INTRODUCTION
The Reserve Bank of India (“RBI”) released two papers on 16.04.2024 for public consultation on its website to bolster the regulation of payment aggregators in India. The first paper deals with the regulation of offline Payment Aggregators (“PA”) and the second aims to enhance due diligence, Know Your Customer (“KYC”) norms and other specific aspects that facilitate such payment systems.
Payment aggregators are third-party service providers that facilitate accepting online payments and enable people to accept different modes of payments such as UPI, bank transfers, credit cards, debit cards, etc. They help customers and businesses to interact smoothly for payments and play a pivotal role in the financial ecosystem. Earlier, the Payment aggregators and payment gateways in India such as Paytm, PayU, Razorpay, etc. were governed through the RBI Circular updated on 31st March 2021. The RBI envisages regulating the offline PAs in India and hence on 30th September 2022 in its “Statement on Development and Regulatory Policies” announced such regulation of offline PAs.
The updated drafts of these guidelines specify the amended directions concerning face-to-face payments done through PAs and cover the physical Point-of-sale (PoS) activities of these aggregators. The level of compliance in the offline spaces has been enhanced which has the potential to affect the small and local businesses of India. Hence, it becomes pertinent to analyse the key updates of these guidelines.
INCLUSION OF PHYSICAL POINT-OF-SALE
The updated PA guidelines have included PA – physical Point-of-Sale (“PA – P”) in its definition. These aggregators aim to support face-to-face payment transactions in the offline space. The merchants, i.e., the vendors who are using these PA to sell or provide goods and services in the market have been divided into two categories: small and medium merchants.
Small merchants would be the vendors who are not registered with the Goods and Services Tax and have an annual turnover of less than Rs. 5 lakhs through the business. Only physical merchants are covered as small merchants, i.e., the several small businesses in the open markets would fall within its ambit if they meet the threshold criterion and undertake face-to-face transactions.
On the other hand, medium merchants include both physical and online merchants, except small merchants. These vendors are also not registered with the Goods and Services Tax and have an annual business turnover of less than Rs. 40 lakhs.
Hence, the scope of regulation has been extended to include the offline POS activities and facilitate the proximate or face-to-face transactions done through the PA. The marketplace for such transactions could be any e-commerce entity which has an IT platform to facilitate digital transactions between business persons and customers. The net worth of the PAs has to be maintained regularly and adequate compliance of the threshold limits has to be ensured.
ESCROW ACCOUNTS
Escrow accounts are set up by escrow agencies. They act as third-party accounts wherein the parties can keep their funds before the ultimate transfer to an entity. It helps keep the amount safe and secure, and grants protection against potential frauds or scams. It is specifically used when dealing with high-value assets and risk-associated sectors.
The updated PA guidelines specify compliance with Paragraph 8.1 of the circular dated 17.03.2020 to open escrow accounts of the PAs, for both the PA-O (online PAs) and PA-P activities. The circular provides that the non-bank PAs have to maintain the collected amount in an escrow account. This escrow account must be with any scheduled commercial bank.
Moreover, an additional escrow account can also be maintained by the PA with any other scheduled commercial bank. The transactions of PA would be covered under Section 23 of the Payments and Settlement Systems (Amendment) Act, 2015 and will be deemed as ‘designated payment systems’ to maintain the escrow accounts.
Further, Paragraph 8.9.1.2 (b) of the circular which allowed the payment to any other account on the directions given by the merchant has been removed and hence such payment is no longer allowed under the escrow account of PA.
The PA guidelines have further amended the scope of escrow accounts. All the cash on delivery payments are excluded from the ambit of transactions routed through escrow accounts. On the other hand, the funds for delivery versus payment (“DvP”) are now allowed to be routed through these accounts.
KYC NORMS AND DUE DILIGENCE MANDATE
The updated guidelines have significantly impacted the KYC norms for the PAs. The PAs have to ensure efficient due diligence of merchants and comply with the Master Direction – Know Your Customer (KYC) Direction, 2016. [RBI/DBR/2015-16/18 Master Direction DBR.AML.BC.No.81/14.01.001/2015-16]. Hence, the customer due diligence (“CDD”) has to be assured.
The RBI has specified the extent of due diligence as per the categories of merchants to ensure smooth functioning and facilitate compliance. The PAs must complete the contact point verification of the business and verify the bank accounts of the small merchants. Medium merchants need to perform the contact point verification and also verify the officially valid document (“OVD”) of the beneficial owner or the proprietor, etc. to verify one OVD of the business.
The Customer due diligence can be done by the PAs through virtual mode. For this, a Video-based customer identification process (“V-CIP”) is permitted under the guidelines. However, in such a process, V-CIP can be done only when the PA gets assistance from any agent in the process at the end of the merchant and the details of such agent must be duly maintained.
The PAs have to take due care and ensure that the marketplaces do not settle payments for such transactions which are not actually provided by their platform as it would frustrate the object of the guidelines. Moreover, the PAs have to ensure that the legal, as well as brand names of the merchants, are displayed on the payment slip or the web page within a period of three months of the issue of these guidelines.
