On 17 September 2019, RBI released its 'Discussion Paper' on framing regulations for Payment Gateways and Payment Aggregators'. Discussion Paper is placed on RBI's website inviting comments from stakeholders. Discussion Paper will lead to framing of comprehensive regulations covering payment gateways and aggregators. In Part I of this Article we examine the regulatory approaches that RBI has discussed.


Payment gateways and aggregators are critical intermediaries in digital payments ecosystem. They act as a bridge between customers and merchants by offering e-payment collection and settlement. Some known payment gateways/intermediaries operating in India are – Paypal, Citrus, Razorpay and Instamojo etc.

Current RBI Regulatory Framework | Under Payment and Settlement Systems Act, 2007

Umbrella legislation to regulate payment and settlement systems in India is the Payment and Settlement Systems Act, 2007 (PSS Act). This Act prohibits any entity from operating payment systems unless authorised by RBI.

As early as 2009, RBI recognized the need to safeguard customer confidence and ensuring that electronic/digital payments are duly transmitted to merchants without undue delay. With this objective, in November 2009 RBI passed directions under PSS Act (Intermediary Circular). Through this Circular, RBI extended its regulatory oversight, albeit indirect, by requiring payment intermediaries to open Nodal Accounts which allowed only permissible debits and credits and also prescribed max T+3 settlement period for passing credit to merchants.

For almost a decade, payment intermediaries could avail 'Safe Harbour' under PSS Act by ensuring compliance with Intermediary Circular.

Need for new RBI Regulatory Framework

Seeing rapid innovation, expanding fintech and e-commerce activities RBI has considered it opportune to review extant regulatory framework and evaluate whether a regime of direct regulation is required. RBI has observed stress points as under.

Source of Risk Payment intermediaries operate highly intensive technology and customer business. Inadequate governance can impact customer confidence
Customer Grievance Customers having limited access to payment intermediaries, are invariably pushed to relying on merchants or banks for grievance redressal
KYC, Data Privacy Payment intermediaries handle sensitive customer data. Hence, KYC, data privacy acquire importance from security and customer confidence

Proposed Regulatory Framework

RBI is contemplating three (3) options for regulating payment intermediaries.

Existing Framework Limited Regulation Full and Direct Regulation
Continue operations in compliance with Intermediary Circular Payment Intermediaries to follow norms:
  • Minimum Net-worth
  • Merchant On-boarding
  • Settlement Timelines
  • Escrow Account
  • Phased Licensing
  • Off-Site Monitoring
Payment Intermediaries required to obtain License from RBI under PSS Act
Licensing Authorisation from RBI under PSS Act required
Capital Requirement Minimum Net-worth of Rs. 100 crores
Governance 'Fit and Proper' eligibility for Promoters Nodal Officer for Customer Grievances Comprehensive disclosure on merchant policies, pricing, customer Anti-Money Laundering
  • Intermediaries must be a company registered in India
  • Existing Intermediaries must comply within 1 Year
  • Entities not meeting Minimum Capital shall wind up aggregation business within 1 year
  • Cannot charge Merchant Discount Rate burden to customers
  • Cannot invoke ATM PIN to authenticate Card Not Present' transactions

In a hint signifying transition to Full and Direct Regulation, RBI has cautioned e-commerce marketplaces to segregate payment gateways and aggregation services from their primary business within three months. Since e-marketplaces' primary business does not fall within RBI's regulatory ambit, in case regulatory prescriptions for payment aggregators are issued, they would end up being subjected to dual regulation.

Part II of this Article will cover critical issues – impact on existing payment intermediaries, Online Payment Gateway Service Providers (OPGSPs), Merchant Discount Rate (MDR) etc. - that Full and Direct Regulation approach will impact.

30 September 2019

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.