GS Paper III

News Excerpt:

The Reserve Bank of India (RBI) has come out with draft guidelines for payment aggregators’ (PA) know-your-customer (KYC) requirements, due diligence of merchants, and operations of escrow accounts. 

What are the Payment Aggregators (PA):

• PAs are entities that facilitate e-commerce sites and merchants to accept various payment instruments from the customers for completion of their payment obligations.
• PAs unburden the merchants from creating a separate payment integration system of their own. 

What exactly are the norms about? 

• The existing guidelines cover the activities of PAs in e-commerce sites and other online avenues. 
• The latest draft guidelines propose to extend these regulations to offline spaces, entailing proximity or face-to-face transactions. 
• RBI observed back in June 2022 that the nature of activities carried out by the PAs, both online and offline, is similar. 
• It aspires to bring in “synergy in regulation covering activities and operations of PAs apart from convergence on standards of data collection and storage.”
• The proposed norms incorporate lessons from what happened this year with Paytm Payments Bank (PPBL).
• The PPBL crisis was triggered by, among other things, major irregularities in the bank’s KYC adherence.
• The Financial Intelligence Unit (FIU-IND) had imposed a penalty of ₹5.49 crore having found that PPBL “engaged in a number of illegal acts, including organising and facilitating online gambling.” 
• It added that the money generated from it was “routed and channelled through bank accounts maintained by these (illegal) entities” with the PPBL.
• With the expansion of the scope of operations of PAs, the RBI appears to be strengthening the ecosystem against any opacity.

Proposed RBI guidelines for payment aggregators:

• The primary focus of the guidelines is on non-bank PAs and within them, the offline extensions. 
  • Non-banking entities providing PA services at the point of sale (PoS), that is, offline, would have to inform the RBI within 60 days (after the circular is issued), about their intent to seek authorisation.
  • As for non-banking entities providing PA services online — both those authorised and whose applications are pending — would be required to seek approval, about their existing offline PA activity, from the Department of Payment and Settlement Systems and the regulator within 60 days of the directions being mandated. 
    • This would also apply to any authorised non-banking entity aspiring to enter the online and/or offline PA space in the future.
• Banks providing physical PA services would not require any separate authorisation from the RBI.
• They are only expected to comply with the revised instructions within three months after they are issued.
• The net-worth norms for PAs which facilitate face-to-face, or proximity payment transactions now need to have a minimum net worth of Rs 15 crore while applying to the RBI for authorisation. 
• They should have a minimum net worth of Rs 25 crore by March 2028.
• The RBI’s directions also stipulate that entities currently engaged in PoS activities must ensure they adhere to guidelines on merchant on-boarding, customer grievance redressal and dispute management, baseline technology recommendations, security, fraud prevention and risk management framework as per the previous framework within 3 months. 
• For entities that would require fresh registration, the RBI has said continued adherence to existing guidelines framed in 2020 would be viewed positively while processing the applications.

Changes in the KYC requirements:

• While KYC is already mandatory in the existing guidelines, the regulations seek to make the provisions more nuanced.
• The regulations aim to ensure that onboarded merchants do not collect and settle funds for services not offered on their platforms. 
• The RBI’s proposed instructions categorise merchants into small and medium merchants. 
• Small merchants would constitute physical merchants with an annual business turnover of less than ₹5 lakh who are not registered under the GST regime. 
• Medium merchants, defined as physical or online merchants with annual business turnover of less than ₹40 lakhs who are not registered under the GST.
• RBI has proposed that the PAs undertake ‘contact point verification’, that is, collect information physically to establish the existence of the firm. 
• They must also verify the bank accounts in which their funds are settled. 
• Medium merchants would also have to undergo contact point verification.
• The PA would be expected to establish their existence by verifying one official document each of the proprietor, beneficial owner or attorney holder, and of the stated business.
• The PAs must ensure that transactions undertaken by their merchants are in line with their business profile. 
• PAs must assign risk-based payment limits to the merchants. Based on their transaction pattern, the merchant could be migrated to a higher degree of due diligence.

Due Diligence:

• Stricter customer due diligence measures for payment aggregators have been proposed to ensure that only eligible merchants can access digital payment services.
• Besides, all PAs must join the financial intelligence unit (FIU) under the finance ministry to report any suspicious transactions.

Storage of card data:

• The draft regulations instruct that no entity, other than the card issuer and/or card network, can store data for proximity/face-to-face payments from August 1, 2025.
• All existing data stored by entities other than card issuers and card networks will have to be deleted.
• To track transactions and reconcile them, entities would be allowed to store limited data, that is, the last four digits of the card number and the issuer’s name.

Significance of the proposed changes:

• The draft guidelines are an important step towards having a consolidated unified regulatory view towards the merchants services space, by explicitly including aggregation of physical merchants along with online merchants.
• The amendments to the existing regulations provide clarity on several aspects including role of third parties, marketplaces, classification of merchants, multiple PAs, extension of risk/due diligence requirements to all merchants, etc. 
• Clarity in the regulations will also boost the PA ecosystem, improve digital trust and promote ethical practices.
• While the increased net worth requirements will raise industry standards, they also ensure a level playing field and enhance consumer protection.
• Experts are also of the opinion that it’s about time the industry realises the purpose of KYC, which is to prevent fraud, and not just provide ease of use.

Conclusion:

The RBI's proposed regulations are pivotal, reflecting the evolving dynamics of India's payment landscape. As offline payment aggregation increasingly becomes a complementary offering for many Payment Aggregators (PAs), these guidelines are quite timely.