RBI Master Directions 2025, Compliance And Operational Challenges For Payment Aggregators.

1. Background

On 15 September 2025, the Reserve Bank of India issued the Master Direction on Regulation of Payment Aggregators, 2025 ("Master Directions 2025"), a consolidated framework that replaces and supersedes the 2020–21 guidelines on payment aggregators and gateways and earlier directions on cross border payment aggregation. Issued under the Payment and Settlement Systems Act, 2007 together with relevant provisions of FEMA, the Master Directions unify regulation of online, physical and cross border payment aggregation under a single regime applicable to banks, non‑bank entities and Authorised Dealer (AD) banks. For fintechs, e‑commerce platforms, marketplaces and large corporate treasuries that rely on aggregator rails, the Directions represent both a tightening of oversight and an opportunity to reset business models and compliance architectures around a more explicit rule set rather than scattered circulars.

2. Overview Of The Regulatory Architecture

The Master Directions 2025 draw a clear distinction between bank payment aggregators (who are regulated primarily through banking norms) and non‑bank payment aggregators (who require RBI authorisation and are directly governed by the Directions). All non‑bank entities facilitating merchant payments whether online, through physical point of sale or via hybrid channels are brought within a single authorisation, net-worth and governance framework, and separate classifications have been introduced for Payment Aggregator - Cross Border (PA‑CB), with sub categories for inward and outward current account transactions. The Directions also harmonise earlier rules on escrow accounts, settlement timelines, merchant on boarding, KYC and data reporting into a unified, enforceable set of obligations backed by periodic reporting and audit requirements.

3. Authorisation, Net Worth And Governance

1. Authorisation And Net Worth Requirements

Non‑bank payment aggregators must obtain RBI authorisation and meet phased net worth thresholds. At the time of application, a non‑bank PA is required to demonstrate a minimum net worth of ₹15 crore, increasing to ₹25 crore by the end of the third financial year from the date of authorisation. Net worth is to be computed under the Companies Act and relevant accounting standards, with compulsorily convertible preference shares allowed to be counted but deferred tax assets specifically excluded, tightening the quality of capital that can back aggregator risk. Existing players must align their balance sheets with these thresholds within the timelines specified, and new aspirants will need to raise adequate capital before even entering the authorisation pipeline, which may crowd out under capitalised niche players and push towards consolidation.

2. Fit‑And‑Proper And Board Level Oversight

The Directions impose stringent governance norms, including fit‑and‑proper criteria for promoters, directors and key management personnel, board approved policies on risk management and outsourcing, and explicit accountability for compliance, cyber security and fraud control. Non‑bank PAs are required to have independent directors and board level committees overseeing audit and risk, bringing governance expectations closer to those applied to regulated financial institutions rather than pure technology companies. For fintech origin aggregators and platform businesses that historically ran lean boards and informal governance structures, this represents a significant cultural shift and may require reconstitution of boards, enhancement of control functions and more formalised internal audit and compliance frameworks.

4. KYC, Merchant Due Diligence And Legacy Portfolios

3. Enhanced KYC And Merchant On‑Boarding

Under the Master Directions 2025, PAs must perform full KYC and due diligence on merchants in line with RBI's KYC Master Directions and other applicable AML/CFT norms. This includes verification of business identity, beneficial ownership, nature of goods and services, and screening against sanction lists, with enhanced monitoring expectations for merchants in higher risk sectors or geographies. The Directions clarify that PAs cannot rely solely on third party introductions or lightweight checks, they must maintain their own KYC documentation and be able to demonstrate risk based assessment and ongoing monitoring to RBI and their banks.

4. Remediation Of Existing Merchants

A critical operational challenge lies in dealing with legacy merchant portfolios. The Directions require all existing merchants to be brought into compliance with the new KYC and due diligence standards within a set remediation period (variously described in commentary as up to 31 December 2025), failing which such merchants must be re-on-boarded from a specified cut-off date. For PAs handling thousands of small and medium merchants, this implies a large scale remediation exercise involving outreach, documentation, verification and potential off boarding of non-responsive or non‑compliant merchants, with real revenue and relationship risk if not managed carefully. CFOs and compliance heads will therefore need to prioritise data clean up and KYC remediation programmes, backed by clear internal deadlines ahead of the regulatory cut‑off.

5. Escrow, Settlement And Use Of Funds

1. Escrow Accounts And Fund Segregation

The Directions mandate that all non‑bank PAs maintain merchant funds in escrow accounts with scheduled commercial banks, and for cross border operations, in separate Inward Collection Accounts (InCA) and Outward Collection Accounts (OCA) maintained only with AD Category‑I banks. Inward and outward flows must be strictly segregated, with credits and debits to escrow accounts restricted to explicitly permitted transactions under the Directions, thereby ring fencing customer and merchant funds from the aggregator's own balance sheet and other business activities. Escrow accounts cannot be used for cash‑on‑delivery (CoD) arrangements or other non-prescribed purposes, forcing some e‑commerce models to redesign legacy settlement flows that relied on fungible collections and internal pooling.

2. Settlement Timelines And Float Economics

The Directions require time bound settlement from PAs to merchants, with specific outer limits for crediting funds after receipt from customers, and introduce detailed rules on recognition of interest on the "core portion" of escrow balances. Interest may be earned only on the core portion, computed as the average of the lowest daily balances in each fortnight over the preceding 26 fortnights, preventing aggregators from monetising transient settlement float beyond a stable minimum. For PAs and merchants, this affects working capital planning and may reduce the attractiveness of business models that implicitly relied on float income, pushing stakeholders to revisit pricing (MDR), settlement cycles and the viability of certain high volume, low margin segments.

6. Cross Border Payment Aggregation (PA‑CB)

1. Classification And Scope

The Master Directions carve out Payment Aggregators - Cross Border (PA‑CB) as a distinct category facilitating aggregation of cross border payments for permissible current account transactions through the e‑commerce route. Two sub categories are recognised, PA‑CB (inward), which handles payments from overseas customers to Indian merchants, and PA‑CB (outward), which aggregates payments from Indian customers to overseas merchants for permitted transactions. The Directions clarify that certain non‑bank entities authorised as AD Category‑II for specified current account activities do not fall within the PA‑CB regime, reducing overlap between FEMA driven forex activities and aggregator‑style e‑commerce flows.

2. Transaction Caps, Segregation And Reporting

Outward PA‑CB transactions are capped at ₹25 lakh per transaction, specifically to prevent misuse of aggregator channels for large value capital transfers that should instead pass through formal banking and FEMA routes. Separate InCA and OCA accounts must be maintained with AD Category‑I banks, and non‑INR settlement is permitted only in limited scenarios such as direct exporter merchants onboarded by the PA, with all other settlements required to be in INR. PA‑CBs must also provide granular data to their AD banks for reporting into RBI's Export Data Processing and Monitoring System (EDPMS) and Import Data Processing and Monitoring System (IDPMS), linking aggregator flows closely to underlying trade documentation and tightening oversight over cross border money. These constraints will require careful structuring of cross border business models and close coordination between aggregator compliance teams, corporate treasuries and AD banks.

7. Reporting, Audit And Operational Oversight

The Directions impose a layered reporting and audit regime. PAs must submit monthly transaction statistics to RBI, covering volumes and values across payment channels, quarterly certificates from auditors and escrow banks confirming compliance with escrow operations, and annual submissions including net‑worth certificates, information system and cyber security audit reports, and governance compliance confirmations. This cadence effectively makes compliance and internal audit continuous activities rather than episodic exercises, requiring PAs to maintain real time or near real time data on transactions, merchant profiles, system performance and incident management. Operationally, this will drive investment in compliance technology, automated reconciliation, and integrated reporting tools that can satisfy both RBI and partner banks' supervisory expectations.

8. Practical Challenges For CFOs, GCs And Product Teams

For CFOs, the immediate challenges are capital adequacy, escrow/settlement redesign and revenue model recalibration. Meeting net‑worth thresholds may require fresh equity or quasi equity infusions, restructuring group entities to concentrate aggregator activity in well capitalised vehicles, or exiting sub scale lines of business. Escrow and collection account rules mean finance and treasury teams must re‑design bank relationships, internal cash flow projections and merchant settlement cycles, while also managing potential friction with merchants over revised settlement terms and MDR structures. General counsel and compliance heads will need to update contracts (with merchants, partner banks, outsourcing vendors), revise risk allocation clauses for fraud, chargebacks and regulatory breaches, and build governance structures that satisfy the Directions' board level oversight and fit‑and‑proper requirements. Product and tech teams, in turn, must translate regulatory requirements around KYC, transaction monitoring, cyber security and cross border reporting into system features and workflows, ensuring that growth initiatives such as embedded finance, marketplace expansion or international corridors do not outpace compliance capabilities.

9. Conclusion

The RBI's Master Directions 2025 mark a decisive shift in how India regulates payment aggregators, moving from a fragmented circular driven regime to a single, comprehensive rule set that tightens oversight while clarifying expectations. For aggregators, merchants and platforms, the Directions raise the bar on capital, governance, KYC, escrow discipline and cross border controls, and will force a recalibration of business and pricing models in the near term. For the broader ecosystem including banks, corporates and cross border businesses, the new framework should, over time, support a more resilient and trusted digital payments spine, but only if stakeholders treat compliance not as a one-time licensing hurdle, but as an ongoing operational and strategic priority embedded into product design, treasury and risk management.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.