Recently the Reserve bank of India released a notice on Compliance functions in Banks and the r...
Given the rise in popularity of online financial transactions in recent years, spurred by the Internet, the role of intermediaries that support such online payment transactions has become critical. These intermediaries (Payment Aggregators and Payment Gateways) function as a channel between merchants and customers, facilitating the collection and settlement of online payments and creating a critical link in the payment infrastructure. Given the lack of clear rules governing the operations and governance of such intermediaries, the RBI recognized the need to evaluate and enhance the existing set of guidelines to address evolving demands and the rising function and position of such intermediaries.
Considering the importance of such intermediaries in the online payments industry, as well as their role in processing money, the RBI decided to regulate the operations of PAs in their totality in its ‘Guidelines on Regulation of PA and PG’, issued on March 17, 2020. It also supplied PGs with baseline technology recommendations under the PSSA.
On March 31, 2021, the RBI provided certain clarifications on the aforementioned PA/PG Guidelines of March 17, 2020, as well as a six-month extension of the period for non-bank PAs, i.e., until December 31, 2021, to allow payment system providers and participants to implement workable solutions in relation to non-storage of customer card credentials (March 31 Clarification). Some of the important clarifications given by RBI in this regard are discussed in this article.
Non-bank companies providing PA services must seek RBI authorization under the PSSA, according to the PA/PG Guidelines. The approval requirements are based on the intermediary’s involvement in the finances.
According to the current guidelines, organizations seeking PA authorization must apply to the RBI in the appropriate form on or before June 30, 2021. Furthermore, PAs have been urged to follow technology-related suggestions outlined in the PA/PG Guidelines.
Furthermore, the PA/PG Guidelines state that e-commerce platforms that offer PA services will not be permitted to continue doing so beyond the June 30, 2021, deadline. If they want to pursue this activity, they must separate it from the marketplace operation and seek authorization by June 30, 2021.
As a result, to the extent that an intermediary is acting as a participant in the fund flow by (a) pooling funds from customers into an account and (b) instructing relevant banks to debit funds from such accounts to settle transactions with merchants, the intermediary must apply for a PA registration with the RBI within the specified timelines.
The March 31 Clarification clarifies that the PA/PG Guidelines will not apply to ‘delivery v. payment’ transactions, i.e., the delivery of goods/services immediately/ concurrently with the completion of payment by the client. Having stated that, the components of the transaction in which an advance payment is made for products that will be delivered in a postponed manner will continue to be governed by the PA/PG Guidelines regime.
The PA/PG Guidelines require PAs to transition from the previous ‘nodal account’ model to a maximum of two escrow accounts with scheduled commercial banks. However, the March 31 Clarification emphasized that until the current organizations acquire PA authorization, the applicant may: (a) continue to keep their nodal accounts until June 30, 2021, or (b) transfer to an escrow account from an earlier date as well. To provide bankruptcy protection, the escrow accounts are to be regarded as a “designated payment method” under Section 23A of the PSSA, which recognizes the first and foremost charge of consumers on the amounts under such accounts, thus protecting them.
Furthermore, no interest shall be paid by a bank on balances maintained in such escrow account, unless the PA enters into an agreement with the bank with whom the escrow account is kept to transfer the ‘core portion’ of the amount in the escrow account to a separate account on which interest will be paid. Also, the March 31 Clarification adds that if the bank can demonstrate that an entity’s nodal account has been transferred to an escrow account in accordance with the new instructions, the bank can include the balances in existing nodal accounts of PAs for calculating the ‘core portion.’
In addition, the March 31 Clarification, which allows for greater flexibility in settlement timelines, i.e., the ability to have different settlement timelines based on merchant agreements, as well as the ability to earn interest on the ‘Core Portion,’ is a positive step towards expanding PA monetization options.
The amended regime would have an impact on merchants’ and payment processors’ capacity to save consumer card details and other associated data in their databases. As previously stated, the RBI has extended the deadline for non-bank PAs until December 31, 2021, in accordance with the March 31 Clarification, to allow system providers and participants to implement workable solutions for the non-storage of customer card credentials on the databases/servers of PAs or merchants.
Solutions may incorporate ‘tokenization’ within the scope of the March 17, 2020, PA/PG Guidelines, as well as the January 8, 2019 RBI circular on ‘Tokenisation – Card transactions.’ Further, the March 31 Clarification specifies that merchants, aside from retaining restricted data for the purpose of transaction tracking (in accordance with relevant standards), are not permitted to hold payment data, regardless of whether they are PCI-DSS compliant or not.
Upon authorization, the PAs must comply with the data storage rules that apply to ‘payment system operators’ (PSOs). Through its announcement dated April 6, 2018 (Data Localization Circular), the RBI has imposed data localization rules, directing all PSOs to guarantee that data connected to payment systems controlled by them is stored exclusively within India. This data set contains the whole end-to-end transaction details/information collected, carried, or processed as part of the message/payment instruction.
The PA Guidelines establish severe minimum-net-worth standards that, if not met, will force the relevant corporation to discontinue its payment aggregation operation. To that end, the RBI clarified in the Notification that for existing non-bank PAs, a certificate from chartered accountants demonstrating compliance with the applicable net-worth requirement (as of March 31, 2021) will be required to be submitted to the RBI at the time of application for authorization.
The RBI has reaffirmed that newly created non-bank firms that do not have an audited statement of financial accounts can provide the appropriate certificate from their chartered accountant detailing the current net-worth along with a provisional balance sheet. The RBI has also said that businesses that do not have the necessary net worth as of March 31, 2021 (applicable to current non-bank PAs) would be obliged to discontinue their payment aggregation operation.
The PA Guidelines required banks that maintained such businesses’ nodal/escrow accounts to monitor and report compliance with the net-worth requirement. However, the RBI clarified in the Notification that banks managing the escrow account(s) are not required to monitor the PA’s net worth.
The PA must be properly managed, and the applicant’s promoters/promoter group must meet the RBI’s ‘fit and suitable’ requirements. The applicant’s directors must additionally provide a statement of their “fit and proper” status in the prescribed manner.
In addition, the applicant must adhere to the applicable regulatory framework and prescribed safeguards in relation to AML (anti-money laundering), including settlement and escrow accounts, redressal of client grievances, management of disputes, prevention of frauds, security and risk management, periodic reporting to the RBI, merchant monitoring, and merchant onboarding.
Given India’s rapidly expanding payment ecosystem, the PA/PG Guidelines appear to be a reasonable next step in the RBI’s strategy of actively regulating and unifying the payment aggregator industry. The rules, which are aimed at addressing systemic and consumer risks and concerns, would guarantee that the country’s digital payments industry grows at a healthy rate.
Read our article:RBI announces Revised Regulatory Framework for NBFCs