Regulation Of Payment Aggregators And Payment Gateways
- On 17th March 2020, the Reserve Bank of India (RBI) released guidelines for the activities payment aggregators (PAs) and provides baseline technology-related recommendations to payment gateways (PGs) in the country.
- PAs and PGs are intermediaries playing an important function in facilitating payments in the online space.
- These guidelines are issued under Section 18 read with Section 10(2) of the Payment and Settlement Systems Act, 2007 and shall come into effect from April 1, 2020.
- To make digital payments more safer and transparent
- The RBI released a discussion paper in September, 2019 to regulate these entities.
- The paper suggested three ways to look at the issue- no regulation, light touch regulation or full regulation, the final guidelines seem to have favoured the third alternative.
- It is to be noted that banks are already regulated entities of RBI, the payment gateway services provided by them need not require a separate authorisation as these activities form part of regular banking business.
Need for Regulation
- Potential Source of Risk: The activities of payment gateways and payment aggregators in online transactions are extremely crucial and the payment gateway ecosystem for online transactions could be a source of risk if operators have lax governance practices.This in turn could impact the confidence and experience of the customers.
- Lack of Redressal Mechanism: Further, the lack of proper redress mechanism and uniformity in practice across the entities is also a matter of concern.
About the Guidelines
- The guidelines shall be applicable to PAs. PAs shall also adopt the technology-related recommendations.
- Domestic leg of import and export related payments facilitated by PAs shall also be governed by these instructions.
- Guidelines are not applicable to Cash on Delivery (CoD) e-commerce model.
- The criteria of authorization has been arrived at based on the role of the intermediary in handling of funds.
- Banks, which provide payments aggregation services as part of their regular banking relationship, do not require a separate authorisation from RBI.
- But non-bank payments aggregators will require authorisation from RBI under the Payment and Settlement Systems Act (PSSA), 2007.
- Existing non-bank entities offering PA services shall apply for authorisation on or before June 30, 2021.
- E-commerce marketplaces, according to the guidelines, providing payment aggregator services will have to be separated from the marketplace business and they will have to apply for authorisation on or before June 30, 2021.
- The biggest examples of this- PhonePe, a Flipkart company, and Paytm’s payment aggregator business are already separate entities from the marketplace models.
- Existing PAs shall achieve a net-worth of ₹15 crore by March 31, 2021 and a net-worth of ₹25 crore by the end of third financial year, i.e., on or before March 31,
- New PAs shall have a minimum net-worth of ₹15 crore at the time of application for authorization and shall attain a net-worth of ₹25 crore by the end of third financial year of grant of authorisation.
- PAs that are not able to comply with the net-worth requirement within the stipulated time frame shall wind-up payment aggregation business.
- PAs shall have a Board approved policy for disposal of complaints / dispute resolution mechanism / time-lines for processing refunds, etc., in such a manner that the RBI instructions on Turn Around Time (TAT) for resolution of failed transactions.
- PAs shall appoint a Nodal Officer responsible for regulatory and customer grievance handling functions.
Safeguards against Money Laundering (KYC / AML / CFT) Provisions
- The Know Your Customer (KYC) / Anti-Money Laundering (AML) / Combating Financing of Terrorism (CFT) guidelines issued by the Department of Regulation, RBI, in their “Master Direction – Know Your Customer (KYC) Directions” updated from time to time, shall apply mutatis mutandis to all entities.
Settlement and Escrow Account Management
- Non-bank PAs shall maintain the amount collected by them in an escrow account with any scheduled commercial bank.
- For the purpose of maintenance of the escrow account, the operations of PAs shall be deemed to be ‘designated payment systems’ under Section 23A of the PSSA (as amended in 2015).
Customer Grievance Redressal and Dispute Management Framework
- PAs shall put in place a formal, publicly disclosed customer grievance redressal and dispute management framework, including designating a nodal officer to handle the customer complaints / grievances and the escalation matrix.
Security, Fraud Prevention and Risk Management Framework
- A strong risk management system is necessary to meet the challenges of fraud and ensure customer protection. PAs shall put in place adequate information and data security infrastructure and systems for prevention and detection of frauds.
Bringing Transparency and Accountability
- PGs are regulated through banks, which creates opaqueness in the system. Regulations will help eliminating opaqueness and make things clearer for the entire industry in terms of capital requirement, governance and KYC norms for example.
- PGs such as Paytm, Mobikwik, Bharat Bill and aggregators like BillDesk, PayU India, CCAvenue, Razorpay now will be directly regulated by the RBI to bring more transparency, accountability and security for consumers.
Driving towards Less cash Society
- Industry would continue to work with RBI closely for smoother transition of industry players from indirectly regulated to directly regulated and help to achieve the overall vision of less cash society.
Payment Aggregators (PAs)
Payment Gateways (PGs)