IX. Payment and Settlement Systems and Information Technology - RBI - Reserve Bank of India
IX. Payment and Settlement Systems and Information Technology
The Reserve Bank extended its efforts towards enhancing the efficiency of the payments ecosystem along with targeted initiatives focused on customer centricity, cyber security and digital deepening. The Payments Vision 2025 document was released during the year with the aim of strengthening payment systems by leveraging on the initiatives undertaken during the last vision period (2019-21). The Reserve Bank also stayed focused on its endeavour to ensure round the clock availability of Information and Communication Technology (ICT) infrastructure for the smooth functioning of its IT systems and applications. IX.1 Efficient payment and settlement systems foster economic development, promote financial stability and support financial inclusion. Ensuring safe, secure, reliable, accessible, affordable and efficient payment systems has been one of the important strategic goals of the Reserve Bank. Towards the pursuit of these objectives, the role of the Reserve Bank has transformed from being a regulator, operator and facilitator to that of a creator of congenial environment for the structured development of the payments ecosystem in India. Payments Vision documents released by the Reserve Bank have provided strategic direction and implementation plans to drive this transformation since 2001. The Payments Vision 2025 released during the year builds on the Payments Vision 2019-21 and outlines the thought process for the period up to December 2025. Moreover, the evolving situation may warrant launch of new initiatives in addition to those specified in the Payments Vision 2025 document. The focus of the Department of Information Technology (DIT) during the year remained on cyber resilience through the implementation of a new advanced firewall solution across the Reserve Bank, initiative for upgradation to next generation Integrated Security Operation Centre (iSOC) for further strengthening cyber security infrastructure and also launch of the ‘National Cyber Security Awareness’ campaign in October 2022. IX.2 Against this backdrop, the following section covers developments in the area of payment and settlement systems during the year and also takes stock of the implementation status of the agenda for 2022-23. Section 3 provides various measures undertaken by the DIT during the year vis-à-vis the agenda set for 2022-23. These departments have also set out an agenda for 2023-24. Section 4 presents a summary of the chapter. 2. DEPARTMENT OF PAYMENT AND SETTLEMENT SYSTEMS (DPSS) IX.3 During the year, the Department of Payment and Settlement Systems (DPSS) continued its endeavour towards enhancing the payments ecosystem and released the Payments Vision 2025 document to consolidate the initiatives undertaken during the last vision period (2019-21). Payments Vision 2025 is built upon the five pillars of integrity, inclusion, innovation, institutionalisation and internationalisation (Box IX.1). These measures are expected to further strengthen the payments ecosystem and also create a regulatory environment to facilitate payment systems to excel at the national and international levels.
Payment Systems IX.4 The payment and settlement systems1 recorded a robust growth of 57.8 per cent in terms of transaction volume during 2022-23 on top of the expansion of 63.8 per cent recorded in the previous year. In value terms, the growth was 19.2 per cent in 2022-23 as against 23.1 per cent in the previous year, mainly due to growth in the large value payment system, viz., Real Time Gross Settlement (RTGS). The share of digital transactions in the total volume of non-cash retail payments increased to 99.6 per cent during 2022-23, up from 99.3 per cent in the previous year (Table IX.1). Digital Payments IX.5 Among the digital modes of payments, the number of transactions using RTGS system increased by 16.7 per cent during 2022-23 (Table IX.1). In terms of value, RTGS transactions registered an increase of 16.5 per cent; transactions through the National Electronic Funds Transfer (NEFT) system also witnessed an increase of 30.8 per cent and 17.4 per cent in volume and value, respectively, reflective of the increase in large value corporate transactions, in line with rising economic activity. As at end-March 2023, RTGS services were available through 1,65,390 IFSCs2 of 243 members, while NEFT services were available through 1,66,544 IFSCs of 230 member banks. IX.6 During 2022-23, payment transactions carried out through credit cards increased by 30.1 