Offline Payment aggregators to be under regulatory scheme: RBI proposes amendments to PA regime

Archisman Bhattacharjee and Manisha Ghosh I finserv@vinodkothari.com

Introduction

On April 16, 2024, the Reserve Bank of India (RBI) issued Draft Directions on the Regulation of Payment Aggregators (PAs) (‘Draft PA Directions’) serving two primary purposes:

  1. Regulating Offline PAs i.e. PAs operating at physical points of sale, an area previously not covered by existing regulations.
  2.  Amendments to the current guidelines concerning Payment Aggregators, primarily intended to extend the scope of the extant regulations to offline PAs; however, having several additionalities such as PA’s due diligence on the merchants, ongoing merchant monitoring based on business profile, disallowing payment to any other account on specific directions from the merchant etc.

The RBI had previously issued Guidelines on Regulation of Payment Aggregators and Payment Gateways on March 17, 2020 (Refer to our analysis on the guidelines here) which did not extend to offline PAs operating in physical spaces via point-of-sale machines. However, as also pointed out by RBI, in its Statement on Developmental and Regulatory Policies on September 30, 2022, there is minimal distinction between online and offline operations warranting similar regulatory oversight over offline PAs as well. .

The absence of regulation in the offline PA space had provided a differential treatment to entities involved in similar activities leading to the issuance of the Draft PA Directions

In this article, we delve into the potential implications of the Draft PA Directions on the PA industry.

Applicability of the Draft circular

The Draft circular is applicable on all PAs operating in the physical (PA-P) as well as in virtual space (PA-O).

Entry requirements into PA-P business

** Application for authorization in Form A to be made within March 31, 2025. In case an existing non bank entity providing PA-P services fails to do so, a bank in which escrow account is held should be closed, unless such PAs are able to produce evidence of application of authorization being made by them.

Based on the chart provided, it is evident that the entry requirements for participation in the PA-P business have been aligned with those for PA-O, as outlined in the Regulation of Payment Aggregators and Payment Gateways.

Amendments to existing directions

a.     Revised Definition of PA

The draft circular revises the definition of Payment Aggregators under para 1.1.1 of Annex 1 of Guidelines on Regulation of Payment Aggregators and Payment Gateways to:

“Entities which on-board merchants and facilitate aggregation of payments made by customers to such merchants, for purchase of goods and services, using one or more payment channels, in online or physical Point of Sale payment modes through a merchant’s interface (physical or virtual), and subsequently settle the collected funds to such merchant’’

The key ingredient for determination of a PA, where the payment collected shall be first pooled and then transferred to the merchant at the end of the cycle remains unchanged. However the draft guidelines do not provide for any revised definition for ‘payment gateways’, we understand that the term ‘payment channel’ used in the revised definition refers to the same.

Through the revised definition RBI has brought under its purview both online as well as offline/physical  (Point of Sale) PA.

  1. Online PAs (PA – O): PAs which facilitate e-commerce transactions in non-Delivery versus Payment mode.
  1. PA – physical Point-of-Sale (PA – P): PAs which facilitate face-to-face / proximity payment for Delivery vs Payment transactions.

The circular defines the term ‘Delivery vs Payment’ (DvP) as transactions that entail payment of goods and services at the time of their delivery.

Similarly the term non-Delivery vs Payment shall refer to a transaction where payment is made earlier and the goods or services are received at a later stage.

i. Analysis of the term “merchant interface”

The term “merchant interface” is a crucial addition to the definition of PA. The updated regulation mandates that payment channels be accessible through this interface, though the term itself lacks a clear definition in the draft directions or existing regulatory framework for PA and PG. Our interpretation suggests that the term “merchant interface” encompasses the platform through which merchants interact with its customers, such as store premises for PA-P transactions and e-commerce/marketplace websites for PA-O transactions. The draft amendment underscores the necessity for access to PA-O or PA-P services through physical stores or relevant e-commerce/marketplace websites. In the case of e-commerce/marketplace websites, it can be assumed via the definition that integration of payment channels with the e-com or marketplace website is envisaged by the regulator, which in turn will ensure that such payment channels are accessible through the merchant’s website.

