How Can We Meaningfully Regulate Payment Gateways and Aggregators?
A renewed approach towards regulating key intermediaries in a payments transaction
Summary: This is a submission to the Reserve Bank of India on its proposed regulatory framework for Payment Gateways and Aggregators.
What are payment gateways and aggregators?
Payments made online are facilitated by intermediaries such as payment gateways and aggregators which act as a bridge between merchants and customers. A payment aggregator accepts payments from customers on behalf of the merchant and transfers that amount to the merchant’s account. A payment gateway is a technology infrastructure provider that routes transactions without actually handling any funds.
What did the RBI discussion paper cover?
The Reserve Bank of India (RBI) published the discussion paper on Guidelines for Payment Gateways and Payment Aggregators (“Discussion Paper”) with a view to review and update its indirect regulation of payment gateways and aggregators, particularly due to rapid changes in India’s payment systems.
The Discussion Paper highlighted gaps in regulation (since updated) which included concerns regarding a redressal mechanism for customers, a need for the clear demarcation of roles among merchants and customers, managing customer data, and separating the activities of e-commerce sites which provide aggregation services to avoid dual regulation. At the same time, the RBI noted that no major complaint had been received (from stakeholders, including consumers) regarding its regulatory regime.
Based on these concerns, the RBI provided three detailed regulatory options:
(1) continuing with the extant instructions, with added clarifications on applicability (“Option 1”);
(2) limited regulation with a phased licensing/registration framework and off-site monitoring, i.., (“Option 2”);
(3) full and direct regulation, bringing payment gateways and aggregators under the Payment and Settlement System Act, 2007 (“PSS Act”) that provides for regulation of payments system in India, with both on-site and off-site monitoring (“Option 3”).
Vidhi’s key submission*
Need for a Renewed Approach for regulating payment systems: Vidhi argues that the ever-evolving payments landscape in India calls for a renewed regulatory approach to realise its true potential. Since the enactment of the PSS Act almost a decade ago, the payments landscape in India has undergone a massive transformation with the emergence of new players and business models. These developments necessitate a renewed regulatory approach for payment services in India that must be risk-based and that strikes a fine balance between policy priorities of securing financial stability, promoting innovation and competition in the payments ecosystem, and protecting consumers.
Vidhi’s specific comments on the RBI Discussion Paper
Based on a review of the three options proposed by RBI, Vidhi recommends the adoption of Option 3 and amendment of the PSS Act. Vidhi argues that adopting Option 3 will empower the RBI to exercise direct oversight over payment gateways and aggregators. Moreover, such an approach is proportionate and risk-based and is in line with international best practices. Vidhi emphasises that Option 3 must be adopted subject to certain considerations, details of which are provided below.
|Provision of technical services||Based on a study of the nature of services provided by payment gateways and payment aggregators, a clarification may also be considered for entities that solely provide technical services without any access to consumer funds. In jurisdictions, like UK and Singapore, the law makes a distinction between payment service providers that provide payment services and technical service providers that only provide technological support without any access to consumer funds. Such technical service providers outside the ambit of the regulatory prescriptions in the law.|
|Regulatory prescriptions for banks||While banks providing payment gateway services may be exempted from obtaining authorisation under the PSS Act, they should be required to obtain an approval/no objection certificate from the RBI for the purposes of providing such services. Additionally, such banks should be required to comply with specific requirements, including provisions relating to technical requirements, submission of information, reports,|
|Safeguarding of funds||Vidhi agrees with the RBI’s suggestion of maintaining escrow accounts for fund management.|
|Merchant on-boarding||RBI Discussion Paper provides that payment aggregators must undertake background and antecedent check of the merchants to ensure that such merchants do not have any malafide intention of duping customers, do not sell fake, counterfeit, prohibited products, etc. Such requirements to conduct background and antecedent check (over and above the proposed anti-money laundering and know your customer requirements) can be interpreted to be an onerous and broad requirement.|
*Please note that the RBI has since issued guidelines to regulate Payment Aggregators and Payment Gateways