The Reserve Bank of India should not limit its scope to payment aggregators and payment gateways but must cover all payment intermediaries, suggested NASSCOM in its submission to the central bank. It also said that RBI should continue to allow the e-commerce marketplaces to act as payment intermediaries, or it must allow 6 months to existing e-commerce marketplace (acting as payment aggregators and gateways to other merchants) to segregate the business. NASSCOM was replying to the RBI’s discussion paper on guidelines for payment aggregators (PA) and payment gateways (PG).

Creating guidelines that provide a tiered regulatory structure for payment aggregators and payment gateways, simplifying the KYC check system for PAs/PGs, and continuing the indirect regulatory approach, are among NAASCOM’s 12 recommendations to RBI.

The key recommendations have been summarised below:

Recommendation 1: Cover all the payment intermediaries for payment instructions. RBI should not limit its scope to PAs/PGs in its discussion paper and should use the following four categories for the purposes of its proposed framework:

  • Banks acting as payment intermediaries
  • Non-banks payment intermediaries having nodal accounts with banks
  • Non-banks payment intermediaries operating without nodal accounts, but in partnership with banks
  • Third-party apps/platforms (WhatsApp, G-Pay, etc.) that provide payment services using platforms (Unified Payments Interface, Immediate Payment Service) operated by retail payment organisations (such as National Payments Corporation of India, in partnership with banks)

Recommendation 2: Create guidelines that provide a tiered regulatory structure. The regulator should form a tiered regulatory structure such as category 1 and category 2 for PAs/PGs. It should provide additional benefits/facilities that seek greater access to the settlement accounts, and corresponding regulatory framework. The RBI may issue a subsequent consultation detailing specific obligations and benefits to be included in such a framework. The regulator should continue with the existing 2009 directions for electronic payments transactions involving intermediaries per which PGs/PAs operate today. It ensures the safety and security of funds being transferred and mitigate associated settlement and insolvency risks. The regulator should not involve any new risk.

Recommendation 3: Prescribe a risk-appropriate capital requirement. In cases where PAs and PGs opt-in for greater and direct regulation, the regulator must prescribe a risk-appropriate capital requirement. In such a scenario, the proposed minimum capital requirement is high and should be reviewed downwards.

Recommendation 4: Provide PG/PAs the freedom to opt for settlement mechanism. This could either be the existing arrangement of maintaining a nodal account, or a PA/PG could choose to maintain an escrow account with a bank for the purposes of settlement of merchant accounts. The regulator should consider additional benefits and obligations for those who operate via an escrow account. This will enable the payment intermediaries’ greater flexibility in mitigating the settlement risk.

Recommendation 5: Retain the existing definition of “T” as provided under the 2009 directions for payments involving intermediaries. The definition of ‘T’ under the 2009 directions, ensure that customer money will be settled with the merchant only once the customer-initiated transaction has been completed. However, the manner in which a transaction can be considered to be ‘completed’ may vary depending on the product/service or the business of the merchant. The regulator should clarify the changes it will make to the applicable rules on the settlement timeline, and place the same for industry consultation.

Recommendation 6: Continue to allow the e-commerce marketplace to act as payment intermediaries. The Discussion Paper proposes certain exclusions from the scope of any eventual regulatory framework, including for e-commerce marketplaces. The regulator should allow the e-commerce market places to comply with the existing applicable regulations. But if the regulator decides to go ahead with its proposal to exclude e-marketplaces from the payments’ regulatory framework, it should allow a period of 6 months, instead of the proposed 3 months, to existing marketplaces acting as PG/PA to other merchants to segregate the business.

Recommendation 7: Do not take any further measures to ensure safety and security of payment data until the enactment of a Personal Data Protection Law. The existing 2009 directions and the manner in which PGs and PAs operate today to ensure the security of the money and payment data being processed through such payment entities, therefore, the additional measures being processed in the discussion paper are not needed. However, if the RBI still observes any additional risks to customer data, then it may consider additional regulations.

Recommendation 8: Consider a requirement of annual security and process audits through CERT-IN empaneled independent auditors, in addition to the existing indirect regulatory framework. The regulator should continue with the current approach, where a combination of contractual obligations and self-regulation, have ensured that no major security incidents have threatened the integrity of payment systems.

Recommendation 9: Do not add new clauses to existing dispute resolution mechanism maintained by PA/PG internally, along with the 2019 Ombudsman scheme as they already address all customer grievances. Nonetheless, if the RBI wants to strengthen the existing framework for customer grievance redressal, it should test the applicability of such a framework to only such PAs/PGs that go over a certain transaction value threshold. The regulator may even invite PAs/PGs to opt into such a framework.

Recommendation 10: Limit direct regulatory oversight, as none of the existing PAs/PGs are at such a scale that they can pose systemic risks (anti-money laundering risks, insolvency risks and IT security risks) upon the existing payments infrastructure, and financial system at large. The regulator should continue with the existing indirect regulatory approach.

Recommendation 11: Do not prohibit PGs and PAs from dealing with merchants who do not have a physical presence in India. The regulator should consider dropping the requirement for local incorporation of merchants, and instead ensure that PGs/PAs are in existing regulations in this regard. Also, all the documentation requirements for making remittances should be done by PGs/PAs on behalf of the customer.

Recommendation 12: Do not impose directions of KYC checks on PAs and PGs for merchants, as banks and financial institutions are already required to undertake KYC checks of merchants. The imposition of KYC directions on PGs/ PAs will impose additional costs on the technological structure incorporated by intermediaries since their infrastructure currently does not support KYC checks; thereby increasing merchant on-boarding and overall transaction costs.

Go deeper: RBI proposes regulation, license of payment aggregators and payment gateways