Master Directions on Prepaid Payment Instruments (PPIs) (Updated as on February 23, 2024) - আৰবিআই - Reserve Bank of India
Master Directions on Prepaid Payment Instruments (PPIs) (Updated as on February 23, 2024)
updated-as-on:
- 2024-02-23
- 2023-02-10
- 2021-11-12
- 2021-08-27
RBI/DPSS/2021-22/82 August 27, 2021 All Prepaid Payment Instrument Issuers (Banks and Non-banks) and System Participants Madam / Dear Sir, Master Directions on Prepaid Payment Instruments (PPIs) This has reference to the Master Direction dated October 11, 2017 on Issuance and Operation of Prepaid Payment Instruments (PPI-MD) and subsequent amendments made thereto. Keeping in view the recent updates to PPI guidelines, it has been decided to issue the Master Directions afresh. 2. These Directions are issued under Section 18 read with Section 10(2) of the Payment and Settlement Systems Act, 2007. Yours faithfully, (P. Vasudevan) Master Directions on Prepaid Payment Instruments (MD-PPIs) 1. Introduction 1.1 In exercise of the powers conferred under Section 18 read with Section 10(2) of the Payment and Settlement Systems Act, 2007 (Act 51 of 2007), the Reserve Bank of India (RBI) being satisfied that it is necessary and expedient in the public interest to do so, hereby, issues these Directions. 1.2 Short title and commencement
1.3 Applicability: The provisions of MD-PPIs shall apply to all Prepaid Payment Instrument (PPI) Issuers and System Participants. 1.4 Purpose
1.5 Banks and non-bank entities issue PPIs in the country after obtaining necessary approval / authorisation from RBI under the Payment and Settlement Systems Act, 2007 (PSS Act). Taking into account the developments in the field and the progress made by PPI issuer, the existing instructions issued on the subject till date have been incorporated and are consolidated in these Master Directions (MD). 1.6 The MD lays down the eligibility criteria and the conditions of use for Payment System Operators (PSOs) involved in the issuance and operation of PPIs in the country. 1.7 No entity can set up and operate payment systems for PPIs without prior approval / authorisation of RBI. 2. Definitions For the purpose of this MD, the following definitions shall be applicable: 2.1 Closed System PPIs : These PPIs are issued by an entity for facilitating the purchase of goods and services from that entity only and do not permit cash withdrawal. These instruments cannot be used for payment or settlement for third party services. The issuance or operation of such instruments is not classified as a payment system requiring approval / authorisation by RBI and are, therefore, not regulated or supervised by RBI. 2.2 Entities / Entity : The term ‘entities / entity’ refer/s to banks / non-banks who have approval / authorisation from RBI to issue PPIs as well as those who are proposing to issue PPIs. 2.3 Holder : Individuals / Organisations who obtain / purchase PPIs from the issuer and use them for purchase of goods and services, financial services, remittance facilities, etc. 2.4 Issuer : Entities issuing PPIs to individuals / organisations. 2.5 Limits : All limits in the value of instruments stated in this MD, indicate the maximum value of such instruments denominated in INR that shall be issued. 2.6 Merchants : Establishments who have a specific contract to accept the PPIs of the PPI issuer (or contract through a payment aggregator / payment gateway) against the sale of goods and services, financial services, etc. 2.7 Net-worth : Shall consist of ‘paid up equity capital, preference shares which are compulsorily convertible into equity capital, free reserves, balance in share premium account and capital reserves representing surplus arising out of sale proceeds of assets but not reserves created by revaluation of assets’ adjusted for ‘accumulated loss balance, book value of intangible assets and deferred revenue expenditure, if any’. While compulsorily convertible preference shares reckoned for computation of net-worth can be either non-cumulative or cumulative, these shall be compulsorily convertible into equity shares and the shareholder agreements shall specifically prohibit any withdrawal of this preference share capital at any time. 2.8 Prepaid Payment Instruments (PPIs)1 : Instruments that facilitate purchase of goods and services, financial services, remittance facilities, etc., against the value stored therein. PPIs that require RBI approval / authorisation prior to issuance are classified under two types viz. (i) Small PPIs, and (ii) Full-KYC PPIs.
