IndiaCorpLaw

RBI’s Guidelines on Regulation of Payment Aggregators and Payment Gateways

[Abhishek Tripathy is a fourth year law student at the Institute of Law, Nirma University]

In March 2020, the Reserve Bank of India (“RBI”) issued the Guidelines on Regulation of Payment Gateways and Aggregators, which issued in furtherance of a discussion paper released by the RBI in September 2019. The guidelines have been made effective from 1 April 2020.

The extensive use of electronic modes of payment by customers is facilitated by the banks with the help of intermediaries like payment aggregators and payment gateway service providers. The RBI issued the present guidelines according to the power vested in it under section 18 read with section 10(2) of the Payment and Settlement Systems Act, 2007 (the “PSS Act”). The PSS Act was enacted to ensure a secure, accessible, and efficient system of payments and settlement. The payment infrastructure in the country has evolved over time with increased competition and technologically driven business models. This post attempts to track the evolution of payment aggregators and gateways in India, and assesses the necessary regulatory compliances in light of the recent guidelines.

Setting the Context

At the time of the PSS Act, the use of electronic payment system was still at a nascent stage as transactions were mostly dependent on cash or bank transfer. To match up to the ever-evolving change in technology, the RBI had sought to address the lacunae in the PSS Act through various notifications and regulatory interventions. Prior to the issuance of the present guidelines, RBI regulated entities enabling electronic payments between two customers or merchants by way of its notification released in November 2009.

The notification, also christened as intermediary directions, defined intermediaries to include “all entities that collect monies received from customers for payment to merchants using any electronic/online payment mode, for goods and services availed by them and subsequently facilitate the transfer of these monies to the merchants in final settlement of the obligations of the paying customers.” All kinds of electronic payment systems were covered under the umbrella of intermediaries, and there was no differentiation as to the structure and working of payment gateways and payment aggregators.

The RBI had earlier expressed the need to review the existing regulatory mechanism for electronic payment intermediaries in its monetary policy statement. After various assessment and suggestions, the RBI in the recent guidelines enforces a more stringent and direct form of regulation to regulate the system of electronic payments in India.

Analysis of the RBI Guidelines

Defining PAs and PGs

The RBI guidelines take a shift from the intermediary directions by providing a definition to payment aggregators (PA) and payment gateways (PGs), and thereby establishing the scope of operation. The guidelines define payment aggregators as “entities that facilitate e-commerce sites and merchants to accept various payment instruments from the customers for completion of their payment obligations without the need for merchants to create a separate payment integration system of their own.” Whereas payment gateways are defined as “entities that provide technology infrastructure to route and facilitate processing of an online payment transaction without any involvement in handling of funds.” It is imperative to note that payment aggregators ensure the facilitation of receiving, pooling and transferring the payment to the merchant, which might be periodic in nature. Payment gateways only need to maintain the necessary technical assistance or infrastructure as they do not store or pool the payments.

Authorisation Requirements

Prior to the guidelines, the entities operating as intermediaries were not required to obtain a prior authorisation from any regulator. However, the guidelines now make it mandatory for the payment aggregation services (except licensed banks) to receive authorisation from the RBI. Payment aggregators are now obliged to fulfil the ‘fit and proper’ criteria to be eligible for authorisation from the RBI. A standard concept of corporate governance in financial institution, ‘fit and proper’ criteria mandate specific requirements for evaluating managers, directors and office bearers to efficiently meet their duties while assuring their integrity and suitability for the post. With the adoption of ‘fit and proper’ criteria’, the electronic payment infrastructure will now be responsible to the regulators and customers for its governance and decision-making.

A deadline of 30 June 2020 has been set for the existing players to meet with the requirements of the guidelines. Moreover, the guidelines mandate a minimum capital requirement both at the time of the application and at the expiry of three years. It is essential to note that the capitalisation requirements are nominal as compared to the recommendation in the discussion paper. This process of authorisation will specifically ensure that the RBI has direct supervision on the working of payment aggregators.

Settlement and Escrow Account Management

The RBI’s intermediary directions issued in 2009 required the intermediaries to maintain a nodal account, in the form of internal account of the bank to keep a record of the credit settlement cycle with the merchants. The guidelines now mandate the use of an escrow account wherein funds are held in trust whilst two or more parties complete a transaction. The account must be maintained with any (one) scheduled commercial bank and not be used for any other business related purposes. The guidelines also allow for pre-funding of the escrow account. To ensure additional protection to the funds maintained in the escrow accounts, the use and operation of escrow account has been categorised as “designated payment system” as in terms of section 23A of the PSS Act. However, this requirement for payment aggregators to maintain an account in one bank can adversely affect the working and operation if the designate bank is under regulatory moratorium or any other similar action.

Compliances

The guidelines ensure transparency by prescribing disclosure compliances and a comprehensive customer redressal mechanism. They also mandate payment aggregators to have the adequate infrastructure and facilities for fraud detection and to abide by other technological requirements like proper data management, data security, etc. The payment aggregators are also required to abide by the norms of data localisation except in certain circumstances.

Conclusion

The RBI guidelines are the future regulatory framework for payment aggregators in India. There is prevailing uncertainty over the relevance of the intermediary directions, as they have not been expressly repealed. Prior to the guidelines, the intermediaries were only subject to certain operational compliances without an exhaustive policy. The guidelines suggests the delineation of market places from payment aggregation services to keep better track of the payment system. The change in regulatory stance also introduces an array of new compliances and check mechanisms.  Though more clarifications need to be provided for the incorporation of these guidelines, it is the first step towards a more transparent and accountable payment structure in India.

Abhishek Tripathy