Regulation of Payment Aggregators (PAs) - DRAFT - আৰবিআই - Reserve Bank of India
Regulation of Payment Aggregators (PAs) - DRAFT
DRAFT CIRCULAR FOR COMMENTS
CO.DPSS.POLC.No. S-*** / 02-14-008 / 2024-25
Date of Issue
All Payment System Providers and Payment System Participants
Madam / Dear Sir,
Regulation of Payment Aggregators (PAs) - DRAFT
Reference is invited to the Reserve Bank of India (RBI) circulars DPSS.CO.PD.No.1810 / 02.14.008 / 2019-20 dated March 17, 2020, CO.DPSS.POLC.No.S33 / 02-14-008 / 2020-2021 dated March 31, 2021 on “Guidelines on Regulation of Payment Aggregators and Payment Gateways”, and circular CO.DPSS.POLC.No.S-761 / 02-14-008 / 2022-23 dated July 28, 2022 on “Regulation of Payment Aggregators – Timeline for submission of applications for authorisation – Review”. Keeping in view the importance of Payment Aggregators (PAs) in the payment ecosystem, these circulars provided for, inter-alia, direct regulation and authorisation of PAs facilitating payments at online Point of Sale by the RBI.
2. Clarifications / modifications in respect of extant PA instructions are provided in Annex. These instructions shall be applicable with effect from one month from the date of issue of the circular (unless otherwise specified) to all PAs, irrespective of status of the application submitted to the RBI for seeking authorisation.
3. This directive is issued under Section 18 read with Section 10 (2) of the Payment and Settlement Systems Act, 2007 (Act 51 of 2007).
Yours faithfully,
Chief General Manager-in-Charge
Encl.: As above
(RBI circular CO.DPSS.POLC.No. S-*** / 02-14-008 / 2024-25 dated ***** **, ****)
Clarifications in respect of PAs – Online and Physical Point of Sale
1. Definition
1.1 The definition of PA mentioned in paragraph 1.1.1 of Annex 1 to RBI circular dated March 17, 2020, shall stand revised as follows:
“Entities which on-board merchants and facilitate aggregation of payments made by customers to such merchants, for purchase of goods and services, using one or more payment channels, in online or physical Point of Sale payment modes through a merchant’s interface (physical or virtual), and subsequently settle the collected funds to such merchants.”
- Online PAs (PA – O): PAs which facilitate e-commerce transactions in non-Delivery versus Payment mode.
- PA – physical Point-of-Sale (PA – P): PAs which facilitate face-to-face / proximity payment for Delivery vs Payment1 transactions.
1.2 Merchant: Entities which sell / provide goods and services purchased by the customer. They include a marketplace also.
- Small merchants: Physical merchants (those undertaking only proximity / face-to-face transactions) with business turnover less than the threshold limit of Rs.5 lakh per annum and not registered under Goods and Services Tax.
- Medium merchants: Merchants (physical / online), excluding small merchants, with business turnover less than the threshold limit of Rs.40 lakh per annum. Such merchants are not registered under Goods and Services Tax.
1.3 Marketplace: An electronic commerce entity which provides an information technology platform on a digital or electronic network to facilitate transactions between buyers and sellers.
2. Networth
2.1 The required networth of PAs shall be maintained on an on-going basis.
3. Escrow account(s)
3.1 The escrow account opened by the PA in accordance with paragraph 8.1 of the circular DPSS.CO.PD.No.1810 / 02.14.008 / 2019-20 dated March 17, 2020 can be used for both PA-O and PA-P activities.
3.2 Funds in respect of Delivery versus Payment (DvP) transactions, which were hitherto not covered under the scope of RBI circulars dated March 17, 2020 and March 31, 2021, shall be routed through the escrow account(s).
3.3 Cash-on-delivery transactions are outside the scope of the RBI circulars on PAs. Accordingly, such transactions shall not be routed through the escrow accounts.
3.4 Paragraph 8.9.1.2 (b) of RBI circular dated March 17, 2020 that permits debit to escrow account for “payment to any other account on specific directions from the merchant”, stands deleted with immediate effect.
4. KYC and Due diligence
4.1 Payment Aggregators shall undertake due diligence of merchants onboarded by them in accordance with Customer Due Diligence (CDD) prescribed in Master Directions on Know Your Customer (MD-KYC), 2016, as amended from time to time, unless provided otherwise. These instructions shall be applicable three months from the date of issue of the circular.