The PAs have to take adequate measures for complete compliance with the Master directions on Know Your Customer, 2016. They must monitor the ongoing merchant activities and as per the series of transactions, the merchant can be elevated to a higher degree of Customer due diligence. The PAs will provide risk-based payment limits for the merchants and overview that the transactions are in consonance with the business that is proposed by the merchant.
The RBI has further made it mandatory for the non-bank PAs to get themselves registered with the Financial Intelligence Unit-India (“FIU-IND”) and for all the existing authorised and unauthorised PAs which are pending application with RBI, the due diligence is to be completed by specified timelines; with quarterly reports to be given to the respective Regional office of RBI.
The RBI has permitted non-bank PAs to involve agents in assisting the merchants in the onboarding process. It is pertinent to note that such assistance is allowed pursuant to certain conditions that have been complied with. These include completing proper due diligence for these agents, having board-approved policies for such agents, maintaining records and confidentiality of the information of customers, and regular monitoring of the agent activities. Moreover, since 01.08.2025, for any proximity or face-to-face transactions done through cards, no entity in the transaction process can store the Card on file (CoF) data except the limited data for tracking purposes.
WITHDRAWAL OF US PAYMENT GIANT
The issue of the updated PA guidelines by RBI has marked a stream of discussion in the market. The development has arrived at a critical time when the US payment giant in the market, Stripe intends to leave the domestic payment market of India.
Recently, Stripe has transitioned to an ‘invite-only’ mode in India. This means the merchants cannot join the PA through them and would need the approval of the invite request from Stripe’s India team. It has declared to support Indian merchants by 2025 and might shift towards cross-border payment transactions thereafter.
The stringent KYC norms of India are a major driving factor for such a decision. In the midst of this, the updated RBI guidelines have been released for PA. It has been criticised for slowing down the merchant onboarding process for PA by 90%. And Stripe is one of the most valued start-ups in the world. In such a scenario, it becomes pertinent to analyse and identify the different aspects of the updated RBI guidelines which could hamper the working of the domestic payment market of India.
RBI has extended the net worth requirement for non-banking entities providing face-to-face transactions to Rs. 25 Crores by 31.03.2028. However, the measures of due diligence and compliance with the Master direction on KYC have made compliance with the guidelines strict and this could affect the potential players in the domestic payment transaction market of India.
POTENTIAL IMPACT ON THE DOMESTIC MARKET
The new RBI guidelines pose a challenge to the process of onboarding customers. A thorough CDD has to be performed when the onboarding customers for the business. Moreover, the Master Directions on KYC has extended the compliance level in the process which could drive out the giants like Stripe from the domestic market of India.
The merchants have been categorised as small and medium merchants and different levels of compliance have been specified for their due diligence operations. This could entail extra expenses to carry out the process and impose a burden on the merchants. The additional KYC cost could specifically affect the small businesses in India which often lack the resources and capacity to complete the physical verifications.
In the past as well, certain RBI actions had created a spark of discussion when it affected the fintech and payment market of India. In 2022, the card tokenisation rules were issued and it was criticised that the market was not ready to adapt to it. Similarly, the data localisation mandate of 2018 faced issues in effective implementation in the market.
Recently, the RBI digital payments industry officials conducted a meeting to discuss the implications of these guidelines on the Indian market. It was apprehended that the guidelines could hamper the regulatory environment of the market for the potential players. The street vendors or the small businesses would be the most impacted group by the mandatory KYC.
This may discourage small sellers from transitioning to the virtual payment market and make it tougher for such businesses to operate in compliance with the new guidelines. While the increased net worth requirements and promoting adequate KYC are measures to ensure consumer protection and enhance fair opportunity in the market, the key apprehensions with the guidelines need to be analysed and addressed to achieve effective implementation of such guidelines in the domestic payment market of India.
AMLEGALS REMARKS
The revised guidelines for payment aggregators by the RBI signify a substantial change in the regulatory environment surrounding the digital payment ecosystem. The strict KYC criteria and compliance regulations, while intended to improve consumer protection and ensure fair market practices, provide difficulties for both current participants and future entrants, potentially affecting the convenience of doing business, especially for small and medium-sized merchants. Significant companies like Stripe’s exit highlight the difficulties and conflicts that arise when trying to strike a balance between encouraging competition and innovation and maintaining regulatory control.
Stakeholder participation is becoming more and more important as India moves closer to being a cashless economy. It is critical to strike a careful balance between encouraging innovation and maintaining regulatory monitoring. The efficacy of these principles depends upon their capacity to enhance stability in the context of a culture that encourages inclusiveness, growth, and technological innovation.
Policymakers, regulators, and industry players must work closely together to address the issues identified by these principles as India’s digital payment market develops. Maintaining India’s digital payment revolution will require finding a careful balance between strict regulations and creating an atmosphere that encourages growth and innovation. The capacity of these principles to reduce risks without undermining the diversity and dynamism that have defined India’s digital payment environment will ultimately determine how effective they are.
– Team AMLEGALS assisted by Ms. Akanksha Yadav (Intern)
For any queries or feedback, feel free to reach out to mridusha.guha@amlegals.com or liza.vanjani@amlegals.com