ARTICLE
18 April 2024

Regulating Payment Service Providers In The IFSCA: A Primer

I
IndusLaw

Contributor

INDUSLAW is a multi-speciality Indian law firm, advising a wide range of international and domestic clients from Fortune 500 companies to start-ups, and government and regulatory bodies.
The International Financial Services Centre Authority, the sole regulator in India's first International Financial Servies Centre, namely, the Gujarat International Finance Tec-City, has been set up with the intent of establishing a holistic regulatory ecosystem in GIFT City.
India Technology
To print this article, all you need is to be registered or login on Mondaq.com.

A.INTRODUCTION

The International Financial Services Centre Authority ("IFSCA"), the sole regulator in India's first International Financial Servies Centre ("IFSC"), namely, the Gujarat International Finance Tec-City ("GIFT City"), has been set up with the intent of establishing a holistic regulatory ecosystem in GIFT City. Through a unified regulatory approach, it has encouraged and allowed several fintech companies to seamlessly set up and commence business in the GIFT City, enabling them to cater to customers across the globe without being subject to an array of regulations from multiple regulators.

On the back of such exponential growth in the number of entities setting shop in the GIFT City, and multiple IFSC sandbox projects (predominantly composed of payment system providers) being on the brink of entering the operational phase, a robust payment system regulatory framework had become the need of the hour. To address this, the IFSCA has now issued the IFSCA (Payment Services) Regulations, 2024 ("IFSC Payment Regulations"), which serves as a comprehensive legal framework to govern and regulate payment systems in the GIFT City. Through this article, we will deep dive into the provisions of the IFSCA Payment Regulations to understand key aspects of the regulations as well as the impact of the regulations on the payment service providers.

  1. OVERVIEW OF THE REGULATION

The IFSCA under the International Financial Services Centres Authority Act, 2019 ("IFSCA Act") has the power to regulate financial services, which includes, payment services. The IFSCA issued a consultation paper with a draft framework on payment services seeking inputs and feedback from industry bodies and various stakeholders. Post the consultation process, after taking into account stakeholder comments and concerns covering aspects including the need for a comprehensive risk management framework, the IFSC Payment Regulations was introduced. IFSC Payment Regulations lays down procedures essential for regulation of a payment system in the IFSC and covers several key aspects that are silent in the PSS Act, which are detailed below.

I.Applicability. The IFSC Payment Regulations apply to all entities that are desirous of providing payment related services in or from the IFSC. An entity is not permitted to provide payment services in IFSC without obtaining an authorisation from the IFSCA. II.Type of payment service provider. The IFSC Payment Regulations categorises payment service providers into two classes: (A) regular payment service provider; and (B) significant payment service provider (each herein after referred to as a "PSP" and collectively referred to as "PSPs"). Any applicant that has acquired authorisation under the IFSC Payment Regulations to provide payment services, is a regular PSP. In addition to satisfying such conditions, a regular PSP will be recognised as a significant PSP, upon satisfaction of certain additional conditions as discussed in ensuing paragraphs.

III Payment services. The IFSC Payment Regulations allow PSPs to offer 5 (five) forms of payment services as specified below:1

  • Account issuance service: In this form of service, a PSP shall issue a payment account to a payment service user, irrespective of whether such user is situated in IFSC or outside IFSC. The PSPs providing account issuance services shall also provide services in relation to operating the payment accounts to enable payments to be made into the payment account as well as to allow users to make withdrawals from payment accounts. A PSP is also allowed to issue both, virtual and physical payment accounts.2 Any e-wallet issued by a PSP cannot hold Indian Rupee (INR) in any form, it can only hold currencies such as United States Dollar (USD), Euro (EUR), Great Britain Pound (GBP) and any other currencies specified by the IFSCA.3 E-wallets issued by a PSP are also prohibited from storing any cryptocurrencies or stablecoins.4
  • E-money issuance service: A PSP issuing e-money for payment transactions is said to be performing e-money issuance service. For the purpose of the IFSC Payment Regulations, e-money refers to a monetary value denominated in a specified foreign currency, representing a claim that has been already paid in advance and is acceptable by a person other than the issuer. PSPs providing e-money issuance service are not permitted to use the funds for financing services or permit withdrawal of cash equivalent to e-money.
  • Merchant acquisition services: This form of service is restricted to providing payment aggregation services to merchants, allowing them to facilitate different modes of payments to their customers. This also includes settlement of funds from issuing entities to the merchants. However, payment gateway services have been excluded from the scope of these services. Additionally, any payment transaction should only be undertaken pursuant to an agreement between the PSP and the merchant, irrespective of whether the PSP receives any money in respect of a payment transaction.
  • Escrow services: This form of services refers to arrangements wherein funds are held by a PSP in an escrow account with an IFSC Banking Unit ("IBU") or an IFSC Banking Company ("IBC") on behalf of two parties that are in the process of completing a transaction. Any PSP providing escrow services to other PSPs may hold escrow accounts with multiple banks for providing such services to the PSPs.5
  • Cross border money transfer service: Cross-border money transfer services includes transmission of money from a person in IFSC to anyone outside IFSC and receiving money from any person outside IFSC for transferring such money to a person situated in or outside IFSC. Additionally, this service also includes transfer of money from a person in the IFSC to a person in any other country including India.6
  • Services that do not qualify as payment services: The IFSC Payment Regulations have specifically excluded certain payment services from its scope, which inter alia, includes: (a) securities assets transaction services; (b) any transaction concluded via instruments including a cheque, cashier's order, dividend warrant or demand draft; (c) transaction between a subsidiary and holding company or vice versa, without any involvement of a payment service providers except the group entities; or (d) transportation of a currency.7

