FIG Papers No. 6 - Series–2 RBI Payment Regulations – 2009 to 2021 - Bank ‘nodals’ to PA PG licenses Blog

Introduction:

In our previous FIG Paper, we shared key learnings from our experience in connection with the payment aggregator and payment gateway guidelines (“PA/PG Guidelines”) issued by the Reserve Bank of India (“RBI”) on March 17, 2020. Based on representations received from various industry associations and payment intermediaries, the RBI has formalised the clarifications (initially issued on September 17, 2020) relating to the PA/PG Guidelines on March 31, 2021 (“Clarifications”).

In this Paper (Series – 2), we share our additional thoughts on the regulatory guidance provided by the RBI through the Clarifications.

1. Card Data Storage:

  • In line with the Master Direction on Digital Payment Security Controls dated February 18, 2021 which restricts merchants, e-commerce websites and PAs from storing customer payments data, the PA/PG Guidelines emphasise that neither PAs nor the merchants on-boarded by them can store customer card credentials within their database/servers. RBI has extended the timeline for ensuring compliance with the said norms up to December 31, 2021, which would allow players to crystallise their partnerships with card networks and issuing banks and implement infrastructural changes.
  • In our previous FIG Paper, we had stated that tokenisation could be a potential solution for storing card data. Under the Clarifications, the RBI has recognised tokenisation to be in compliance with its extant norms as a workable solution.
  • The RBI has formally indicated that data can be stored for the purpose of transaction tracking. Given the extent of changes required to align with tokenisation and other solutions, it would be interesting to see if PAs resort to taking a wide interpretation of the term ‘transaction tracking’ to their benefit.

2. Corporate Governance:

  • PAs are required to be professionally managed by persons satisfying the ‘fit and proper’ criteria. Whilst the RBI has not spelt out standards comprising the qualification/experience of directors or top management, PAs may consider proactively hiring seasoned professionals on the board and the timing of onboarding such professionals would be crucial from an application standpoint.
  • Application forms to be submitted by PAs require the disclosure of the entity’s “chief executive”. Whilst this term has not been defined in the dated format of the PA application, one would generally understand this term to mean the organisation’s chief executive officer (“CEO”). Since private companies are not mandatorily required to appoint a CEO under the Companies Act, 2013, it would be interesting to observe the alternative designations and profiles that applicants would resort to, in response to this requirement. Alternatively, in view of the professional management directive, some applicants may consider appointing a CEO as well.

3. Reporting Requirements:

PA/PG Guidelines prescribe a one-time reporting by banks in terms of Paragraph 3.6 to be submitted to the RBI by April 15, 2021. However, Paragraph 3.6 which pertains to ‘separation of business’, does not specifically call out for any reporting by banks. While ensuring strict compliance, some banks did go ahead and provide a confirmation on behalf of marketplace applicants regarding the said segregation. However, it remains to be seen what purpose this confirmation/information would serve to the RBI.

Rather, Paragraph 4.6 requires existing players to have achieved a certain net-worth by March 31, 2021, and given the closely timed deadlines, we believe that a confirmation to this effect would be a fitting one-time reporting by banks. It remains to be seen how the RBI utilises this information at the time of evaluation of PA applications.

4. Ambit of the PA/PG Guidelines

  • With a boom in Indian e-commerce, the RBI introduced the Intermediaries Circular of 2009 (“Intermediaries Circular”) to safeguard customers’ interests and create a framework for facilitating ‘electronic/online’ payment modes. Accordingly, it will be interesting to see if entities facilitating payments exclusively to offline merchants shall be covered within the ambit of the PA/PG Guidelines.
  • A substantial portion of online payments in India are made on e-commerce marketplaces that have onboarded several merchants, wherein there exists no direct contractual relationship between the merchants and the ultimate consumer. Whilst payment processors under the aforementioned model would fall within the ambit of PA/PG Guidelines, there is no regulatory guidance on whether an e-commerce marketplace having a bilateral arrangement with a technology platform receiving funds directly from the customers of the marketplace entities will fall within the ambit of the PA/PG Guidelines and consequently, be required to separate its businesses.
  • The Clarifications specify that the PA/PG Guidelines will not apply to ‘delivery v. payment’ transactions, i.e. delivery of goods/ services immediately/ simultaneously on the completion of payment by the customer. Having said that, the aspects of the transaction, wherein advance payment is made for the goods which will be delivered in a deferred manner, shall continue to be regulated under the regime of PA/PG Guidelines.

5. Data Localisation (“DL”):

  • PAs are required to comply with RBI’s DL norms. Given the subjectivity in RBI’s April 6, 2018 DL circular, it will be interesting to witness RBI’s approach in case of qualifications/red-flags in the PA applicants’ system audit reports.
  • The concerns around DL seem to have assumed significant importance for foreign players, against the backdrop of a recent order imposing restrictions on a leading card payment network from on-boarding new domestic customers, on account of non-compliance with data storage norms.

6. Escrows & settlement:

  • Existing PAs would have to transition their ‘nodals’ to ‘escrows’ and comply with the updated instructions prescribed under the PA/PG Guidelines. Banks will have to shut nodals if an entity has not applied for a PA/PG license or where the INR 15 crore net-worth has not been met by the March 31 It is unclear if banks are expected to conduct an account-wise due diligence to ascertain whether intermediaries collecting third-party funds through nodal accounts currently have applied prior to the June 30 deadline.
  • In light of the Clarifications, PAs may now continue operating their nodals beyond the June 30 deadline, if they have applied for authorisation. Whilst PAs need to maintain an escrow upon authorisation, PAs may migrate to an escrow mechanism from an earlier date, in consultation with their bankers. Since migration process may not be completed overnight, many PAs are already switching to escrows.
  • Unlike the Intermediaries Circular, the PA/PG Guidelines do not adopt a ‘one size fits all’ approach in respect of settlement timelines. The timeline for disbursement of funds to the merchant would vary, depending on the agreement between the PA and the merchant, thereby giving them the flexibility to negotiate, based on their respective business models. This, coupled with the ability to have an interest-bearing escrow account, subject to certain prescribed conditions, are a welcome monetisation avenue for PA entities.

