Introduction: The Reserve Bank of India (RBI) has unveiled two draft directions aimed at regulating Payment Aggregators (PAs), focusing on physical Point of Sale (POS) activities and online transactions. These directives signify the central bank’s commitment to bolstering the payment ecosystem by addressing emerging challenges and ensuring compliance.
1. Regulation of Physical Point of Sale (POS) Activities:
The first draft direction targets the regulation of Payment Aggregators involved in face-to-face or proximity payment transactions. Acknowledging the growing importance of offline PAs in handling in-person payments, the RBI aims to streamline and enhance oversight in this domain. By extending regulatory measures to cover physical POS activities, the central bank seeks to ensure uniform standards and robust governance across all payment modes.
Key provisions of the draft directions include:
- Mandating KYC and due diligence of merchants conducting offline transactions.
- Introducing guidelines for operations in Escrow accounts to enhance security and risk management.
- Emphasizing compliance with governance norms, customer protection measures, and technological standards.
2. Amendments to Existing Regulations:
The second draft direction proposes amendments to the current guidelines on Payment Aggregators, addressing the evolving dynamics of digital transactions. With a focus on online PA activities, these amendments aim to strengthen the regulatory framework and adapt to changing market trends. Key areas of amendment include:
- Enhanced KYC and due diligence requirements for merchants.
- Clarifications on net worth criteria and ongoing compliance obligations.
- Streamlining escrow account mechanisms to encompass a broader spectrum of transactions.
3. Implications and Future Outlook:
The release of these draft directions underscores the RBI’s proactive approach towards fostering a secure and efficient payment ecosystem. By soliciting public feedback, the central bank aims to gather diverse perspectives and refine the regulatory framework to meet industry needs effectively. Stakeholders, including Payment System Providers and Participants, are encouraged to contribute their insights and suggestions to shape the final directives.
Conclusion: The draft directions on the regulation of Payment Aggregators represent a significant milestone in the RBI’s efforts to promote financial stability and innovation in the payment landscape. By addressing both offline and online payment modalities, these directives aim to instill confidence among stakeholders while fostering a conducive environment for digital transactions. As the payment ecosystem continues to evolve, collaborative efforts between regulators, industry players, and consumers will be essential in shaping a resilient and inclusive financial infrastructure.
*****
Reserve Bank of India
Regulation of Payment Aggregators (PAs) – Draft Directions
Date : Apr 16, 2024
Reserve Bank of India today placed on its website, for public comments, two draft directions on regulation of Payment Aggregators, as below:
i. New draft directions on regulation of Payment Aggregators – Physical Point of Sale
ii. Amendments to the existing directions on Payment Aggregators
RBI in its “Statement on Developmental and Regulatory Policies” dated September 30, 2022, had announced regulation of offline PAs, who handle proximity / face-to-face payments. The new draft directions at (i) above cover such physical Point-of-Sale activities of PAs.
Additionally, given the growth in digital transactions and the significant role that PAs play in this space, the current directions on PAs are proposed to be updated as at (ii) above. These updates cover, inter alia, KYC and due diligence of merchants, operations in Escrow accounts, etc, and are intended to further strengthen the payment ecosystem.
Comments / feedback on the draft directions may be sent by email or by post to the Chief General Manager-in-Charge, Department of Payment and Settlement Systems, Reserve Bank of India, Central Office, 14th Floor, Shahid Bhagat Singh Marg, Mumbai-400001, on or before May 31, 2024.
(Yogesh Dayal)
Chief General Manager
Press Release: 2024-2025/116
Regulation of Payment Aggregators – physical Point of Sale – DRAFT
CO.DPSS.POLC.No.S-***/02-14-008/2023-24
Date of Issue
All Payment System Providers and Payment System Participants
Madam / Dear Sir,
Regulation of Payment Aggregators – physical Point of Sale – DRAFT
Reference is invited to the Reserve Bank of India (RBI) circulars DPSS.CO.PD.No.1810/02.14.008/2019-20 dated March 17, 2020 and CO.DPSS.POLC.No.S33/02-14-008/2020-2021 dated March 31, 2021 on “Guidelines on Regulation of Payment Aggregators and Payment Gateways”, and circular CO.DPSS.POLC.No.S-761/02-14-008/2022-23 dated July 28, 2022 on “Regulation of Payment Aggregators – Timeline for submission of applications for authorisation – Review”.. Keeping in view the importance of Payment Aggregators (PAs) in the payment ecosystem, these circulars provided for, inter-alia, direct regulation and authorisation of PAs facilitating online / e-commerce payment transactions, by the RBI.
