Company Registration Compliances

Setting Up in GIFT City: Compliance Checklist for Payment & Fintech Entities 

GIFT City has designated itself as India’s global platform for international financial services, providing clarity for regulations, excellence in infrastructure, and cross-border flexibility. For the Fintech and payment entities looking to expand beyond the domestic borders, GIFT IFSC offers a compelling destination, with a unified regulator, innovation-driven frameworks, and attractive tax incentives.  

However, setting up in the GIFT City requires careful navigation of eligibility laws, licensing requirements, and governance standards. For this, you need a comprehensive checklist, provided in this blog to assist the payment and fintech entities to confidently set up and operate within the NBFC GIFT City. 

Introduction to GIFT City and IFSC 

The Gujarat International Finance Tec-City, also known as GIFT City, in Gandhinagar, Gujarat, is the first operational International Financial Services Centre (IFSC) in India. It was established as a Greenfield Smart City & Multi-Services Special Economic Zone to make India a global financial & technology powerhouse.  

As of December 2025, it (GIFT city) accommodates more than 1,034 entities in its registry, with 38 foreign banks with an aggregated asset base of more than $100 billion. The International Financial Services Centres Authority enables Onshore & Offshore Financial Services to flourish in innovative areas such as Banking, Capital Markets, Insurance, Fund Management, & Fintech, along with other areas.  

GIFT city provides a gateway to India’s “Ease of Doing Business” to world-class companies such as Google, JPMorgan, & HSBC to perform activities seamlessly across international boundaries, thereby propelling economic & employment growth in India. 

What is GIFT City & its role as India’s Premier IFSC? 

GIFT City, which stands for Gujarat International Finance Tec-City, has been notified as a Special Economic Zone since 2015. It is India’s first operational IFSC, spanning an area of 886 acres, located between Ahmedabad and Gandhinagar.  

The GIFT city hub is designed to function globally across finance and IT, presenting advanced infrastructure in utility tunnels, district cooling, and automated waste systems. Being the country’s first IFSC under the IFSCA Act, 2019, it is considered a gateway for international financial services, thereby onshoring global transactions and channeling capital flows into India.  

In 2025, GIFT city has made considerable progress across various global indices, ranking among the topmost reputational advantage and leading fintech positioning by hosting various sectors like banking, insurance, and aircraft leasing. 

Key Advantages for Payment and Fintech Entities 

The GIFT City provides huge advantages to the payment and fintech organizations. It includes tax holidays, exemptions, and ease-of-forex rules because of unified regulations by IFSCA. This provides a dynamic system for development through its Payments Services Regulations (2024) and TechFin Regulations (2025) for e-money, remittance payment services, and digital payment services.  

The organizations can also benefit from the regulatory sandbox system for experimentation, favorable schemes such as grants, and easy global connectivity. It also has over 60 registered fintech organizations with infrastructure for real-time settlement and can act as a landing spot for foreign organizations that aim at the international markets. 

An Overview of the Regulatory Landscape Under IFSCA 

The IFSCA is a unified regulator for GIFT IFSC, which came into force in 2020. It regulates banking, capital markets, insurance, and Fintech under the IFSCA Act, 2019. For payment and fintech entities, the main regimes are the Payment Services Regulations, 2024, on authorizations, net worth, and risk management, and the TechFin and Ancillary Services Regulations, 2025, for technology-enabled solutions in financial services.  

IFSCA promotes innovation through sandboxes, incentives, and global alignments. It enforces AML/CFT, cybersecurity, and consumer protection standards. Regular updates to the Master Circulars and consultations are issued to keep up to date with an ever-evolving and compliant ecosystem. 

Understanding Entity Types and Eligibility 

Under the IFSC in GIFT City, classification is based on services. Payment Service Providers require targeted IFSCA authorization in the context of the Payment Services Regulations of 2024. FinTech Entities are governed by generic regulations such as those under the TechFin Regulations of 2025. A net worth requirement applies to both domestic and foreign applicants. 

