Get in Touch
November 21, 2025

NPCI’s UPI Circle Evolution: Balancing Accessibility With AML/KYC Compliance

INTRODUCTION

On a contemporary scale, India’s financial ecosystem has greatly evolved, accompanied by swift technological upgrades. One of the most important innovations influencing mass market participation is the Unified Payments Interface (hereinafter referred to as “UPI“). If in the distant past, digital payment was often restricted to the primary account holder, nowadays, UPI has gone mainstream and has found its way into shared, dependent financial spaces, thanks largely to the advent of the UPI Circle feature. This mechanism is designed to enhance financial inclusion by allowing a Primary User to delegate controlled transaction authority to a trusted Secondary User, such as a family member or employee. India’s payments regulator, the National Payments Corporation of India (hereinafter referred to as “NPCI”), has acknowledged the advantages and potential vulnerabilities of this technology. While UPI Circle may improve liquidity and convenience in micro-communities, the Full Delegation framework, where a Secondary User transacts independently up to defined limits, introduces potential vulnerabilities concerning fraud, traceability, and regulatory compliance. Against the backdrop of such circumstances is NPCI’s governance measure of mandating stringent identification and verification requirements. This blog delves into the specifics of these additional mandates, analyzing the rationale behind striking a necessary balance between digital convenience and market oversight.

UNDERSTANDING UPI CIRCLE: THE MECHANISM OF DELEGATION

UPI Circle refers to the use of the core UPI rail to conduct transactions by a party other than the original account holder, according to pre-established controls set by the Primary User. The delegation can be categorized into two core modes:

  1. Under Partial Delegation mode, the Secondary User may initiate a payment request, but the transaction can only be completed after the Primary User approves it by entering their UPI PIN. This framework offers high control and minimal compliance risk, as the Primary User retains the final authentication step for every transaction. The existing UPI limits of the Primary User’s bank account are generally applicable in this scenario.
  2. Full Delegation is a trust-based mechanism where the Primary User pre-authorizes a specific monthly spending limit with a maximum ₹15,000 for the Secondary User. Within this pre-set ceiling, the Secondary User can initiate and complete UPI transactions autonomously, up to a limit of ₹5,000 per transaction, without requiring the Primary User’s immediate approval. Since the Secondary User is performing transactions without their own KYC-linked account, verification and strict traceability are paramount for Anti-Money Laundering (“AML”) purposes and preventing unauthorized access, which forms the core of the new regulatory intervention.
THE ADDENDUM: MANDATES FOR FULL DELEGATION

The core of the NPCI governance measure lies in forcing robust pre-approval and data sharing for all Full Delegation authorizations. The primary implications will infuse profound changes in the way Payment Service Providers (“PSPs”) and banks operationalize the service.

  1. Mandatory Relationship Identification: The Primary User, via their Primary Payer PSP, must explicitly categorize the Secondary User’s relationship. The delegation is restricted to specific segments, either a Family Member like Child, Parent, Spouse, Sibling, or other specified relative or a Domestic/Small Business Employee. This formal declaration ensures the feature is limited to clearly defined, trusted personal or micro-business use cases, reducing the scope for misuse as a third-party payment gateway.
  2. Sharing of Officially Valid Documents (“OVD”): To establish accountability and traceability, the Primary Payer PSP is mandated to collect the Secondary User’s Document Type, e.g., Aadhaar, Passport, Driving Licence, and the corresponding ID Number. These additional details must be shared across the UPI network to the Secondary Payer PSP and the Issuer Bank for due diligence.
  3. Issuer Bank’s Role in KYC Verification: The Issuer Bank of the Primary User is entrusted with the critical role of verification. At the time of delegation, the bank must rigorously identify the Secondary User by verifying their Name, Mobile Number, and the OVD details as per the Master Direction on Know Your Customer (“KYC”) compliance. This serves as a vital check to validate the bona fides of the delegate.
  4. Explicit Consent from Secondary User: Accountability is also placed on the receiving end. The Secondary Payer PSP must obtain explicit consent from the Secondary User regarding the use and sharing of their OVD details before accepting the Full Delegation request. This ensures informed consent and prevents unauthorized linking of a user’s identity to a delegation mandate.
STRIKING THE BALANCE: SECURITY, COMPLIANCE, AND INCLUSION

It is never easy to regulate an industry that is heavily reliant on technology and strives for seamless user experience. On the one side, NPCI has been tasked with protecting the integrity of the payments ecosystem and ensuring fairness and resistance to manipulation. A regulatory straitjacket that hinders financial inclusion should, however, be avoided.

Systemic Security: The introduction of KYC mandates adds a critical layer of security to the payment rail. Full Delegation’s autonomy is mitigated by the robust pre-verification, ensuring that if any anomalous activity is traced, the user is linked to a formally identified individual. This significantly reduces the risk of phantom transactions or unauthorized delegation that could destabilize the system under high-frequency conditions.

Controlling Agentic Growth: The requirement for formal identification and structured consent lays the foundation for future innovations. As NPCI expands Full Delegation to complex channels like IoT Devices and Software Profiles (AI/Agentic payments), these stringent requirements ensure that technological advancement—such as payments executed by a smart device on the user’s behalf—remains within a controlled, accountable, and traceable environment.

IMPLICATIONS FOR THE ECOSYSTEM

The proposed changes in the regulations aren’t just a matter of compliance for the PSPs, they form the backbone of the way financial intermediaries will interact with the delegation mechanism. Both stakeholders will need to make adjustments. For PSPs and Banks, the immediate impact is an elevated compliance burden, necessitating significant investment in secure API frameworks for OVD sharing, advanced backend verification systems, and updated user interfaces to accurately capture and display relationship and consent declarations. Smaller PSPs and banks may find it harder to adjust, but this mandate levels the field toward robust compliance standards. Whereas, for Primary Users, they face a slightly more involved setup process due to the mandatory document collection and relationship declaration. However, the trade-off is significant: enhanced transparency, security, and the assurance that their delegated authority is being used by a formally verified individual, thereby safeguarding their principal bank account from unintended liability.

AMLEGALS REMARKS

This addendum to the Full Delegation framework by NPCI gives reassurance that the regulator is moving in the right direction in India’s quickly changing digital payment ecosystem. The heightened focus on transparency, mandatory OVD validation, and traceability must enable both Primary and Secondary Users to engage with this innovative feature with greater confidence and reduced risk. This, in turn, should motivate PSPs and banks to enhance their compliance infrastructure, fostering a more secure and robust payment environment. While the introduction of additional steps may introduce an element of friction in the linking process, these measures are crucial for protecting consumer interests and maintaining the integrity of India’s world-leading UPI network. If these measures are implemented in the right way, they will create a safer and disciplined jurisdiction for delegated payments, allowing technology to assist citizens without sacrificing systemic stability.

For any queries or feedback, feel free to connect with hiteashi.desai@amlegals.com or khilansha.mukhija@amlegals.com

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

 

Disclaimer & Confirmation

As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:

    • there has been no advertisements, personal communication, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
    • user wishes to gain more information about AMLEGALS and its attorneys for his/her own information and use;
  • the information about us is provided to the user on his/her specific request and any information obtained or materials downloaded from this website is completely at their own volition and any transmission, receipt or use of this site does not create any lawyer-client relationship; and that
  • We are not responsible for any reliance that a user places on such information and shall not be liable for any loss or damage caused due to any inaccuracy in or exclusion of any information, or its interpretation thereof.

However, the user is advised to confirm the veracity of the same from independent and expert sources.

I Agree I Disagree