By - Sheetal Agarwal on December 28, 2022
With the digital boom, a new dawn of e-commerce and a surge in online transactions have been happening globally. Payment Aggregators in India have witnessed exponential growth and evolution on technological, transactional and legal grounds.
But who is a payment aggregator? A payment aggregator provides services that combines numerous online payment sources and aggregate them for merchants. Payment aggregator companies in India can be classified into two types – Bank Payment Aggregators and Third Party Payment Aggregators. For over ten years, India's payment systems have undergone a significant transformation. Innovation, finance, increasing e-commerce activity, etc. have all contributed to this enormous expansion. In view of these elements, the RBI has been evaluating whether the current laws and standards are enough in this rapidly evolving environment and deciding whether a system of direct regulation is required.[1]
The primary difference between a payment gateway and a payment aggregator in India is that a payment aggregator handles payments while a payment gateway provides technology.
Authorization and License from the Reserve Bank of India
According to the Guidelines, non-bank payment aggregators in India must now obtain RBI authorization. Existing non-bank companies that offer services to Payment Aggregators would have to comparably submit an application for authorization by June 30, 2021, however, they might carry on as usual until RBI approved them. If both activities are run by the same company, the Payment Aggregator companies in India and their marketplace business must be maintained separately by e-commerce marketplaces.
Payment Aggregators in India must have a minimum net value of INR 15 crore at the time of application, whether they are a new firm or an existing entity. The net worth must then increase to 25 crores within the guidelines' defined time range. The net worth of 25 crores of Indian rupees must therefore be continuously maintained.
The Guidelines state that the Payment Aggregators must notify the RBI of any change in ownership or control as well as any information pertinent to handling complaints, reimbursements for unsuccessful transactions, return policies, etc.
In accordance with the Guidelines, the Prevention of Money Laundering Act of 2002 shall now apply to Payment Aggregators. Payment Aggregators must also adhere to the KYC rules established in the "Master Direction - Know Your Customer (KYC)" in order for the anti-money laundering system to function properly.
To ensure that the merchants are not selling fraudulent, counterfeit, or other illicit goods or harbouring any animosity toward their customers, Payment Aggregators are required to conduct background and antecedent checks on the merchants.
To hold all of the funds they accumulate, Payment Aggregators are obliged to create a single escrow account with a designated commercial bank. Cash on delivery transactions are not permitted; the account may only be utilised by the Payment Aggregators for the debits and credits approved in accordance with the Guidelines. The RBI has also imposed strict timeframes for Payment Aggregators to settle their accounts with merchants.
Payment Aggregators are required to have a formal, easily accessible framework in place for resolving customer issues and complaints.
Payment Aggregators are required to establish an information security policy that has been approved by the board, set up protocols for handling cybersecurity incidents and breaches, and submit System Audit Reports to the RBI in order to prevent fraud and protect clients.
Annual submissions to the RBI must include the net worth certificate audited by a licenced chartered accountant as well as the IS Audit Report and Cyber Security Audit Report. Bankers' certificates for statements and auditors' certificates for maintaining balances for escrow and settlement accounts must be reported to RBI on a quarterly basis. Monthly statistics on the transactions handled are required, and any changes—such as a new board of directors or instances of cyber security flaws—must be reported as they occur.
A legislative framework had to be established to oversee and regulate the systems and aggregators of digital payments. When the electronic payments sector was in its infancy, it was governed by section 18 read with section 10(2) of the Payment and Settlement Systems Act, 2007 (the "PSS Act"). The payment aggregators are more simplified in their regulatory methods when developing new standards, making them widely implementable and significantly enhancing the safety net for end users. Therefore, with the rapid advancement in technology and its increased usage, it becomes imperative for the laws to include new possibilities and adapt the regulations accordingly.
The payment aggregator structure, which the RBI announced in March 2020, requires all payment gateways to obtain a licence in order to onboard merchants and offer them payment services.
A bank may employ payment gateways and payment aggregators in order to give its customer's services bill payments, card payments, etc. – across its multiple banking channels and through the use of cards/bank accounts.
Payment aggregation systems are offered by banks and non-banking financial organisations that have acquired RBI clearance (NBFCs). The main difference between the two is that the latter must obtain a Payment Aggregator License from the RBI in order to conduct business within Indian borders, whereas banks are exempt from this additional licencing requirement
[1]https://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/DPSSDISCUSSIONPAPEREFCF5B7E17F9431185BD4FD57E540F47.PDF
