ARTICLE
18 November 2025

RBI Master Direction 2025: Compliance Mandate For Payment Aggregators And PA-P Deadline

L
Lexplosion Solutions Private Limited

Contributor

Lexplosion Solutions Private Limited logo
Lexplosion Solutions is a leading Legal-Tech company providing legal risk management solutions in areas of compliance management, audits, contract lifecycle management, litigation management and corporate governance. Lexplosion merges disruptive technology with legal domain expertise to create solutions that have increase efficiency and reduce costs.
Explore Firm Details
The Reserve Bank of India ("RBI") has set a strict deadline of 31st December, 2025 for Payment Aggregators ("PAs"), particularly those operating physical (PA-P) transactions...
India Finance and Banking
Bitasta Gangully and Amiya Mukherjee
Lexplosion Solutions Private Limited are most popular:
  • within Finance and Banking, Tax and Technology topic(s)
  • with Finance and Tax Executives
  • in United States
  • with readers working within the Law Firm industries

The Reserve Bank of India ("RBI") has set a strict deadline of 31st December, 2025 for Payment Aggregators ("PAs"), particularly those operating physical (PA-P) transactions, to comply with the Master Direction on Regulation of Payment Aggregator ("Master Direction").

Entities carrying on PA-P business exclusively have to ensure that they apply for their authorisation as part of the PA-P license application process within December 31, 2025.

And entities whose application for a grant of Certificate of Authorisation ("CoA") for PA–Online ("PA-O") or Payment Aggregator–Cross Border ("PA–CB") is under consideration have to intimate RBI about its existing PA-P business, if any, by 31st December, 2025. This is a key step towards maintaining Payment Aggregator (PA) compliance 2025.

Failure to meet this deadline will attract serious implications. Entities that do not apply within the stipulated time must intimate its banker(s) immediately and cease operations by February 28, 2026.

Additionally, Payment Aggregators ("PA") having a CoA and already carrying on business as PA-P must intimate RBI to obtain a revised CoA.

The Backdrop of the RBI Master Direction

The RBI Master Direction Payment Aggregator was issued on 15th September, 2025. It consolidates and supersedes all the earlier instructions of RBI to regulate the PAs. It lays down a single, comprehensive framework governing all entities facilitating digital payments on behalf of merchants. For the first time, the RBI formally classifies payment aggregators ("PA") into three categories:

  • Physical (PA-P),
  • Online (PA-O), and
  • Cross-Border (PA-CB)

and extends regulatory oversight to all three. The Master Direction standardises authorisation procedures, prescribes enhanced KYC and due-diligence norms, mandates registration with Financial Intelligence Unit, India, and enforces risk management, audit, and escrow account controls.

By doing so, it replaces the fragmented circulars that previously governed this sector and introduces uniform compliance obligations for every participant in the digital payments ecosystem.

Categorisation of PAs

As mentioned above, the Master Direction categorises PAs in the following way:

PA – Physical (PA – P)

Facilitates transactions where both the acceptance device and payment instrument are physically present in close proximity while making the transaction. With this categorisation, PAs that are physically present in proximity while making the transaction are also brought under the purview of the regulatory framework.

PA – Cross Border (PA – CB)

Facilitates aggregation of cross-border payments for current account transactions that are not prohibited under FEMA for its onboarded merchants through e-commerce mode.

PA – Online (PA – O)

Facilitates transactions where the acceptance device and payment instrument are not present in proximity while making the transaction.

Capital Requirements and Authorisation

With the present Master Directions, RBI retains the net worth requirements. Any entity seeking authorisation to commence or carry on PA business needs to have a minimum net-worth of ₹15 crore at the time of tendering application for authorisation; and has to attain a minimum net worth of ₹25 crore by the end of the third financial year of the grant of authorisation.

One of the procedural changes introduced in the Master Direction is the transition to an entirely online authorisation process. Under the erstwhile Directions, an application for authorisation has to be made before the Department of Payment and Settlement Systems (DPSS), RBI, Central Office, Mumbai. Now, the applicants seeking authorisation, as part of the PA-P license application process, have to apply online through https://pravaah.rbi.org.in/pravaah/ .

For entities that are already continuing business, they have to provide an intimation to RBI for a revised Certificate of Authorisation (CoA).

Dispute and Risk Management Framework

PAs have to implement a dispute resolution mechanism to handle payment-related disputes, appoint nodal officers, and complete disclosure of all comprehensive information on merchant policies, privacy policy, other terms and conditions on the website and mobile applications.

The requirement of having a strong risk management system is retained under the New Directions, along with the requirements of conducting an annual system audit, including a cybersecurity audit, conducted by CERT-In empanelled auditors.

Enhanced KYC and Due Diligence

The new Directions tightens merchant onboarding and monitoring, mandating PAs to comply with enhanced Payment Aggregator KYC requirements like continuous monitoring, allocating IDs to merchants, and conducting background checks.

While onboarding, the PA can take the merchant's consent and retrieve the merchant's KYC record from CKYCR.

Where a merchant's record is not available in CKYCR, or a PA cannot access CKYCR as its application for authorisation is pending with the Reserve Bank, the PA can carry out the CDD of the merchant through other KYC mechanisms.

Alternatively, for merchants whose annual turnover does not exceed ₹40 lakh, or whose annual export turnover does not exceed ₹5 lakh, Pas can also adopt the following processes:

  1. Obtain a copy of the PAN/Form 60 of the merchant and verify the PAN from the issuing authority.
  2. Conduct CPV of the merchant.
  3. Obtain a certified copy of one officially valid document (OVD) of the proprietor or of the person holding power of attorney to operate the account, as applicable. One of the documents or the equivalent e-documents, as prescribed for CDD of sole-proprietary firms or legal entities, should be verified.

The Master Direction mandates conducting background and antecedent checks of merchants. PAs have to facilitate allotment of appropriate Merchant Category Code and Merchant ID/Terminal ID to their merchants, including those onboarded through an overseas PA. PA shall ensure that the name of the merchant is captured appropriately for all transactions processed for it.

The PA must also monitor transactions subsequently undertaken by the merchants to ensure that these transactions are in line with the latter's business profile and ensure adherence to other aspects of MD on KYC while conducting its operations.

PAs can also conduct due diligence through Assisted V-CIP. In all these cases, PAs have to maintain the details of the agent assisting the merchant, where services of such agents are employed. PAs have to additionally carry out the due diligence of persons appointed as authorised / designated agents.

For PAs, this will increase compliance responsibility and accountability, requiring PAs to strengthen their agent management and oversight mechanisms.

PAs also have to register with the Financial Intelligence Unit-India (FIU-IND) and meet all corresponding reporting requirements, reinforcing the new Payment Aggregator KYC norms.

Maintenance of Escrow Account

PAs have to maintain the funds collected on behalf of their merchants in a separate escrow account with any Scheduled Commercial Bank (SCB) in India. In case of a PA–CB, such account will be referred to as Inward Collection Account ("InCA") for inward transactions and Outward Collection Account ("OCA") for outward transactions and will be opened with Authorised Dealer Category-I SCB.

While withdrawal of pre-funding is not permitted by both types of escrow accounts, the Master Directions prohibit pre-funding by InCA and OCA.

Directions applicable to PA–CB

This Master Direction also brings under its purview PA – Cross Border ("PA-CB") entities and further categorised them into:

  • PA-CB facilitating inward transaction
  • PA-CB facilitating outward transaction

Funds related to inward and outward transactions as carried out by a PA-CB have to be kept separate. For outward transactions, a PA-CB may directly onboard merchants located abroad or enter into agreements with e-commerce marketplaces or entities providing PA services abroad.

The Master Directions stop PAs from purchasing foreign currency from, or selling it to, any entity other than an Authorised Dealer (AD). With respect to inward or outward transactions processed by a PA-CB, the maximum value per transaction has been capped at ₹25 lakh.

Conclusion and the Urgent Compliance Deadline

With clearer categorisation, defined Payment Aggregator KYC norms, and a stronger regulatory foundation, the framework aims to build trust, enhance compliance, and strengthen resilience across all layers of the payment ecosystem. By bringing PA-P entities under the regulatory framework, RBI has ensured all categories of PAs are now under its ambit. However, the true integration of the entire payment aggregation landscape will be materialised only when these entities secure authorisation by the stipulated PA-P authorization deadline 2025.

Bridging the Gap: How Komrisk Ensures RBI Master Direction Compliance

The detailed requirements of the RBI Master Direction Payment Aggregator, spanning minimum net-worth, enhanced Payment Aggregator KYC norms, and timely submissions, place a significant and continuous burden on PAs. Manual compliance tracking, especially for the newly regulated PA-P segment, introduces a high risk of error, missed deadlines, and severe penalties (including having to cease operations).

A robust compliance management software like Komrisk is essential to mitigate these operational and legal risks. Komrisk directly addresses the challenges raised in this Master Direction by providing:

  • Real-time regulatory updates: Our compliance management solution Komrisk automatically tracks and updates the hundreds of compliance obligations stemming from the RBI Master Direction, including changes to PA-CB guidelines and new reporting frequencies (Quarterly/Annual).
  • Deadline Management (PA-P Focus): Automated alerts and escalation workflows ensure that the critical PA-P authorization deadline 2025 is not missed. It breaks down the complex PA-P license application process into scheduled, manageable tasks, ensuring timely submission to the PRAVAAH portal.
  • KYC and Due Diligence Workflow: Komrisk provides a centralized framework required by the new norms, including the mandated FIU-IND registration for Payment Aggregators and associated reporting.
  • Audit Readiness and Reporting: All evidence related to the annual system audits, cyber security audits, and quarterly escrow account certifications can be centrally stored and tracked, ensuring constant readiness for regulatory inspection.

By deploying Komrisk, Payment Aggregators can shift focus from manual tracking to strategic compliance oversight, ensuring adherence to the new framework and safeguarding their operations well beyond the immediate deadline.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Bitasta Gangully
Person photo placeholder
Amiya Mukherjee
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More