2. The payments ecosystem in India includes (i) online PAs (hereinafter called PA – online Point of Sale (PA – O)), and (ii) PAs which facilitate face-to-face / proximity payment transactions (hereinafter called PA – physical Point of Sale (PA – P). The Payments Vision 2025 envisages direct regulation of PA-P, and an announcement to this effect was made in the “Statement on Developmental and Regulatory Policies” dated September 30, 2022.
3. Accordingly, guidelines for entities engaged in face-to-face / proximity payment transactions (PA-P) are provided in Annex.
4. All other provisions of the RBI circulars dated March 17, 2020 and March 31, 2021 and any modifications/amendments to them, not provided for in Annex shall apply mutatis mutandis to PA-P.
5. This directive is issued under Section 18 read with Section 10 (2) of the Payment and Settlement Systems Act, 2007 (Act 51 of 2007).
Yours faithfully,
Chief General Manager-in-Charge
Encl.: As above
Annex
(RBI circular CO.DPSS.POLC.No. S-*** / 02-14-008 / 2024-25 dated ***** **, ****)
1. Requirement of authorisation
1.1. Banks provide physical PA services as part of their normal banking relationship, and hence, do not require separate authorisation from RBI for the purpose. They shall ensure compliance with these instructions within three months from the date of issue of this circular.
1.2. Non-bank entities providing PA-P services as on the date of this circular, shall intimate to RBI within 60 days from the issuance of this circular about their intention to seek authorisation. They shall apply in Form A (as provided in the March 17, 2020 circular) to the RBI for authorisation by May 31, 2025, as per details provided below; they shall be allowed to continue their operations till they receive communication from the RBI regarding fate of their application.
1.3. Non-bank PA-O – authorised as well as those whose application for authorisation is pending with the RBI – shall seek the approval of Department of Payment and Settlement Systems (DPSS), RBI, Central Office (CO) within 60 calendar days from the date of this circular, about their existing PA-P activity, if they would want to continue it.
1.4. The entities, currently carrying out this activity should ensure adherence to the guidelines on governance, merchant on-boarding, customer grievance redressal and dispute management framework, baseline technology recommendations, security, fraud prevention and risk management framework (provided in the March 17, 2020 circular) within a period of three months from the date of this circular. The entity shall ensure compliance with these guidelines on an ongoing basis thereafter. The continued adherence to these guidelines shall be considered while processing the application for authorisation/approval.
1.5. In future, an authorised non-bank PA-O (or PA-P) which wants to commence physical (or online) PA activity (as the case may be), shall seek approval from DPSS, RBI, CO prior to commencement of such business.
2. Networth criterion
2.1. Non-banks providing PA-P services as on the date of this circular, shall have a minimum networth of ₹15 crore at the time of submitting application to the RBI for authorisation and a minimum networth of ₹25 crore by March 31, 2028. The net-worth of ₹25 crore shall be maintained at all times thereafter.
2.2. New non-bank PA-P (i.e. entities which have not commenced operations before the date of this circular) shall have a minimum networth of ₹15 crore at the time of submitting application to the RBI for authorisation and shall attain a minimum networth of ₹25 crore by end of the third financial year of grant of authorisation. The net-worth of ₹25 crore shall be maintained at all times thereafter. Illustratively, if the entity is granted a Certificate of Authorisation on October 1, 2025, it shall achieve the networth of ₹ 25 crore by March 31, 2028.
2.3. As part of application, non-bank PA-P (existing on the date of this circular) shall submit a certificate from their statutory auditor (format as prescribed in the circular dated March 17, 2020), along with the latest audited statement(s) of financial accounts, to evidence compliance with the applicable net worth criterion. Newly incorporated non-bank PA-P which may not have audited statement of financial accounts shall submit a certificate from their statutory auditor regarding the current networth along with provisional balance sheet.
2.4. All existing non-bank PA-P which are not able to comply with the networth requirement or do not apply for authorisation within the stipulated time frame, shall wind-up PA-P activity by July 31, 2025.
