RBI Payment Regulations - 2009 to 2021 - Bank nodals to PA PG licenses

Introduction:

In early March 2020, a regulatory moratorium imposed on a private bank in India froze the country’s digital payments ecosystem. Many payment aggregators (“PA”) and payment gateways (“PG”) had set up nodal accounts with this bank, including others, and it raised a question on whether the customer funds pooled in those accounts were bankruptcy ‘remote’. Within 10 days, the Reserve Bank of India (“RBI”) issued the payment aggregator and gateway guidelines (“PA/PG Guidelines”) on March 17, 2020, under the Payment and Settlement Systems Act, 2007 (“PSSA”), to regulate PAs and prescribe baseline technology standards for PAs and PGs.

The PA/PG Guidelines seek to address key gaps in the country’s payments architecture, including on bankruptcy protection of pooled funds, data storage and privacy, security and audit framework, settlement cycle, liability framework, consumer protection, etc., as an improvement to the earlier Intermediaries Circular issued by the RBI on November 24, 2009.

Whilst the interpretation of ‘PA’ and ‘PG’ is evolving, both qua registration and compliances prescribed, it appears settled now, that any technology platform collecting funds from customers, for settlement to merchants, may be covered within the PA/PG Guidelines and needs to apply for an RBI authorisation to continue beyond June 30, 2020.

With this Paper (Series-1, to be followed by Series-2), we share our key learnings basis recent experience with the RBI PA/PG application process. 

1. Card Data Storage:

  • Under the revised regime, ability of merchants and PAs to save customer card credentials/ other related data within their databases may be impacted. We understand that a few subscription-based technology platforms have approached the RBI, in this regard, since they already hold the PCI DSS certification. As merchants are not regulated by the RBI, it would be interesting to see how this evolves.

RBI has issued certain clarifications to industry bodies on ‘transaction tracking’, which may be helpful.

  • Whilst ‘tokenisation’ may be a possible solution, given the ongoing debate around the introduction of the Personal Data Protection Bill (“PDP”), India’s GDPR equivalent, before the Indian Parliament, it would be interesting to see the impact that our new PDP law has on data/ privacy rules issued by sectoral regulators like the RBI.

 2. OPGSP versus ‘PA / PG’:

  • The PA/PG Guidelines also apply to the domestic leg of import/ export related payments, facilitated by PAs, within the framework of the online payment gateway service providers (“OPGSP”) guidelines, dated September 24, 2015 (“OPGSP Circular”).
  • Whilst the above has created some confusion in terms of the overlap between PA/PG Guidelines and the OPGSP Circular, and the point at which one ends and the other begins, especially given that PA/PG Guidelines are issued by the Department of Payment and Settlement Systems and the OPGSP Circular is used by the Foreign Exchange Department of the RBI. Based on business models followed, global OPGSP players operating in India may have to either tweak their models or ‘piggy-back’ on existing PA/PG or apply to the RBI for PA/PG authorisation by June 30.

3. ‘Nodals’ versus ‘Escrows’:

PA/PG Guidelines require PAs to move away from the earlier ‘nodal account’ model to a maximum of 2 ‘escrows’. This may impact existing PA/PGs operating multiple ‘nodals’. 

4. Separation of Business:

  • PA/ PG Guidelines require e-commerce marketplaces to either discontinue any PA activity before June 30 or separate such activity from the marketplace business.
  • The PA/ PG Guidelines do not clarify whether a ‘Chinese wall’ approach would be required, or a ‘drop-down’ subsidiary, with the minimum INR 150 million net-worth before March 31, 2021, would be required.
  • Given the sensitivities surrounding the above, internal reorganisation required under the second option (‘slump sale’ versus ‘asset transfer’) will be onerous in the absence of regulatory guidance.

We are monitoring the developments relating to the PA/ PG space and will issue the Series-2 Paper with further learnings, basis developments, including regulatory and market guidance, if any.


 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Anu Tiwari Anu Tiwari

Partner (Head – Fintech and FSRP) at Cyril Amarchand Mangaldas. Anu represents Indian and multinational banking, broker-dealer, exchange, asset management, speciality finance, fintech and information/ emerging technology companies on transactional, enforcement and regulatory matters. His transactional practice focus is on public & private…

Partner (Head – Fintech and FSRP) at Cyril Amarchand Mangaldas. Anu represents Indian and multinational banking, broker-dealer, exchange, asset management, speciality finance, fintech and information/ emerging technology companies on transactional, enforcement and regulatory matters. His transactional practice focus is on public & private M&A, capital raising, commercial agreements and activism matters. Anu advises financial services clients on matters before the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Ministry of Finance, Enforcement Directorate and appellate tribunals. He can be reached at anu.tiwari@cyrilshroff.com

Photo of Tanya Nayyar Tanya Nayyar

Principal Associate in the Financial Regulatory Practice at the Mumbai office of Cyril Amarchand Mangaldas. Tanya has advised domestic and global financial institutions, fintech entrants and foreign portfolio investors on a wide range of regulatory, compliance, governance and market conduct related matters, and…

Principal Associate in the Financial Regulatory Practice at the Mumbai office of Cyril Amarchand Mangaldas. Tanya has advised domestic and global financial institutions, fintech entrants and foreign portfolio investors on a wide range of regulatory, compliance, governance and market conduct related matters, and has been involved in a number of M&A transactions involving banking, NBFCs, insurance and securities market intermediaries. She can be reached at tanya.nayyar@cyrilshroff.com

Photo of Rishi Ray Rishi Ray

Associate in the Financial Regulatory Practice at the Mumbai office of Cyril Amarchand Mangaldas. Rishi advices clients on a range of securities law matters and foreign exchange law matters. He has also assisted clients on M&A in the financial sector. He can be…

Associate in the Financial Regulatory Practice at the Mumbai office of Cyril Amarchand Mangaldas. Rishi advices clients on a range of securities law matters and foreign exchange law matters. He has also assisted clients on M&A in the financial sector. He can be reached at rishi.ray@cyrilshroff.com

Photo of Janak Panicker Janak Panicker

Associate in the corporate and financial regulatory practice at the Mumbai office of Cyril Amarchand Mangaldas. Janak has represented various Indian and multinational fintech, and emerging technology companies on transactional, enforcement and regulatory matters. His transactional practice focus is on public & private…

Associate in the corporate and financial regulatory practice at the Mumbai office of Cyril Amarchand Mangaldas. Janak has represented various Indian and multinational fintech, and emerging technology companies on transactional, enforcement and regulatory matters. His transactional practice focus is on public & private M&A, commercial agreements and regulatory matters. He can be reached at janak.panicker@cyrilshroff.com

CAM Markets Team

The CAM Markets team can be reached at cam.mumbai@cyrilshroff.com

Photo of CAM Corporate Team CAM Corporate Team

The CAM Corporate Team can be reached at cam.mumbai@cyrilshroff.com