specified by the Authority.
(5) A Payment Service Provider shall identify an IFSC Banking Unit or an IFSC Banking Company as its Nodal Bank and intimate the same to the Authority along with a concurrence of the said bank to act as the “Nodal Bank” as part of the requirement under sub-regulation (1) of regulation 10.
(6) The Payment Service Provider shall, at any time after the grant of authorisation under sub-regulation (1), intimate to the Authority of any material change in the information or particulars previously furnished.
(7) The Authority may modify one or more conditions for commencing or carrying on Payment Services under these regulations.
Refusal of Authorisation: –
11. (1) If the Authority is of the opinion that the authorisation cannot be granted due to certain deficiencies, it shall communicate the same to the Applicant advising it to rectify those within thirty days from the date of communication.
(2) If the Applicant fails to rectify such deficiencies within the specified time, the Authority shall refuse to grant authorisation and communicate the same to the Applicant.
Provided that no such refusal shall be made without giving the Applicant a reasonable opportunity of being heard.
(3) The application filed under sub-regulation (1) of regulation 4 of these regulations, may be withdrawn by the Applicant at any time before the grant of authorisation.
(4) The Applicant whose application is refused under sub-regulation (2) above or withdrawn under sub-regulation (3) above, may submit a fresh application for authorisation after a period of six months from the date of communication of refusal of the application by the Authority under sub-regulation (2) or the date of withdrawal of the application under sub-regulation (3).
Revocation of authorisation
12. (1) If the Authority is satisfied that a Payment Service Provider has failed to comply with any of the conditions of the authorisation, provision/s of these regulations, orders or directions of the Authority, or that the activity of the Payment Service Provider is being carried on in a manner prejudicial to the interests of the Payment Service Users, it may revoke the authorisation granted to such Payment Service Provider
(2) The order for revocation of the authorisation shall be issued after giving a reasonable opportunity of hearing to the concerned Payment Service Provider.
Surrender of Authorisation
13. (1) A Payment Service Provider may file an application with the Authority, in compliance with the conditions and in the format provided in Schedule III, for surrender of the authorisation granted to it.
(2) After consideration of the application made under sub-regulation (1), and on being satisfied that the surrender of authorisation is unlikely to cause any material adverse effect to the financial ecosystem of the IFSC or the interests of the Payment Service Users, the Authority may permit surrender of such authorisation subject to such conditions as it deems fit.
(3) The Authority may, by an order in writing, specify the date from which the authorisation shall cease to have effect.
Appropriation of security deposit on revocation or surrender of authorisation
14.(1) Where a Payment Service Provider has surrendered its authorisation or the authorisation of a Payment Service Provider has been revoked by the Authority, the Authority may apply the security deposit, if any, mentioned in sub-regulation (4) of regulation 10, to pay any sums outstanding and claimed by Payment Service Users who are customers of the Payment Service Provider.
(2) Where a Payment Service Provider has surrendered its authorisation or the authorisation of a Payment Service Provider has been revoked by the Authority, the Authority shall release the security deposit, if any, mentioned in sub-regulation (4) of regulation 10 or any balance thereof if it is satisfied that:
(a) there is no outstanding claim by any Payment Service User who is a customer of the Payment Service Provider; and
(b) the Payment Service Provider has satisfied all conditions for surrender of authorisation under these regulations.
(3) Notwithstanding anything contained in this regulation, in order to meet any legitimate outstanding claim or dues, the security deposit shall be released after a period of one year from the date of approval for surrender of authorisation or revocation of authorisation by Authority.
Chapter III
Commencement of operations
15. (1) The Payment Service Provider shall commence its operations within six months from the date of issuance of Certificate of Authorisation.
(2) The Payment Service Provider may submit an application for extension of time, if instructed to do so by way of a resolution passed by its board of directors, for commencing operations at least two months before the latest date of commencement as stipulated under sub-regulation (1).
(3) The application under sub-regulation (2) shall, inter-alia, include complete details of the reasons behind the request for extension, duration of extension sought, steps being undertaken to overcome the delay and any other information which, in the opinion of the Payment Service Provider, is relevant to the request for extension.
(4) On receipt of the application under sub-regulation (2), if the Authority is satisfied that Payment Service Provider cannot commence its operation within stipulated time period, it may extend the time period by such further period, as it thinks fit, but not exceeding three (3) months:
Provided that any extension of the time period under this regulation shall not be granted more than once.
Chapter IV
Governance
Governance arrangements
16. (1) A Payment Service Provider shall comprehensively and clearly document its governance arrangements i.e., the framework under which its Board and senior management shall function.
