New rules on the horizon for payment aggregators

On 16 April 2024, the RBI proposed major changes to the way it regulates Payment Aggregators (PAs). It released draft guidelines to regulate offline PAs (PA-P Draft Regulations). It also proposed amendments (PA Draft Amendments) to existing guidelines for online PAs (PA Guidelines). The deadline to submit comments on both the drafts is 31 May 2024.

PAs are payment intermediaries which pool payments made by customers to merchants (through different payment modes) for goods/services and settle the collected funds to merchants. Offline PAs process face to face payments made through point-of-sale (POS) devices/tools. The online PAs, on the other hand, process non-face-to-face e-commerce payments. At present, the RBI only regulates online PAs. With growing importance of offline PAs (in the payment ecosystem), the RBI has now proposed to regulate them too through the PA-P Draft Regulations.

Now, onto the proposals under the drafts.

        (A)     PA-P Draft Regulations

  • All non-bank entities – including online PAs – must apply for an RBI authorization if they want to start/continue offline PA business. POS providers like Pine Labs, Mswipe, PhonePe, BharatPe and Razorpay are the key players which will be impacted by the regulations. 
  • The offline PAs must comply with the PA Guidelines within 3 months of PA-P Draft Regulations becoming effective (Effective Date) – even when their PA application is pending. The PA Guidelines prescribe rules on governance, merchant on-boarding, customer grievance redressal, fraud prevention, etc
  • The RBI will consider effective compliance with PA Guidelines as a ground to grant offline PA authorization.
  • Minimum net-worth requirements for offline PAs:

 (i)   Offline PAs with active operations on the Effective Date

On the application date

On and after 31 March 2028

Rs. 15 crores

Rs. 25 crores

 

(ii)  New Offline PAs

On the application date

On and after 3 years from the PA authorization date

Rs. 15 crores

Rs. 25 crores

 

(B)   PA Draft Amendments

The objective of the PA Draft Amendments is (a) to introduce a uniform regulatory framework for online and offline PAs; and (b) tighten existing norms for PAs. The key amendments are as follows:

  • KYC obligations 

ü  PAs must KYC merchants as per the RBI’s KYC Master Directions. PAs must not just KYC the new merchants but also their existing merchant base within the timeline prescribed under the Draft Amendment. 

ü  However, for the following merchants, the KYC requirements at onboarding will be relaxed. The PAs just need to implement the prescribed KYC checks – they need not follow the entire KYC Master Directions to onboard these merchants.

Merchant Category

Description of category

Prescribed KYC Requirement

Small merchants

Brick-and-mortar merchants with an annual turnover below Rs. 5 lakhs.

PAs must conduct contact point verification (CPV) of merchant’s business establishment and verify merchant’s bank account. CPV is a process to confirm the details provided by an individual or a business entity.

Medium merchants

Online and offline merchants with an annual turnover below Rs. 40 lakhs.

PAs must (a) conduct CPV of merchant’s business establishment, and (b) verify an officially valid document of the business and its owner (like passport or driving license).

 

ü  The proposed amendment increases compliance burden for PAs because they obligate PAs to conduct full KYC for bigger merchants (with turnover above Rs. 40 lakhs). Even for small and medium merchants, PAs must conduct CPV and other prescribed checks. Until now, the rule was that if PAs settled funds into an already KYC-ed bank account of a merchant, they need not conduct a full-KYC (as per KYC master directions) to onboard the merchant. 

ü  PAs must also monitor the merchants’ transactions/activities on an ongoing basis. Merchants must be subject to a higher level of KYC checks and additional due diligence based on changes in their transaction patterns/activity. PAs must also set risk-based payment limits for merchant transactions.

ü  PAs must comply with wire transfer rules under the RBI’s KYC Master Directions. A ‘wire transfer’ is a payment effected through electronic means. As per the wire transfer rules, regulated entities must record all information about the originator (the sender) and beneficiary (the receiver) of the transaction.

ü  PAs must also register with Financial Intelligence Unit (FIU) – the agency responsible to collect intelligence under anti-money laundering laws of India.

  • Escrow accounts: PAs collect and pool customer funds in an escrow account maintained with a bank. These are the key changes proposed for escrow accounts:

ü  The PAs can use the same escrow account for online and offline PA business. 

ü  The delivery vs payment (DVP) transactions (where goods/services are delivered right after the payment is confirmed like purchase of train/movie ticket) must also be processed through the escrow account. Until now, DVP transactions were outside the purview of the PA Guidelines. 

ü  Under current PA GuidelinesPA Guidelines, PAs can settle funds from their escrow accounts to not just the merchant’s own account but also any third party account as per the merchant’s wish. This flexibility, for example, allows PAs to settle payments into accounts of vendors/sellers/delivery partners of the online marketplaces. The PA Draft Amendments have proposed to prohibit PAs from settling funds into third party accounts (which are not the merchant’s own accounts) and take away this flexibility.

ü  If merchant for an online PA is an e-commerce marketplace, the PAs must only collect or settle funds for services offered through the marketplace (and not for any other purpose).

  • Card transaction data: From 1 August 2025, for face-to-face card transactions processed through POS, only card issuers or card networks can store card data. Other entities in the payment ecosystem like offline PAs, who would have stored such data, must purge it. They can only store limited card data – last four digits of card number and card issuer name – for transaction tracking or reconciliation purposes.

Reach out to our fintech team at contact@ikigailaw.com if you have any questions on this.

(This blog is co-authored by Astha Srivastava, Principal Associate – Ikigai Law, and Radhika Maheshwari, Associate - Ikigai Law).

Image Credit: Shutterstock

Challenge
the status quo

Sparking Curiosity...