Licensing Regime Introduced for Payment Aggregators: E-Commerce Industry to Undergo Significant Change
The Reserve Bank of India (“RBI”), India’s central and apex bank on March 17, 2020 issued detailed guidelines1 (“Guidelines”) applicable to payment aggregators (“PAs”), which shall come into effect from April 1, 2020. Going forward PAs will need to an authorization / license to operate from the RBI. No authorization /license is prescribed for payment gateways (“PGs”). While Guidelines recommend certain good practices for PGs, they are not mandatory.
Since 2009, RBI regulated entities who were facilitating payments between users and merchants using any electronic / online payment mode, via intermediary directions dated November 24, 20092 (“Intermediary Directions”).
The RBI had earlier in September last year floated a discussion paper3 (“Discussion Paper”) wherein it was exploring regulating PAs and PGs, given that they form a critical link in the online world of commerce. Some key concerns raised by the RBI in the Discussion Paper were:
Basis the above, it appears that the Discussion Paper paved the way for the said Guidelines. For ease of reference, we have sought to break down the Guidelines in a Q&A format as detailed below.
1. What are PAs and PGs?
The Guidelines define ‘payment aggregators’ as “entities that facilitate e-commerce sites and merchants to accept various payment instruments from the customers for completion of their payment obligations without the need for merchants to create a separate payment integration system of their own. PAs facilitate merchants to connect with acquirers. In the process, they receive payments from customers, pool and transfer them on to the merchants after a time period.”
Thus, PAs are those entities that facilitate payments to merchants, and that receive, pool and transfer user payments to the merchants as part of the facilitation process.
On the other hand, ‘payment gateways’ are defined as “entities that provide technology infrastructure to route and facilitate processing of an online payment transaction without any involvement in handling of funds.”
Thus, PGs under the Guidelines may be limited to entities providing authentication services, back-end infrastructure or technology integrations services which assist in the payment ecosystem.
However, this understanding would need to be further examined basis the existing law on intermediaries (as discussed in the below Q&A).
2. Who does the Guidelines extend to?
The Guidelines are specifically applicable to PAs, though there are also recommended good practices (non-binding) for PGs, such as security and data retention related measures. The Guidelines even apply to domestic legs of import and export related payments facilitated by PAs.
The Guidelines do not apply to cash-on-delivery e-commerce models.
3. When do the Guidelines become effective?
Any new entity that intends to offer the services of a PA post April 1, 2020, would be subject to the said Guidelines. Thus, with effect from April 1, 2020 any new entity intending to provide PA services can only do so post authorization from the RBI.
For existing PAs, they need to apply for RBI authorization on or before June 30, 2021 and then they would be allowed to continue operations until they hear back from the RBI on their application. However, it appears unclear from the Guidelines that until such authorization has been obtained by existing PAs, whether such PAs would continue operating as per the Intermediary Directions or adopt measures and compliances under the Guidelines. This is an aspect that requires further clarity from the regulators.
4. What is the interplay between PAs and Intermediaries?
As per the Intermediary Directions, intermediaries were defined as: “all entities that collect monies received from customers for payment to merchants using any electronic/online payment mode, for goods and services availed by them and subsequently facilitate the transfer of these monies to the merchants in final settlement of the obligations of the paying customers.”
The said Intermediary Directions also stipulated compliances involving use of nodal accounts, permissible debits / credits in such nodal accounts, time periods for final settlement of funds to merchants etc. However, as per the said Intermediary Directions, entities operating as intermediaries were not required to obtain an authorization / license from the RBI for undertaking the said activities.
On the other hand, PAs under the said Guidelines appear to be a sub-set of an intermediary as they also facilitate transactions between users and merchants by pooling funds and transferring them to merchants. Thus, the question which arises is would there be any intermediaries (as per the Intermediary Directions) which would not be categorized as PAs under the said Guidelines, and if so, how would such intermediaries continue to be treated.
Going by the intent, it seems that the Intermediary Directions would be phased out once the Guidelines are fully into effect.
5. What are the key eligibility criteria for a PA to obtain RBI authorization?
6. What is the role that PAs will play in settlement of transactions going forward?
Unlike as prescribed under the Intermediary Directions wherein intermediaries are required to open a nodal account, the Guidelines prescribe that a non-bank PA maintain an escrow account with any one scheduled commercial bank for amounts collected, which the PA may also pre-fund. The escrow account cannot be used for or co-mingled with other businesses, if any, of the PA. The amounts held in the escrow account should be interest free, except under certain circumstances as maybe determined between the PA and bank.
Once the amount is deducted from a user’s account, it should be remitted to the escrow account on a ‘T’+0 or ‘T’+1 basis. Thereafter, final settlement with the merchant may take place as follows:
The escrow account should also be used to route credits towards reversed transactions and refunds.
Similar to that of a nodal account, the escrow account to be opened by PAs allows for only certain credits and debits, as follows:
7. What are the key compliances applicable to PAs?
It appears that many of the prescribed compliances as per the Guidelines are similar to those already prescribed by the RBI for payment system operators, such as e-wallet and gift card issuers, and it appears that the RBI is placing PAs on the same pedestal as such payment system providers in terms of regulation.
Also, the obligations placed on PAs vis-à-vis merchants such as conducting background checks on the merchant’s history to ensure that they do not have a history of duping customers or selling fake / counterfeit / prohibited products, appears onerous and practically difficult to implement. Although one could consider evaluating self-declarations made by merchants in this regard.
These Guidelines also bring about multiple uncertainties, such as the fate of intermediaries that do not constitute PAs and how would they continue to function, especially since these Guidelines do not specifically repeal nor clarify to what extent it would override the Intermediary Directions.
Furthermore, as previously mentioned, the Guidelines are also unclear on the position and approach that existing PAs should take prior to obtaining an authorization, i.e. whether they should continue to comply with the Intermediary Directions or comply with the Guidelines by April 1, 2020.
Given that the Guidelines propose to bring about significant changes in the e-commerce industry and would change the way online payments are structured, it may be helpful if the RBI were to issue FAQs of its own, throwing light on various uncertainties and clearly explaining the position going forward for intermediaries and PAs.
– Aaron Kamath, Huzefa Tavawalla & Gowree Gokhale
You can direct your queries or comments to the authors
1 Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11822&Mode=0. Last accessed: March 19, 2020
2 Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=5379&Mode=0. Last accessed: March 19, 2020.
3 Available at: https://m.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=943. Last accessed: March 19, 2020.
4 Read our write-up on the data localization requirements applicable to payment system operators here.