(2) The governance arrangements shall, at minimum, include the following components namely:
a. role and composition of the Board and any committees or sub-committees;
b. senior management structure;
c. reporting lines between management and the Board;
d. ownership structure;
e. internal governance policy;
f. design of risk management and internal controls;
g. procedures for the appointment of board members and senior management;
h. processes for ensuring performance accountability.
(3) A Payment Service Provider shall not undertake activities other than providing Payment Services without the prior permission of the Authority and subject to such conditions as may be specified by the Authority
Provided that the Authority may, by general or special permission, permit a Payment Service provider to carry out activities other than providing Payment Services
(4) A Financial institution, set up as a company and authorised by the Authority under applicable regulatory framework, may seek authorisation to act as a Payment Service Provider under these regulations.
(5)A Payment Service Provider shall formulate clear and comprehensive rules and procedures for the Payment Services provided by it and shall provide sufficient information to enable Payment Service Users to have an accurate understanding of the risks, fees and other material costs they shall incur by availing such Payment Service(s).
17. (1) A Payment Service Provider shall develop a policy for management of risks including risk management policies, procedures, and systems that enable it to identify, measure, monitor, and manage the range of risks that arise in or are borne by it while providing payment service(s). Such policy shall be subject to periodic review by the Board of the Payment Service Provider.
(2) A Payment Service Provider shall establish a robust operational risk-management framework with appropriate systems, policies, procedures, and controls to identify, monitor, and manage operational risks.
(3) A Payment Service Provider that establishes a link, with one or more Payment Systems, shall identify, monitor and manage link-related risks.
Chapter V
Risk management of third-party service relationships
Identification of critical services and assessment of criticality
18. (1) A Payment Service Provider shall put in place a risk-based framework to assess the criticality of services that they receive or plan to receive from a Third-party Service Provider.
(2) Such assessment shall be undertaken at the time of commencement of operations and at regular intervals thereafter to identify critical services.
(3) The framework under sub-regulation (1) shall consider various factors relevant to identifying a service as “critical” including:
a. the financial, operational and strategic importance of the service to the Payment Service Provider.
b. the level of tolerance for disruption acceptable to the Payment Service Provider regarding critical business operations that rely or plan to rely on the Third-party Service Provider.
c. the nature of any data or information shared by the Payment Service Provider with the Third-party Service Provider under a Service Relationship.
d. the ease of substitutability of a service or lack thereof.
Onboarding and ongoing monitoring
19. (1) A Payment Service Provider shall conduct appropriate planning and due diligence before entering into a Third-Party Service Relationship arrangement for a critical service while ensuring that the level of due diligence is proportionate to the criticality of the relevant service.
(2) Factors that are to be considered in the due diligence process shall, inter-alia, include:
a. Operational and technical capability and track record, including (if applicable) drawing on any prior engagement between the Payment Service Provider and the Third-party Service Provider (in general or in connection with the service to be provided);
b. Financial soundness of the Third-party Service Provider to the extent it can affect the delivery of its services;
c. Internal controls and risk management, including the Third-party Service Provider’s ability to manage Information and Communications Technology (ICT), cyber security and other operational risks;
d. Management of supply chain risks, including use and oversight of Nth-Party Service Providers;
e. Geographic dependencies and management of related risks;
f. Key personnel involved in the delivery of the relevant service and their competency;
g. Potential conflicts of interest;
h. Existence of any recent or pending relevant complaints, investigations or litigation against the Third-party Service Provider and (if relevant) Nth-Party Service Providers;
i. Ability to deliver the critical service in a way that allows the Payment Service Provider to comply with its legal and regulatory obligations;
j. Ability to support the Payment Service Provider’s business strategy and plans;
k. Level of substitutability of the service and Third-party Service Provider.
(3)The services being received by a Payment Service Provider shall be procured through legally binding arrangements between the Payment Service Provider and a Third-party Service Provider.
(4) The legal arrangements under sub-regulation (3), shall, inter-alia, include a provision of sharing of information by the Third-party service provider with the Authority.
(5) A Payment Service Provider shall establish processes for ongoing monitoring of the Third-party Service Provider’s ability to deliver the critical services in line with its contractual obligations.
Exit strategies
20. (1) A Payment Service Provider shall identify, document and to the extent practically feasible, test their strategy for exiting Third-party Service Relationship involving critical services.
