Introduction
The operationalisation of the Payments Regulatory Board (“PRB”) in May 2025, in its inaugural meeting on January 5, 2026, represents a significant structural intervention in India’s financial governance. Replacing the erstwhile Board for Regulation and Supervision of Payment and Settlement Systems (“BPSS”), the PRB introduces a multi-stakeholder governance model that institutionalises the tension between monetary stability and digital innovation. This unbundling of the customer interface owned by BigTech from the settlement layer owned by banks created a governance vacuum. The regulatory body responsible for this domain, the BPSS was increasingly viewed as anachronistic. Constituted under the unamended Payment and Settlement Systems Act, 2007, the BPSS was a sub-committee of the RBI’s Central Board, comprised entirely of central bankers and banking experts. Its insular structure meant that the regulators were often technically removed from the fast-paced, algorithm-driven world of the entities they were tasked to supervise. As digital payments transformed from a niche convenience to a critical public utility processing volumes projected to triple by FY 2030, the need for a regulator that combined monetary prudence with technological fluency became undeniable.
The Operational Engine: DPSS and Unified Supervision
While the PRB sets the strategy, the execution remains with the RBI’s Department of Payment and Settlement Systems (“DPSS”). However, the new regulations fundamentally alter the reporting line. The DPSS now presents its findings and reviews directly to the PRB, making the department accountable to the mixed board rather than solely to the Deputy Governor. This change is significant for Unified Supervision. Under the PRB, inspection notices issued to regulated entities will carry a PRB docket number. This subtle administrative change signals to the market that the supervision is now occurring under the PRB statutory board, potentially carrying greater legal weight and reducing the scope for informal regulatory guidance which was common under the BPSS regime.
Impact on Non-Banks and BigTech
The establishment of the PRB is a significant moment for the non-bank entities, Fintechs and BigTechs that dominate the customer interface. The Watal Committee’s core grievance was that the RBI treated non-banks as second-class citizens. The PRB is structurally designed to address this, but the implications are a double-edged sword: greater access comes with stricter regulation.
As of January 2026, the UPI market remains heavily concentrated, with PhonePe and Google Pay collectively controlling approximately 80% of market share. This duopoly presents a classic Too Big to Fail risk. A technical outage at either firm could bring half of India’s commerce to a standstill. The NPCI had proposed capping the market share of any single TPAP at 30% to enforce diversification. However, the deadline for compliance has been extended to December 2026. The PRB faces a dilemma. Enforcing a cap may penalise success and degrade user experience. However, concentration risk is systemic. The PRB is expected to pursue Organic De-concentration. Instead of hard caps, it will likely incentivise the growth of challenger apps such as Tata Neu, WhatsApp Pay, or Amazon Pay, and bank-led apps like BHIM through policy incentives. Furthermore, the PRB may designate PhonePe and Google Pay as Systemically Important Payment System Operators (“SIPSOs”), subjecting them to higher capital requirements and more rigorous audits, similar to Domestic Systemically Important Banks.
Strengthening the Fintech-Bank Nexus
Under the BPSS, Fintechs often operated in a regulatory grey zone, claiming they were merely technology service providers (“TSPs”) to banks and thus not directly regulated. The PRB changes this. The new regulations allow the PRB to inspect the TSPs of regulated entities directly. This means the PRB can audit the algorithms, data storage, and cybersecurity protocols of BigTech firms directly, rather than relying on the sponsor bank’s certification. The PRB will rigorously enforce the data localisation mandate. With the Personal Data Protection Act now in force, the PRB will act as the sectoral regulator, ensuring that financial data generated by Google Pay or Amazon Pay remains within Indian jurisdiction, a point of friction for global tech giants. The PRB holds the power of authorisation under Section 4 of the PSS Act. The industry expectation is that the PRB will be more liberal in granting licenses than the conservative BPSS. The New Umbrella Entity (“NUE”) framework, designed to create competitors to NPCI, had stalled under the RBI. The PRB, with its pro-competition mandate, may revive this initiative to reduce reliance on the single point of failure that is NPCI.
Accountability vs. Fragmentation: Assessing the Governance Shift
The shift to the PRB raises fundamental questions about the unity of financial regulation that whether the introduction of government nominees enhance accountability, or does it fracture the regulatory landscape. The RBI’s 2018 dissent was not without merit. In a digital economy, the velocity of payments directly impacts the velocity of money, which is a core variable in inflation targeting. If the PRB, driven by the MeitY agenda, pushes for transaction speeds that compromise settlement finality, it could introduce credit risk into the banking system. For instance, if a real-time payment is credited to a merchant before the sender’s bank has actually settled the funds, a default by the sender’s bank becomes a systemic issue. The structure of the PRB, specifically the Governor’s chairmanship and casting a vote, may act as a safeguard against this fragmentation. It ensures that while the PRB can innovate on the front-end, the back-end activities, such as settlement and liquidity, remain tethered to the central bank’s prudence. While the PRB consolidates payment regulation, it must navigate a complex web of adjacent regulators. With BigTech dominance being a key issue, the PRB’s competition mandate may overlap with the Competition Commission of India (“CCI”). The PRB will likely need to establish a joint working group with the CCI to define markets and abuse of dominance in the platform economy.
AMLEGALS Remarks
The operationalisation of the Payments Regulatory Board is a quiet power shift because it does not announce itself with the noise of a revolution, but with the subtlety of a systemic upgrade. It represents the maturation of India’s fintech ecosystem. For the RBI, the PRB is a strategic concession, a way to share the burden of regulation while retaining the ultimate lever of control. It allows the central bank to internalise the government’s developmental goals without formally ceding its autonomy. For the Government, the PRB is significant. It has a seat at the table where the rules of the digital economy are written, ensuring that regulation supports, rather than stifles, the Digital India vision. For BigTech and Fintech, the PRB offers a more formalised and potentially more level playing field. It also signals the end of the era of light-touch regulation. The PRB has the mandate and the tools to enforce compliance strictly. As the PRB executes its Vision 2028, its success will be measured not just by transaction volumes but by its ability to manage the equilibrium between the force of digital innovation and the objective of financial stability. In doing so, it will define the future of money in India.
For any queries or feedback, feel free to connect with Hiteashi.desai@amlegals.com or Khilansha.mukhija@amlegals.com