Source: TH
Context:
PayU, a leading diversified fintech platform, has received integrated authorisation from the Reserve Bank of India (RBI) to operate as a payment aggregator. The approval allows PayU to facilitate payments across online, offline (physical), and cross-border transactions, covering both inward and outward flows.
Payment Aggregator
A Payment Aggregator collects funds on behalf of a merchant from customers through online or offline digital payment methods (cards, UPI, wallets, net banking, etc.) and then transfers the money to the merchant after deducting applicable fees.
Key Functions
- Multiple Payment Channels: Accepts payments via credit/debit cards, UPI, wallets, net banking, and sometimes offline QR codes.
- Consolidation of Transactions: Aggregates payments from many customers and channels into a single settlement for the merchant.
- Risk Management & Compliance: Ensures secure transactions, fraud monitoring, and regulatory compliance (e.g., RBI guidelines).
- Simplified Onboarding: Merchants don’t need individual arrangements with banks or payment networks.
- Settlement to Merchants: Aggregators periodically transfer collected funds to the merchant’s account.
RBI’s “Guidelines on Regulation of Payment Aggregators and Payment Gateways” (July 2021):
| S. No. | Requirement | Details |
|---|---|---|
| 1 | Incorporation | Must be a company incorporated in India under the Companies Act, 2013. Foreign entities cannot operate directly as a PA. |
| 2 | Net Worth | Minimum initial net worth: â‚ą15 crore for new PAs. RBI may require net worth to increase as operations scale, ensuring financial stability. |
| 3 | Regulatory Approvals | Must obtain authorisation from RBI before commencing operations. Only authorised PAs can handle customer payment instruments and collect funds on behalf of merchants. |
| 4 | Fit & Proper Criteria | Promoters, directors, and key management personnel must meet RBI’s fit and proper requirements: integrity, reputation, competence, no prior convictions/defaults, adequate experience in financial services/technology. |
| 5 | Governance & Risk Management | Must have Board-approved policies for operational risk, fraud management, IT security, cyber risk, data protection, and customer grievance redressal mechanism. |
| 6 | Segregation of Funds | Customer funds cannot be used for PA’s own business. Funds collected on behalf of merchants must be in a separate “trust account” and remitted as per RBI timelines. |
| 7 | Operational Requirements | Compliance with RBI’s KYC, AML/CFT norms; maintenance of transaction records; conduct risk assessments; ensure secure transaction processing. |
| 8 | Capital & Insurance | Maintain sufficient capital buffers; may require insurance coverage for operational or cyber risks. |
| 9 | Technology & Security Standards | Implement end-to-end encryption, tokenisation, PCI DSS standards for card payments; regular system audits and penetration testing. |