(2) Such strategy shall cover a range of scenarios including planned migration of services, but also include adverse events like:
a. Violation or breach of applicable laws, regulations or contractual terms;
b. Deterioration in the quality of the services provided;
c. Weaknesses in the Third-party Service Provider’s governance, financial condition, resilience or risk management that could reasonably impact the delivery of critical services;
d. Extended disruption to critical services that cannot be managed through other business continuity measures.
Reporting of incidents
21. The Payment Service Provider shall require the Third-party Service Providers to have clearly defined processes for identifying, investigating, remediating and notifying Payment Service Provider in a timely manner of incidents that impact the Third-party Service Provider’s ability to deliver agreed-upon services.
Record of third-party service relationships
22. The Payment Service Provider shall maintain complete, up-to-date records of their Third-Party Service Relationship that are identified under sub-regulation 1 of regulation 18.
Chapter VI
Duties of the Payment Service Provider
Duty to protect Applicable Funds:
23. (1) The Payment Service Provider shall safeguard Applicable Funds including but not limited to compliance with the directions specified in Schedule VI.
(2) The Payment Service Provider shall at all times, keep Applicable Funds segregated from any other types of funds that it holds.
Duty to comply with International Financial Services Centres Authority (Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022 (AML, CTF &KYC Guidelines)
24. (1) The Payment Service Provider shall ensure compliance with AML,CTF & KYC Guidelines and other provisions of Prevention of Money Laundering Act, 2002 and the Rules made thereunder including any statutory modification(s) or re-enactment thereof for the time being in force.
(2) The Payment Service Provider using agents for providing its services shall:
a. maintain an up-to-date list of such agents;
b. include such agents in their AML/CTF programmes and monitor them for compliance with these programmes.
(3) A Payment Service Provider shall be responsible and accountable for the transactions/actions undertaken by their authorised agents.
(4) A Payment Service Provider shall maintain a log of all the transactions undertaken for at least ten years. This data shall be made available for scrutiny to the Authority or any other agency / agencies as may be directed by the Authority.
Duty to comply with laws
25. The Payment Service Provider shall comply with all applicable laws in India as well all applicable laws of any jurisdiction/s outside India where it provides services or where the Payment Service Users are based.
Duty of co-operation with the Authority
26. (1) A Payment Service Provider shall deal with the Authority in an open and co‐operative manner. A Payment Service Provider shall keep the Authority duly informed of any significant event(s) relating to the Payment Service Provider.
(2) Any proposed major change, such as change in product features/process, structure or operation of the payment services, etc., shall be communicated to the Authority with complete details.
(3) A Payment Service Provider shall obtain prior approval of the Authority before entering into any transaction of merger, consolidation, re-organisation, scheme of arrangement or compromise with its shareholders or effect any scheme of amalgamation or reconstruction.
(4) The Authority may, for the purpose of carrying out its functions under these Regulation, conduct or get conducted audits and inspections of a Payment Service Provider and a Third-Party Service Provider and it shall be the duty of the Payment Service Provider and a Third-Party Service Provider to assist the Authority to carry out such audit or inspection, as the case may be.
Duty towards Payment Service Users
27. (1) A Payment Service Provider shall ensure that due regard is given to protecting the interests of Payment Service Users and the relevant information is communicated to them in a clear and fair manner that minimises the possibility of them getting misled.
(2) A Payment Service Provider shall comply with the disclosure requirements as specified in Schedule VII of these regulations.
Duty to secure the information technology systems and other infrastructure
28. (1) A Payment Service Provider shall secure its information technology systems and other infrastructure used for providing Payment Services from unauthorised access and manipulation.
(2) A Payment Service Provider shall prepare and maintain a written document outlining the security policies and procedures put in place to fulfil the duty at sub-regulation (1).
(3) The Authority may, if it feels necessary to do so, issue directions to the Payment Service Providers about the procedures to be followed for securing the information technology systems and other infrastructure used for providing Payment Services.
(4) The Authority may, if it feels necessary to do so, direct a Payment Service Provider to submit certificate (s) issued by independent professionals confirming the compliances under sub-regulations (1) and (2) and with the directions issued under sub-regulation (3).
Redressal of grievances and dispute resolution
29. (1) A Payment Service Provider shall depute adequate staff at its permanent place of business or registered office in IFSC to address any queries, complaints or grievances from a Payment Service User that uses one or more of the payment services provided by the Payment Service Provider and shall do so within a period of thirty days from receipt of a complaint or a grievance.
(2) Payments Service Users shall be provided with one or more channels – web-based or paper-based complaint form, IVR, mobile application, call centre, SMS, through branches or offices, etc. – for raising queries and for lodging complaints and grievances.
