RBI Issues Final Guidelines for Payment Aggregators (PAs)

Source: ET & Mint

Context:

The Reserve Bank of India (RBI) has released its comprehensive final guidelines for Payment Aggregators (PAs), aimed at enhancing transparency, security, and governance in the digital payments ecosystem. These norms cover authorization, capital requirements, fund management, data security, and consumer protection.

Key Highlights:

• Authorization & Net Worth:
  • Non-bank PAs must obtain RBI authorization under the Payment and Settlement Systems Act, 2007.
  • Minimum net worth: ₹15 crore at application, rising to ₹25 crore by the end of the 3rd financial year.
  • Banks providing PA services as part of regular operations are exempt.
• Governance & Compliance:
  • PAs must be professionally managed, promoters and directors must meet ‘fit and proper’ criteria.
  • Any acquisition or management change must be reported to RBI within 15 days.
  • Appointment of a nodal officer for regulatory compliance and grievance handling is mandatory.
• Merchant Agreements & Escrow:
  • Agreements must clearly define responsibilities, dispute resolution, refunds, and grievance redressal.
  • Funds collected must be held in an escrow account with a scheduled commercial bank.
  • An escrow account is a neutral bank account where funds are temporarily held by a third party (the escrow agent) until specific conditions of a transaction are fulfilled by the parties involved.
• Risk Management & Security:
  • Mandatory background checks of merchants to prevent fraud or prohibited sales.
  • Compliance with Payment Card Industry Data Security Standards (PCI-DSS).
  • Robust IT and data security infrastructure required; annual security audits by CERT-In empanelled auditors.
  • Cyber incidents must be reported immediately to RBI and CERT-In.
• Customer Protection:
  • Card credentials must not be stored by PAs or merchants.
  • Refunds must go to the original payment method unless agreed otherwise.
• Payment Gateways (PGs):
  • Treated as technology providers; adherence to recommended security standards is encouraged.
  • A Payment Gateway (PG) is a technology service that facilitates online payment transactions between customers, merchants, and banks.

Payment Aggregators (PAs)

A Payment Aggregator (PA) is a financial entity that facilitates online payments by collecting money from customers on behalf of merchants and transferring it to the merchant after settlement. PAs do not hold a banking license but act as intermediaries between customers, merchants, and banks.

Regulatory Framework:

• Governed by the Reserve Bank of India (RBI) under the Payment and Settlement Systems Act, 2007.
• Non-bank PAs must obtain RBI authorization to operate in India.
• Required to maintain a minimum net worth of ₹15 crore initially, increasing to ₹25 crore by the end of the 3rd financial year.