The Central Bank has emphasized that only professionally must be managed and must adhere to a ‘fit and correct’ criteria for promoters and directors. Every acquisition or change in management must be reported to the central bank within 15 days.
The Reserve Bank of India (RBI) has rolled out detailed legal guidelines for payment aggregators and recommended basic standards for basic line technology for payment gateways (PGs) to guarantee safety, transparency and resilience in the fast -growing ecosystem of digital payments.
The Central Bank, entitled in its notification “guidelines for the regulation of payment aggregators and payment gateways,” said that although PA’s are treating funds and therefore requires direct regulations, PGS will be treated as technology suppliers and will be encouraged to comply with prescribed security supplies.
According to the RBIS guidelines, non-banking PA’s RBI authorization must ask under the act of payment and Settlement Systems, 2007. Such entities must be included in India and a minimum net value of £ 15 crore must be retained at the time of application, which must be increased to £ 25 Crore by the end of the third financial year. This net-worthy requirement must then be maintained at all times.
Existing players were allowed to work, while banks offer PA services as part of their normal banking functions are exempt from individual authorization.
The Central Bank has emphasized that only professionally must be managed and must adhere to a ‘fit and correct’ criteria for promoters and directors. Every acquisition or change in management must be reported to the central bank within 15 days.
Every agreement between PAs, traders and the acquisition of banks must clearly define responsibilities, including dispute resolution, reimbursement processes and recovery mechanisms for customer complaints. PAs must designate a junction officer to supervise compliance with the regulations and handling customer complaints.
To protect the interests of the customer, the guidelines for the Central Bank make it mandatory to perform background controls of traders to prevent fraud, forged sale or prohibited product entries. They must also ensure that traders meet the data security standards of the payment card industry (PCI-DSS). Funds collected by Pas from customers must be kept on an Escrow account with a planned commercial bank. PA activities must differ from other companies and all settlements must be led through the Escrow mechanism.
The Central Bank has also emphasized strong risk management systems to watch against fraud. PAs are required to set up robust IT and data security infrastructure, with mandatory annual security audits by certified empaneled auditors. They must also immediately report cyber incidents to RBI and Cert-in.
The guidelines repeated that customer card data should not be stored by Pas or Merchants, and all repayments must be made to the original payment method unless explicitly agreed otherwise by the customer.
Published on September 16, 2025
#RBI #rolls #extensive #framework #payment #aggregators #gateways #stimulate #ecosystem #digital #payment