per cent and 47.3 per cent in terms of volume and value, respectively (Table IX.1). Transactions through debit cards decreased by 13.2 per cent in terms of volume, and 1.4 per cent in terms of value. Prepaid Payment Instruments (PPIs) recorded an increase in volume and value by 13.5 per cent and 2.9 per cent, respectively. The growth in digital payments can be attributed to increased availability of acceptance infrastructure, which witnessed substantial growth during the year benefitting from the Payments Infrastructure Development Fund (PIDF) scheme, operationalised in January 2021. The number of Points of Sale (PoS) terminals increased by 28.3 per cent to 77.9 lakh at end-March 2023, while the number of Bharat Quick Response (BQR) codes deployed increased by 6.7 per cent to 53.8 lakh during the same period. Further, UPI QR increased by 48.4 per cent to 25.64 crore at end-March 2023. The number of Automated Teller Machines (ATMs) also increased to 2.59 lakh at end-March 2023 from 2.52 lakh at end-March 2022. Authorisation of Payment Systems IX.7 Payment System Operators (PSOs) comprise PPI issuers, cross-border Money Transfer Service Schemes (MTSS), White Label ATM (WLA) operators, Trade Receivables Discounting System (TReDS) platforms, ATM networks, Instant Money Transfer Service provider, card networks and Bharat Bill Payment Operating Units (BBPOUs), besides the Clearing Corporation of India Ltd. (CCIL) and the National Payments Corporation of India (NPCI) [Table IX.2]. Further, during the year, AMC Repo Clearing Limited was granted Certificate of Authorisation to act as a Central Counter Party (CCP) for repo transactions in corporate debt securities. The Reserve Bank has prescribed guidelines to include Payment Aggregators (PAs) under its regulatory purview and some PAs have subsequently been provided in-principle authorisation. Agenda for 2022-23 IX.8 The Department had set out the following goals for 2022-23:
Implementation Status IX.9 The Reserve Bank released the Payments Vision 2025 in June 2022 laying the roadmap for payments ecosystem in the country up to December 2025. The Payments Vision 2025 builds on the earlier Payments Vision 2019-21 and envisages to further consolidate the steps initiated towards enhanced outreach, customer centricity, cyber security and digital deepening and build on the same through five pillars of integrity, inclusion, innovation, institutionalisation and internationalisation. IX.10 The Reserve Bank commenced publication of pictorial representation of trends in payment systems. The publication covers trends in payment systems, acceptance infrastructure, payment system operators and ticket size of payment transactions over the past two years. Dissemination of such information has benefited stakeholders and facilitated analysis in payment systems leading to further innovations. IX.11 The Reserve Bank had issued a framework for geo-tagging payment acceptance infrastructure in March 2022 and is in the process of putting in place the required infrastructure to commence collection of details of payment touch points deployed across the country by acquiring merchants. Major Developments Integrity Restriction on Storage of Actual Card Data [i.e., Card-on-File (CoF)] IX.12 The Reserve Bank mandated that, after September 30, 2022, entities other than card networks and card issuers cannot store customer card data. The initiative was undertaken to prevent misuse of card data for unauthorised transactions and subsequent monetary loss to card holders due to stolen / misused card details on account of its availability with many entities. Prior Approval in Case of Takeover / Acquisition of Control of Non-Bank PSOs and Sale / Transfer of Payment System Activity of Non-Bank PSO IX.13 The Reserve Bank mandated prior approval in case of takeover / acquisition of control of non-bank PSOs and sale / transfer of payment system activity of non-bank PSO taking into account the risks the unregulated transferability of PSO authorisation can pose to the payments ecosystem. Regulation of Payment Aggregators – Timeline for Submission of Applications for Authorisation – A Review IX.14 In terms of instructions issued by the Reserve Bank in March 2020, existing online non-bank PAs (existing as on March 17, 2020) had to seek authorisation under the Payment and Settlement Systems Act, 2007 (PSS Act). PAs had time till September 30, 2021 for submitting the application. In order to ensure smooth transition, it was decided to permit another window (up to September 30, 2022) to such PAs to apply to the Reserve Bank for seeking authorisation. Cyber Resilience and Payment