However, it is to be seen whether merchant discount rate (“MDR”) related restrictions will also apply to authorised PAs and how it may affect their margins.

Looking Forward:

The RBI, formalising the Clarifications, provides added certainty for PAs to align their models and aid in easing transaction timelines. However, we note certain relevant operational issues that market players will need to consider during this authorisation period. Foremost among them would be questions on how many PAs will be authorised from a management perspective, considering inter alia, systemic risks, regulatory capabilities, resources of the RBI and any objective threshold based on which applications would be considered.

The Clarifications allow for ease of operation wherein PAs need not carry out entire Know-Your-Customer (“KYC”) process for merchant on-boarding, in cases where such merchants already have a bank account, which is used for transaction settlement purposes.

Further, it is unclear as to the timing of when PAs should build capacities and infrastructure to be in compliance with the PA/PG Guidelines, especially considering that the RBI is expected to issue cybersecurity norms for payment service providers, which may be similar to the recently issued cyber hygiene norms for banks and NBFCs.

We continue to monitor the regulatory and market developments relating to the PA/PG space and we hope to issue a Series-3 Paper with further learnings and any updated notifications that the RBI may issue.


 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Anu Tiwari Anu Tiwari

Partner in the Corporate, M&A and Financial Institutions Advisory Practice at the Mumbai office of Cyril Amarchand Mangaldas. Anu has over 15 years of experience and advises clients on matters related to public and private M&A, raising capital, commercial agreements, and activism. Anu…

Partner in the Corporate, M&A and Financial Institutions Advisory Practice at the Mumbai office of Cyril Amarchand Mangaldas. Anu has over 15 years of experience and advises clients on matters related to public and private M&A, raising capital, commercial agreements, and activism. Anu represents both Indian and multinational fintech, banking, broker-dealer, exchange, asset management, speciality finance and information technology companies on transactional, enforcement and regulatory matters.

Anu has been a member of RBI’s Committee on Household Finance, SEBI’s Working Group on Mutual Fund Regulation, Fintech Committee of the Confederation of Indian Industries (CII) and a visiting faculty at the SP Jain School of Global Management.

Mr. Tiwari has been recognised by Chambers & Partners, IFLRMergerMarket and as Lawyer of the Year 2021, India, by Global Law Experts for his work in the M&A, Financial Regulatory and Blockchain/  Cryptocurrency space. He can be reached at anu.tiwari@cyrilshroff.com

Photo of Bharath Sridhar Bharath Sridhar

Senior associate in the general corporate and Financial Regulatory Practice at the Mumbai office of Cyril Amarchand Mangaldas. Bharath advises Indian and multinational financial services clients on transactional (including strategic investments, private equity, M&A), corporate commercial contracts, regulatory and enforcement matters. He can…

Senior associate in the general corporate and Financial Regulatory Practice at the Mumbai office of Cyril Amarchand Mangaldas. Bharath advises Indian and multinational financial services clients on transactional (including strategic investments, private equity, M&A), corporate commercial contracts, regulatory and enforcement matters. He can be reached at bharath.sridhar@cyrilshroff.com

Photo of Ritu Sajnani Ritu Sajnani

Principal Associate Designate in the Financial Regulatory Practice at the Mumbai office of Cyril Amarchand Mangaldas. Ritu advises financial services clients on matters before the Reserve Bank of India, Securities and Exchange Board of India, Ministry of Finance and appellate tribunals. She has…

Principal Associate Designate in the Financial Regulatory Practice at the Mumbai office of Cyril Amarchand Mangaldas. Ritu advises financial services clients on matters before the Reserve Bank of India, Securities and Exchange Board of India, Ministry of Finance and appellate tribunals. She has represented several Indian and multinational fintech, banking, broker, exchange and asset management companies on transactional and regulatory matters. She can be reached at ritu.sajnani@cyrilshroff.com

Photo of Janak Panicker Janak Panicker

Associate in the corporate and financial regulatory practice at the Mumbai office of Cyril Amarchand Mangaldas. Janak has represented various Indian and multinational fintech, and emerging technology companies on transactional, enforcement and regulatory matters. His transactional practice focus is on public & private…

Associate in the corporate and financial regulatory practice at the Mumbai office of Cyril Amarchand Mangaldas. Janak has represented various Indian and multinational fintech, and emerging technology companies on transactional, enforcement and regulatory matters. His transactional practice focus is on public & private M&A, commercial agreements and regulatory matters. He can be reached at janak.panicker@cyrilshroff.com

Photo of Aditya Sarkar Aditya Sarkar

Associate in the Financial Regulatory Practice at the Mumbai office of Cyril Amarchand Mangaldas. He can be reached at aditya.sarkar@cyrilshroff.com

CAM Markets Team

The CAM Markets team can be reached at cam.mumbai@cyrilshroff.com

Photo of CAM Corporate Team CAM Corporate Team

The CAM Corporate Team can be reached at cam.mumbai@cyrilshroff.com