3. Eligibility requirements for issuance of PPIs by banks 3.1 Banks that comply with the eligibility criteria, including those stipulated by the respective regulatory department of RBI, shall be permitted to issue PPIs after obtaining approval from RBI. Banks, seeking approval from the RBI under the PSS Act, shall apply to the Department of Payment and Settlement Systems (DPSS), Central Office (CO), RBI, Mumbai along with a ‘No Objection Certificate’ from their regulatory department, within 30 days of obtaining such clearance. 4. Capital and other eligibility requirements for issuance of PPIs by non-banks 4.1 Non-banks that comply with the eligibility criteria, including those stipulated by the respective regulatory department of RBI, shall be permitted to issue PPIs after obtaining authorisation from RBI. Non-banks, regulated by any of the financial sector regulators, seeking authorisation from the RBI under the PSS Act shall apply to the DPSS, CO, RBI, Mumbai along with a ‘No Objection Certificate’ from their respective regulator, within 30 days of obtaining such clearance. 4.2 Non-bank entities applying for authorisation shall be a company incorporated in India and registered under the Companies Act, 1956 / 2013. 4.3 Non-bank entities having Foreign Direct Investment (FDI) / Foreign Portfolio Investment (FPI) / Foreign Institutional Investment (FII) shall also meet the capital requirements as applicable under the extant Consolidated FDI policy guidelines of Government of India. 4.4 The Memorandum of Association (MoA) of the non-bank entity shall cover the proposed activity of PPI issuance. 4.5 All non-bank entities seeking authorisation from RBI under the PSS Act shall have a minimum positive net-worth of Rs.5 crore as per the latest audited balance sheet at the time of submitting the application. They shall submit a certificate in the enclosed format (Annex-2) from their Chartered Accountants (CA) to evidence compliance with the applicable net-worth requirement while submitting the application for authorisation. The application shall be processed by RBI based on this net-worth which shall be maintained at all times. Thereafter, by the end of the third financial year from the date of receiving final authorisation, they shall achieve a minimum positive net-worth of Rs.15 crore which shall be maintained at all times. Illustratively, if the entity is issued final authorisation on March 1, 2021, then it shall achieve a minimum positive net-worth of Rs.15 crore for the financial position as on March 31, 2023. Similarly, if the entity is issued final authorisation on May 1, 2021, then it shall achieve a minimum positive net-worth of Rs.15 crore for the financial position as on March 31, 2024. 4.6 Non-bank PPI issuer (authorised till October 11, 2017) shall comply with the minimum positive net-worth requirement of Rs.15 crore for the financial position as on September 30, 2021 (provisional balance sheet). This shall be reported to RBI, along with CA certificate in the enclosed format (Annex-2) and provisional balance sheet, by October 31, 2021 failing which they may not be permitted to carry out this business. Thereafter, the minimum positive net-worth of Rs.15 crore shall be maintained at all times. Till September 30, 2021, the existing PPI issuer shall continue to maintain the capital requirements applicable to it at the time of its authorisation. 4.7 Authorised non-bank PPI issuer shall submit a net-worth certificate every year in the enclosed format (Annex-2) to evidence compliance with the applicable net-worth requirement as per the audited balance sheet of the financial year within six months of completion of that financial year. 4.8 Newly incorporated non-bank entities that may not have an audited statement of financial accounts shall submit a certificate in the enclosed format (Annex-2) from their CA regarding the current net-worth along with provisional balance sheet. 4.9 Non-bank PPI issuer shall also be guided by DPSS circular CO.DPSS.AUTH.No.S190/02.27.005/2021-22 dated June 14, 2021 (as amended from time to time) on Investment in entities from FATF non-compliant jurisdictions. 5. Authorisation process for non-banks 5.1 A non-bank entity desirous of issuing PPIs shall apply for authorisation in Form A (available on RBI website www.rbi.org.in) as prescribed under Regulation 3(2) of the Payment and Settlement Systems Regulations, 2008 (PSS Regulations) along with the requisite application fees. 5.2 The application shall initially be screened by RBI to ensure prima facie eligibility of the applicant. The directors of the applicant entity shall submit a declaration in the enclosed format (Annex-3). RBI shall also check ‘fit and proper’ status of the applicant. Application of entities not meeting the eligibility criteria, or those that are incomplete / not in the prescribed form with all details, shall be returned without refund of the application fees. 5.3 In addition to the compliance with the applicable guidelines, RBI shall also apply checks, inter-alia, on certain essential aspects like customer service and efficiency, technical and other related requirements, safety and security aspects, etc., before granting in-principle approval to the applicants. 