The Indian Highways Management Company (IHMCL), an arm of the National Highway Authority of India (NHAI), has barred Paytm Payments Bank from issuing fresh FASTags, according to a report by the Times of India. After conducting an audit on Paytm, the company found that it was not complying with the parameters prescribed by the service level agreement (SLA) which companies must comply with to be allowed to issue FASTags. Paytm has also been barred from taking up new toll plazas (where Paytm users would go and activate their FASTags). IHMCL has also sought a response from Paytm on why it should not be penalized for non-compliance.
Paytm’s long history with regulatory compliance issues:
- Fined for providing incorrect information: In October 2021, Paytm was fined ₹1 crore for violating Section 26 (2) of the Payment and Settlement Systems Act, 2007 (PSS Act). When submitting its application for the final Certificate of Authorisation (CoA, which is necessary for operating a payments system), it submitted information that did not reflect the factual position of the company.
- Alleged sharing of financial information with foreign entities: In March 2022, Paytm Payments Bank was restricted from onboarding new customers with immediate effect. An inspection by the RBI (Reserve Bank of India) found that the company’s servers were sharing information with China-based entities that indirectly own a stake in Paytm Payments Bank. Moreover, the bank onboarded thousands of clients without adequate KYC (Know Your Customer) documentation raising concerns that some of these could have been mules for money laundering. Post the investigation, the RBI directed Paytm to appoint an IT audit firm and audit its IT system.
- Barred from onboarding merchants: In November 2022, Paytm’s subsidiary Paytm Payment Services Limited (PPSL) was restricted from onboarding new merchants. The company was also asked to resubmit its application to obtain a payment aggregator license (a PA license, necessary to operate payment aggregation services in India). The revised application was required to contain necessary approvals for past downward investment by Paytm into PPSL in compliance with FDI (Foreign Direct Investment) guidelines. As of writing this story, PPSL is yet to receive approval for providing PA services.
- Fined for KYC and cybersecurity violations: In 2023, the RBI imposed a ₹5.39 crore penalty on Paytm Payments Bank for non-compliance with the central bank’s Know Your Customer (KYC) directions, licensing guidelines, and cybersecurity framework. RBI said that it conducted an audit into Paytm and found that it:
- failed to identify the beneficial owner with respect to entities onboarded by it.
- was not monitoring payout transactions or carrying out risk profiling of entities availing payout services.
- was breaching the ceiling for end-of-day balances in certain customer advance accounts
- reported a cybersecurity event with a delay
- failed to implement device binding control measures related to “SMS delivery receipt check”
- its video-based customer identification process (V-CIP) infrastructure failed to prevent connections from IP addresses outside of India
STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!