The Reserve Bank of India has issued a consolidated Master Direction on the Regulation of Payment Aggregators, setting a single framework for bank and non-bank entities undertaking payment aggregator activity across online, physical point-of-sale and cross-border models. The Directions are effective immediately unless a provision specifies otherwise, and they repeal and replace the earlier payment aggregator guidelines and related legacy instructions, subject to limited saving provisions for certain pending authorisation cases. The framework defines three payment aggregator categories, introduces category-specific requirements for Payment Aggregator – Cross Border (including separate treatment of inward and outward flows), and clarifies that a bank does not require authorisation to carry out payment aggregator business while non-bank entities must seek authorisation via RBI’s online portal. For non-bank applicants, minimum net-worth is set at INR 15 crore at application and INR 25 crore by the end of the third financial year after authorisation, to be maintained on an ongoing basis, alongside governance expectations including fit-and-proper criteria for promoters and directors and compliance with takeover and change-in-control approval requirements. Conduct requirements cover dispute handling and refund timelines, baseline information security and cyber controls including annual system and cyber audits by CERT-In empanelled auditors, merchant due diligence aligned to the Master Direction on Know Your Customer (KYC) including CKYCR-based retrieval where available, and mandatory escrow arrangements for non-bank payment aggregators. For cross-border activity, the Directions prohibit any co-mingling or netting of inward and outward funds, cap cross-border transaction value at INR 25 lakh per transaction, restrict foreign exchange purchase or sale to Authorised Dealer banks, and permit settlement in non-INR currencies only for directly onboarded Indian exporter merchants for inward transactions. The Directions set several transition and compliance milestones, including requiring entities carrying on only physical point-of-sale payment aggregator business to apply for authorisation by December 31, 2025, with non-applicants required to wind up by February 28, 2026. Existing authorised payment aggregators carrying on physical point-of-sale business must intimate RBI to receive a revised Certificate of Authorisation, and authorised entities intending to commence a new payment aggregator category must intimate RBI at least 30 days in advance. Escrow account operational requirements are to be complied with by December 31, 2025, merchant due diligence for merchants onboarded up to December 31, 2025 must be completed within one year from the Directions, and from January 1, 2026 merchants are to be onboarded in accordance with the Master Direction’s due diligence requirements.

Original source View in tracker