Fintech Entities vs. Payment Service Providers (PSPs) 

Fintech Entities operate within the IFSCA FinTech Entity Framework and TechFin Regulations, 2025. It enables technology-driven innovation within financial services, including supplementary as well as technology-driven solutions that support flexible authorizations for more extensive operations.  

Moreover, PSPs operate specifically within the IFSCA (Payment Services) Regulations, 2024, which require separate authorization for key operations. It involves cross-border transfer and e-money. PSPs also operate within more stringent net worth and settlement requirements. Meanwhile, fintech entities operate within a framework that offers incentives and sandboxes. RBI-regulated Indian entities demand separate IFSC entities for PSPs. More than 60 fintech entities are registered currently.  

Eligibility Criteria for Domestic and Foreign Applicants 

The following eligibility criteria outline regulatory, structural, and IFSCA compliance requirements applicable to domestic and foreign applicants seeking authorization is here. See the pointers given below:  

• Domestic applicants must be Indian companies, LLPs, or Fintech startups approved by DPIIT, with branches allowed in IFSC.  

• Foreigners with jurisdictions following FATF regulations can establish companies or branches.  

• Fit-and-proper directors, minimum net worth (for example, USD 250,000 or more for major PSPs), and SEZ incorporation are all mandatory.  

• Authorization under the 2024 regulations for PSPs is required but excludes banks/IBUs. 

• Applications processed using a single common application form, with strict vetting for foreign applications on capital/coll compliances. Over 152 applications processed in 14 foreign jurisdictions by 2025. 

Permissible Activities in Payment and Fintech Services 

Under the 2024 regulations, PSPs are allowed to offer cross-border money transfer services, issuing accounts, acquiring merchants, issuing e-money, and escrow services, largely for foreign currencies.  

Fintech entities, under the TechFin regulations, 2025, include embedded finance solutions, multi-currency wallets, and other auxiliary tech-related services for banks, insurers, and capital market businesses.  

Activities need to focus on international markets, while rupee transactions are restricted. Excluded are security transactions and transactions between groups that do not include any third parties. Even a non-resident business is a key factor for cross-border scalability. 

Role of Regulatory Sandboxes for Innovation 

The IFSCA Regulatory Sandbox allows fintech and payment entities to test innovative products in a current scenario with real customers under relaxed regulations for up to 12 months, extendable. Innovation Sandbox: Isolated testing with market data.  

It is perfect for new payment models, such as embedded finance or cross-border wallets. After going through the sandbox, most of them migrate to full-fledged PSP operations. This allows risk-managed experimentation, regulatory feedback, and global alignment. Applications include both domestic and foreign, essential for transitioning to full authorization under the frameworks of 2024/2025. 

Entity Setup Process 

The setting up of any payment or fintech entity in the GIFT IFSC is done by Incorporation in the SEZ, unit approval, and authorization from IFSCA.  

The basic steps would include renting office space, SEZ registration by filing Form F, Incorporation at MCA, and filing a Common Application Form with IFSCA.  

PSPs shall commence operations within 6 months, but extendable to a maximum of 3 months upon authorization under the Payment Services Regulations, 2024. 

Incorporation and SEZ Registration Requirements 

Find the incorporation and SEZ registration requirements given as pointers below:  

• Entities need to get office space in GIFT SEZ and a Provisional Letter of Allotment from the developer/co-developer.  

• Incorporate as a company limited by shares under the Companies Act, 2013, with the name having “IFSC” on it, through MCA.  

• File Form F with the Development Commissioner for approval of the SEZ unit, along with a project report and PLOA.  

• Execute the lease deed within 6 months along with Bond-cum-Legal Undertaking.  

• Foreign entities can establish subsidiaries or branches. The process has been simplified through the SWIT portal w.e.f. 2025. 

Obtaining IFSCA Authorization or Registration 

In the case of PSPs, obtain authorization under the IFSCA (Payment Services) Regulations, 2024, using the prescribed format (commonly the Common Application Form through the SWIT portal). Based on IFSCA’s assessment of aptness in terms of fit and proper persons, infrastructure, and readiness to comply, In-Principal Approval might be granted prior to Full Authorization. 

Fintech companies unfurl/change allegiance to TechFin and Ancillary Services Regulations, 2025. IFSCA issues a certificate after satisfying the requirements, warranting operational launch within 6 months, which is extensible. A separate entity must be introduced in RBI-regulated Indian companies. 

Minimum Capital and Net Worth Obligations 

Normal PSPs must have a minimum capital/wealth of USD 100,000 at the point of authorization, increasing to a total of USD 200,000 by the end of the third financial year. 

Large PSPs (classified if crossing certain levels of transactions, for example, USD 2-4 million per month) require a capital/wealth of USD 250,000 within 90 days of being categorized as such, increasing to a total of USD 500,000 at the end of the third year. Scheduled calculation for fintech companies based on 2025 TechFin Regulations. 

Required Documentation & Application Timeline 

The following pointers outline the documentation requirements, approval timeline, and operational commencement obligations applicable to authorized entities.  

• Important documents: Incorporation papers, MOA & AOA, PAN, Board Resolution, Project report, Fit & Proper Affidavits for directors, Net Worth certificate, infra details, & Business plan. 

• In Case of PSPs: Detailed payment services plan. Submit through the SWIT portal/ Common Application Form. 

• Timeline: SEZ approval takes 15-30 days, Incorporation takes 7-15 days, and IFSCA handling time varies (it takes months for scrutiny). Entities have to start business operations within 6 months after having received final authorization to operate, extendable for 3 months. 

• Total setup time: 4 to 8 months in general, quick in case of non-PSP involvement with standard structures and complete documentation.  

Licensing and Authorization Framework 

GIFT IFSC’s licensing regime, controlled by IFSCA, makes a clear division between Payment Service Providers (PSPs) subject to approval for licensing under the Payment Services Regulations of 2024 and Fintech entities in general, as updated by the 2025 consultations on the 2022 Framework.  

While licensing is necessary for basic services of PSPs, licensing in the form of registration, sandboxes, or other incentives are provided to encourage innovation in cross-border financial services by fintech entities. Registering an NBFC in Gift City is profitable in current scenario.  

IFSCA (Payment Services) Regulations, 2024: An Overview 

Notified in January 2024 and brought under one umbrella in April, the IFSCA (Payment Services) Regulations, 2024, facilitate non-banking entities in the IFSC for the predominant foreign currencies for the purpose of offering payment services. Some of the key features under this regulation include authorisation, net worth, safeguarding of client funds, governance, and adherence to the principles of AML/CFT. 

Categories of Payment Services (e.g., Cross-Border Transfers, E-Money, Escrow) 

The 2024 Regulations list the following as the categories of regulated services: 

• Cross-border money transfers (receipt/sending of payments related to inward/outward money transfers). 

• Issue of accounts (payment accounts used for transactions) 

• Issue of e-money (prepaid payment instruments used for making payments). 

• Escrow services (money held in escrow used for making transactions) 

• Payment facilitation services (facilitating payments to acceptors). 

These are mainly aimed at non-residents and foreign currency and provide seamless international payments, with the exclusion of rupees in the domestic market. 

Fintech Entity Framework and Incentive Schemes 

The Framework for FinTech Entity of 2022 recognizes entities for technological innovations in banking, insurance, and capital markets, with limited use of support services. The progressive consultative approach (drafts of the TechFin Regulations in 2025) enhances the scope.  

The IFSCA’s FinTech Incentive Scheme of 2022 provides grants for the specified amount for sandboxes, accelerators, and Proof of Concepts for developing scalable innovations at GIFT IFSC for startups, as well as the global community. 

Transition from Sandbox to Full Operations 

IFSCA’s Regulatory Sandbox allows scaled live experimentation in a reduced regulatory setting up for a maximum period of 12 months, extendable, while the Innovation Sandbox facilitates disconnected data-driven experimentation. Successful participants leave with regulatory feedback and can apply for full regulatory authorizations and PSPs under the 2024 Regulations or the Fintech Entities using Frameworks. 

Anti-Money Laundering (AML), KYC, and Risk Management 

Anti Money Laundering (AML), Know Your Customer (KYC), and risk management are essential concepts in the financial industry to combat money laundering, terrorism financing, and related issues.  

AML refers to policies and procedures to identify and prevent money laundering. At the same time KYC verifies the identity of customers, and risk management takes a risk management approach to identify and mitigate possible risks. 

IFSCA AML/CFT Guidelines and Compliance Obligations 

The Anti Money Laundering, Counter-Terrorist Financing, and Know Your Customer Guidelines, 2022, have been released by the International Financial Services Centres Authority (IFSCA). This is applied to all regulated entities in the IFSCs, such as the GIFT City.  

The guidelines follow a principles-based structure where entities must nominate a Principal Officer and a Designated Director, register on FINGate for the reporting process, carry out enterprise-wide assessments on money laundering and terrorist financing risks, and formulate AML/CFT policies.  

All these must be endorsed by the senior management, establish and maintain internal controls, provide employees with training, maintain records, and adhere to targeted financial sanctions in the UN lists and national laws.  

Also, entities have to screen for prohibited relationships, freeze related assets as per the regulation, and align with the Prevention of Money Laundering Act (PMLA). The updated guidelines make it mandatory to have certifications from the chief personnel. 

Client Due Diligence and Ongoing Monitoring 

The Client Due Diligence (CDD) consists of identifying and verifying customers and beneficial owners, understanding the nature of business relationships, including the obtaining of KYC records and risk profiling.  

Simplified Due Diligence in the case of low-risk clients or Enhanced Due Diligence in the case of high-risk clients, including PEPs, is applied. In the case of residents of India, upload to the Central KYC Registry; in the case of foreign nationals, maintain internally.  

Ongoing monitoring consists of scrutinizing transactions to ensure they are consistent with the client profile, updating information periodically or whenever a trigger event occurs, and reviewing the risks at least once every two years. Digital KYC processes are permissible. Reliance on third parties is allowed under strict conditions. By doing so, continued vigilance against ML/TF risks is ensured throughout the continuance of the relationship. 

Risk-Based Approach and Suspicious Transaction Reporting 

IFSCA prescribes its entities on a Risk-Based Approach (RBA) to identify ML/TF risks associated with customers, geographies, products, services, transactions, and delivery channels. Make overall entity and customer-level risk assessments approved by the board at least once every two years or when there is a material change.  

Resource allocation shall be proportional to the risks identified, using intensified approaches for high-risk opportunities. Suspicious Transaction Reporting (STR) involves early identification of suspicious transaction flags pointing towards extraordinary patterns not aligned with customer profiling.  

This information has to be reported through FINGate to FIU-IND without tipping off the customer. Entities must develop internal procedures for detection and strong governance. 

Cybersecurity and Data Protection Requirements 

The IFSCA AML/CFT Guidelines emphasize the importance of strong cybersecurity measures to protect KYC data against breaches that might facilitate financial crime. This approach requires financial entities to establish secure storage and recovery of customer information. There is also a requirement for confidentiality and protection against any malicious interference and cybersecurity risks.  

The provision of staff training on handling customer data, as well as compliance audit checks to ensure controls are in place, is also required. In the context of technological KYC and reliance on third-party sources, entities are expected to transmit and store this information securely. 

Governance, Operational, and Reporting Compliance 

IFSCA AML/CFT Guidelines for governance, operation, as well as reporting compliance, make it mandatory for regulated entities to implement effective internal controls, designate key personnel, formulate policies endorsed by the highest level of management, carry out independent audits, provide training for employees, and maintain respective records. It is mandatory for entities to submit suspicious transaction reports to FIU-IND and comply with periodic reporting. 