IV Authorisation requirements. To obtain an authorisation from the IFSCA to provide payment services, an applicant will be required to fulfil certain requirements prescribed under the IFSCA Regulations as provided below:

  • Nature of the entity: It will need to be an incorporated company with its registered office in GIFT City.
  • Fit and proper criteria: It needs to ensure that all of its directors, key managerial personnel or any other persons exercising control over it fulfils the 'fit and proper" criteria prescribed under the IFSC Payment Regulations.8
  • Minimum net-worth requirements: IFSC Payment Regulations prescribe distinct minimum net worth requirements for regular and significant PSPs as provided below:
  • Regular PSP: A regular PSP should have a minimum net worth of USD 100,000 (United States Dollars One Hundred Thousand) at the time of making the application. Further, by the conclusion of the third financial year from the year of commencement of its business, it must have a minimum net worth of USD 200,000 (United States Dollars Two Hundred Thousand).
  • Significant PSP: A significant PSP should achieve a minimum net worth of USD 250,000 (United States Dollars Two Hundred Fifty Thousand) within 90 (ninety) days of being designated as a significant PSP. Additionally, it should also have a minimum net worth of USD 500,000 (United States Dollars Five Hundred Thousand) by the end of the third financial year from the year of designation as a significant PSP.

It may be noted that the IFSCA upon review may also make adjustments to the minimum net worth requirements, as needed, to address emerging risks and changes in the financial landscape in a PSP operates. Requirement of additional net worth, if any, has to be satisfied by the PSPs within a period of 180 (One Hundred Eighty) days from the date of communication received by such PSP from the IFSCA.

  • Additionally, the IFSCA may also evaluate an application for authorisation to operate as a PSP, basis considerations including appropriate infrastructure9, financial standing10 and relevant experience of the persons part of the PSPs in the activities that they seek to undertake11. If the IFSCA is satisfied that an applicant has prima facie fulfilled the above requirements, it will issue an in-principle authorisation to the PSP.
  1. Major obligations. A PSP that has received authorisation from the IFSCA must inter alia ensure the following:
  • Commencement of operations: it should commence its operations within 6 (six) months of obtaining the certificate of authorisation.12
  • Risk-based framework: it should have in place a risk-based framework to ascertain the critical nature of any services that they intend or might want to receive from a third-party service provider.
  • Compliance with applicable laws: it must comply with all the applicable laws including the Prevention Money Laundering Act, 2002, the Foreign Exchange Management Act, 1999 and International Financial Services Centres Authority (Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022.13
  • Information technology security policies: it should protect its information technology systems and outline the security policies and process for protection of such system.
  • Grievance redressal: it should deploy its employee at its permanent place of business or registered office in IFSC to address any queries, complaints or grievances raised by users, within a period of 30 (thirty) days from receipt of a complaint or a grievance.14 It is responsible to ensure that its users have access to one or more channels for lodging complaints including an online or paper-based form, physical office, mobile application or through call centres.15
  1. Significant Payment Service Provider. To operate as a significant PSP, in addition to satisfying all the conditions imposed on a regular PSP, an applicant or a regular PSP should also meet any one of the following additional thresholds:
  • if it carries on a business of providing one or more of the payment services (other than e-money account issuance service), and the monthly average of the total value of all payment transactions that are accepted, processed or executed over a calendar year exceeds: (a) USD 2,000,000 (United States Dollars Two Million), for any one of the payment services (other than e-money account issuance service); or (b) USD 4,000,000 (United States Dollars Four Million), for two or more of the payment services (other than e-money account issuance service);
  • if it intends to carry or already carries on a business of providing an e-money account issuance service and the average daily value of all e-money that is stored in any payment account issued by such PSP exceeds USD 3,000,000 (United States Dollars Three Million) over a calendar year; and
  • if it carries on a business of providing an e-money issuance service and the average daily value of the total value in one day of all e-money that is intended to be issued or have been issued exceeds USD 3,000,000 (United States Dollars Three Million) over a calendar year.

