Guidelines released for 24X7 Digita...
In the Union Budget of 2022-23, an announcement was made to set up 75 Digital Banking Units (DB...
In the era of digitization, the financial services sector in India has disrupted traditional modes of dealing with customers. Customers prefer using mobile-based applications when compared to visiting banks. In the same way, payment intermediaries have evolved their operations with time. Payment intermediaries have taken over the working of the financial system in India.
Payment System intermediaries or payment intermediaries are companies and operators that facilitate the payment systems. They are the primary operator for payment systems in the country. In simple terms, a payment intermediary is a connector between the Merchant Bank and the customer. Previously, payment systems in the country were dependant on traditional banking services. With the evolution and digital lending, payment intermediaries have become more revolutionized. In the past, there was no regulation governing the operation of payment intermediaries and payment system intermediaries.
With the development of technology and finance, regulating payment systems is a crucial need for society. The Reserve Bank of India (RBI) came out with specific requirements for the operation of payment system intermediaries. This was considered in a white paper that was introduced in 2009 to facilitate the operation of payment system intermediaries.
The common topics stressed in the white paper were on Payment Gateways and Payment Aggregators. The existing regulation was not systematic regarding the operation of payment intermediaries. Furthermore, there is no clarity in this regulation. Market participants in the discussion were uncertain about the regulation. Lack of transparency in the payment system regulation does not provide scope whether payment intermediaries were regulated by limited means or by full means.
Because of this, the RBI brought out final guidelines for the operation of payment intermediaries. These guidelines were brought out on March 17, 2020. However, they have come into force in April 2020. Some of the recommendations in these guidelines were focussed on technological innovations.
A payment gateway is a software or API (Application Programming Interface) that acts as a link between two or more websites. Therefore, the payment gateway acts as a connection between two websites. Whenever an online transaction takes place, then the payment gateway comes into operation. In other words, the payment gateway is considered as an e-interface for carrying out payment transactions using the software.
Payment Gateway is considered more to be an online channel for carrying out financial transactions. According to the RBI, Payment Gateways are just entities that channel the funds using software without having access to the actual funds of the customer.
A Payment Gateway is merely a technological base for carrying out payment transactions on behalf of customers. Payment aggregators, in simple terms, are considered as a software back end operator. The operation is carried out by a company or a software firm. This is considered as a payment aggregator. For a payment aggregator, a merchant account has to be opened by the bank. Several merchant accounts can be opened for the payment aggregator. Apart from a merchant account, one Escrow account is opened.
If one escrow account is opened, then multiple merchant accounts are not required to be opened. The RBI enunciates the meaning of payment aggregator as a company that allows e-commerce and merchant sites to meet their payment obligations by carrying out various transactions. These transactions are carried out without having to create a payment integration system of their own. Therefore, payment aggregators play the role of handling funds of the customer. However, the payment gateway is not privy to handling funds of the customer.
On further interpreting the definition provided by RBI, two meanings can be devised for payment aggregator. The payment aggregator comes under the meaning of an e-commerce company. However, there is a separate regulation for payment intermediaries. Therefore if the RBI definition for payment aggregator is considered, then there are two separate meanings for the term payment aggregator, which would bring up dual regulation for payment aggregator.
The settlement of cash transactions works through the electronic process transactions system, which applies to intermediaries. The process of the payment aggregator is driven by technology, and this does not include systems where the customer provides cash for the delivery of payment services.
E-Commerce transactions for retail goods have the system where the customer can make payment using cash on delivery. However, this cannot be applied to payment systems. The use of cash on delivery for payment systems integration was also excluded in the discussion paper of the RBI. The above guidelines apply to payment intermediaries that cover both banking and non-banking companies.
Typically the individual who wants to incorporate a payment intermediary has to set up a company under the Companies Act 2013 or previous company law. Along with the incorporation documents, the company has to submit documentation such as a memorandum of understanding and articles of association to the Registrar of Companies (ROC). Apart from this, the payment aggregator has to also register with the RBI as per the Payment and Settlement Systems Act, 2007 (PSSA Act). Registration should be made on Form-A of the PSSA Act.
For starting a payment aggregator, the minimum net worth required for the company is 15 crore (for making a new application) and 25 crores (for existing payment aggregators). This requirement must be met by the end of the third financial year of March 31, 2023. According to the RBI in their discussion paper, initially, the working capital and net worth requirement of a payment aggregator was 100 crore. However, this amount has been reduced, considering the changing circumstances of finance.
To ensure that compliance is maintained regarding the above, a certificate from a statutory auditor is also required for the same.
The policies offered by the payment aggregator must be according to the norms which are prescribed by the board.
The following are the policies that can be considered by a payment aggregator.
Risk Management Policy
The payment aggregator has to also make sure a proper risk management framework is in place with the company. Payment Aggregators have to ensure that proper systems are present for reporting cybersecurity threats. Payment aggregators are not allowed to have credit card information or customer PINs stored on their servers.
Compliance with the KYC requirements
Payment aggregators have to maintain a database with the details of all merchants. Before taking a merchant, the payment aggregator has to ensure that merchants on boarded have Payment Card Industry-Data Security Standard (PCI-DSS) and Payment Application-Data Security Standard (PA-DSS) compliance. The payment aggregator also has to make sure that the grievance procedures followed are as per the RBI TAT. These procedures are similar to that of the grievance mechanism operated by NBFCs.
Like all entities, payment intermediaries such as payment aggregators are also required to report compliances under various laws.
The various compliances that have to be followed by a payment aggregator are as follows:
Therefore a payment aggregator operates as a medium between the merchant bank and the customer. One can say that the relationship which the payment aggregator maintains with the customer and the merchant bank is a tripartite agreement. The payment aggregator handles all payment transactions on behalf of the customers. The above compliances have to be reported by a payment aggregator.
The effect of the Covid-19 pandemic has severely affected the Indian economy. Covid-19 is taking a toll on the global economy and has caused widespread recession, which none have witnessed. Various regulatory authorities such as the Ministry of Corporate Affairs (MCA) and ROC have extended their deadlines for filing compliances. The income tax department has also taken this measure to extend submission of income tax returns.
The RBI has taken similar steps for extending the deadline for reporting compliances for payment intermediaries.
The extension of time is carried out for the following:
Due to the current situation of Covid-19, the RBI has extended the compliance reporting requirements. The following are the extensions made by the RBI:
|S.No||Institution of Applicability||Normal Timeline for Compliance||Extended Timeline for Compliance|
|1||Non-Bank PPI (When PPI-MD) is issued having a Net Worth of 15 crores. Financial position as of March 31, 2020||June 30, 2020||September 30, 2020|
|2||Non-Banking authorized entities have to submit a system audit report, which includes a cybersecurity report conducted by CERT-IN auditors. The CERT-IN report must be submitted within two months of the closing of the financial year to the office of DPSS, RBI.||August 31, 2020||October 31, 2020|
|3||Enhancing the security of card transactions||June 16, 2020||September 30, 2020|
|4||Turn Around Time and Customer Support requirement for refund transactions for authorized payment transactions.||24 March 2020||December 31, 2020|
|5||Guidelines are related to the operation and regulation of payment intermediaries and payment aggregators. The guidelines were supposed to come into force on April 01, 2020.||June 01, 2020||September 03, 2020|
The RBI has extended the time for reporting compliance for payment aggregators seeing the current scenario related to Covid-19. This is to ensure that payment aggregators follow compliances to avoid penalties by various regulatory bodies like the RBI.
Also, read: Guidelines mandated by RBI on Regulation of Payment Aggregators