2.5. Banks shall close accounts (used for PA activity) of non-bank PA-P (existing as on the date of this circular) by October 31, 2025 unless such PAs produce evidence regarding application for authorisation submitted to the RBI.
Regulation of Payment Aggregators (PAs) – DRAFT
CO.DPSS.POLC.No.S-***/02-14-008/2024-25
Date of Issue
All Payment System Providers and Payment System Participants
Madam / Dear Sir,
Regulation of Payment Aggregators (PAs) – DRAFT
Reference is invited to the Reserve Bank of India (RBI) circulars DPSS.CO.PD.No.1810 / 02.14.008 / 2019-20 dated March 17, 2020, CO.DPSS.POLC.No.S33 / 02-14-008 / 2020-2021 dated March 31, 2021 on “Guidelines on Regulation of Payment Aggregators and Payment Gateways”, and circular CO.DPSS.POLC.No.S-761 / 02-14-008 / 2022-23 dated July 28, 2022 on “Regulation of Payment Aggregators – Timeline for submission of applications for authorisation – Review”. Keeping in view the importance of Payment Aggregators (PAs) in the payment ecosystem, these circulars provided for, inter-alia, direct regulation and authorisation of PAs facilitating payments at online Point of Sale by the RBI.
2. Clarifications / modifications in respect of extant PA instructions are provided in Annex. These instructions shall be applicable with effect from one month from the date of issue of the circular (unless otherwise specified) to all PAs, irrespective of status of the application submitted to the RBI for seeking authorisation.
3. This directive is issued under Section 18 read with Section 10 (2) of the Payment and Settlement Systems Act, 2007 (Act 51 of 2007).
Yours faithfully,
Chief General Manager-in-Charge
Encl.: As above
Annex
(RBI circular CO.DPSS.POLC.No. S-*** / 02-14-008 / 2023-24 dated ***** **, ****)
Clarifications in respect of PAs – Online and Physical Point of Sale
1. Definition
1.1. The definition of PA mentioned in paragraph 1.1.1 of Annex 1 to RBI circular dated March 17, 2020, shall stand revised as follows:
“Entities which on-board merchants and facilitate aggregation of payments made by customers to such merchants, for purchase of goods and services, using one or more payment channels, in online or physical Point of Sale payment modes through a merchant’s interface (physical or virtual), and subsequently settle the collected funds to such merchants.”
a. Online PAs (PA – O): PAs which facilitate e-commerce transactions in non-Delivery versus Payment mode.
b. PA – physical Point-of-Sale (PA – P): PAs which facilitate face-to-face / proximity payment for Delivery vs Payment1 transactions.
1.2. Merchant: Entities which sell / provide goods and services purchased by the customer. They include a marketplace also.
a. Small merchants: Physical merchants (those undertaking only proximity / face-to-face transactions) with business turnover less than the threshold limit of Rs.5 lakh per annum and not registered under Goods and Services Tax.
b. Medium merchants: Merchants (physical / online), excluding small merchants, with business turnover less than the threshold limit of Rs.40 lakh per annum. Such merchants are not registered under Goods and Services Tax.
1.3. Marketplace: An electronic commerce entity which provides an information technology platform on a digital or electronic network to facilitate transactions between buyers and sellers.
2. Networth
2.1. The required networth of PAs shall be maintained on an on-going basis.
3. Escrow account(s)
3.1. The escrow account opened by the PA in accordance with paragraph 8.1 of the circular DPSS.CO.PD.No.1810 / 02.14.008 / 2019-20 dated March 17, 2020 can be used for both PA-O and PA-P activities.
3.2. Funds in respect of Delivery versus Payment (DvP) transactions, which were hitherto not covered under the scope of RBI circulars dated March 17, 2020 and March 31, 2021, shall be routed through the escrow account(s).
3.3. Cash-on-delivery transactions are outside the scope of the RBI circulars on PAs. Accordingly, such transactions shall not be routed through the escrow accounts.
3.4. Paragraph 8.9.1.2 (b) of RBI circular dated March 17, 2020 that permits debit to escrow account for “payment to any other account on specific directions from the merchant”, stands deleted with immediate effect.
4. KYC and Due diligence
4.1. Payment Aggregators shall undertake due diligence of merchants onboarded by them in accordance with Customer Due Diligence (CDD) prescribed in Master Directions on Know Your Customer (MD-KYC), 2016, as amended from time to time, unless provided otherwise. These instructions shall be applicable three months from the date of issue of the circular.