b.     Escrow Account

i. Maintaining of common escrow account

The RBI has proposed an expansion in the operational scope for non-bank Payment Aggregators (PAs) by allowing them to utilise escrow accounts, as outlined in the Guidelines on Regulation of Payment Aggregators and Payment Gateways. This proposal encompasses both PA-O and PA-P activities. Furthermore, the RBI suggests the possibility of maintaining a common escrow account for aggregators engaged in both PA-O and PA-P activities.

However, there’s a need for clarity regarding the status of an escrow account if an entity fails to apply for authorization for its PA-P business to the RBI before March 31, 2025. According to the draft directive, a bank holding the escrow account is required to close it, if the aggregator fails to apply for authorization for its PA-P business. This raises concerns, particularly in cases where a common escrow account is maintained, as legitimate transactions related to the aggregator’s PA-O business may be affected. It remains uncertain whether instances of a common escrow account would lead to the entire account being seized or if restrictions would solely apply to funds received for PA-P activities while allowing the account to remain operational for collection purposes regarding its PA-O business.

ii Exclusion of COD transactions

The draft circular expressly excludes Cash-on-delivery transactions from the purview of these guidelines.

The question arises will these guidelines be applicable where in a cash on delivery transaction the payment is made through a PoS machine? The answer to this question depends where the amount is being transferred. If the payment is directly transferred to the merchant’s bank account i.e without routing through the PA, there is no involvement of a PA, hence the guideline shall not be applicable to such transactions.

Any transaction where the payment amount is transferred through bank account, debit/credit card, UPI or any other mode to the merchant directly, it is understood that there is no involvement of PA.

iii. Restriction on payment to other accounts

In its proposed amendment outlined in para 3.4 of the Regulation of Payment Aggregators (PAs) – DRAFT, the RBI aims to modify para 8.9.1.2 (b) of the Guidelines on Regulation of Payment Aggregators and Payment Gateways. This proposed change by the RBI introduces a restriction on transferring funds to any account other than the designated merchant account, even if such transfer is explicitly instructed by the merchant.

It’s worth noting that in case of an escrow account the PA holds the payment towards the benefit of the merchant. Ideally, being the beneficial owner, the merchant should possess full discretion over the utilisation and distribution of these funds. The RBI’s rationale behind suggesting such a modification without a clear rationale towards the risk that the RBI aims to mitigate, appears unclear and may seem to encroach upon the merchant’s autonomy regarding their funds

c.      Merchant Classification

The draft circular defines Merchant as ‘’Entities which sell / provide goods and services purchased by the customer which includes marketplaces’’

The Circular further provides for classification between the merchants into small and medium merchants on the basis of interface,turnover and GST registration of such entities.

Merchant ClassPhysical/ online interfaceBusiness Turnover (per annum)GST Registration
SmallPhysical (undertaking only face to face/ proximity transactions)  Less than Rs.5 lakh    Not registered    
MediumPhysical/online    Less than Rs.40 lakh    Not registered    
d.     KYC of merchants

The draft circular now provides for PAs to undertake Customer Due Diligence (CDD) of merchants  on-boarded by them as provided under KYC Directions , the instruction below shall be applicable three months from issue of such circular. The Due Diligence (DD) requirement is likely put forth by RBI in order to prevent the PAs to be used as a medium for money laundering or terrorist financing and ensure integrity of the merchants.

The PA may undertake DD of merchants following the underneath instructions:

  1. For Small merchants

PAs shall be required to undertake Contact Point Verification (CPV) and duly verify the bank account details in which funds of such merchants are settled.

  1. For Medium merchants

PAs shall be required to undertake CPV and also obtain one Officially Valid Document of the proprietor / beneficial owner / person holding attorney and verify one OVD of the business.