VII. Safeguarding money received from a user. PSPs engaged in (a) cross-border money transfer service; (b) merchant acquisition services; or (c) payment services prescribed by the IFSCA, are required to ensure that the funds received from a user should be deposited by the next day with a safeguarding institution (being IBU and IBC).16 Similarly, a PSP performing e-money issuance service is also required to deposit any funds received from or on account of the user with a safeguarding institution.17 The safeguarding institution will be accountable to the customer if the funds have been furnished to it through an undertaking.18

The PSPs should also hold funds for different payment services performed by them in separate escrow accounts. All of such escrow accounts should be opened with an IBU. The escrow account can inter alia only be debited for services to be obtained by the user, payment to IBU, refunds for cancelations, taxation related payment or loading or reloading of balances.19 Any credit to such escrow accounts shall be permitted only for amounts received for issue, loading or reloading of e-money wallets and for any refunds for failed or disputed or returned or cancelled transaction.20 Additionally, the balance in an escrow account associated with e-money issuance services should not be lower than the outstanding value of the e-money to be issued or any due payments to the users.21

CONCLUSION

A critical reading of the PSS Act reveals several limitations, particularly in envisaging the complexities of digital payments and robust risk management mechanisms. By mandating payment system providers to institute comprehensive risk management frameworks tailored for the digital landscape, the IFSCA has set a new benchmark for regulatory governance. At the same time, drawing insights from the PSS Act, the IFSCA aims to bridge existing regulatory gaps effectively while ushering in a new era of financial stability and innovation within the IFSC ecosystem.

By fostering a diverse array of payment services and aligning with global benchmarks, the IFSC Payment Regulations position the IFSC as a beacon for seamless financial operations for both domestic and international fintech players, empowering them to thrive within the IFSC ecosystem.

Indian fintech entities, aiming for global expansion, may find solace in the IFSC Payment Regulations. With the IFSC as their launchpad, these entities can extend their reach to jurisdictions worldwide, amplifying the global footprint of Indian fintech sector. However, the journey will not be without challenges, as compliance burdens and operational complexities loom large. A notable challenge arises for Indian fintechs that are already regulated by the Reserve Bank of India ("RBI") as PSPs. They must traverse the intricate regulatory landscape of both the RBI and IFSCA. This entails establishing a separate entity within the IFSC, obtaining requisite registrations, and adhering to regulatory mandates such as maintaining net-worth, security deposits, and KYC and other security standards under both the RBI frameworks and IFSC Payment Regulations, within the same group entity. The cumulative burden, coupled with the associated high governance costs, presents a formidable challenge for these entities, creating an uphill battle.

Separately, with the recent introduction of the Regulation of Payment Aggregator – Cross Border notified on October 31, 2023 (PA-CB framework), Indian fintechs, subject to authorisation, are now permitted to facilitate cross-border payments. Similarly, considering that IBUs and IBCs in IFSC can facilitate cross border payments through an escrow mechanism, the need for similar provisions under IFSC Payment Regulations from Gift City warrants thorough evaluation. That said, the introduction of cross-border e money services for payments related to goods or services appears to be a favorable development, offering Indian fintechs a pathway that was previously restricted under the RBI framework for PPIs.22

In conclusion, the IFSC Payment Regulations establish a new benchmark for regulatory governance, requiring robust risk management frameworks tailored to the digital realm. Yet, the path to seamless implementation and alignment with the evolving payment framework demands meticulous scrutiny and ongoing evaluation. As the fintech sector evolves, stakeholders must remain vigilant and adaptable to uphold the integrity and efficacy of the regulatory framework.

Footnotes

1 Regulation 4 (3) of the IFSC Payment Regulations.

2 FAQ 10 of FAQs on IFSC Payment Regulations.

3 FAQ 13 of FAQs on IFSC Payment Regulations.

4 FAQ 12 of FAQs on IFSC Payment Regulations.

5 FAQ 25 of FAQs on IFSC Payment Regulations.

6 FAQ 08 of FAQs on IFSC Payment Regulations.

7 Part-B of the Schedule I of the IFSC Payment Regulations.

8 Regulation 7 of the IFSC Payment Regulations.

9 Regulation 8 (b) of the IFSC Payment Regulations.

10 Regulation 8 (d) of the IFSC Payment Regulations.

11 Regulation 8 (a) of the IFSC Payment Regulations.

12 Regulation 15 (2) of the IFSC Payment Regulations. 13 Regulation 24 of the IFSCA Payment Regulations.

14 Regulation 29(1) of the IFSC Payment Regulations.

15 Regulation 29(2) of the IFSC Payment Regulations.

16 Clause 2 (a) of the Schedule VI of the IFSC Payment Regulations.

17 Clause 4 of the Schedule VI of the IFSC Payment Regulations.

18 Clause 2 (a) of the Schedule VI of the IFSC Payment Regulations.

19 Clause 8 of the Schedule VI of the IFSC Payment Regulations.

20 Clause 7 of the Schedule VI of the IFSC Payment Regulations.

21 Clause 6 of the Schedule VI of the IFSC Payment Regulations.

22 Master Directions on Prepaid Payment Instruments (PPIs) notified on August 27, 2021 prescribes certain restrictions on INR denominated PPIs.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

ARTICLE
18 April 2024

Regulating Payment Service Providers In The IFSCA: A Primer

India Technology

Contributor

INDUSLAW is a multi-speciality Indian law firm, advising a wide range of international and domestic clients from Fortune 500 companies to start-ups, and government and regulatory bodies.
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More