(3) Disputes between a Payment Service User and a Payment Service Provider, which could not be resolved by the internal grievance redressal mechanism in sub-section (1), shall be resolved by harnessing online conciliation and/or online arbitration in the manner as specified by the Authority.
(4) A Payment Service Provider shall maintain records regarding queries, complaints and grievances received by it and redressal of such complaints and grievances.
Action in case of default
30. The Authority may initiate appropriate enforcement action in case a Payment Service Provider contravenes any of the provisions of these regulations, direction or order made thereunder.
Chapter VII
Place of business or registered office: –
31. (1) A Payment Service Provider shall have its place of business and registered office in IFSC.
(2) A Payment Service Provider who wants to carry on some activities relating to a payment service from a place of business other than from IFSC shall seek prior approval from the Authority.
Chapter VIII
Returns, Documents and Other Information
Submission of returns, documents or other information etc.
32. Every Payment Service Provider shall submit requisite documents and information in such format and in such manner as may be specified by the Authority.
Furnishing of accounts and Balance Sheet
33. Every Payment Service Provider shall submit to the Authority, a copy of the audited financial statements, which includes Balance-sheet, Profit and Loss statement, Cash or Fund flow statement along-with the auditor’s report thereon within three (3) months from the date of its finalisation to the Authority, along with the remarks or observations of the auditor, if any, on the conduct of the business, state of accounts, etc., and a suitable explanation on auditor’s observations/remarks.
Provided that the Authority may, on an application made by the Payment Service Provider, extend the said period of three months for furnishing of returns by a further period not exceeding one month.
Maintenance of books of accounts, records and other documents
34. Every Payment Service Provider shall, inter-alia, maintain and preserve the following books of accounts, records and documents, in a format suitable for electronic retrieval, for a minimum of ten (10) years from the date of commencement of operations, namely: –
(a) a copy of the balance sheet at the end of each accounting period;
(b) a copy of profit and loss account for each accounting period;
(c) a copy of the auditor’s report on the accounts for each accounting period;
(d) a statement of net worth for each quarter;
(e) documentation relating to compliance with International Financial Services Centres Authority (Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022;
(f) documents relating to account opening of each client and any power of attorney or signature authority forms of the clients;
(g) relevant records and documents relating to its activities in capital markets;
(h) such other books of accounts, records and documents as may be specified by the Authority from time to time.
Schedule I
Payment Services, Thresholds and Conditions
[Regulation 4(3) and 4(4)]
Part A
Activities which are Payment Services
1. The following activities, except the activities specified in Part B, are Payment Services for the purposes of these regulations:
a) account issuance service (including e-money account issuance service);
b) e-money issuance service;
c) escrow service;
d) cross border money transfer service;
e) merchant acquisition service.
Part B
Activities which are not Payment Services
2. The following activities are not Payment Services for the purposes of these regulations –
a) payment transactions on behalf of the payer or the payee, if performed by an agent authorised to negotiate or conclude the sale or purchase of goods or services on behalf of the payer or the payee, as the case may be;
b) payment transactions based on any of the following documents, each being a document drawn on a person with a view to placing money at the disposal of the payee;
i) cheque, cashier’s order, drawing voucher, dividend warrant, demand draft, remittance receipt, traveller’s cheque or gift cheque;
ii) paper postal order;
c) payment transactions carried out within a payment or securities settlement system between Payment Service Providers and settlement agents, central counterparties, clearing houses, central banks or other participants in the system;
d) payment transactions related to securities asset servicing, including dividends, income or other distributions, or redemption or sale, carried out by persons referred to in sub-paragraph (c);
e) payment transactions carried out between Payment Service Providers, or their agents or branch offices, for their own account;
f) payment transactions and related services between a Holding company and its subsidiary or between subsidiaries of the same Holding company, without any intermediary intervention by a Payment Service Provider other than Group Entities;
g) transporting currency, including the collection, processing and delivery of the currency, where the service is carried on as a business;
h) services provided by technical service providers, being an entity that supports the provision of payment services, without being in possession of the funds to be transferred at any time, including the services of:
(i) processing and storage of data;
(ii) trust and privacy protection services;
(iii) data and entity authentication;
(iv) information technology;
(v) communication network provision; and
(vi) provision and maintenance of terminals and devices used for payment services;
i) services based on specific payment instruments that can be used only in a limited way and meet one of the following conditions:
(i) allow the holder to acquire goods or services only in the premises of the issuer of the payment instrument;
(ii) are issued by an issuer and allow the holder to acquire goods or services only within a limited network of service providers which have direct commercial agreements with the user;
(iii) may be used only to acquire a very limited range of goods or services;
Part C
Thresholds and Conditions for designation as a Significant Payment Service Provider
3. The following are the thresholds and conditions to be met by a Regular Payment Service Provider to be designated as a Significant Payment Service Provider –
a) the Regular Payment Service Provider carries on a business of providing one or more of the payment services (other than e-money account issuance service) mentioned in Part A of this schedule and
(i) the monthly average, over a calendar year, of the total value of all payment transactions that are accepted, processed, executed exceeds –
A) $2 million (or its equivalent in a Specified Foreign Currency), for any one of the payment services (other than e-money account issuance service) mentioned in Part A of this schedule or;
B) $4 million (or its equivalent in a Specified Foreign Currency), for two or more of the payment services (other than e-money account issuance service) mentioned in Part A of this schedule;
b) if the Regular Payment Service Provider intends to carry or carries on a business of providing an e-money account issuance service and
(i) the average daily value, over a calendar year, of all e-money that is stored in any payment account issued by the Regular Payment Service Provider exceeds $3 million (or its equivalent in a specified foreign currency);
c) if the applicant or the Regular Payment Service Provider carries on a business of providing an e-money issuance service and
(i) the average daily value, over a calendar year, of the total value in one day of all e-money that is intended to be issued or issued by the Regular Payment Service Provider exceeds $3 million (or its equivalent in a Specified Foreign Currency);
SCHEDULE II
[See Regulation 7(1)]
FIT AND PROPER REQUIREMENTS
1. This schedule sets out the fit and proper criteria applicable to all Relevant Persons. The Authority expects a Relevant Person to be competent, honest, to have integrity and to be of sound financial standing.
2. The criteria provided in this schedule are not meant to be exhaustive or a substitute for any legal provisions and are to be read in conjunction with any applicable legislation and any written instructions, notifications, standards, and additional guidelines that the Authority may issue from time to time.
3. A Payment Service Provider shall establish effective systems and controls to ensure that all the Relevant Persons meet the ‘fit and proper’ criteria.
4. A Payment Service Provider shall carry out ‘fit and proper’ evaluation, in the format specified in the annex to this schedule of all Relevant Persons, both at the time of their appointment and at reasonably regular frequency thereafter.
5. A Relevant Person shall be deemed to be a fit and proper person if, based on the evaluation undertaken under 3 or any other information available with it, a Payment Service Provider is satisfied –
(a) such person has a record of fairness and integrity, including but not limited to:
(i) financial integrity;
(ii) good reputation and character; and
(iii) honesty.
(b) such person has not incurred any of the following disqualifications –
(i) the person has been convicted by a court for any offence involving moral turpitude or any economic offence or any offence against securities laws;
(ii) a recovery proceeding has been initiated against the person by a financial regulatory authority and is pending;
(iii) an order for winding up has been passed against the person for malfeasance;
(iv) the person has been declared an undischarged insolvent 18
(v) an order, restraining, prohibiting or debarring the person from accessing, providing or dealing in financial products or financial services, has been passed by any regulatory authority, and a period of three (3) years from the date of the expiry of the period specified in the order has not elapsed;
(vi) any other order against the person, has been passed by the Authority or any other regulatory authority, and a period of three (3) years from the date of the order has not elapsed;
(vii) the person has been found to be of unsound mind by a court of competent jurisdiction and the finding is in force;
(viii) the person is financially not sound or has been categorised as a wilful defaulter;
(ix) the person has been declared a fugitive economic offender; or
(x) any other disqualification as may be specified by the Authority
Annex to Schedule II
| Sr. No. | Particulars |
| 1 | Whether any of the functionaries or any of the entities associated with the functionary have been refused a Registration/ Authorisation/ License by the Authority or any other regulatory authority or their Registration/ Authorization/ License has been suspended at any time prior to this application. (If Yes, provide details. If No, enclose a declaration to that effect). (for this clause , a person is said to be ‘associated with’ an entity if he/she is/ was a functionary of the entity) |
| 2 | Whether the functionary or any of the companies/ entities in which the functionary is/ was associated with1, is in default or have defaulted in the past in respect of credit facilities obtained from any entity or bank? (If yes, please furnish information about the default and the name of the lending institution) |
| 3 | Whether any of the functionaries have been disqualified to act as promoter/ director/ key managerial personnel under any law in any jurisdiction where the applicant entity or the group companies of the applicant entity are operating? If yes, please furnish details. |