4.2 The PA may undertake due diligence of merchants in accordance with instruction provided below:
- For small merchants, the PA shall undertake Contact Point Verification (CPV) of the business establishment. PAs shall also duly verify the bank account in which funds of such merchants are settled.
- For medium merchants, PAs shall carry out CPV. PAs shall also obtain and verify one Officially Valid Document (OVD) of the proprietor / beneficial owner / person holding attorney and verify one OVD of the business.
- For undertaking the CDD through Video based Customer Identification Process (V-CIP), assisted V-CIP shall be permissible when PAs take help of an agent facilitating the process only at the merchant end. PAs shall maintain the details of the agent assisting the merchant, where services of such agents are employed.
4.3 Ongoing merchant monitoring:
- PA shall monitor the transaction activity of the merchant on an ongoing basis. Based on its transaction pattern, the merchant shall be migrated to higher category of CDD. Upon migration, the PA shall immediately undertake the additional due diligence of the merchant as prescribed in the guidelines above.
- PAs shall ensure that the merchant transactions processed by it are in line with the merchant’s business profile.
- PAs shall have risk-based payment limits for the merchants onboarded.
4.4 PAs shall ensure that marketplaces onboarded by them do not collect and settle funds for services not offered through their platform.
4.5 PAs shall ensure that the name of merchant (legal and brand name) and the PA shall be displayed on the web pages (where different payment options are listed as well as on the payment confirmation page) / charge slip (as the case may be) within three months from the date of issue of the circular.
4.6 PAs shall ensure complete and ongoing compliance to the wire transfer guidelines prescribed in the MD-KYC, as amended from time to time.
4.7 All non-bank PAs shall register themselves with the Financial Intelligence Unit-India (FIU-IND) and provide necessary information as desired by FIU – IND.
4.8 Existing PAs (both authorised PAs, as well as PAs whose application is pending with RBI as on the date of this circular) shall ensure that for all existing merchants (both online and physical), the due diligence process, prescribed above shall be completed by September 30, 2025. Entities providing PA-P services as on the date of this circular shall complete this process within a period of 12 months from the date of submission of application for authorisation. Quarterly reports shall be submitted to the concerned Regional Office of RBI detailing progressive compliance for the same (format provided in the Appendix).
4.9 PAs shall ensure that they have completed the due diligence of their existing merchants in accordance with the following timelines:
Percentage Contribution to GPV2 of merchants whose due diligence has been completed |
Timeline for existing PAs (authorised or whose application is pending with RBI) |
Timeline for existing PA – P |
50% |
December 31, 2024 |
3 months from the date of application |
75% |
March 31, 2025 |
6 months from the date of application |
90% |
June 30, 2025 |
9 months from the date of application |
100% |
September 30, 2025 |
12 months from the date of application |
5. Agents of PAs
5.1 Non-bank PAs shall be permitted to engage agents to assist their merchants for onboarding subject to the following conditions:
- Having a Board approved policy clearly laying down the framework for engaging agents;
- Carrying out proper due diligence of the persons appointed as authorised / designated agents;
- Being responsible as the principal for all acts of omission or commission of their authorised / designated agents, including safety and security aspects;
- Preserving records and confidentiality of customer information in their possession as well as in the possession of their authorised / designated agents;
- Monitoring regularly the activities of their authorised / designated agents and carrying out review of the performance of various agents engaged by them at least once in a year.
6. Multiple PAs
6.1 For payment transactions facilitated by two or more authorised PAs connected in the transaction chain, RBI’s instructions on PAs shall apply to all PAs in the chain mutatis mutandis.
7. Storage of card data [i.e. Card-on-File (CoF)]
7.1 For face-to-face / proximity payment transactions done using cards, from August 1, 2025, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store the CoF data. Any such data stored previously shall be purged. For transaction tracking and / or reconciliation purposes, entities can store limited data – last four digits of card number and card issuer’s name – in compliance with the applicable standards. Card networks shall ensure the compliance with above for all the concerned entities.
1 DvP transactions entail payment for goods / services at the time of their delivery.
2 Details of calculation of GPV are provided in the Appendix.