5.4 Subject to meeting the eligibility criteria and other conditions, the RBI shall issue an ‘in-principle’ approval, which shall be valid for a period of six months. The entity shall submit a satisfactory System Audit Report (SAR) to RBI within these six months, failing which the in-principle approval shall lapse automatically. SAR shall be accompanied by a certificate from the CA regarding compliance with the minimum positive net-worth. An entity can seek one-time extension for a maximum period of six months for submission of SAR by making a request in writing, to DPSS, CO, RBI, Mumbai, in advance with valid reasons. The RBI reserves the right to decline such a request for extension. 5.5 Subsequent to the issue of the in-principle approval, if any adverse features regarding the entity / promoters / group or business practices, etc., come to notice, RBI may impose additional conditions and if warranted, the in-principle approval may be withdrawn. 5.6 Pursuant to receipt of satisfactory SAR, net-worth certificate and due diligence, RBI shall grant final Certificate of Authorisation (CoA). Entities granted final authorisation shall commence business within six months from the grant of CoA failing which the authorisation shall lapse automatically. An entity can seek one-time extension for a maximum period of six months by making a request in writing, to DPSS, CO, RBI, Mumbai, in advance with valid reasons. RBI reserves the right to decline such a request for extension. 5.7 CoA shall be granted to all PSOs on a perpetual basis subject to the conditions stated in DPSS circular DPSS.CO.AD.No.724/02.27.005/2020-21 dated December 4, 2020 (as amended from time to time). 5.8 Entities seeking renewal of authorisation shall apply in writing to DPSS, CO, RBI, Mumbai at least three months before the expiry of validity of CoA, failing which RBI reserves the right to decline the request for renewal. 5.9 Any proposed major change, such as changes in product features / process, structure or operation of the payment system, etc., shall be communicated with complete details to the Chief General Manager (CGM), DPSS, CO, RBI, Mumbai. RBI shall endeavour to reply within 15 working days after receipt of above communication at DPSS, CO, RBI, Mumbai. 5.10 Any takeover or acquisition of control or change in management of a non-bank entity shall be communicated to the CGM, DPSS, CO, RBI, Mumbai within 15 days with complete details, including ‘Declaration and Undertaking’ (Annex-3) by each of the new directors, if any. RBI shall examine the ‘fit and proper’ status of the management and, if required, may place suitable restrictions on such changes. 5.11 To inculcate discipline and encourage submission of applications by serious players as also for effective utilisation of regulatory resources, Cooling Period of one year has been introduced (vide DPSS circular DPSS.CO.OD.No.753/06.08.005/2020-21 dated December 4, 2020, as updated from time to time) in the following situations –
In respect of entities whose application for authorisation is returned for any reason by RBI, condition of Cooling Period shall be invoked after giving the entity an additional opportunity to submit the application. During the Cooling Period, entities shall be prohibited from submission of applications for operating any payment system under the PSS Act. 6. Safeguards against money laundering provisions 6.1 The Know Your Customer (KYC) / Anti-Money Laundering (AML) / Combating Financing of Terrorism (CFT) guidelines issued by the Department of Regulation (DoR), RBI, in “Master Direction – Know Your Customer Direction, 2016”, as updated from time to time, shall apply mutatis mutandis to all the entities issuing PPIs. 6.2 Provisions of Prevention of Money Laundering Act, 2002 (PMLA) and Rules framed thereunder, as amended from time to time, shall be applicable to PPI issuer. 6.3 PPI issuer shall maintain a log of all the transactions undertaken using the PPIs for at least ten years. This data shall be made available for scrutiny to RBI or any other agency / agencies as may be advised by RBI. The PPI issuer shall also file Suspicious Transaction Reports (STRs) to Financial Intelligence Unit-India (FIU-IND). 7. Issuance, loading and reloading of PPIs 7.1 All entities approved / authorised to issue PPIs by RBI are permitted to issue reloadable or non-reloadable PPIs depending upon the permissible type / category of PPIs as laid down in paragraph 9 and 10 of these Directions. 7.2 PPI issuer shall have a clear laid down policy, duly approved by its Board, for issuance of various types / categories of PPIs and all activities related thereto. 7.3 PPI issuer shall ensure that the name of the company which has received approval / authorisation for issuance and operating of PPIs, is prominently displayed along with the PPI brand name in all instances. PPI issuer shall also keep RBI informed regarding the brand names employed / to be employed for its products. 7.4 PPI issuer shall not pay any interest on PPI balances. 7.5 PPIs shall be permitted to be loaded / reloaded by cash, debit to a bank account, credit and debit cards, PPIs (as permitted from time to time) and other payment instruments issued by regulated entities in India and shall be in INR only. 7.6 Cash loading to PPIs shall be limited to Rs.50,000/- per month subject to overall limit of the PPI. 7.7 PPIs may be issued as cards, wallets, and in any such form / instrument which can be used to access the PPI and to use the amount therein. No PPI shall be issued in the form of paper vouchers. 7.8 Banks shall be permitted to load / reload PPIs through BCs subject to compliance with BC guidelines issued by RBI. 7.9 Banks and non-banks shall be permitted to load / reload PPIs through their authorised outlets or through their authorised / designated agents subject to following conditions:-