| 4 | Name/s of the companies, firms, partnership firms, in which any of the functionaries hold substantial interest. |
| 5 | Whether the Applicant/Group or any of the functionaries are/ were undergoing/ involved in any investigation/ disciplinary action/ legal or regulatory violations/ criminal case by any law enforcement/ regulatory agencies? If yes, please furnish details. |
| 6 | Whether any order has been passed by any bankruptcy/ resolution authority against any company/ entity with which any of the functionaries are/ were associated1? If yes, please furnish details. |
| 7 | Whether any of the functionaries have been convicted by a court for any offence involving moral turpitude or any economic offence or any offence against securities laws? If yes, please furnish details. |
| 8 | Whether a recovery proceeding has been initiated against any of the functionaries by a financial regulatory authority and is pending? If yes, please furnish details. |
| 9 | Whether an order for winding up has been passed against any of the functionaries for malfeasance? If yes, please furnish details. |
| 10 | Whether an order restraining, prohibiting or debarring any of the functionaries from accessing or dealing in financial products or financial services, has been passed by any regulatory authority/ courts, and a period of five years from the date of the expiry of the period specified in the order has not elapsed? If yes, please furnish details. |
| 11 | Whether any other order against any of the functionaries, which has a bearing on the securities market, has been passed by any regulatory authority, and a period of five years from the date of the order has not elapsed? If yes, please furnish details. |
| 12 | Whether any of the functionaries i) have been declared insolvent and not discharged? If yes, please furnish details. |
| ii) have been found to be of unsound mind by a court of competent jurisdiction and the finding is in force? If yes, please furnish details. | |
| iii)are financially not sound or have been categorized as a wilful defaulter? If yes, please furnish details. | |
| iv) have been declared a fugitive economic offender? If yes, please furnish details. | |
SCHEDULE III
[See Regulation 13(1)]
SURRENDER OF AUTHORISATION
A. For a Payment Service Provider that has commenced operations
1. A Payment Service Provider that has commenced operations and wishes to surrender the authorisation issued to it shall submit the following documents to the Authority:
a. A request in writing by its authorised signatory along with a copy of the resolution of its Board of Directors approving a proposal to surrender such authorisation along with the reason for and intent behind such surrender.
b. A certificate from its Chartered Accountant about the number of customer accounts and amounts held in such accounts as on the date of the resolution in 1(a). Such statement should also indicate the name of its Escrow account details, outstanding Escrow amount, and liabilities
c. A note outlining the process proposed to be followed by the Payment Service Provider and the timeline for extinguishing/ repaying the liabilities to the Payment Service Users, Merchants or any other parties.
d. An undertaking duly signed, by its authorised signatory, and clearly stating that it would not incur any fresh liability during the process of surrender of authorisation and closing down the business.
2. A request for surrender of authorisation shall be considered by the Authority on the merits of the request.
3. The Authority shall process such a request communicate its decision to the Payment Service Provider.
4. The Authority may advise the Payment Service Provider to initiate certain actions including:
a. Issue a public notice in English, Hindi and a vernacular language, in print/visual media, on 3 different occasions, informing the Payment Service Users / Merchants about its intent to surrender its payment services provider operations. Such public notice shall, inter-alia, indicate:
i. That the Payment Service Users may either use the balances in their e-wallets or obtain refund, by credit to a bank account, within a stipulated period by making a request to the Payment Service Provider.
ii. The manner of sending of such requests for redemption.
iii. Name, contact address, phone number and email id of a Nodal officer of the Payment Service Provider to whom such requests are to be sent by the customer.
iv. Time period within which the company would redeem the balance after receipt of request from the customer.
b. Submit a monthly progress report on the progress in extinguishing the liabilities of the Payment Service Users /Merchants.
5. On completing the process of extinguishing the liability to the Payment Service Users/ Merchants, the Payment Service Provider shall submit a ‘No liability’ certificate issued by its statutory auditor.
6. The Payment Service Provider shall submit the original Certificate of Authorisation to the Authority for cancellation.
B. For a Payment Service Provider that has yet to commence operations
1. A Payment Service Provider that is yet to commence operations and wishes to surrender the authorisation issued to it shall submit the following documents to the Authority:
a. A request in writing by its authorised signatory along with a copy of the resolution of its Board of Directors approving a proposal to surrender such authorisation along with the reason for and intent behind such surrender.
b. A certificate from a Chartered Accountant to the effect that the Payment Service Provider has not commenced operations for which it had received authorisation from the Authority.
c. Copy of the latest audited balance sheet of the Payment Service Provider. .
