Reserve Bank of India (Regulation of Payment Aggregators) Directions, 2025: An Overview

Introduction

The Reserve Bank of India (“RBI”), in a landmark regulatory move, on September 15, 2025 issued the Master Direction on Regulation of Payment Aggregators (PA) (“Master Directions 2025”). The Master Directions 2025 consolidate earlier circulars and guidelines, rationalizing the regulation of entities aggregating payments on behalf of merchants through various payment channels. This regulatory intervention underscores RBI’s commitment to fostering innovation in fintech while safeguarding the interests of consumers and other stakeholders in the digital payments space.

Historically, the RBI had issued:

  • Guidelines on Regulation of Payment Aggregators and Payment Gateways, 2020 (“Payment Aggregators Guidelines”);
  • Amendment directive issued on March 31, 2021;
  • Regulation of Payment Aggregator – Cross Border (PA – Cross Border), 2023.

While these laid an initial framework, the growing complexity of digital payments necessitated a comprehensive and updated regulatory approach, which the Master Directions 2025 now embodies.

Salient Features of the Master Directions

 FeaturesDescription
1.        Definition and Scope of – Payment Aggregator (“PA”)The Master Directions 2025 defines a ‘Payment Aggregator’ as an entity that facilitates aggregation of payments made by customers to merchants through one or more payment channels via a merchant’s physical or virtual interface. It categorizes PAs into three distinct types:

  • PA – Physical (PA-P): Transactions with both acceptance devices and payment instruments physically present.
  • PA – Cross Border (PA-CB): Entities facilitating payment aggregation for cross-border current account transactions under foreign exchange laws of India.
  • PA – Online (PA-O): Transactions with remotely initiated payment instruments and acceptance devices.

The regulatory scope extends to all bank and non-bank entities undertaking PA business in India.

2.        Licensing Framework and Eligibility Criteria

 

  • Authorisation: Non-bank entities must obtain explicit RBI authorization via an online application. Banks conducting PA activities are exempted from fresh authorization.
  • Capital and Net-Worth: An entity seeking authorisation to commence or carry on PA business must have a minimum net-worth of ₹15 crore at the time of tendering application for authorisation; and shall attain a minimum net-worth of ₹25 crore by the end of third financial year of grant of authorisation.
  • Corporate Governance: Fit and proper criteria apply to promoters and directors, encompassing integrity, financial soundness, and absence of disqualifications such as insolvency or convictions for economic offenses.
  • Memorandum of Association: Must explicitly cover PA activities to qualify for authorization.
3.        Key Compliance Requirements

 

  • Merchant Onboarding & KYC: Due diligence obligations align with the RBI’s existing master direction on KYC, including background checks, verification through Central KYC records registry, and physical address verification for smaller merchants.
  • Escrow Account Maintenance: Non-bank PAs must maintain segregated escrow accounts with scheduled commercial banks. Cross-border PAs must have separate inward and outward collection accounts to prevent fund co-mingling.
  • Settlement Timelines: Clear, fair, and transparent settlement timelines must be documented in merchant agreements.
  • Data Security & Audits: Compliance with data security norms such as PCI-DSS (Payment Card Industry Data Security Standard) and PA-DSS (Payment Application Data Security Standard) is mandatory. PAs must conduct annual cyber security audits through CERT-In empanelled auditors and submit reports to RBI.
  • Dispute Resolution: A robust dispute management and grievance redressal framework is required, including timelines for refunds and reversal of transactions.
  • Reporting: Comprehensive periodic reporting to RBI is mandated, including net-worth certificates, escrow account certifications, transaction statistics, and changes in board composition.
4.        Restrictions, Penalties, and Enforcement
  • PAs are prohibited from conducting marketplace business.
  • No transaction limits may be imposed by the PA; this responsibility rests with issuing banks.
  • ATM pin cannot be accepted as a factor of authentication for card-not-present transactions.
  • Non-compliance attracts penalties under the Payment and Settlement Systems Act, 2007, including potential cancellation of authorization.

 

Comparative Analysis with Existing Legal Framework

The Master Directions 2025 significantly extends and clarifies regulatory requirements compared to the Payment Aggregators Guidelines:

BasisGuidelines on Regulation of Payment Aggregators and Payment Gateways, 2020Master Directions 2025
Enforcement PowersAdvisory in nature; limited explicit enforcement.Explicit enforcement powers under Payment and Settlement Systems Act, 2007; comprehensive reporting and auditing norms.
ScopeCovers both Payment Aggregators and Payment Gateways with some overlap.Focuses solely on Payment Aggregators; clarifies non-application to prepaid wallets and marketplace operations.
Technology and Data SecurityAdvisory recommendations.Mandatory technology infrastructure standards, data security audits, and empowered dispute resolution mechanisms.

 

Impact on Stakeholders

Payment Aggregators

  • Face increased compliance costs due to licensing, capital, and extensive audit and reporting requirements.
  • Must invest in enhanced governance structures and merchant due diligence.
  • Greater regulatory certainty, but also a heavier operational and legal burden.

Merchants & E-commerce Platforms

  • More rigorous onboarding procedures with enhanced KYC and monitoring.
  • Guaranteed transparency on settlement timelines and fund flow.
  • Stricter risk and fraud management obligations with potential impact on transaction speeds.

Consumers

  • Improved protection through explicit dispute resolution frameworks.
  • Enhanced transparency on charges and refunds.
  • Stronger data protection standards reduce exposure to fraud and data breaches.

Investors, VCs, and Fintech

  • Clear regulatory framework reduces uncertainty, aiding investment decisions.
  • Business model recalibrations are required to meet capital and compliance norms.
  • Opportunities to innovate within a stable compliance ecosystem.

Legal and Commercial Considerations

  • The regulation raises interpretational issues regarding hybrid PA models combining cross-border and domestic activities.
  • Possible overlaps or conflicts with state-level laws and sectoral regulations (e.g., e-commerce and data protection statutes) need navigation.
  • The framework sets the stage for India’s payments ecosystem evolution towards greater regulatory oversight, balanced with fintech innovation.

Conclusion

The Master Directions 2025 strikes a pragmatic balance between fostering innovation in digital payments and ensuring robust consumer protection. Its comprehensive due diligence, governance, and audit requirements, while demanding, are necessary to mitigate risks inherent in growing fintech operations. Stakeholders should focus on establishing meticulous compliance and governance frameworks to adapt smoothly to these changes.

Key takeaways include early application for authorization by non-bank PAs, reassessment of operational systems for segregation of funds and data security, and the institution of transparent merchant onboarding and grievance mechanisms.

Categories

Service Offerings

Contact Us

    burgeon law white logo

    Burgeon Law has merged with IC RegFin Legal

    As we complete ten years, here’s our next big milestone.
    We’re proud to share that Burgeon Law has merged with IC RegFin Legal (“RegFin”). Our team joins a combined platform of 150+ lawyers and 22 Partners across Mumbai, Delhi, Bengaluru, and GIFT City, Gandhinagar, enhancing full-service capabilities across financial services regulation and VC–PE/M&A transactions.
    Visit IC RegFin Legal at https://regfinlegal.com/
    Redirect