JSA Prism | FinTech | September 2025

Please click here to download the Prism as a PDF.

Legal and regulatory analysis of the Reserve Bank of India’s Master Direction on Payment Aggregators

The Reserve Bank of India (“RBI”) released the new Master Directions on the Regulation of Payment Aggregators (“PAs”), effective September 15, 2025 (“New PA Directions”). This move, which follows public consultations on draft PA amendments released in April 2024 (“Draft PA Amendments”), aims to rationalise regulations and bring more clarity to the sector. The New PA Directions supersede previous guidelines (“2020 PA Directions”), including those for online PAs (“PA-O”) and Cross-Border PAs (“PA-CB”).

PA categories and definitions

1. New provision: The distinction between different types of PAs has been formalised. The New PA Directions introduce 3 (three) distinct categories of PAs, aiming to bring all modes of payment aggregation under a single regulatory umbrella.
   • PA-Physical (“PA-P”): A PA that facilitates transactions where both the payment acceptance device and the payment instrument are physically present and in close proximity.
   • PA-O: A PA that facilitates transactions where the acceptance device and payment instrument are not in close proximity.
   • PA-CB: A PA that facilitates aggregation of cross-border payments for current account transactions for its onboarded merchants.
2. What has changed: The Draft PA Amendments first introduced the concepts of PA-P and PA-O to extend PA regulation to offline payments. The New PA Directions elaborate on this by clarifying that the ‘acceptance device’ and ‘instrument’ must be in close proximity for a transaction to be classified as physical. The definitions of PA-CB have also been clarified, with specific exclusions for AD Category-II non-banks and card network-settled transactions.
3. Practical implication: While this distinction clarifies the regulatory scope, it introduces a grey area in the context of mobile-based payments like UPI QR codes. For instance, a QR code displayed on a phone in a physical store would likely be considered a PA-P transaction, as the acceptance device (the merchant’s phone) and the instrument (the customer’s phone) are in close proximity. However, an SMS link with a QR code sent to a customer’s phone for payment later could be considered a PA-O transaction, as the proximity element is absent. The New PA Directions do not provide specific guidance on such hybrid use cases, leaving some room for interpretation.

Authorisation and capital requirements

1. New provision: All non-bank entities are required to apply for authorisation as a PA. For PAs who already have a Certificate of Authorisation (“COA”) from the RBI, must intimate RBI for the following:
   • if the entity is already conducting PA-P business, it must formally intimate the RBI. The timeline for such intimation is not specified; and
   • if the entity wishes to start a new type of PA business (e.g., PA-O or PA-CB), then it must intimate the RBI at least 30 (thirty) days before commencing the new business.If an entity’s application for a PA-O or PA-CB COA is currently under consideration by the RBI, it must inform the RBI about any existing PA-P business. This intimation must be done through the online portal by December 31, 2025.
2. Specifics for entities only in PA-P business: If the entity only performs PA-P business, it must apply for COA as a PA by December 31, 2025. Failure to apply by this deadline will result in a mandatory winding up of business. The entity must immediately inform its banker(s) and cease all business operations by February 28, 2026.
3. Practical implication: The lack of a specific timeline for existing PAs with a COA to intimate the RBI about their PA-P business could be a point of ambiguity, although the broader deadline of December 31, 2025, for authorisation applications likely applies. This move brings all PA activities, including physical payments, under a regulated and consistent capital framework.

Third-party payouts

1. New provision: A PA is permitted to make a payment to a third party at the specific direction of a merchant. This is only allowed if 2 (two) conditions are met:
   • the merchant has a physical or online presence with an annual turnover of over INR 40,00,000 (Indian Rupees forty lakh) or an annual export turnover of more than INR 5,00,000 (Indian Rupees five lakh); and
   • the third party is the actual “payee that interfaces with the payer for the underlying transaction”.
2. What has changed: The New PA Directions mark a significant shift in the RBI’s position in the Draft PA Amendments on third-party payouts, allowing them under specific, qualified conditions. The Draft PA Amendments had expressly banned third-party payouts. In response to specific stakeholder feedback, the RBI has decided to allow third-party payouts subject to certain restrictions.
3. Practical implications: This provision appears to permit specific use in cases where a merchant directs a PA to settle funds directly to a third party. The phrase “interfaces with the payer” is crucial, defining the scope of these settlements. This new rule seems to allow for settlements to entities that directly interact with the customer (the payer) for the delivery of goods or services. A classic example is a marketplace or travel aggregator model.
   • Scenario: A customer pays an e-commerce platform (the merchant) for a product sold by a third-party seller. The PA, which has a contract with the e-commerce platform, can now settle the funds directly into the seller’s bank account.
   • Key distinction: Previously, PAs could settle to any third party based on the merchant’s instructions. However, the New PA Directions impose a critical condition, wherein the third party must be the one who “interfaces with the payer”. This narrows the scope of permitted debits. Additionally, the instructing merchant must meet the specific annual turnover requirement.Importantly, other broader use cases, such as a merchant using a PA to pay its vendors or employees, are not permitted under New PA Directions. The phrase “interfaces with the payer” seems to explicitly exclude these scenarios.

