Vidushi Tiwari
Financial Transactions

Analysis of RBI Guidelines On Regulation of Payment Aggregators

Contents hide

1 Introduction

2 Definition of Payment Aggregators (PAs)

3 Payment Gateways

4 Authorisation And Registration Requirements

5 Corporate Governance

Introduction

At the advent of technology, the telecom sector evolved rapidly fuelled by faster and easier access to the internet. To keep pace with the rampant technological changes, the e-commerce sector quickly adapted to the new-fangled payment service systems including the digital payment system.

Reserve Bank of India introduced the regulatory framework in form of intermediary directions through the notification issued on 24^th January 2009 (The Directions for Opening and Operation of Accounts and Settlement of Payments for Electronic Payment Transactions Involving Intermediaries). These directions laid down parameters through which the definition, role and obligations of intermediaries were spell out.[1]

However, identifying the lacuna in the present regime including paltry governance practices and unsatisfactory payment routing systems, the RBI issued ‘Guidelines on Regulation of Payment Gateways and Payment Aggregators’ (Guidelines) on 17 March 2020 which subsequently came into effect on 1st April 2020.[2]

These guidelines seek to enhance customer confidence by laying down mandatory provisions for Payment Aggregators and propitious yet voluntary recommendations for Payment Gateways. The so-called leniency was accord to Payment Gateways as they merely facilitate online payment through the provision of technological infrastructure without operating and dealing with the funds. It is of essential to note that these guidelines will not apply to ‘Cash on Delivery’ mode of payments and will be strictly restricted to the Non-Physical Mode of Payments. Further, these guidelines are limit only to the domestic interface of any import or export transaction.

Definition of Payment Aggregators (PAs)

The Reserve Bank of India (RBI) defines payment aggregators as “entities that facilitate e-commerce sites and merchants to accept various payment instruments from the customers for completion of their payment obligations without the need for merchants to create a separate payment integration system of their own. PAs facilitate merchants to connect with acquirers. In the process, they receive payments from customers, pool and transfer them on to the merchants after a time period”.

Payment Gateways

The guidelines also define Payment Gateways (PGs) as “entities that provide technology infrastructure to route and facilitate the processing of an online payment transaction without any involvement in handling of funds”.

Authorisation And Registration Requirements

RBI has laid down the basis for authorisation based the role adopted by the intermediary, depending on whether or not such an intermediary handles funds. Separate Authorisation is not require by banks which include PAs within their ambit whereas Non-Bank PAs have to seek authorisation under the Payment and Settlement Act, 2007. Further the time limit for obtaining registration from RBI by Non- Bank PAs is 30^th June 2021. In addition to registration requirements, it is also essential the PA must be a company registered under Companies Act 1995.

The Minimum Capital Requirement for Authorization for PAs existing as on the date for circular include (a)attaining net worth of ₹15 crores by March 31, 2021, and (b) Net worth of ₹25 crores by the end of the third financial year on or before March 31, 2023. Subsequently, the aforemention net worth shall be maintain at all-time thereafter. Whereas the New PAs are require to maintain

(a) minimum net-worth of ₹15 crores at the time of application for authorisation and (b) attain net-worth of 25 crores by the end of the third financial year of grant of authorisation. The net-worth attain at the end of the third financial year shall be maintain thereafter. It is of utmost importance to provide proof with the net-worth, the existing PAs can do it by submitting a certificate in an enclosed format from their Charted Accountant along with an application for authorisation and the newly incorporated bank entities can submit a certificate in an enclosed format evincing their current net-worth along with their Provisional Balance Sheet. Further PAs which are regulate by other Financial Regulators should submit a ‘No Objection Certificate’ from their regulators and make registration application within 45 days of attaining it.

Corporate Governance

The PAs are require ascribe to the compliance guidelines including approval from the board on important policies like customer grievance and dispute resolution in as prescribed in ¶5.1 and ¶7.1 of the RBI guidelines.
To maintain the confidence of the customers the PAs should have comprehensive policies for Merchant on-Boarding. These policies should be implement only after the prior approval of the Board and should contain prerequisites
such as compulsory background check, a quality check of the products or services offered by the merchants and
mechanisms for dealing with fake counterfeit products.[3] However, the method of operationalization and
implementation of these guidelines remains ambiguous due to the lack of detailed directions or additional guidelines.
PAs should also disclose requisite information on their websites and mobile applications regarding customer policies, merchant websites and
other terms & conditions in a detailed manner.
PAs will also be subject to periodic disclosure and reporting requirements prescribe under the Guidelines, including annual certifications on net worth, monthly reporting of transactions processed through various payment instruments, quarterly reporting of escrow account balance, and
details of debits and credits concerning the escrow account[4]
Any data or credentials provide by the customers relating to the payment cards cannot be save on merchant’s sites, PA’s Database or
the servers accessed by the merchants.
In addition to the fulfilling the requirements laid down by RBI regarding information technology systems and
related measures, the PAs are accountable for ensuring compliance with Payment Card Industry-Data Security Standard (PCI-DSS) and
Payment Data Security Standard (PA-DSS)