2. Request for surrender of authorisation shall be considered by the Authority on the merits of the request.
3. The Authority shall process such a request and communicate its decision to the Payment Service Provider.
4. The Payment Service Provider shall submit the original Authorisation certificate to the Authority for cancellation.
[See Regulation 4 (1) ]
PERSONS EXEMPTED FROM AUTHORISATION
1. An IFSC Banking Company (IBC) or an IFSC Banking Unit (IBU) licensed or permissioned under the Banking Regulation Act, 1949 (10 of 1949).
2. A person licensed to carry on the business of issuing credit cards in IFSC.
3. Any other person or class of persons, as may be specified by the Authority.
SCHEDULE V
[See regulation 6(1)]
MINIMUM NET WORTH REQUIREMENTS
1. A Regular Payment Service Provider shall have a minimum net-worth of USD 100,000 (or equivalent in a Specified Foreign Currency) on the date of commencement of operations. A Regular Payment Service Provider shall achieve a minimum net-worth of USD 200,000 (or equivalent in a Specified Foreign Currency) by the end of the third financial year (i.e., March 31) from the year of commencement of operations.
2. A Significant Payment Service Provider shall achieve a minimum net-worth of USD 250,000 (or equivalent in a Specified Foreign Currency) within ninety days of the date of being so designated by the Authority. A Significant Payment Service Provider shall achieve a minimum net-worth of USD 500,000 (or equivalent in a Specified Foreign Currency) by the end of the third financial year (i.e., March 31) from the year of designation as a Significant Payment Service Provider.
3. Net-worth shall consist of paid-up equity capital, preference shares that are compulsorily convertible to equity, free reserves, balance in share premium account and capital reserves representing surplus arising out of sale proceeds of assets but not reserves created by revaluation of assets adjusted for accumulated loss balance, book value of intangible assets and deferred revenue expenditure, if any. Compulsorily convertible preference shares can be either non-cumulative or cumulative, and they should be compulsorily convertible into equity shares and the shareholder agreements should specifically prohibit any withdrawal of this preference capital at any time.
SCHEDULE VI
Safeguarding of money received from Payment Service User
[See Regulation 23(1)]
(1) The directions in clause (2) below shall apply to every Regular Payment Service Provider and Significant Payment Service Provider that carries on a business of providing any of the following payment services:
(a) a cross-border money transfer service;
(b) a merchant acquisition service;
(c) any other payment service that may be specified by the Authority.
(2) A Regular Payment Service Provider and a Significant Payment Service Provider mentioned above, shall ensure that no later than the next business day after any applicable funds is received from, or on account of, a Payment Service User, the whole or such part, as may be specified , of the applicable funds, is safeguarded through one of the following means :
(a) by an undertaking, from a safeguarding institution, to be fully liable to the customer for the applicable funds ;
(b) by a guarantee given by a safeguarding institution for the amount of the applicable funds ;
(c) by depositing the relevant money in a trust account maintained with a safeguarding institution;
(d) in such other manner as may be specified by the Authority.
(3) The directions in clause (4) below, shall apply to every Regular Payment Service Provider and Significant Payment Service Provider that carries on a business of providing either of the following payment services:
(a) an e-money issuance service;
(b) any other payment service that may be specified by the Authority.
(4) A Regular Payment Service Provider and a Significant Payment Service Provider mentioned in clause (3) above, shall ensure that from the time any applicable funds are received from, or on account of, a customer, the whole or such part, as may be specified , of the relevant money is safeguarded in one of the following manners:
(a) by an undertaking, from a safeguarding institution, to be fully liable to the customer for the relevant money;
(b) by a guarantee given by a safeguarding institution for the amount of the relevant money;
(c) by depositing the relevant money in a trust account maintained with a safeguarding institution;
(d) in such other manner as may be specified by the Authority.
(5) A Regular Payment Service Provider and a Significant Payment Service Provider shall hold the applicable funds in an escrow account with an IBU. Separate escrow accounts shall be opened for holding applicable funds pertaining to each of the payment services listed in Part A of Schedule I.
(6) A Regular Payment Service Provider and a Significant Payment Service Provider providing e-money issuance service shall ensure that the balance in the associated escrow account shall not, at the end of the day, be lower than the value of outstanding e-money issued and payments due to Payments Service Users.