     Notably, Chapter IV, Paragraph 13(g) of the New PA Directions states that funds due to a merchant should be credited only to the merchant’s own bank account. This appears to be a drafting oversight that directly contradicts the explicit permission for third-party payouts found under ‘permitted debits’ in Chapter V, Paragraph 16a of the New PA Directions. This contradiction could create confusion regarding the correct application of the rules.

PA partnering with another PA

The New PA Directions clarifies the regulatory position on PAs partnering with one another, a crucial development that validates and formalises certain industry practices.

1. New provision: The New PA Directions explicitly permit a PA to partner with another PA for specific functions, such as merchant due diligence and settlement. This provision introduces a clear framework for a PA contracting with another PA, which supports the industry practice of PA-to-PA arrangements.
2. What has changed: In the Draft Amendments, the RBI had stated that for a payment transaction facilitated by 2 (two) or more authorised PAs, all PAs in the transaction chain would be subject to the RBI’s instructions. This has been diluted in the New PA Directions, which now clearly delegates the due diligence and Know Your Customer (“KYC”) responsibility to the PA that directly onboards the merchant. The New PA Directions also explicitly list ‘Payment to another PA or PA-CB’ as a permitted debit from the escrow account, formal recognition of inter-PA fund flows.
3. Practical implications:
   • KYC and due diligence: The New PA Directions clarify that the PA directly onboarding a merchant is solely responsible for its due diligence and KYC, even if the primary PA is the one managing the payment flow. This aligns with existing market practice where a primary PA receives the KYC records from a sub-aggregator.
   • Formalised fund flow: The explicit inclusion of inter-PA payments as a permitted debit from the escrow account provides a formal regulatory basis for such arrangements. This addresses the practical need for fund flow between aggregators in complex transactions, such as when a domestic PA uses a cross-border PA to facilitate an international payment.
   • No Dual KYC: As a result of this clarification, both PAs in a partnership do not need to perform due diligence and KYC on the same merchant, which reduces operational redundancy and cost. However, other compliances still apply to both PAs.

PA merchant agreement

1. New provision: The New PA Directions state that the agreement between a PA and its merchants must be ‘fair and equitable’ and transparently mention the settlement timelines.
2. What has changed: Earlier, settlement timelines were prescribed by the RBI. Now, while the RBI has specified a high-level framework, the exact timelines are to be determined and agreed upon in the merchant agreement itself.
3. Practical implications: This gives merchants a stronger position to negotiate better terms and settlement schedules with PAs, as the agreement is now legally required to be fair and equitable. This provides greater flexibility and control to the merchant over their cash flow.

