Reserve Bank of India (RBI) has decided to regulate the activities of Payment Aggregators through recently released Guidelines on Regulations of Payment Aggregators and Payment Gateway on 17th March, 2020. These guidelines are released in reference to earlier discussion paper issued by RBI. These guidelines are issued under the premise of the Payment and Settlement Systems Act, 2007 and shall come into effect from 1st April 2020, while specific dates for certain activities.
India’s digital payment space has been on an upward path for the last many years, and the role of intermediaries such as Payment Aggregators and Payment Gateway Service providers have been very critical. This segment of digital payment has also led to various innovative platform launched by new-age payment gateway startups. So, these regulations have come at a critical path and will set the next course of way for these entities.
Critical components of regulations are into these broad categories:
Applicability of guidelines: Guidelines has been specific to applicable entities which include Pas (Bank and Non-Banks both) with exclusion on cash-on-Delivery model of e-commerce
Authorization: On similar links to Banking license, PAs will now require to obtain authorization from RBI to execute payment processing. One of the critical guidelines which state that E-commerce marketplaces providing PA services shall not continue this activity beyond the deadline; will have a massive impact on payment aggregators competitive landscape where some significant players managed advantage.
Capital Requirements: RBI has set capital requirements for PAs. This brings PAs also on the same line of regulated entities under RBI similar to Banks, SFBs, NBFCs, etc. Good relief for PAs is the revised amount, which earlier was Rs 100 Crore in the discussion paper.
Governance: Specific guidelines have been released to ensure proper governance at the entity level as well as payment operations end, including complaints & dispute management.
KYC/AML guidelines: Now PAs need to ensure compliance to Know Your Customer (KYC) / Anti-Money Laundering (AML) / Combating Financing of Terrorism (CFT) guidelines issued by the Department of Regulation, RBI, in their “Master Direction – Know Your Customer (KYC) Directions” updated from time to time. This would be very critical compliance as Banks have, at times, seen on slipping on KYC compliance.
Merchant Onboarding management: RBI has set stringent guidelines for PAs to address while onboarding merchant and relook at a contractual arrangement with the merchant.
Settlement and Escrow Account Management: Control measures have been released to regulate escrow accounts held with Banks. This would also need PAs to go back to banks to revisit contracts and procedural aspects set with banks.
Security, Fraud Prevention, and Risk Management Framework: Comprehensive guidelines have been prescribed on technological measures for PAs, including the right set of policies & Procedures, tools, and certification in place, and revisit to organization structure too. Technology related recommendations may demand huge investments from PAs but would be quite helpful in the long term. These recommendations are on similar lines to some of the guidelines recommended to Banks long time back.
PAs and PGs may already be following many of the measures suggested, but to ensuring full compliance could be tricky. This would be first of its kind for them to be exposed as regulated entities. They need to take experience & learnings from Banks on ensuring compliance to RBI requirements. They would need to adopt the right strategy and execution approach to address and met compliance with the above guidelines.