On July 31, 2024, the Reserve Bank of India (RBI) released draft directions aimed at strengthening the Aadhaar Enabled Payment System (AePS) by improving due diligence of Touchpoint Operators. This move, announced in the February 2024 Statement on Developmental and Regulatory Policies, addresses recent fraud incidents involving identity theft and compromised customer credentials. The draft directions outline procedures for onboarding and ongoing monitoring of AePS Touchpoint Operators, ensuring they are onboarded by only one acquiring bank and that their KYC information is updated if inactive for six months. The RBI emphasizes the need for enhanced security measures to protect bank customers and maintain confidence in the AePS. Stakeholders are invited to provide feedback on these draft directions by August 31, 2024, by contacting the Chief General Manager-in-Charge, Department of Payment and Settlement Systems, RBI. Compliance with these directions by banks and the National Payments Corporation of India (NPCI) is expected within three months from the date of issue.
RESERVE BANK OF INDIA
Date : Jul 31, 2024
Aadhaar Enabled Payment System (AePS) – Due Diligence of Touchpoint Operators – Draft Directions
As part of enhancing the robustness of Aadhaar Enabled Payment System (AePS), it was announced in the Statement on Developmental and Regulatory Policies dated February 08, 2024, that the onboarding process of AePS Touchpoint Operators will be streamlined. In recent times, there have been instances of frauds perpetuated through AePS due to identity theft or compromise of customer credentials. To protect bank customers from such frauds, and to maintain trust and confidence in the safety and security of the system, it has been considered necessary to enhance the robustness of AePS. Accordingly, the Reserve Bank of India today released the draft directions on Due Diligence of AePS Touchpoint Operators.
Comments / feedback on the draft directions may be sent by email or by post to the Chief General Manager-in-Charge, Department of Payment and Settlement Systems, Reserve Bank of India, Central Office, 14th Floor, Shahid Bhagat Singh Marg, Mumbai-400001, on or before August 31, 2024.
Press Release: 2024-2025/804
(Puneet Pancholy)
Chief General Manager
DRAFT DIRECTIONS FOR COMMENTS
CO. DPSS.POL C. No. S **/ 02-01-001 / 2024-2025
Date of issue
The Chairman / Managing Director / Chief Executive
All Scheduled Commercial Banks including RRBs /
Urban Cooperative Banks / State Cooperative Banks / District Central Cooperative
Banks / National Payments Corporation of India (NPCI)
Dear Sir / Madam,
Aadhaar Enabled Payment System – Due Diligence of AePS Touchpoint Operators – DRAFT
Aadhaar Enabled Payment System (AePS) is a payment system operated by National Payment Corporation of India (NPCI) that facilitate interoperable financial transactions through the Business Correspondent (BC) / Bank Mitra of any bank, using the Aadhaar authentication. AePS plays a prominent role in enabling financial inclusion.
2. In recent times, there have been instances of frauds perpetuated through AePS due to identity theft or compromise of customer credentials. To protect bank customers from such frauds, and to maintain trust and confidence in the safety and security of the system, a need is felt to enhance the robustness of AePS. Accordingly, as announced in Statement on Developmental and Regulatory Policies dated February 08, 2024, it has been decided to issue directions for streamlining the process for onboarding of AePS touchpoint operators and on-going due diligence. Detailed instructions are placed in the Annex. Banks and NPCI shall ensure compliance to these directions within three months from the date of issue.
3. These directions are issued under Section 18 read with Section 10(2) of the Payment and Settlement Systems (PSS) Act, 2007 (Act 51 of 2007).
Yours faithfully,
Chief General Manager-in-Charge
Encl.: Annex
Annex
CO. DPSS. POL C. No. S / 02-01-001 / 2024-2025
**** **, ****
Aadhaar Enabled Payment System –
Due Diligence of AePS Touchpoint Operators – DRAFT
1. Definitions
In these directions, the terms herein shall bear the meanings assigned to them below:
a. Aadhaar Enabled Payment System (AePS): It is a Payment System in which transactions are enabled through Aadhaar number and biometrics or OTP authentication. AePS enables basic banking services, viz., cash withdrawal, balance enquiry, mini statement, cash deposit, fund transfer, etc.
b. Acquiring bank: The bank which onboards the AePS touchpoint operators.
c. AePS Touchpoint: The terminal deployed by acquirer banks to facilitate AePS transactions, using Aadhaar based biometric / OTP authentication.
d. AePS Touchpoint Operator: The agent onboarded by the acquiring bank who operates the AePS touchpoint.
2. Onboarding of AePS Touchpoint Operators
2.1 The acquiring bank shall carry out due diligence of all AePS touchpoint operators onboarded by it, in accordance with the Customer Due Diligence procedure for individuals, stipulated in Part-I, Chapter-VI of the Master Direction – Know Your Customer Direction, 2016 (as updated from time to time), issued by the Reserve Bank.
2.2 The acquiring bank shall carry out updation of KYC in cases where an AePS touchpoint operator has not performed any financial transaction for a continuous period of six months, before enabling him / her to transact further.
2.3 NPCI and acquiring banks shall ensure that any AePS touchpoint operator is onboarded only by one acquiring bank.
3. Ongoing Due Diligence
The acquiring bank shall monitor the activities of AePS touchpoint operators on an ongoing basis and set operational parameters, in accordance with the following principles:
3.1.1 Transaction limits shall be set for AePS touchpoint operators based on their risk profile.
3.1.2 Transactions of AePS touchpoint operators shall be consistent with their location of operation and risk profile.
4. Adherence to NPCI instructions
All System Participants are required to adhere to the rules and regulations, governing the operation of AePS, issued by NPCI (System Provider of AePS).
***