Appointment of Key Personnel (Compliance Officer, Principal Officer) 

Regulated entities require a senior management-level Principal Officer. This officer is responsible for AML/CFT compliance functions, including AML/CFT monitoring, AML/CFT reporting of suspicious transactions to FIU-IND, and compliance with guidelines. 

A Designated Director also looks after overall compliance. However, on a recent requirement, both must undertake the NISM-IFSCA AML/CFT certification course. A day-to-day operation can be handled by another officer as the Compliance Officer. 

Internal Policies, Audits, and Governance Structure 

AML/CFT policies, procedures, and controls must be developed by entities that are approved at the board or executive management level. This involves risk assessment, CDD, ongoing monitoring, and AML/CFT reporting.  

To ensure effectiveness, there is an independent audit function that tests these measures. A well-governed AML/CFT program requires oversight at the executive management level, employee training, and effective internal controls. 

Quarterly and Annual Reporting to IFSCA 

While the initial reporting on suspicious transactions is handled by FIU-IND through the FINGate, the regulated entities in IFSC are required to submit their periodic compliance reports to IFSCA as stipulated in sector circulars, either on a quarterly basis for operations and compliance, or annually for audits/certifications. The entities are also supposed to provide data on the implementation of AML/CFT. 

Client Fund Segregation and Settlement Guidelines 

Regulated firms, especially those considered intermediaries such as portfolio managers, broker-dealers, and fund managers, are expected to hold clients’ money and securities separate from their own. This scenario ensures that clients’ money is not mixed. Best settlement practices promote safe and timely processes involving reconciliation, risk, and IFSCA governance. 

Tax Compliance and Incentives in GIFT City 

Taxation in GIFT City is structured to prosper global financial markets while reducing regulatory ease burdens. This is because business entities in this city will benefit from a streamlined tax system, attractive incentive schemes, and compatible global regulatory standards.  

Adherence to set standards in income tax, GST, and transfer pricing will be vital in deriving desired incentives and avoiding any disagreements. 

Key Tax Benefits and Exemptions 

This GIFT City provides various tax exemptions to eligible persons, making it an attractive destination as a financial hub. This includes income tax exemptions on business profits for a specified period, minimum alternate tax, as well as exemptions on dividend distribution tax.  

There can also be exemptions on securities transaction tax, commodity transaction tax, and stamp duty while dealing with approved business activities. Non-resident persons are allowed exemptions on capital gains tax on specific transactions, thereby making cross-border investments efficient. 

Filing Obligations and GST Considerations 

The fintech entities operating in GIFT City are mandated to file their mandatory filings under Indian taxation law, notwithstanding the tax incentives. The income tax return and audit reports have to be filed on time.  

From the GST perspective, GIFT City has a special economic zone that enables zero rating on supply activities. The filing and submission of the GST return is essential and mandatory to avoid any implications. 

Transfer Pricing for Related Party Transactions 

Transfer pricing involves determining Transfer pricing regulations apply to GIFT City entities involving any related party transaction, including across-border transactions. These would require compliance with the arm’s length price requirement, ensuring that pricing is in line with market principles. Entities must document their transfer pricing compliance in detail, with the filing of accountant statements being mandatory in applicable cases. Advance pricing agreements or safe-harbor provisions would help minimize risks. 

Final Words: Compliant Checklist for Setup in a GIFT City 

GIFT City has proven to be an astutely chosen gateway destination for payment and fintech companies wanting to expand their operations on a global scale with regulatory clarity and ease of operations.  

With a single regulator in IFSCA, well-structured authorisation regimes, innovation-friendly sandboxes, world-class AML/CFT frameworks, and tax incentives, the IFSC establishes a harmonious framework for growing business.  

Nevertheless, to grow and establish themselves as operational in GIFT City, companies will have to plan thoughtfully with regard to structuring, authorisation, governance, taxes, and ongoing reporting requirements. To get expert support in meeting the compliance requirements, visit Enterslice. 

Frequently Asked Questions About GIFT City Compliance for Payment & Fintech Entities