More points

Data storage requirement as applicable to payment operators, mechanisms for ensuring cybersecurity and
KYC guidelines as laid down in ¶10 and ¶6 respectively should be strictly complied with. In addition to KYC guidelines laid down by RBI, PAs should also Anti Money Laundering Act, 2002. PAs can ensure compliance with the said guidelines by developing necessary KYC and
Customer Acceptance policies that call for customer verification, monitoring of large transactions, updating of KYC information and
provision of customer information when necessary.[5]
According to Annex 3 of the guidelines detailed report of the cybersecurity incident including cause, effect and
preventive measures undertaken should be submit
by the 7^th day of the month following the incident month upon the occurrence of such an instance.[6]

Escrow Account

To ensure smooth flow of funds, the PAs after opening an escrow account with the concerned commercial bank

should strictly meet the guidelines laid down by RBI.

Classified as ‘Designated Payment System’
under ¶ 23A of the PSSA Act, the PAs should affirm pooling of funds collected from
customers in an escrow account
PAs should shift from nodal account structure to the new escrow account structure as ascribed in the Guidelines
PAs can maintain the escrow account only with one commercial bank
The balance maintained in the Escrow Account at the end of each day should not be less than amount collect from the customers or
payable to the aggregators
Debit and Credit in the escrow account should be done in the accordance with RBI guidelines, any debit
made should be limit to the payments made to merchants or
service providers, pre-funding of the escrow account, promotional activities and other incentives.
The PAs should settle the payment of the merchants per the timeline provided by the guidelines. The timeline for settlement of payments is based on the date of intimation or
confirmation provided to the PAs by the merchants on shipment or delivery depending on
whether or not PA is responsible for such delivery[7]

Though the application of these guidelines is unclear insomuch as their interaction and applicability with intermediary guidelines, it is reasonable to assume that

they should be enforce in consonance with the intermediary guidelines to prevent regulatory overlap and uncertainty.

Conclusion

The recent guidelines have ushered in a stricter regime for Payment Aggregators. These guidelines not only introduce significant operational changes but are also instrumental in gaining the confidence of customers and merchants alike. The application of these guidelines is unclear insomuch as their interaction and applicability with intermediary guidelines. However, it is reasonable to assume that they should be enforce in consonance with the intermediary guidelines to prevent regulatory overlap and uncertainty. Though this novel setup of checks and compliances in form of guidelines will require PAs to refurbish their fund flow structure and

introduce a new set of exhaustive policies to assure conformity with KYC measures and localisation of payment data

it will also bring us closer to a more accountable system.

Reference

[1] Sanjay Khan Nagra, Prashant Ramdas& Neil Deshpande, RBI Issues Guidelines to Regulate Payment Aggregators, MONDAQ.COM(27th September 2020), https://www.mondaq.com/india/financial-services/909542/rbi-issues-guidelines-to-regulate-payment-aggregators.

[2] Trilegal, RBI’S Guidelines on Regulation of Payment Aggregators and Payment Gateways, LEXOLOGY(27^th September 2020), https://www.lexology.com/library/detail.aspx?g=4cd07338-7d6f-4499-9e06-a897edbf8fd3.

[3] Clarification on Merchant Onboarding Requirements under the Regulation of Payment Aggregators and Payment Gateways, COMMUNITY NASSCOM INSIGHTS(27/09/2020), https://community.nasscom.in/communities/policy-advocacy/clarification-on-merchant-onboarding-requirements-under-the-regulation-of-payment-aggregators-and-payment-gateways.html.

[4] RBI Issues Guidelines to Regulate Payment Aggregators, KHAITAN&CO(27/09/2020), https://www.khaitanco.com/thought-leaderships/RBI-issues-guidelines-to-regulate-payment-aggregators.

[5] Supra note 2.

[6] Shubhangi Pathak, Priya Mishra & Nimisha Srivastava ,India: RBI- Guidelines on P

ayment Aggregators , MONDAQ(27/09/2020), https://www.mondaq.com/india/shareholders/951074/rbi-guidelines-on-payment-aggregators#_ftnref10.

[7] Mridula Tripathi, RBI To Regulate Operation Of Payment Intermediaris ,VINOD KHOTHARI CONSULTANTS(27/9/2020), http://vinodkothari.com/2020/03/rbi-to-regulate-operation-of-payment-intermediaries/