Here’s a concise summary based on the draft circular for Payment Aggregators (PAs) issued by the Reserve Bank of India (RBI):
Objective: The circular aims to introduce amendments to the Payment Aggregators (PA) framework.
Some Key Points of the draft circular:
-
- Risk Management: PAs must implement robust risk management practices, including monitoring and mitigating risks associated with transactions.
- Merchant Onboarding: PAs should ensure thorough due diligence while onboarding merchants.
- Transaction Limits: PAs must set transaction limits for merchants based on their risk profiles.
- Escrow Account: PAs must maintain an escrow account with a scheduled commercial bank.
- Security Measures: PAs should enhance security measures to prevent unauthorized access and fraud.
- Reporting Requirements: PAs need to submit quarterly reports to the RBI.
- Compliance: PAs must comply with these amendments by the specified deadlines.
We have compiled a comprehensive checklist based on the draft circular. Let’s break down the points:
- Merchant Categorization:
- It’s essential to categorize merchants based on their annual business turnover and GST registration status. This classification helps tailor due diligence efforts appropriately.
- Assign Customer Due Diligence (CDD) measures, checks, and verification processes based on the merchant’s category.
- Merchant Onboarding:
- Small Merchants
- Conduct Contact Point Verification (CPV)for the business establishment.
- Verify the bank account where merchant funds are settled.
- Medium Merchants:
- Perform CPV for the business establishment.
- Obtain at least one Officially Valid Document (OVD) for the proprietor, beneficial owner, or person holding power of attorney.
- Obtain one OVD for the business itself.
- Video-based Customer Identification Process (V-CIP):
- Use assisted V-CIP with an agent facilitating the process at the merchant’s end.
- Maintain records of the assisting agent.
- Risk-based Payment Limits:
- Set payment limits for onboarded merchants based on risk profiles.
- Display Requirements:
- Ensure that web pages and charge slips display both the legal name of the merchant and the Payment Aggregator (PA).
- Ongoing Merchant Monitoring:
- Continuously monitor transaction activity for all merchants.
- Upgrade the level of CDD based on transaction patterns.
- Verify that merchant transactions align with their stated business profile.
- For marketplaces, ensure they do not handle funds for services not offered through their platform.
- Compliance:
- Adhere to wire transfer guidelines outlined in the Master Direction on Know Your Customer (MD-KYC).
- Non-bank PAs should register with the Financial Intelligence Unit-India (FIU-IND)and provide necessary information.
- Due Diligence Timeline for Existing Merchants:
- Authorized PAs and PAs without banking licenses must complete due diligence for existing merchants (both online and physical) by September 30, 2025.
- Audit Review:
- Internal Audits:
- PAs should conduct regular internal audits to assess compliance with the circular’s provisions.
- These audits help identify gaps, weaknesses, and areas for improvement.
- Ensure that audit findings are documented and addressed promptly.
- External Audits:
- Engage external auditors to perform independent reviews.
- External audits provide an objective assessment of PA operations.
- Address any audit recommendations promptly.
- Reporting Requirements:
- Quarterly Reports:
- PAs must submitquarterly reports to the RBI.
- These reports should cover various aspects, including transaction volumes, merchant onboarding, risk management, and compliance.
- Ensure accuracy and timely submission.
- Incident Reporting:
- PAs should promptly report any security incidents, data breaches, or operational disruptions to the RBI.
- Maintain incident logs and follow incident response protocols.
- Annual Compliance Certificate:
- Obtain an annual compliance certificate from the auditor.
- The certificate attests to the PA’s adherence to regulatory requirements.
- Submit the certificate to the RBI within the stipulated timeframe.
For detailed information, you can refer to the full circular on the RBI website. This update is crucial for the financial ecosystem, and I recommend staying informed about its implications. 📰💼