DE-CRYPTING RBI GUIDELINES TO REGULATE PAYMENT AGGREGATORS
This post has been authored by Ayush Mehta, a B.A. LL.B (Hons.) candidate at the National Law University, Jodhpur.
The Reserve Bank of India [“RBI”] issued guidelines to regulate Payment Aggregators and Payment Gateways, which came into effect from April 1, 2020.[i] Payment aggregators and gateways are intermediaries between the merchants and the customers. The Circular is aimed to regulate the activities of the intermediaries and provide baseline technology recommendations to payment gateways. Prior to the notification, intermediaries were not required to obtain registration from the RBI. The RBI in pursuance of the power vested under Section 18 read with Section 10(2) of the Payment and Settlement Systems Act, 2007 [“The Act”] issued directives and guidelines regarding the regulation of such entities in order to safeguard interests of the consumers and ensure that payments are duly made by the intermediaries receiving these payments and remitting to the accounts of merchants.[ii]
This article seeks to examine the issued guidelines and assess the regulatory framework present in India.
Understanding the Context
The Act was promulgated at a time where use of electronic payments was not a common norm and hence had some gaps. In this regard, the RBI addressed, through its notification in 2009.[iii] In 2019, RBI released a discussion paper in light of the current cashless revolution and growing relevance of such intermediaries.[iv] The paper highlighted some concerns which the RBI sought to address in the present notification, such as:
Payment aggregators and gateways are a part of the payment process and if not properly regulated, they may be susceptible to risks which may impact the consumer interests,
Further these entities handle sensitive data relating to customer information, which makes customer data privacy a concern,
There is a lack of clear demarcation of roles between the customers and the intermediaries. The customers have limited access to the intermediaries and have to depend on merchants and banks.
In pursuance of the discussion paper, the present notification was issued to enforce a direct form of regulation on the intermediaries.
What are Payment Aggregators and Gateways?
The guidelines define payment aggregators as “entities that facilitate e-commerce sites and merchants to accept various payment instruments from the customers for completion of their payment obligations without the need for merchants to create a separate payment integration system of their own.”
Payment gateways can be defined as “entities that provide technology infrastructure to route and facilitate processing of an online payment transaction without any involvement in handling of funds.”
The present guidelines have demarcated the difference between the two which is primarily related to involvement in the handling of customer’s funds. Payment gateways are providers of the technological infrastructure used, while the payment aggregators are the specific entities which facilitate the payment.
The implementation of these guidelines would essentially mean that Payment gateways such as PayTm, Google Pay, Phonepay etc and Payment aggregators like BillDesk, PayU India, Razorpay will now be directly regulated by the RBI. This move would ensure more transparency and accountability on part of the entities in order to provide more security to the consumers.
Applicability of the Guidelines
The guidelines are issued to regulate the payment aggregators. They are mandated by RBI to adopt the technology–based recommendations provided in the Annexure 2 of the guidelines.[v] Further, RBI clarified that the domestic leg of import and export related payments shall also be governed by the guidelines, but they will not regulate physical payments like Cash on Delivery payments.
RBI, with regard to payment gateways stated that these entities may adhere to baseline technology–related recommendations in the guidelines.
Decoding the 2020 Guidelines
Authorisation and Governance of Entities
Earlier, intermediaries were not required to get authorization from RBI, however the present guidelines have made authorization from RBI a mandatory requirement for payment aggregation services. The existing entities are required to fulfil the requisite criteria latest by 30 June 2020. E–commerce marketplaces which provide aggregation services are now mandated to discontinue. In case, they seek to continue the service they can apply for authorisation from RBI through a separate business, on or before June 30, 2010.
The authorisation of the entities will ensure that the RBI has direct supervision of the entities and the aggregators will have to comply with the prescribed guidelines. The regulation through a transparent governance will ensure the safeguarding of the public.
Settlement and Escrow Account Management
The guidelines mandate aggregators to ensure pooling of funds collected from the customers in an escrow account, wherein the transaction will be completed by two or more parties. Operations of the aggregators shall be deemed to be “designated payment system” under Section 23A of the Act. An important requirement is that the escrow account shall be maintained in one single bank, which may have an effect on the operation of the aggregators in case of a moratorium on the functioning of the bank. The escrow mechanism would ensure better protection of the customer funds as it would insulate the merchants against the risks of insolvency or liquidation.[vi]
Payment aggregators are required to comply with a handful of requirements enumerated as follows:
(a) Aggregators shall periodically disclose annual certifications on net worth, monthly reporting of transactions and details with respect to escrow account.
(b) Aggregators are required to comply with The Prevention of Money Laundering Act, 2002 and the KYC norms issued by RBI in order to prevent illicit activities of money laundering and frauds.
(c) Aggregators are mandated to ensure adherence to the guidelines, putting in place a formal and publicly disclosed customer grievance redressal framework and further appointing a nodal officer to handle customer complaints. The details of the officer shall be publicly disclosed on the website or application of the aggregator.