New regulatory regime for payment aggregators New regulatory regime for payment aggregators New regulatory regime for payment aggregators

Behind the quick and smooth digital transfer of money is a complex set of events.   Payment aggregators (PA) are at the heart of these transactions, acting as intermediaries that enable e-commerce sites/merchants to accept various payment modes from customers for the completion of payment obligations. For merchants, PAs eliminate the need to create a separate payment integration system of their own.  In this hassle-free system, PAs receive payments from customers, pool and transfer them on to the merchants.    

After a year-long discussion with stakeholders, the Reserve Bank of India (RBI) has finally brought PAs under its direct regulatory ambit.  PAs historically were not required to obtain separate registration from the RBI.  Over a period of time, a need was felt to regulate the business as PAs are involved in pooling the funds (though kept in escrow account) received from the customer and undertaking settlement services with the merchant.  As a result, PAs will now be directly regulated by the RBI to bring more transparency, accountability and security for consumers.  This move is expected to separate the wheat from the chaff, leaving only serious players in the fray.

As per March 2020, Guidelines on Regulation of Payment Aggregators, all existing non-banks PAs are required to obtain authorisation from the RBI on or before 30 June 2021.  They can continue with PA business till they receive a communication from the RBI on their application.  Similarly, new entrants cannot carry PA business without an RBI licence. 

The PA guidelines also deal with various other aspects such as capital requirements, governance compliances, Know Your Customer (‘KYC’) requirements, regulations around settlement and maintenance of escrow account, appoint of Nodal officer, etc.

Some of the key aspects covered by the PA guidelines include:

• E-commerce marketplaces with a PA business would need to segregate PA business into a separate entity before 30 June 2021 and would need to seek a PA license;
• Non-banks PA will be required to have a minimum net worth of INR15 crore (existing players to achieve this by 31 March 2021) which is to be increased to INR25 crore by the end of third financial year (existing to achieve by March 2023);
• PAs to have policies around merchant on-boarding, Customer Grievances, privacy policy, etc. PAs with account-based relationships with merchants will have to adhere to KYC norms and provisions of Prevention of Money Laundering Act 2002 (‘PMLA’);
• PAs to have single Escrow account with a scheduled commercial bank.  This account permits only specified debits / credits and is used to credit the amounts to respective merchants in the specified time frame;
• On the technology front, the PA Guidelines require baseline technology, such as the implementation of Data security standards, incidenct reporting, cyber security audit and reports and framing IT policy, to be adhered to by PAs;
  
• PAs to check Payment Card Industry-Data Security Standard (‘PCI-DSS’) and Payment Application-Data Security Standard (‘PA-DSS’) compliance of the infrastructure of the merchants on-boarded.  The merchant’s site shall not save customer card and such related data; etc.
  

The new set of guidelines for these companies include minimum net worth requirement along with more stringent governance, operational norms.  The RBI has also demanded mandatory compliance on technology and cyber-security requirements at par with standards for regulated financial institutions for those wishing to continue their businesses. Thus, a smoother transition of the existing PAs would be critical to ensure continued service to the existing customer base.”   Increased cost of compliance, coming on the back of waiver of Merchant Discount Rate (MDR) fees would possibly, put further strain on the margins earned by such players. 

As it stands now, the PA guidelines are already in force with a time frame. Thus, existing players and aspirants need to assess their readiness and fitment.  Stakeholders will be keen to observe how the sector adapts, especially how e-commerce marketplaces segregate their PA businesses into separate entities,

In the new post-COVID-19 normal, the sector has helped keep the economic engine moving as the reliance on payment aggregators and payment gateways has increased significantly.  Thus, the transition for PAs should be made as seamless as possible.   

(Amit Phulwani, Chartered Accountant, contributed to this article.)