7.10 PPI issuer shall ensure that there is no co-mingling of funds originating from any other activity that they may be undertaking such as BC of bank/s, intermediary for payment aggregation, payment gateway, etc. 7.11 PPIs under co-branding arrangements
7.12 There shall be no remittance without compliance to KYC requirements. The PPI issuer, including its agent/s, shall not create new PPIs every time for facilitating cash-based remittances to other PPIs / bank accounts. PPIs created for previous remittance by the same person shall be used. 8. Cross-border transactions The use of INR denominated PPIs for cross-border transactions shall not be permitted except as under: 8.1 PPIs for cross-border outward transactions
8.2 PPIs for credit towards cross-border inward remittances
8.3 Foreign Exchange PPIs: Entities authorised under FEMA to issue foreign exchange denominated PPIs shall be outside the purview of this MD. 9. Types of PPIs 9.1 Small PPIs (or Minimum-detail PPIs) (i) PPIs upto Rs.10,000/- (with cash loading facility)
(ii) PPIs upto Rs.10,000/- (with no cash loading facility)
9.2 Full-KYC PPIs
10. Specific categories of PPIs Banks and non-banks shall not issue PPIs of any other category except as permitted under the following categories: 10.1 Gift PPIs
10.2 PPIs for Mass Transit Systems (PPI-MTS)
10.3 PPIs to Foreign Nationals / Non-Resident Indians (NRIs) visiting India
11. Interoperability 11.1 Interoperability is the technical compatibility that enables a payment system to be used in conjunction with other payment systems. 11.2 PPI issuer shall be guided by the technical specifications / standards / requirements for achieving interoperability through UPI and card networks as per the requirements of National Payments Corporation of India (NPCI) and the respective card networks. NPCI and card networks shall facilitate participation by PPI issuer in UPI and card networks. 11.3 PPI issuer shall have a Board approved policy for achieving PPI interoperability. 11.4 Requirements for achieving interoperability: Common to wallets and cards 11.4.1 Where PPIs are issued in the form of wallets, interoperability across PPIs shall be enabled through UPI. 11.4.2 Where PPIs are issued in the form of cards (physical or virtual), the cards shall be affiliated to the authorised card networks. 11.4.3 PPI-MTS shall remain exempted from interoperability, while Gift PPI issuer (both banks and non-banks) have the option to offer interoperability. 11.4.4 The interoperability shall be facilitated to all KYC-compliant PPIs and entire acceptance infrastructure. It shall be mandatory for PPI issuer to give the holders of full-KYC PPIs (KYC-compliant PPIs) interoperability through authorised card networks (for PPIs in the form of cards) and UPI (for PPIs in the form of wallets). 11.4.5 Interoperability shall be mandatory on the acceptance side as well. QR codes in all modes shall be interoperable by March 31, 2022 vide RBI circular DPSS.CO.PD.No.497/02.14.003/2020-21 dated October 22, 2020. For other modes of acceptance, as also for issuance, the interoperability shall be achieved by March 31, 2022. Once a non-bank PPI entity becomes interoperable (on both issuing and acquiring side simultaneously), the entire merchant base, including those acquired by the banks, shall be accessible through the card networks and UPI. 11.4.6 Technical requirements : PPI issuer shall adhere to all the requirements of card networks / UPI including membership type and criteria, merchant on-boarding, adherence to various standards, rules and regulations applicable to the specific payment system such as technical requirements, certifications and audit requirements, governance, etc. 11.4.7 Reconciliation, customer protection and grievance redressal :
11.5 Requirements for achieving interoperability through card networks 11.5.1 Card networks are allowed to onboard PPI issuer to join their network. Non-bank PPI issuer is permitted to participate as member / associate member of authorised card networks. 11.5.2 Settlement : For the purpose of settlement, a non-bank PPI issuer can participate directly or through a sponsor bank arrangement as the case may be. Non-bank PPI issuer shall adhere to the requirements of respective card network’s settlement system. 11.5.3 Safety and security :