  1. For undertaking CDD through Video based Customer Identification Process (V-CIP)

PAs shall be permitted to take help of an agent facilitating the process of assisted  V-CIP only at the merchant end, while maintaining the details of the agent assisting the merchant, where services of such agents are employed.

e.     Ongoing monitoring requirements for merchants

Under the draft directions, PAs have been entrusted with crucial monitoring responsibilities, including the oversight of transaction patterns, activity, and the maintenance of risk-based payment limits for onboarded merchants. These obligations are likely suggested by the RBI to ensure that merchants on-boarded by PAs are not involved in money laundering activities. In the figure below, we delve into the manner in which these monitoring requirements can be adhered to by a PA..

*Based on the transaction pattern the merchant may be migrated to a higher category of CDD. Upon 

migration, the PA shall immediately undertake the additional due diligence of the merchant

The draft circular further bestows additional responsibilities to PAs to ensure that the marketplaces they bring onboard refrain from handling funds for services not provided through their platform. Additionally, they are required to display both the merchant’s (legal and brand) name and the PA’s names on web pages including payment confirmation pages/ charge slips within three months of the circular’s issuance.

PAs must continuously adhere to wire transfer guidelines outlined in the KYC Directions and non-bank PA must also register with the Financial Intelligence Unit-India (FIU-IND), providing requested information.

PAs shall ensure that they complete the DD process of their existing merchants in accordance with the  specified timelines in proportion to the percentage Contribution to Gross Processing value (GPV) of onboarded merchants whose due diligence has been completed.

The due date for completing the above DD process for all existing merchants is 30th September, 2025 and for existing PA-P service providers within a period of 12 months from the date of submission of application for authorisation.

(GPV refers to the total monthly value of successful transaction for that month processed by the PA for online and physical PoS merchants onboarded as of operational date.)

The draft circular requires quarterly reports to be submitted to the concerned Regional Office of RBI detailing progressive compliance for the same in the format as prescribed.

f.       Agents to PA

RBI proposes to permit non- bank PAs to engage agents to assist their merchants for onboarding subject to existence of a board approved engagement policy and thorough DD of such agents. Furthermore the PA shall bear the responsibility for all acts of omission and commission of the agent, ensure the preservation of records and customer information in both their possession and that of the agents. Regular monitoring of agent activities shall be made, including annual performance reviews for all engaged agents.

g.     Multiple PA

In case transactions are facilitated by two or more PAs, then these guidelines shall apply to all such PAs.

h.     Prohibition on storage of card data

Effective 1st August, 2025, PAs within card transactions/payment chain, for face-to-face / proximity payment transactions done using cards are prohibited from retaining any Card-of-File data.If data had been previously stored the same shall be erased from storage.

However for the purposes of transaction tracking and / or reconciliation, the PA may store limited data (i.e last 4 digits of the card number and the issuer’s name).The responsibility for ensuring the same has been bestowed upon the Card networks.

Conclusion

The RBI’s draft circular marks a significant step in regulating Payment Aggregators (PAs), extending oversight to offline transactions previously unaddressed. By aligning entry requirements for physical and online PAs, it promotes a level playing field. Notably, the revised definition of PAs encompasses both online and physical Point of Sale operations, ensuring comprehensive regulation. The proposal to allow common escrow accounts for PA activities underscores flexibility, yet clarity is needed regarding account closure implications. Exclusion of Cash-on-Delivery transactions highlights a clear boundary, while restrictions on fund transfers aim to safeguard merchant interests, albeit with potential implications on autonomy. The delineation of merchant categories and stringent KYC requirements emphasise compliance and integrity. Ongoing monitoring obligations aim to curb money laundering risks, with migration to higher due diligence tiers based on transaction patterns. The draft circular also permits agent engagement, enhancing operational efficiency with stringent oversight. Prohibition on retaining Card-of-File data enhances data security, with accountability placed on card networks. Overall, the draft circular outlines a comprehensive framework to regulate PAs, addressing offline transactions’ regulatory gaps while enhancing transparency and security in the payments ecosystem.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *