Sagus Speaks September 2025 | Part II

This Newsletter covers key Regulatory & Policy Updates, Government Notifications and Judicial Pronouncements.

REGULATORY AND POLICY UPDATES

RBI notifies RBI (Regulation of Payment Aggregators) Directions, 2025

The Reserve Bank of India ("RBI") through notification no. RBI/DPSS/2025-26/141 dated 15.09.2025 notified the RBI (Regulation of Payment Aggregators) Directions, 2025 ("PA Directions")¹ for regulation of entities engaged in various categories of payment aggregation. These PA Directions have come into effect from 15.09.2025, unless indicated otherwise for specific provisions.

The key terms of the PA Directions are as follows:

1. These PA Directions apply to all bank and non-bank entities undertaking the business of Payment Aggregator ("PA"). These PA Directions also apply to all Authorised Dealer ("AD") banks and Scheduled Commercial Banks ("SCB") which engage with entities undertaking PA business, to the extent specified.
2. The PA Directions define PA as an entity that facilitates the aggregation of payments made by customers to merchants through one or more payment channels via the merchant's interface (physical or virtual) for the purchase of goods, services, or investment products, and subsequently settles the collected funds to such merchants.
3. The PA Directions also provide definitions of key terms, inter alia, E-Commerce, Marketplace, Payment Gateway, PA – Physical ("PA – P"), PA – Online ("PA – O"), and PA – Cross Border ("PA – CB").
4. Authorisation for PA business as per the PA Directions:
   1. A bank does not require authorisation to carry out PA business.
   2. A non-bank entity shall seek authorisation for operating as a PA by submitting an application through RBI's online portal, i.e., Pravaah. Further, an entity regulated by any financial sector regulator(s) shall apply with a No Objection Certificate ("NOC") from such regulator and seek authorisation from RBI within 45 days of obtaining such NOC.
   3. A non-bank PA shall be a company incorporated in India under the Companies Act, 2013 with its Memorandum of Association covering the activity of operating as a PA.
5. The PA Directions also require that:
   1. Each PA-P holding a Certificate of Authorisation ("CoA") issued by the RBI is required to intimate the RBI if it is already operating as a PA-P, upon which a revised CoA will be issued, further, if such PA-P intends to commence operations in another PA category, it must notify the RBI at least 30 days before starting the new business.
   2. An entity whose application for CoA for PA-O or PA-CB is under consideration shall intimate RBI about its existing PA-P business, if any, by 31.12.2025.
   3. An entity carrying on only PA-P business shall apply for authorisation by 31.12.2025, failing which it shall intimate its bankers and wind up its business by 28.02.2026.
6. Each PA shall have a minimum net worth of INR 15 crores at the time of making an application for new or continuing authorisation and attain INR 25 crores by the end of the third financial year of grant of authorisation. The minimum net-worth shall be maintained on an ongoing basis. Applications not meeting minimum capital requirements or incomplete applications shall be returned.
7. Each PA shall aggregate funds only for the merchants with whom it has a contractual relationship. The PA shall not carry out marketplace business and shall comply with extant instructions on Merchant Discount Rate ("MDR"). PAs shall not place transaction amount limits on particular payment modes regulated by other bank/non-bank entities, shall not allow ATM PIN as authentication for cardnot-present transactions, and shall process refunds only to the original method of payment unless otherwise instructed by the payer.
8. Funds for inward and outward transactions shall be kept separate with no co-mingling. Outward transactions may be carried out through direct merchant onboarding abroad or agreements with foreign marketplaces/ PA entities. Outward transactions can use authorised payment instruments except small Prepaid Payment Instrument. PA-CB shall not deal in foreign currency except with AD banks. Transaction value shall not exceed INR 25 lakh. AD - Category I banks maintaining Inward Collection Accounts ("InCA") or Outward Collection Accounts ("OCA") shall ensure Foreign Exchange Management Act, 1999 compliance. Settlement in non-INR currencies shall be permitted only for merchants directly onboarded by PA-CB.
9. A non-bank PA shall maintain merchant funds in a separate escrow account with a SCB in India. PA-CBs shall maintain and operate separate InCAs and OCAs as prescribed in the PA Directions. Such escrow accounts shall be used only for authorised PA business.
10. PAs shall submit and update the list of merchants to the escrow bank, which shall ensure that payments are made only to eligible merchants. Such escrow accounts shall not be used for cash-on-delivery transactions. If a PA-CB also engages in domestic PA activity, separate InCA, OCA, and escrow accounts shall be maintained.
11. Promoters and directors shall not have incurred disqualifications such as conviction for offences involving moral turpitude or economic offences, declared insolvent, regulatory restrictions, are of unsound mind, or financial unsoundness.

SEBI revises the framework on Social Stock Exchange

The Securities and Exchange Board of India ("SEBI") by way of Circular No. SEBI/HO/CFD/CFD-PoD1/P/CIR/2025/129 dated 19.09.2025 ("SSE Circular")² , has issued partial modifications to the Social Stock Exchange ("SSE") framework. The SSE Circular is issued in exercise of the powers conferred under Section 11 and Section 11A of the SEBI Act, 1992 read with Regulation 299 of SEBI (Issue of Capital and Disclosure Requirements) Regulations, 2018 and Regulation 101 of SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, following the recommendations of the Social Stock Exchange Advisory Committee (SSEAC) and public consultation feedback.