11.6 Requirements for achieving interoperability through UPI 11.6.1 PPI issuer shall facilitate all basic / standard features of interoperability of UPI. 11.6.2 PPI issuer shall act as Payment System Providers (PSP) in UPI. NPCI shall issue handle to the PPI issuer as per its policy / guidelines taking risk management aspects into consideration. Since *99# USSD is part of UPI, non-bank PPI issuer are also allowed to participate in the same. 11.6.3 PPI holders shall be on-boarded for UPI by their own PPI issuer only. PPI issuer shall only link its customer wallets to the handle issued to it. PPI issuer as PSP shall not on-board customers of any bank or any other PPI issuer. 11.6.4 Authentication shall be completed by the PPI holder as per her / his existing wallet credentials. In other words, a transaction will be pre-approved before it reaches the UPI. 11.6.5 Settlement : For the purposes of settlement, a non-bank PPI issuer shall participate through a sponsor bank. Non-bank PPI issuer shall adhere to the requirements of sponsor bank arrangement in UPI as also meet all requirements of NPCI in this regard. 12. Deployment of money collected 12.1 To ensure timely settlement, the non-bank PPI issuer shall invest the money collected against issuance of PPIs only as provided herein. 12.2 For the schemes operated by banks, the outstanding balance shall be part of the ‘net demand and time liabilities’ for the purpose of maintenance of reserve requirements. This position will be computed on the basis of balances appearing in the books of the bank as on the date of reporting. 12.3 Non-bank PPI issuer is required to maintain the outstanding balance in an escrow account with any scheduled commercial bank. An additional escrow account may be maintained with a different scheduled commercial bank at the discretion of the PPI issuer. For the purpose of maintenance of escrow account, payment system operated by the non-bank PPI issuer for issuance of PPIs shall be deemed to be ‘designated payment system’ under Section 23A of the PSS Act. Non-bank PPI issuer that is member of Centralised Payment Systems operated by RBI shall maintain a Current Account with RBI. Maintenance of escrow balance shall be subject to the following conditions:- (i) In case there is a need to shift the escrow account from one bank to another, the same shall be effected in a time-bound manner without unduly impacting the payment cycle to merchants. Migration shall be completed in the minimum possible time with prior intimation to RBI. (ii) The balance in the escrow account shall not, at the end of the day, be lower than the value of outstanding PPIs and payments due to merchants. While as far as possible PPI issuer shall ensure immediate credit of funds to escrow on issue, load / reload of PPIs to the PPI holders, under no circumstance such credit to escrow account shall be later than the close of business day (the day on which the PPI has been issued, loaded / reloaded). This shall be monitored by the non-bank PPI issuer on daily basis and any shortfall shall be immediately reported to the respective Regional Office of DPSS, RBI. (iii) Only the following debits and credits shall be permitted in the escrow account; in case where an additional escrow account is being maintained, credit and debit from one escrow account to the other shall also be permitted. However, inter-escrow transfers shall be avoided as far as possible and if resorted to, auditor’s certification shall clearly mention such transactions. The balance in Current Account with the RBI shall not be reckoned for the purpose of maintenance of daily balance in escrow accounts. Credits
Debits
Note: (1) The payment towards service charges, commission and forfeited amount shall be at pre-determined rates / frequency. Such transfers shall only be effected to a designated bank account of the PPI issuer as indicated in the agreement with the bank where escrow account is maintained. (2) All these provisions shall be part of Service Level Agreement that will be signed between the PPI issuer and the bank maintaining escrow account. (iv) The agreement between the PPI issuer and the bank maintaining escrow account shall include a clause enabling the bank to use the money in the escrow account only for purposes mentioned in these Directions. (v) Settlement of funds with merchants shall not be co-mingled with other business, if any, handled by the PPI issuer. (vi) No interest shall be payable by the bank on such balances, except as indicated in paragraph 12.4 below. (vii) PPI issuer shall be required to submit the list of merchants acquired by them to the bank and update the same from time to time. The bank shall be required to ensure that payments are made only to eligible merchants / purposes. There shall be an exclusive clause in the agreement signed between the PPI issuer and bank maintaining escrow account towards usage of balance in escrow account only for the purposes mentioned above. (viii) With the growing acceptance of PPIs in e-commerce payments, including in digital market places, the payment mechanism is often facilitated using the services of payment aggregators / payment gateways. In such a scenario, the emerging practice observed is that the PPI issuer has the necessary agreements with the digital market place and / or the payment aggregator / gateway rather than the individual merchants who are accepting the PPIs as a payment instrument. In view of the above, PPI issuer shall obtain an undertaking from the digital market place and / or payment aggregator / gateway that the payments made by the issuer are used for onward payments to the respective merchants. Such