4.2. The PA may undertake due diligence of merchants in accordance with instruction provided below:
a. For small merchants, the PA shall undertake Contact Point Verification (CPV) of the business establishment. PAs shall also duly verify the bank account in which funds of such merchants are settled.
b. For medium merchants, PAs shall carry out CPV. PAs shall also obtain and verify one Officially Valid Document (OVD) of the proprietor / beneficial owner / person holding attorney and verify one OVD of the business.
c. For undertaking the CDD through Video based Customer Identification Process (V-CIP), assisted V-CIP shall be permissible when PAs take help of an agent facilitating the process only at the merchant end. PAs shall maintain the details of the agent assisting the merchant, where services of such agents are employed.
4.3. Ongoing merchant monitoring:
a. PA shall monitor the transaction activity of the merchant on an ongoing basis. Based on its transaction pattern, the merchant shall be migrated to higher category of CDD. Upon migration, the PA shall immediately undertake the additional due diligence of the merchant as prescribed in the guidelines above.
b. PAs shall ensure that the merchant transactions processed by it are in line with the merchant’s business profile.
c. PAs shall have risk-based payment limits for the merchants onboarded.
4.4. PAs shall ensure that marketplaces onboarded by them do not collect and settle funds for services not offered through their platform.
4.5. PAs shall ensure that the name of merchant (legal and brand name) and the PA shall be displayed on the web pages (where different payment options are listed as well as on the payment confirmation page) / charge slip (as the case may be) within three months from the date of issue of the circular.
4.6. PAs shall ensure complete and ongoing compliance to the wire transfer guidelines prescribed in the MD-KYC, as amended from time to time.
4.7. All non-bank PAs shall register themselves with the Financial Intelligence Unit-India (FIU-IND) and provide necessary information as desired by FIU – IND.
4.8. Existing PAs (both authorised PAs, as well as PAs whose application is pending with RBI as on the date of this circular) shall ensure that for all existing merchants (both online and physical), the due diligence process, prescribed above shall be completed by September 30, 2025. Entities providing PA-P services as on the date of this circular shall complete this process within a period of 12 months from the date of submission of application for authorisation. Quarterly reports shall be submitted to the concerned Regional Office of RBI detailing progressive compliance for the same (format provided in the Appendix).
4.9. PAs shall ensure that they have completed the due diligence of their existing merchants in accordance with the following timelines:
| Percentage Contribution to GPV2 of merchants whose due diligence has been completed | Timeline for existing PAs (authorised or whose application is pending with RBI) | Timeline for existing PA – P |
| 50% | December 31, 2024 | 3 months from the date of application |
| 75% | March 31, 2025 | 6 months from the date of application |
| 90% | June 30, 2025 | 9 months from the date of application |
| 100% | September 30, 2025 | 12 months from the date of application |
5. Agents of PAs
5.1. Non-bank PAs shall be permitted to engage agents to assist their merchants for onboarding subject to the following conditions:
a. Having a Board approved policy clearly laying down the framework for engaging agents;
b. Carrying out proper due diligence of the persons appointed as authorised / designated agents;
c. Being responsible as the principal for all acts of omission or commission of their authorised / designated agents, including safety and security aspects;
d. Preserving records and confidentiality of customer information in their possession as well as in the possession of their authorised / designated agents;
e. Monitoring regularly the activities of their authorised / designated agents and carrying out review of the performance of various agents engaged by them at least once in a year.
6. Multiple PAs
6.1. For payment transactions facilitated by two or more authorised PAs connected in the transaction chain, RBI’s instructions on PAs shall apply to all PAs in the chain mutatis mutandis.
7. Storage of card data [i.e. Card-on-File (CoF)]
7.1. For face-to-face / proximity payment transactions done using cards, from August 1, 2025, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store the CoF data. Any such data stored previously shall be purged. For transaction tracking and / or reconciliation purposes, entities can store limited data – last four digits of card number and card issuer’s name – in compliance with the applicable standards. Card networks shall ensure the compliance with above for all the concerned entities.
1 DvP transactions entail payment for goods / services at the time of their delivery.
2 Details of calculation of GPV are provided in the Appendix.