(7) Credits to the escrow account shall be permitted for amounts received towards issue, load / reload of e-money wallets and refunds received for failed / disputed / returned / cancelled transactions;
(8) Debits to the escrow accounts shall be permitted for payments to Merchants/Payment Service Providers for the services obtained by the Payment Service User , payment to the IBU or IBC for processing funds transfer instructions of the payment service user, payments towards applicable taxes, refunds towards cancellation of transactions resulting in loading/reloading of balances and any other payments due to the Payment Service Provider as per the terms of contract entered into with the Payment Service User.
(9) The agreement between the Payment Service Provider and the IBU maintaining escrow account shall include a clause enabling the bank to use the money in the escrow account only for purposes mentioned in these regulations.
(10) A Regular Payment Service Provider and a Significant Payment Service Provider providing e-money issuance service shall not :
a. issue e-money at a premium or discount, i.e., issue e-money that has a monetary value different than the funds received;
b. use the funds collected in exchange of e-money issued to extend loans or financing to any person;
c. extend credit to the customer or any other person, or pay interest, profit or any other form of returns on the e-money balances, that would add to the monetary value of the e-money; and
d. associate, link or use the e-money scheme or platform to conduct dubious or illegal activities.
e. permit the e-money stored in e-wallets to be withdrawn in the form of cash
SCHEDULE VII
Mandatory Disclosure Requirements
[See Regulation 27(2)]
1. A Payment Service Provider must provide the information through following statement to all customers and potential customers in the manner specified in clause 2 below:
“< Name of Payment Service Provider > is authorised by the International Financial Services Centres Authority to provide payment services . Please note that this does not mean you will be able to recover the all the funds that you paid to the “< Name of Payment Service Provider > if the “< Name of Payment Service Provider >’s business fails”
2. The statement referred to in clause 1 above must :
a. be published at least once in publicly available material issued by the Payment Service Provider;
b. be provided to a potential customer prior to the potential customer using the payment services provided by the Payment Service Provider;
c. be provided at least once in writing to any customer where such a customer was not provided the statement in the manner set out in (b);
d. not be obstructed or obscured, or embedded within other unrelated writing;
e. be of a reasonable size and typeface.
3. Where a Payment Service Provider makes a representation in respect of the scope of its regulation by the Authority in any publicly available material, the Payment Service Provider shall at all times ensure that the representation is accurate and not false or misleading.
4. A Payment Service Provider shall ensure that materials provided to customers or potential customers, are clear, complete, accurate, understandable and not misleading, regardless of the delivery channel.
5. Any advertisement or promotional material developed by the Payment Service Provider, regardless of its delivery channel, shall include:
a. The identity and contact information of the Payment Service Provider;
b. A statement to the effect that the Payment Service Provider is authorised by the Authority;
c. A summary of the main terms and conditions associated with the Payment Service ;
d. The qualifying criteria for participating in the promotion, and the duration of the promotion; and
e. The contact information of the Payment Service Provider’s dispute resolution mechanism
6. A Payment Service Provider shall provide a summary of details of a transaction prior to the Consumer approving the transaction. The summary of details shall at a minimum include:
a. Information that identifies the beneficiary of the transaction such as name and telephone number;
b. The transaction amount;
c. The fees and charges as a result of the transaction;
d. A caution statement indicating time limits relevant for execution of the transaction and the point of time from which the time limits count, including the instance of finality and irrevocability of the transaction;
e. Where applicable, the average interbank exchange rate published
7. A Payment Service Provider shall issue, free of charge, a confirmation to a Payment Service User for every transaction undertaken by the Payment Service User. The confirmation shall at a minimum, contain the following:
a. Name of beneficiary (if applicable);
b. Transaction amount;
c. Date transaction was completed;
d. The beneficiary’s account or wallet number (if applicable);
e. The originating source of transaction (if applicable);
f. The contact information of the Payment Service Provider’s dispute resolution mechanism.
Chairperson,
International Financial Services Centres Authority
Notes:
1 Vide Notification No. IFSCA/GN/2024/001, dated 29th January, 2024 published in the Gazette of India, Extraordinary, Part III, Sec.4, vide No. 66, dated 29th January, 2024 (w.e.f. 30.01.2024).
2 Substituted vide Notification No. IFSCA/GN/2024/002 dated 2nd April, 2024. Before substitution, it stood as under: “(l) “escrow service” means the service provided by a payment service provider, under an agreement, whereby money is held by such payment service provider in an escrow account with an IFSC Banking Unit (‘IBU’) or an IFSC Banking Company (‘IBC’) on behalf of two parties that are in the process of completing a transaction;”