an undertaking shall be submitted by the PPI issuer to the bank maintaining the escrow account. (ix) A certificate (format enclosed Annex-5) signed by the auditor(s), shall be submitted by the authorised entities to the respective Regional Office of DPSS, RBI on a quarterly basis certifying that the entity has been maintaining adequate balance(s) in the escrow account(s) to cover outstanding value of PPIs issued and payments due to merchants. In case, an additional escrow account is being maintained, it shall be ensured that balances in both accounts are considered for the above certification. This shall also be indicated in the certificate. The same auditor shall be employed to audit both escrow accounts. The certificate shall be submitted within a fortnight from the end of quarter to which it pertains. Entities shall also submit an annual certificate (Annex-5), signed by the auditor, coinciding with accounting year of the entity to RBI. (x) Adequate records indicating the daily position of the value of instruments outstanding and payments due to merchants vis-à-vis balances maintained with the banks in the escrow accounts shall be made available for scrutiny to RBI or the bank where the account is maintained on demand. 12.4 As an exception to paragraph 12.3 (vi), the non-bank PPI issuer can enter into an agreement with the bank maintaining the escrow account, to transfer "core portion" of the amount, in the escrow account to a separate account on which interest is payable, subject to the following:-
Note: For the purpose of these Directions, "Core Portion" shall be computed as under:- Step 1: Compute lowest daily outstanding balance (LB) on a fortnightly (FN) basis, for one year (26 fortnights) from the preceding month. Step 2: Calculate the average of the lowest fortnightly outstanding balances [(LB1 of FN1+ LB2 of FN2+ ........+ LB26 of FN26) divided by26]. Step 3: The average balance so computed represents the "Core Portion" eligible to earn interest. 13. Validity and redemption 13.1 All PPIs issued in the country shall have a minimum validity period of one year from the date of last loading / reloading in the PPI. PPIs can be issued with a longer validity as well. In case of PPIs issued in the form of card (with validity period mentioned on the card), the customer shall have the option to seek replacement of the card. 13.2 PPI issuer shall caution the PPI holder at reasonable intervals, during the 45 days’ period prior to expiry of the validity period of the PPI. The caution advice shall be sent by SMS / e-mail / any other means in the language preferred by the holder indicated at the time of issuance of the PPI. 13.3 Non-bank PPI issuer cannot transfer the outstanding balance to its Profit & Loss account for at least three years from the expiry date of PPI. In case the PPI holder approaches the PPI issuer for refund of such amount, at any time after the expiry date of PPI, then the same shall be paid to the PPI holder in a bank account. 13.4 Bank issuing PPIs shall be guided by the instructions on Depositor Education and Awareness Fund (DEA Fund) issued by Department of Banking Regulation, RBI, vide, circular DBOD.No.DEAF Cell.BC.101/30.01.002/2013-14 dated March 21, 2014, as amended from time to time. 13.5 The PPI Issuer shall clearly indicate the expiry period of the PPI to the customer at the time of issuance of PPIs. Such information shall be clearly enunciated in the terms and conditions of sale of PPI. Where applicable, it shall also be clearly outlined on the website / mobile application of the PPI issuer. 13.6 PPIs with no financial transaction for a consecutive period of one year shall be made inactive by the PPI issuer after sending a notice to the PPI holder/s. These can be reactivated only after validation and applicable due diligence. These PPIs shall be reported to RBI separately. 13.7 The holders of PPIs shall be permitted to redeem the outstanding balance in the PPI, if for any reason the scheme is being wound-up or is directed by RBI to be discontinued. 14. Transactions limits 14.1 The PPI holder is allowed to use the PPI for purposes within the overall PPI limit applicable. PPI issuer shall decide on limits considering the risk perception of the holders as per its risk management policy. 14.2 All financial limits indicated against each type / category of the PPI shall be strictly adhered to. 14.3 Handling refunds
15. Security, fraud prevention and risk management framework 15.1 A strong risk management system is necessary for PPI issuer to meet challenges of fraud and ensure customer protection. PPI issuer shall put in place adequate information and data security infrastructure and systems for prevention and detection of frauds. 15.2 PPI issuer shall put in place Board approved Information Security policy for the safety and security of the payment systems operated by it, and implement security measures in accordance with this policy to mitigate identified risks. The PPI issuer shall review security measures (a) on on-going basis but at least once a year, (b) after any security incident or breach, and (c) before / after a major change to its infrastructure or procedures. 15.3 PPI issuer shall ensure that the following framework is put in place to address the safety and security concerns, and for risk mitigation and fraud prevention:
15.4 The requirements prescribed here are minimum and the entities may deploy additional checks and balances, as considered appropriate. 15.5 PPI issuer shall put in place centralised database / management information system (MIS) to prevent multiple purchase of PPIs at different locations, leading to circumvention of limits, if any, prescribed for their issuance. In case of full-KYC PPIs issued by scheduled commercial banks for government departments, the limit of Rs.2,00,000/- shall be for each PPI, provided the PPIs are issued for expenses of the concerned government department and the loading is from the bank account of the government department. 15.6 Where direct interface is provided to its authorised / designated agents, PPI issuer shall ensure that compliance to regulatory requirements is strictly adhered to by these systems also. 15.7 PPI issuer shall establish a mechanism for monitoring, handling and follow-up of cyber security incidents and cyber security breaches. The same shall be reported immediately to DPSS, CO, RBI, Mumbai. It shall also be reported to CERT-IN as per the details notified by CERT-IN. 15.8 PPI issuer shall also be guided by the following circulars:
16. Customer protection and grievance redressal framework 16.1 PPI issuer shall disclose all important terms and conditions in clear and simple language (preferably in English, Hindi and the local language) to the holders while issuing the instruments. These disclosures shall include:
16.2 PPI issuer shall put in place a formal, publicly disclosed customer grievance redressal framework, including designating a nodal officer to handle the customer complaints / grievances, the escalation matrix and turn-around-times for complaint resolution. The complaint facility, if made available on website / mobile, shall be clear and easily accessible. The framework shall include, at the minimum, the following:
16.3 PPI issuer shall create sufficient awareness and educate customers in the secure use of the PPIs, including the need for keeping passwords confidential, procedure to be followed in case of loss or theft of card or authentication data or if any fraud / abuse is detected, etc. 16.4 PPI issuer shall provide an option for the PPI holders to generate / receive account statements for at least past 6 months. The account statement shall, at the minimum, provide details such as date of transaction, debit / credit amount, net balance and description of transaction. Additionally, the PPI issuer shall provide transaction history for at least 10 transactions. 16.5 In case of PPIs issued by banks and non-banks, customers shall have recourse to the Reserve Bank - Integrated Ombudsman Scheme, 2021 (as amended from time to time) for grievance redressal. 16.6 Non-bank PPI issuer shall report regarding the receipt of complaints and action taken status thereon in the enclosed format (Annex-6) on a Quarterly basis by the 10th of the following month to the respective Regional Office of DPSS, RBI. Banks shall submit the same report to DPSS, Mumbai Regional Office, RBI. 16.7 PPI issuer shall ensure transparency in pricing and the charge structure as under:
16.8 PPI issuer shall be responsible for addressing all customer service aspects related to all PPIs (including co-branded PPIs) issued by them as well as their agents. 16.9 PPI issuer shall also display Frequently Asked Questions (FAQs) on its website / mobile app related to the PPIs. 16.10 PPI issuer shall also be guided by the following DPSS circulars:
17. Limiting liability of customers in unauthorised electronic payment transactions in PPIs issued by banks and non-banks 17.1 Bank PPI issuer shall continue to be guided by RBI circulars DBR.No.Leg.BC.78/09.07.005/2017-18 dated July 6, 2017 or DCBR.BPD.(PCB/RCB). Cir.No.06/12.05.001/2017-18 dated December 14, 2017, as applicable on Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions. 17.2 Non-bank PPI issuer, shall adhere to the following criteria for determining the customers’ liability in unauthorised electronic payment transactions resulting in debit to its PPIs. PPIs issued under the arrangement of PPI-MTS as per paragraph 10.2 will be outside the purview of these paragraphs except for the cases of contributory fraud / negligence / deficiency on the part of the PPI-MTS issuer. 17.3 For the purpose of this MD, electronic payment transactions have been divided into two categories:
17.4 Reporting of unauthorised payment transactions by customers to the non-bank PPI issuer:
17.5 A customer’s liability arising out of an unauthorised payment transaction will be limited to:
17.6 The above shall be clearly communicated to all PPI holders. 17.7 On being notified by the customer, the non-bank PPI issuer shall credit (notional reversal / shadow reversal) the amount involved in the unauthorised electronic payment transaction to the customer’s PPI within 10 days from the date of such notification by the customer (without waiting for settlement of insurance claim, if any), even if such reversal breaches the maximum permissible limit applicable to that type / category of PPI. The credit shall be value-dated to be as of the date of the unauthorised transaction. 17.8 Non-bank PPI issuer shall ensure that a complaint is resolved and liability of the customer, if any, established within such time, as may be specified in the non-bank PPI issuer’s Board approved policy, but not exceeding 90 days from the date of receipt of the complaint, and the customer is compensated as per provisions of paragraph 17.5 above. In case the non-bank PPI issuer is unable to resolve the complaint or determine the customer liability, if any, within 90 days, the amount as prescribed in paragraph 17.5 shall be paid to the customer, irrespective of whether the negligence is on the part of customer or otherwise. 17.9 Taking into account the risks arising out of unauthorised debits to PPIs owing to customer negligence / non-bank PPI issuer negligence / system frauds / third party breaches, non-bank PPI issuer needs to clearly define the rights and obligations of customers in case of unauthorised payment transactions in specified scenarios. Non-bank PPI issuer shall formulate / revise its customer relations policy, with approval of its Board, to cover aspects of customer protection, including the mechanism of creating customer awareness on the risks and responsibilities involved in electronic payment transactions and customer liability in such cases of unauthorised electronic payment transactions. The policy must be transparent, non-discriminatory and should stipulate the mechanism of compensating the customers for the unauthorised electronic payment transactions and also prescribe the timelines for effecting such compensation. Non-bank PPI issuer shall provide the details of its Board approved policy in regard to customers’ liability formulated in pursuance of the provisions of these directions, to all customers at the time of issuing the PPI. Non-bank PPI issuer shall display its Board approved policy, along with the details of grievance handling / escalation procedure, in public domain / website / app for wider dissemination. 17.10 The burden of proving customer liability in case of unauthorised electronic payment transactions shall lie on the non-bank PPI issuer. 17.11 Non-bank PPI issuer shall put in place a suitable mechanism and structure for reporting of the customer liability cases to the Board or one of its Committees. The reporting shall, inter-alia, include volume / number of cases and the aggregate value involved and distribution across various categories of cases. The Board or one of its Committees shall periodically review the unauthorised electronic payment transactions reported by customers or otherwise, as also the action taken thereon, the functioning of the grievance redressal mechanism and take appropriate measures to improve the systems and procedures. 18. Information system audit 18.1 Banks shall be guided by RBI circulars DBS.CO.ITC.BC.No.6/31.02.008/2010-11 dated April 29, 2011, DBS.CO/CSITE/BC.11/33.01.001/2015-16 dated June 02, 2016, DCBS.CO.PCB.Cir.No.1/18.01.000/2018-19 dated October 19, 2018 (as applicable) and other relevant circulars on the subject, as amended from time to time. 18.2 Authorised non-bank PPI issuer shall submit a System Audit Report (SAR), including cyber security audit conducted by CERT-IN empaneled auditor, within two months of the close of its financial year to the respective Regional Office of DPSS, RBI. They shall also be guided by DPSS letter DPSS.CO.OD.No.1325/06.11.001/2019-20 dated January 10, 2020 (as amended from time to time) regarding System Audit of Payment Systems, as amended from time to time. 18.3 PPI issuer shall, at the minimum, put in place the following framework:
19. Reporting requirements PPI issuer shall submit the following reports as per prescribed templates and frequency in this MD:
20. Consolidated and other provisions
Table 1: List of Circulars consolidated in the MD
Table 2: List of Circulars partially consolidated (to the extent they are applicable to issuance and operation of PPIs) in the MD
Appendix List of Acronyms used
1 Earlier, PPIs were classified under three types viz. (i) Closed System PPIs, (ii) Semi-closed System PPIs and (iii) Open System PPIs. Closed System PPIs are issued by an entity for facilitating the purchase of goods and services from that entity only and do not permit cash withdrawal. As these instruments cannot be used for payments or settlement for third party services, the issuance and operation of such instruments is not classified as payment systems requiring approval / authorisation by the RBI. Semi-closed System PPIs are used for purchase of goods and services, including financial services, remittance facilities, etc., at a group of clearly identified merchant locations / establishments which have a specific contract with the issuer (or contract through a payment aggregator / payment gateway) to accept the PPIs as payment instruments. These instruments do not permit cash withdrawal, irrespective of whether they are issued by banks or non-banks. Open System PPIs are issued by banks and used at any merchant for purchase of goods and services, including financial services, remittance facilities, etc. Banks issuing such PPIs shall also facilitate cash withdrawal at ATMs / Points of Sale (PoS) devices / Business Correspondents (BCs). This classification has since been modified. |