RBI issues guidelines on regulation of Payment Aggregators and Gateways [Read Circular]

The Reserve Bank of India (RBI) has issued guidelines on the regulation of Payment Aggregators and Gateways.

The RBI also issued directions for opening and operation of accounts and settlement of payments for electronic payment transactions involving intermediaries.

Earlier RBI had passed a circular and taking into account the important functions of these intermediaries in the online payments space as also keeping in view their role in handling funds, it has been decided to regulate in entirety the activities of Payment Aggregators as per the guidelines and to provide baseline technology-related recommendations to Payment Gateways.

These guidelines are issued under Section 18 read with Section 10(2) of the Payment and Settlement Systems Act, 2007 and shall come into effect from April 1, 2020.

The guidelines mainly focus on the Definition, Applicability, Authorization, Capital Requirements, Governance, Safeguards against Money Laundering, Merchant Onboarding, Settlement, and Escrow Account Management, Customer Grievance Redressal and Dispute Management Framework, Security, Fraud Prevention and Risk Management Framework and Reports.

Payment Aggregators (PAs) and Payment Gateways (PGs) are intermediaries playing an important function in facilitating payments in the online space.

The PAs are instructed to follow guidelines on safeguards against Money Laundering. Know Your Customer (KYC) / Anti-Money Laundering (AML) / Combating Financing of Terrorism (CFT) guidelines issued by the Department of Regulation, RBI, in their “Master Direction – Know Your Customer (KYC) Directions” updated from time to time, should apply to all entities. Provisions of Prevention of Money Laundering Act, 2002 and Rules framed thereunder, as amended from time to time, will also be applicable.

PAs are directed to put in place a formal, publicly disclosed Customer Grievance Redressal and Dispute Management Framework, including designating a nodal officer to handle the customer complaints/grievances and the escalation matrix. The complaint facility, if made available on website/mobile, are to be clearly and easily made available to the customers.

A strong risk management system is necessary to meet the challenges of fraud and ensure customer protection. Hence PAs are required to put in place adequate information and data security infrastructure and systems for the prevention and detection of frauds.

In an annexure to the circular on the guidelines also gives some baseline technology-related recommendations to the PAs and PGs.