Merchant due diligence and KYC

1. New provision: The New PA Directions mark a significant shift in merchant due diligence and KYC for PAs. The new rules are more uniform and robust, ending previous exemptions and introducing a mandatory, tiered approach that balances strict compliance with the needs of small businesses. A 2 (two) step approach to merchant verification has been introduced:
   • Mandatory Central KYC Records Registry (“CKYCR”) integration: PAs are now required to retrieve merchant KYC records from the CKYCR. It appears that this step aims to streamline verification and ensure a centralised, consistent approach to identity management.
   • Alternative verification: If a merchant’s records are not available in the CKYCR, PAs can conduct due diligence through alternative mechanisms outlined in the KYC Master Direction. This includes using e-KYC with Aadhaar, offline Aadhaar verification, or verifying Officially Valid Documents (“OVDs”) such as e-Permanent Account Number (“PAN”) or documents from DigiLocker.
     For smaller merchants, the New PA Directions provide a simplified KYC process, though its specific application is not entirely clear. A simplified Customer Due Diligence (“CDD”) process can be adopted for merchants with an annual turnover of up to INR 40,00,000 (Indian Rupees forty lakh) (or export turnover not exceeding INR 5,00,000 (Indian Rupees five lakh).
2. What has changed: Previously, PAs were exempt from performing mandatory CDD on merchants. This was due to the 2020 PA Directions, and the subsequent clarifications issued thereunder, which did not consider a PA-merchant relationship to be an ‘account-based’ relationship – one that would necessitate full CDD. The New PA Directions remove this exception and make CDD mandatory for all merchants, which in turn mandates PA’s integration with CKYCR. PAs must now CDD on their merchants in accordance with the KYC Master Direction.
   For smaller merchants, while the Draft PA Amendments had different simplified KYC standards for ‘small’ (i.e. turnover of less than INR 5,00,000 (Indian Rupees five lakh) and ‘medium’ (i.e. turnover of less than INR 40,00,000 (Indian Rupees forty lakh) merchants, the New PA Directions appear to consolidate and toughen these requirements. Now, for all merchants under the INR 40,00,000 (Indian Rupees forty lakh) turnover threshold, the simplified KYC requires:
   • contact point verification;
   • Verification of an OVD; and
   • PAN verification.
3. Practical implication: While the New Directions provide welcome thresholds for simplified KYC, they do not clarify the method of verification for a merchant’s turnover. The obvious question is whether PAs are expected to independently verify the turnover or if a declaration from the merchant would suffice. Furthermore, the New Directions do not address the scenario where a merchant’s turnover increases mid-way through the relationship, crossing the INR 40,00,000 (Indian Rupees forty lakh) or INR 5,00,000 (Indian Rupees five lakh) These ambiguities could impact a PA’s ability to manage its KYC compliance program effectively and may also have a direct bearing on the third-party payout rule for these merchants, which is also tied to turnover thresholds.

Oversight on merchant-displayed information

1. New provision: The New PA Directions state that a PA must ensure that any charges, other than the price of goods, services, or investment amount, charged by a merchant are distinctly displayed to the payer prior to the transaction.
2. Practical implication: This raises a crucial question as to the extent of a PA’s oversight. While this obligation can be factored into a merchant agreement, a PA’s control and visibility typically begin at the checkout page, after the merchant has already displayed the final price and any additional charges. This creates an operational challenge, as a PA cannot feasibly monitor every aspect of a merchant’s website or physical point of sale to ensure compliance with this provision. Without real-time pre-checkout monitoring capabilities, a PA’s ability to enforce this rule is limited.

PA-CB specific provisions

1. New provision: The New PA Directions consolidate previous circular on cross-border payments into a single document. They explicitly state that PA-CB funds for inward and outward transactions must be kept separate, with no co-mingling or netting off permitted. The maximum value per transaction for a PA-CB has been changed from ‘per unit of goods or services’ to a single limit of INR 25,00,000 (Indian Rupees twenty-five lakh) per transaction, which can be onerous for cross-border PAs.
2. What has changed: The explicit prohibition of co-mingling of funds and netting off for inward and outward transactions is a new provision that formalises a practice already understood and followed by the industry. The change in the transaction value limit from ‘per unit’ to ‘per transaction’ appears to be a significant change that could impact merchants selling multiple high-value items in a single transaction.
3. Practical implications: The New PA Directions further state that a “payment transaction shall be identified as a cross-border transaction”. This seems to suggest that the entire payment ecosystem, including the PA-CB, its acquiring bank, and the payment service providers, must be able to recognise and flag these transactions to ensure proper handling and reporting. While this is already an existing practice for Export Data Processing and Monitoring System/Import Data Processing and Monitoring System reporting, the provision’s inclusion in the New PA Directions makes it a formal regulatory requirement.

Conclusion

The New PA Direction is a significant step towards consolidating and standardising regulations for the growing payments industry. It addresses many of the ambiguities from the Draft PA amendments, particularly regarding third-party payouts, capital requirements, and due diligence for smaller merchants. While it provides welcome clarity and formalises existing market practices, certain areas, such as the classification of hybrid physical/online transactions and the wording around simplified KYC, still have elements of ambiguity that may require further clarification from the RBI or a test of time through industry practice.

This Prism is prepared by:

Probir Roy Choudhary Partner

Yajas Setlur Partner

Shivani Bhatnagar Senior Associate

For more details, please contact [email protected]