The key changes, inter alia, include:

1. The minimum requirements for Not-for-Profit Organizations ("NPOs") seeking registration with SSE has been revised. The SSE Circular now includes charitable trusts registered under the Indian Trusts Act, 1882 and trusts registered under the Indian Registration Act, 1908 as eligible entities, in addition to previously covered categories.
2. SEBI has split the annual disclosure requirements into two phases. NPOs must now make general and governance disclosures within 60 days from end of financial year. Financial disclosures, outreach details, donor information, and program details must be submitted by October 31st or before income tax return filing deadline (whichever is later).
3. Social enterprises that raised funds through SSE must now provide their duly assessed Annual Impact Report ("AIR") by October 31st of each year or before the income tax return filing deadline, whichever is later. Previously, the deadline was within 90 days from the end of financial year.
4. Non-listed NPOs should now ensure their AIR covers 67% of program expenditure in the previous financial year. They must also include methodology for determining significant activities.
5. Social enterprises should now disclose the report of Social Impact Assessors along with their AIR, replacing the previous requirement for Social Auditor reports.

SEBI smoothens transmission of securities from Nominee to Legal Heir

The SEBI by way of Circular No. SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/130 dated 19.09.2025 ("TLH Circular")³ , has addressed the tax issue faced by nominees during transmission of securities to legal heirs. The TLH Circular is issued in exercise of powers conferred under Section 11(1) of the SEBI Act 1992, Section 19 of the Depositories Act 1996, Regulation 40(1) read with Regulation 101 of SEBI (Listing Obligations and Disclosure Requirements) Regulations 2015, and SEBI (Registrars to an Issue and Share Transfer Agents) Regulations 1993.

Previously, nominees were being assessed for capital gains tax when transferring securities to legal heirs, despite such transmissions being exempt under Section 47(iii) of the Income Tax Act, 1961. To resolve this, SEBI has mandated use of reason code 'TLH'(Transmission to Legal Heirs) by reporting entities when reporting such transactions to the CBDT, which will enable proper application of Income Tax Act provisions and eliminate inappropriate tax assessments on nominees. This change will be implemented with effect from 01.01.2026.

RBI notifies RBI (Authentication Mechanisms for Digital Payment Transactions) Directions, 2025

The RBI through notification no. RBI/2025-26/79 dated 25.09.2025 notified the RBI (Authentication Mechanisms for Digital Payment Transactions) Directions, 2025 ("Authentication Directions")⁴ . The Authentication Directions shall be complied with by 01.04.2026, unless indicated otherwise for specific provisions.

The salient features of the Authentication Directions are as follows:

1. Applicability: These Authentication Directions shall be applicable to all payment system providers and payment system participants (banks and non-banks). These Authentication Directions shall apply to all domestic digital payment transactions, unless specifically exempted otherwise.
2. Principles for authentication of digital payment transactions:
   1. All digital payment transactions shall be authenticated by at least two distinct factors of authentication, unless exempted. Issuers shall, at their discretion, offer a choice of authentication factors to customers.
   2. For digital payment transactions, other than card-present transactions, at least one factor of authentication shall be dynamically created or proven, i.e., unique to that transaction.
   3. The factor of authentication shall be robust such that compromise of one factor does not affect reliability of the other.
3. Interoperability / open access: System providers and system participants shall offer authentication or tokenisation service that is accessible to all applications/ token requestors functioning in that operating environment for all use cases / channels or token storage mechanisms.
4. Risk-based approach: Issuers shall, in line with internal risk management policies, evaluate transactions against behavioural or contextual parameters such as transaction location, user behaviour patterns, device attributes, and historical transaction profile. Based on the perceived risk, issuers shall apply additional checks beyond the minimum two-factor authentication. Issuers shall also explore using DigiLocker as a platform for notification and confirmation for high-risk transactions.
5. Responsibility of the issuer:
   1. Each issuer shall ensure robustness and integrity of the authentication mechanism before deployment.
   2. If any loss arises out of transactions effected without complying with these Authentication Directions, the issuer shall compensate the customer for the loss in full without demur.
   3. Issuers shall ensure adherence to the provisions of the Digital Personal Data Protection Act, 2023.
6. Cross-border transactions:
   1. The Authentication Directions are not applicable to cross-border digital payment transactions. However, card issuers shall, by 01.10.2026, put in place a mechanism to validate non-recurring cross-border card not present ("CNP") transactions, where request for authentication is raised by an overseas merchant or overseas acquirer. Card issuers shall register their Bank Identification Numbers with card networks.
   2. Card issuers shall also put in place a risk-based mechanism for handling all cross-border CNP transactions by 01.10.2026.

To view the full article click here

Footnotes

1. Master Direction on Regulation of Payment Aggregator (PA).

2. SEBI Framework on Social Stock Exchange.

3. SEBI Circular on smooth transmission of securities from Nominee to Legal Heir.

4. Reserve Bank of India (Authentication mechanisms for digital payment transactions) Directions, 2025.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.