Regulation of Payment Aggregators (PAs) - DRAFT - RBI - Reserve Bank of India
Regulation of Payment Aggregators (PAs) - DRAFT
DRAFT CIRCULAR FOR COMMENTS CO.DPSS.POLC.No. S-*** / 02-14-008 / 2024-25 Date of Issue All Payment System Providers and Payment System Participants Madam / Dear Sir, Regulation of Payment Aggregators (PAs) - DRAFT Reference is invited to the Reserve Bank of India (RBI) circulars DPSS.CO.PD.No.1810 / 02.14.008 / 2019-20 dated March 17, 2020, CO.DPSS.POLC.No.S33 / 02-14-008 / 2020-2021 dated March 31, 2021 on “Guidelines on Regulation of Payment Aggregators and Payment Gateways”, and circular CO.DPSS.POLC.No.S-761 / 02-14-008 / 2022-23 dated July 28, 2022 on “Regulation of Payment Aggregators – Timeline for submission of applications for authorisation – Review”. Keeping in view the importance of Payment Aggregators (PAs) in the payment ecosystem, these circulars provided for, inter-alia, direct regulation and authorisation of PAs facilitating payments at online Point of Sale by the RBI. 2. Clarifications / modifications in respect of extant PA instructions are provided in Annex. These instructions shall be applicable with effect from one month from the date of issue of the circular (unless otherwise specified) to all PAs, irrespective of status of the application submitted to the RBI for seeking authorisation. 3. This directive is issued under Section 18 read with Section 10 (2) of the Payment and Settlement Systems Act, 2007 (Act 51 of 2007). Yours faithfully, Chief General Manager-in-Charge Encl.: As above (RBI circular CO.DPSS.POLC.No. S-*** / 02-14-008 / 2023-24 dated ***** **, ****) Clarifications in respect of PAs – Online and Physical Point of Sale 1. Definition 1.1 The definition of PA mentioned in paragraph 1.1.1 of Annex 1 to RBI circular dated March 17, 2020, shall stand revised as follows: “Entities which on-board merchants and facilitate aggregation of payments made by customers to such merchants, for purchase of goods and services, using one or more payment channels, in online or physical Point of Sale payment modes through a merchant’s interface (physical or virtual), and subsequently settle the collected funds to such merchants.”
1.2 Merchant: Entities which sell / provide goods and services purchased by the customer. They include a marketplace also.
1.3 Marketplace: An electronic commerce entity which provides an information technology platform on a digital or electronic network to facilitate transactions between buyers and sellers. 2. Networth 2.1 The required networth of PAs shall be maintained on an on-going basis. 3. Escrow account(s) 3.1 The escrow account opened by the PA in accordance with paragraph 8.1 of the circular DPSS.CO.PD.No.1810 / 02.14.008 / 2019-20 dated March 17, 2020 can be used for both PA-O and PA-P activities. 3.2 Funds in respect of Delivery versus Payment (DvP) transactions, which were hitherto not covered under the scope of RBI circulars dated March 17, 2020 and March 31, 2021, shall be routed through the escrow account(s). 3.3 Cash-on-delivery transactions are outside the scope of the RBI circulars on PAs. Accordingly, such transactions shall not be routed through the escrow accounts. 3.4 Paragraph 8.9.1.2 (b) of RBI circular dated March 17, 2020 that permits debit to escrow account for “payment to any other account on specific directions from the merchant”, stands deleted with immediate effect. 4. KYC and Due diligence 4.1 Payment Aggregators shall undertake due diligence of merchants onboarded by them in accordance with Customer Due Diligence (CDD) prescribed in Master Directions on Know Your Customer (MD-KYC), 2016, as amended from time to time, unless provided otherwise. These instructions shall be applicable three months from the date of issue of the circular. 4.2 The PA may undertake due diligence of merchants in accordance with instruction provided below:
4.3 Ongoing merchant monitoring:
4.4 PAs shall ensure that marketplaces onboarded by them do not collect and settle funds for services not offered through their platform. 4.5 PAs shall ensure that the name of merchant (legal and brand name) and the PA shall be displayed on the web pages (where different payment options are listed as well as on the payment confirmation page) / charge slip (as the case may be) within three months from the date of issue of the circular. 4.6 PAs shall ensure complete and ongoing compliance to the wire transfer guidelines prescribed in the MD-KYC, as amended from time to time. 4.7 All non-bank PAs shall register themselves with the Financial Intelligence Unit-India (FIU-IND) and provide necessary information as desired by FIU – IND. 4.8 Existing PAs (both authorised PAs, as well as PAs whose application is pending with RBI as on the date of this circular) shall ensure that for all existing merchants (both online and physical), the due diligence process, prescribed above shall be completed by September 30, 2025. Entities providing PA-P services as on the date of this circular shall complete this process within a period of 12 months from the date of submission of application for authorisation. Quarterly reports shall be submitted to the concerned Regional Office of RBI detailing progressive compliance for the same (format provided in the Appendix). 4.9 PAs shall ensure that they have completed the due diligence of their existing merchants in accordance with the following timelines:
5. Agents of PAs 5.1 Non-bank PAs shall be permitted to engage agents to assist their merchants for onboarding subject to the following conditions:
6. Multiple PAs 6.1 For payment transactions facilitated by two or more authorised PAs connected in the transaction chain, RBI’s instructions on PAs shall apply to all PAs in the chain mutatis mutandis. 7. Storage of card data [i.e. Card-on-File (CoF)] 7.1 For face-to-face / proximity payment transactions done using cards, from August 1, 2025, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store the CoF data. Any such data stored previously shall be purged. For transaction tracking and / or reconciliation purposes, entities can store limited data – last four digits of card number and card issuer’s name – in compliance with the applicable standards. Card networks shall ensure the compliance with above for all the concerned entities. 1 DvP transactions entail payment for goods / services at the time of their delivery. 2 Details of calculation of GPV are provided in the Appendix. |