IndiaCorpLaw

FIU’s Penalty on PayPal: Should Payment Gateways be Subject to Anti-Money Laundering Law?

Recently, the Financial Intelligence Unit (FIU) penalized PayPal to the tune of Rs. 9 million for not registering itself as a ‘payment system operator’ under the Prevention of Money Laundering Act, 2002 (PMLA), India’s anti-money laundering (AML) law. PayPal appealed against the FIU’s order before the Delhi High Court. In January 2021, the Court directed the Finance Ministry to constitute a committee comprising its own and Reserve Bank of India’s nominee to decide the following question: should providers of payment gateway services be classified as payment system operators?  In a previous post on this blog, I raised some concerns with the Court’s approach.

The impact of the precedent that the Delhi High Court will set when it decides the question of applying PMLA to payment gateways is understated. The answer to this question is critical for the e-commerce industry that nearly entirely operates through third party payment gateways. It is critical for physical retailers who accept credit and debit card payments, all of which are processed through payment gateways. It is critical for the payment gateways industry that processed retail payment transactions worth about Rs. 100 billion for the nine-month period of March-December 2020 (Source: NPCI). Indeed, the answer it is critical for several participants in the Indian payments system, such as GooglePay and PhonePe, all of whom are merely ‘intermediaries’, and do not ‘operate’ a payment system as such. If payment gateways are brought within the ambit of the PMLA, it sets a precedent for extending the AML regime to such intermediaries.

In this article on BloombergQuint last week, I argued that there are good reasons for not bringing intermediaries such as payment gateways within the fold of the PMLA. 

Payment gateways process transactions between two financial instruments that are linked to fully-KYC-ed bank accounts. When you buy a ticket on BookMyShow or place an order for a mask on an entrepreneur’s website, and make payment using a credit card, debit card or NetBanking, the payment is processed by a payment gateway. Similarly, when you swipe your card at a point-of-sale terminal at the chemist next door (assuming plastic cards are still your preferred payment mode), the payment is processed by a payment gateway. These instruments are directly or indirectly linked to your fully-KYC-ed bank account. Banks, in turn, are reporting entities under the PMLA. Banks have end-to-end visibility of transactions processed by payment gateways (or have means to retrieve this information through their agreements with them).

Applying the AML burden on businesses is not a trivial policy tweak. It requires rolling out robust KYC processes and sophisticated transaction mapping technology infrastructure, which is capable of identifying patterns at the level of each customer, out-of-ordinary transactions and raise red flags for suspicious transactions on an ongoing basis. It increases the costs of setting up and maintaining merchant accounts with payment gateways, and disproportionately hurts small business. Indeed, recent academic literature on the effectiveness of anti-money laundering laws questions the effectiveness of these laws.

Payment gateways, which merely instruct banks to credit or debit accounts and deal in retail consumer to business transactions, are hardly the right instrument to target for AML enforcement. There are negligible chances of someone using a payment gateway to convert illegitimate gains of any remarkable value into legal business. These probabilities and the likely values involved must be taken into account when balancing the objectives of money laundering, increasing the costs of doing business online and the overarching aim of digital inclusion.