Security Controls of PSOs IX.15 As announced in the Statement on Developmental and Regulatory Policies issued along with the Monetary Policy dated April 8, 2022, the Reserve Bank is in the process of issuing the Master Direction on Cyber Resilience and Payment Security Controls of PSOs, covering robust governance mechanisms for identification, analysis, monitoring and management of information security, including cyber security risks and vulnerabilities, and baseline security measures for ensuring safe and secure digital payment transactions. Payment Fraud Reporting – Migration to DAKSH (Utkarsh) IX.16 The Reserve Bank migrated the payment fraud reporting to DAKSH – the Reserve Bank’s Advanced Supervisory Monitoring System on January 1, 2023. In addition to the existing bulk upload facility to report payment frauds, DAKSH platform provides additional functionalities, viz., maker-checker facility, online screen-based reporting, option for requesting additional information, facility to issue alerts / advisories and generation of dashboards and reports. Financial Inclusion Bharat Bill Payment System (BBPS) – Amendment to Guidelines IX.17 The Reserve Bank reduced the net worth requirement for non-bank BBPOUs from ₹100 crore to ₹25 crore to facilitate greater participation in the ecosystem. The revised net worth was on the lines of other non-bank payment system participants who handle customer funds (such as PAs) and have similar risk profile. Processing of e-Mandates for Recurring Transactions IX.18 The Reserve Bank enhanced the per transaction limit for subsequent transactions (without Additional Factor of Authentication) undertaken under the e-mandate framework for processing of recurring transactions done using cards, PPIs and UPI from ₹5,000/- to ₹15,000/- per transaction. One Nation One Grid IX.19 Reserve Bank has migrated the Cheque Truncation System (CTS) to facilitate single settlement for banks’ position across grids. This is expected to benefit banks with regards to liquidity requirements for CTS. The initiative is being undertaken to promote efficient cheque processing and is in line with the vision of migrating from the current architecture of CTS from three regional grids to ‘One Nation, One Grid’. Payments Infrastructure Development Fund (PIDF) [Utkarsh] IX.20 The Payments Infrastructure Development Fund (PIDF) continued capacity building across the country in terms of deployment of new payment acceptance infrastructure. Till March 31, 2023, 219.3 lakh payment touchpoints (213.7 lakh digital and 5.6 lakh physical) were created across the country under the PIDF through the subsidy payment of ₹347.65 crore. e-BAAT Programmes IX.21 The Reserve Bank has been conducting electronic banking awareness and training (e-BAAT) programmes regularly for the benefit of a cross-section of customers / bankers / students / public. During the year, 322 e-BAAT programmes were conducted by the regional offices of the Reserve Bank, in which safe usage of electronic payment systems, their benefits and grievance redressal mechanisms were explained to the participants. Publication of Granular Data on Payment Systems and Payment Frauds IX.22 The Reserve Bank has taken various initiatives to enhance the coverage of payment systems data published. In this connection, the Reserve Bank commenced publication of entity-wise data on PPI issuers and TReDS platforms. Further, the ATM deployment data was enhanced to disseminate information on district-wise distribution of ATMs across the country. The Reserve Bank also commenced publication of data on domestic payment frauds and cross-border payment transactions undertaken using cards issued in India. Digital Payments Awareness Week 2023 – Launch of Mission “Har Payment Digital” IX.23 The Reserve Bank launched the Mission ‘Har Payment Digital’ on the occasion of the Digital Payments Awareness Week (DPAW) 2023 observed from March 6 to 12, 2023 with campaign theme “Digital Payment Apnao, Auron ko bhi Sikhao”. As part of the initiative, PSOs have pledged to adopt 75 villages across the country under the ‘75 Digital Villages’ programme with a vision to convert them into digital payment enabled villages. Innovation Interoperable Card-less Cash Withdrawal (ICCW) at ATMs IX.24 The Reserve Bank permitted banks, ATM networks and White Label ATM Operators (WLAOs) to provide an option of ICCW at their ATMs. Under this facility, UPI is used for customer authentication during ATM transactions with the settlement facilitated through the National Financial Switch (NFS) / ATM networks. The absence of need for a card to initiate cash withdrawal transactions would help contain frauds like skimming, card cloning and device tampering. Enhancements to Unified Payments Interface (UPI) IX.25 UPI is the single largest retail payment system in India in terms of volume of transactions and has become one of the most inclusive modes of payment in India. The Reserve Bank further expanded the scope of UPI by the introduction of various features:
Expanding the Scope of BBPS to Include all Payments and Collections IX.26 The scope and coverage of BBPS includes all categories of billers who raise recurring bills. The Reserve Bank expanded the scope of BBPS to include all categories of payments and collections, both recurring and non-recurring in nature. This enabled the BBPS platform to become accessible to a wider set of individuals and businesses who can benefit from the transparent and uniform payments experience, faster access to funds at a lower cost and improved efficiency. Issuance of PPIs to Foreign Nationals / Non-Resident Indians (NRIs) visiting India IX.27 Reserve Bank allowed foreign nationals and Non-Resident Indians (NRIs) access to UPI while visiting India. The facility was initially extended to travellers from G-20 countries at select international airports for merchant payments (P2M) in India. Going forward, this facility shall be enabled across all entry points in the country. Internationalisation Enabling BBPS to Process Cross-border Inbound Bill Payments IX.28 The Reserve Bank extended the scope of BBPS to permit cross-border inward payments by providing NRIs additional options to undertake utility, education, and other bill payments on behalf of their families in India. NRIs can now benefit from the standardised bill payment experience, centralised customer grievance redressal mechanism and prescribed customer convenience fee offered by the BBPS. Global Outreach of Payment Systems (Utkarsh) IX.29 The Payments Vision Document 2025 has outlined expanding the global outreach of UPI and RuPay cards as one of the key objectives under the internationalisation pillar. The Reserve Bank has been working towards this vision through collaboration with various countries. Efforts are being undertaken for inter-linking UPI with Fast Payment Systems (FPS) of other countries to enable both foreign inward and outward remittances using the UPI platform. IX.30 The Reserve Bank and the Monetary Authority of Singapore (MAS) operationalised linkage of their respective FPS, UPI and PayNow on February 21, 2023, enabling users of the two systems to make instant and low-cost cross-border peer-to-peer (P2P) payments on a reciprocal basis. The UPI-PayNow linkage is expected to further anchor trade, travel and remittance flows between the two countries. Further, acceptance of UPI through QR codes has been enabled in Bhutan, Singapore, and the UAE. Indian tourists travelling to these countries can use their UPI Apps to make payment at merchant sites. For the global outreach of RuPay cards, arrangements have been made with Bhutan, Singapore, Nepal, and the UAE to accept RuPay cards without co-branding with other international card schemes. Issuance of RuPay cards in other countries is also being examined. Going forward, the Reserve Bank, along with the NPCI International Payments Limited (NIPL) will continue to effect partnerships for cross-border payments and enhance the global outreach of UPI and RuPay cards. Other Initiatives Digital Payments Index (DPI) IX.31 The Reserve Bank had constructed a composite Digital Payments Index (DPI) in 2021 to capture the extent of digitisation of payments across the country. The RBI-DPI index is computed semi-annually and has demonstrated significant growth representing the rapid adoption and deepening of digital payments across the country in recent years. The index constructed with March 2018 as base (score 100), measured 377.46 in September 2022. Inspection of PSOs IX.32 Under Section 16 of the PSS Act, offsite inspections of 44 retail entities, viz., 26 non-bank PPI issuers, two WLA operators (WLAOs), nine BBPOUs, three card networks, three TReDS platform providers and one ATM Network were carried out by the Reserve Bank during 2022-23. CCIL Inspection IX.33 The Reserve Bank conducted the onsite inspection of CCIL under Section 16 of the PSS Act. CCIL was assessed against the 24 Principles for Financial Market Infrastructures (PFMIs) formulated by the Committee on Payments and Market Infrastructures-International Organisation of Securities Commissions (CPMI-IOSCO). As a CCP, CCIL was rated ‘Observed’ for 19 principles and ‘Broadly Observed’ for one, while four were ‘Not Applicable’ to it. As a Trade Repository (TR), CCIL was rated ‘Observed’ for 10 principles, ‘Broadly Observed’ for 1, while 13 were ‘Not Applicable’. Developments in CCIL IX.34 During the year, CCIL exhibited resilience in its functioning, particularly in view of the past COVID experiences. The issuances of legal entity identifiers (LEI) by CCIL’s subsidiary Legal Entity Identifier India Ltd., crossed 56,000 during the year. Major developments pertaining to CCIL during the year are:
Benchmarking India’s Payment Systems – Follow-on Exercise IX.35 The Reserve Bank undertook a follow-on benchmarking exercise for the year 2020 with progress measured since the last benchmarking exercise undertaken for the year 2017, covering the same countries and parameters. The exercise sought to (a) arrive at an understanding of the preferences Indians have for making and receiving payments and how these preferences compare with other countries; (b) measure the efficiency of India’s payment systems; (c) measure India’s progress in the parameters since the last exercise; and (d) list the areas where there is scope for further improvement. The exercise validated India’s progress in payments ecosystem with India categorised as a ‘leader’ or ‘strong’ in respect of 25 out of 40 indicators (21 indicators in the previous exercise). Discussion Paper on Charges in Payment Systems IX.36 The Reserve Bank issued a discussion paper on charges in payment systems for public consultation in August 2022. The discussion paper covered all aspects relating to charges in payment systems [such as Immediate Payment Service (IMPS), NEFT, RTGS and UPI] and various payment instruments (such as debit cards, credit cards and PPIs). The Reserve Bank is examining the feedback received from the public, which could be used to guide policies and intervention strategies. Agenda for 2023-24 IX.37 In 2023-24, the Department will focus on the following goals:
3. DEPARTMENT OF INFORMATION TECHNOLOGY (DIT) IX.38 The Department of Information Technology continued with its endeavour to ensure availability of ICT infrastructure for the smooth functioning of all the IT systems and applications of the Reserve Bank. During the year, the focus remained on cyber resilience as the new advanced firewall solution was implemented across the Reserve Bank. To further strengthen cyber security infrastructure, the upgradation to Next Generation Integrated Security Operation Centre (iSOC) has been initiated. Cyber Security Drills were conducted on a regular basis to test preparedness in respect of response, coordination and recovery in the event of real-life cyber-attacks. The month of October 2022 was observed as the ‘National Cyber Security Awareness’ month across the Reserve Bank with an overarching theme of ‘See Yourself in Cyber’. Various forms of awareness initiatives were undertaken to instil cyber hygiene amongst the staff members. IX.39 With a view to upskilling the staff with IT and analytical knowledge, the Reserve Bank initiated work on sections of an Advanced Enterprise Computing and Cyber Security Training Centre, abutting the new greenfield data centre, work on which is expected to commence shortly (Box IX.2). IX.40 India has been the global leader in payment systems and the Reserve Bank has played a critical role in spearheading technology absorption and adoption in the payment system sphere. As such, there are multiple payment systems available in the country for use by individuals as well as institutions, each having its distinct character and application. Accordingly, the Reserve Bank has conceptualised a light weight and portable payment system that can be operated from anywhere by a minimum number of staff, particularly in challenging times (Box IX.3). Major Initiatives Upgradation of Non-IT Physical Infrastructure at All Data Centres IX.41 The Reserve Bank has renewed the non-IT infrastructure of its existing data centres in the last two years. The project initiated during COVID-19 induced lockdown was successfully executed and completed with zero downtime at all data centres. The measure has enhanced the operational efficiency of data centres by optimising the energy efficiency and enabling real time monitoring of effectiveness of non-IT infrastructure through dashboards. Extension of e-Kuber for Implementation of Various Projects of the Reserve Bank and Cater to the Requirements of the Government IX.42 During the last year, the following major enhancements were carried out in e-Kuber:
Agenda for 2022-23 IX.43 The Department had set out the following goals for 2022-23:
Implementation Status Continuous Upgradation of IT and Cyber Security IX.44 The Reserve Bank is at an advanced stage of procurement and upgradation of SOC technologies. ‘Security Automation, Threat Analysis and Response Centre (SATARC): Next Generation Security Operation Centre (NGSOC)’ will enable the Reserve Bank in creating a secured environment by minimising manual effort and improving security by realising intelligent automation at granular level. Second Greenfield Data Centre and Enterprise Computing and Cybersecurity Training Institute IX.45 The main consultant for the data centre project has been appointed and the project work is under progress. Construction work will commence in 2023. The training centre has started functioning from a remote location and is on the path of developing into a high-class training institution by carrying out quality programmes covering relevant themes with a special focus on emerging technologies. While the process for setting up the institute’s infrastructure is in progress, two trainings have been conducted till December 2022. Next-Generation e-Kuber IX.46 The process of upgradation of e-Kuber has been initiated with state-of-the-art technology using microservices with application programming interface (API) based integration. The upgraded system will have functionalities like reporting with comprehensive real time dashboards, enhanced user experience, scalability, resilience and easier process orchestration. Additionally, it will have ease of integration with external and internal systems, front-end improvements for enhancing productivity, robust controls, and integrated security architecture platform. The implementation will be completed by March 2024. Better Interface for Internal Applications to Enhance User Experience and Adoption IX.47 A design review of the different internal applications was conducted during the year, based on which the improvement in interface, designs, features and product upgrades are being undertaken. Special focus has been placed on user-centric design and continuous accessibility in a safe and secure manner. Making NEFT Compliant to Global Messaging Standards IX.48 The project is expected to be completed in the early months of 2023. Adoption of ISO 20022 will provide structured and granular data, improved analytics, end-to-end automation, and better global harmonisation. It will also pave the way for interoperability between RTGS and NEFT. While many countries are still making their large value system compliant with ISO 20022 standard, the Reserve Bank will have its retail payment system also compliant with these standards. Robotic Process Automation (RPA) Solution for Automation of Routine and Repetitive Tasks IX.49 The requirement analysis of the project is underway, as part of which certain processes related to IT operations and service request management have been identified as potential use cases. Different products available in the market are being assessed for the purpose. Post assessment, the procurement and pilot, full implementation of the solution shall be done keeping in view the emerging IT and business risk scenarios. Agenda for 2023-24 IX.50 The Department’s goals for 2023-24 are set out below:
4. CONCLUSION IX.51 The Reserve Bank continued with its endeavour towards improving the payments ecosystem along with a focus on further enhancing outreach, customer centricity, cyber security and digital deepening. The Reserve Bank published the Payments Vision 2025 and sustained its efforts to ensure round the clock availability of ICT infrastructure for the smooth functioning of its IT systems and applications. The focus of the Reserve Bank during the year also remained on strengthening the cyber resilience with the implementation of the new advanced firewall solution across the Reserve Bank, supplemented with various forms of cyber awareness initiatives to instil cyber hygiene amongst the staff members. The Reserve Bank has also conceptualised a light weight and portable payment system that can be operated from anywhere by minimum staff, particularly relevant in the challenging times. Further, with a view to upskilling the staff with IT and analytical knowledge, the Reserve Bank initiated work on development of an Advanced Enterprise Computing and Cyber Security Training Centre abutting the new greenfield data centre, construction of which is expected to commence shortly. Upgradation of e-Kuber and RTGS systems would also be undertaken during 2023-24, reflecting the Reserve Bank’s continuous efforts to use the latest technologies to build a robust and sound payments ecosystem. 1 The data are for total payments, including digital payments and paper-based instruments. |