WHAT ARE PAYMENT AGGREGATORS AND PAYMENT GATEWAYS?
The Reserve Bank of India (‘RBI’), in its Guidelines on Regulation of Payment Aggregators and Payment Gateways [1] (‘PAPG Guidelines’), has defined Payment Aggregators (‘PAs’) as entities that facilitate merchants in accepting payments from customers, without the merchants needing to create a payment system of their own. They receive payments from customers, pool the funds, and then transfer the funds to the merchant on a pre-decided timeline, easing operations for the merchant. Thus, PAs act as a bridge between the merchants and the customers.
Payment Gateways (‘PGs’) are also defined under the PAPG Guidelines. Payment Gateways means entities that provide the technological infrastructure to facilitate online payment transactions, without any involvement in the handling of funds.[2] Thus, the two intermediaries have been distinguished on the basis of the function they serve, and accordingly, whether one handles funds or not. Examples of Payment Aggregators are Pine Labs, Razorpay and Stripe, and those of Payment Gateways are PayUbiz, Citrus Pay and CCAvenue.[3]
The Guidelines on Regulation of Payment Aggregators and Payment Gateways came into effect from 1st April 2020.[4] Along with the PAPG Guidelines, the RBI also released Baseline Technology-related Recommendations – which PAs are required to adopt, and PGs are suggested to adhere to (as a measure of good practice), as per Clause 2.1 of the PAPG Guidelines.
PAs may be either banks or non-banks but must be a company incorporated in India, under the Companies Act, 1956/2013, whose Memorandum of Association must cover the proposed activity of operating as a PA.[5] When the PAPG Guidelines came into effect, non-bank PAs existing as of the date were required to apply to RBI for authorization under the Payment and Settlement Systems Act, 2007, by 30th June 2021. Those already in operation were allowed to continue, till they receive communication from RBI regarding the fate of their application.[6] Although it has been reported that RBI has returned a large number of PA license applications[7], the RBI has since clarified the primary reason for such rejections through an official Notification.[8] Additionally, the RBI has allowed another window for applying to all such PAs, for which the deadline is 30th September 2022. Moreover, such PAs have been permitted to continue their operations till they receive further communication from RBI.
MULTIFACETED EFFECTS OF THE DIGITAL LENDING GUIDELINES ON PAYMENT AGGREGATORS IN INDIA
The RBI on 2nd September 2022 released the much-awaited Guidelines on Digital Lending (‘DL Guidelines’).[9] The DL Guidelines are based on a report[10], submitted by the Working Group on ‘digital lending including lending through online platforms and mobile apps’ (‘Working Group’)[11], which is available on the RBI website. Prior to releasing the DL Guidelines, the RBI had already accepted certain recommendations of the Working Group for immediate implementation (‘preliminary recommendations’) on 10th August 2022.[12]
‘Digital lending’ is defined under the DL Guidelines as an automated lending process, conducted remotely, and majorly through the use of seamless digital technologies, in customer acquisition, the credit assessment, loan approval, disbursement, recovery, and associated customer service.[13]
The Press Release in which the preliminary recommendations were accepted, categorically states that the principle on which the regulatory framework is based, is that: lending business can be carried out only by entities that are either regulated by the RBI, or entities permitted to do so under any other law. It is also stated that the regulatory framework is focused on the digital lending ecosystem, which includes RBI’s Regulated Entities [14] (‘REs’), as well as the Lending Service Providers (‘LSPs’) engaged by REs for credit facilitation services.[15]
‘LSPs’ are defined under the DL Guidelines as an agent of a Regulated Entity, who carries out, partially or wholly, one or more of the RE’s functions, for a fee from the RE. Examples of such functions are: customer acquisition, underwriting support, pricing support, disbursement, servicing, monitoring, collection, and recovery of specific loan or loan portfolios. It is prescribed in the definition itself, that these functions should be carried out in conformity with extant outsourcing guidelines issued by the RBI.[16]
As per the foregoing definition, Payment Aggregators would be considered Lending Service Providers. Accordingly, PAs are now obliged to conform to the Digital Lending Guidelines, in order for REs to be able to avail of their services. It is pertinent to note that the onus for ensuring implementation of the DL Guidelines by an LSP, will rest with the Regulated Entity which has engaged the LSP. Moreover, any kind of outsourcing arrangement involving a RE and an LSP or a Digital Lending App (‘DLA’), shall be subject to the RBI’s extant guidelines on outsourcing.[17]
REGULATED ENTITIES TO HAVE A DIRECT LINK WITH PAYMENT AGGREGATORS
Before the Digital Lending Guidelines were released, Regulated Entities were common to route loan disbursements through Fintech, which would then instruct the Payment Aggregator to make the payment to the merchant. These funds would, in some cases, hit the borrower’s bank account, and in other cases, the funds would directly be transferred to the merchant as payment on behalf of the borrower. This mechanism is no longer permitted under the DL Guidelines.
Clause 3 of the DL Guidelines prohibits REs from making loan disbursals to a third-party account, including the accounts of LSPs and their DLAs.[18] This means that all loan servicing, repayment, etc., shall be executed by the borrower directly in the RE’s bank account, without the funds passing through, or pooling into, the account of any third party. Additionally, all the loan disbursements too shall always be made into the bank account of the borrower, and not directly paid to the merchant.
In essence, the DL Guidelines mandate that an RE should own and have control over the account from which the loan is disbursed, and such a loan is to be disbursed to the account of the borrower. Thus, a RE is now required to have a direct link with the PA – the RE should be the holder of the PA’s nodal account (from where disbursement is made), and only the RE should be able to issue an instruction to the PA, for disbursement of monies from such a nodal account.
After the preliminary recommendations were accepted by the RBI on 10th August 2022. [19] It was reported that PAs are likely to approach RBI regarding the accepted recommendations by the Working Group, with certain reports claiming that the need for intermediaries, such as PAs, has been eliminated altogether.[20] On this issue, it would seem that only the operation of acting as a pass-through or pooling account has been dispensed with. A Regulated Entity should now be a direct customer of the Payment Aggregator, who will render services to the RE, without the presence of any intermediary, such as a Fintech, between the two.
This is not to say that a smooth road for REs lies ahead. In light of the Hon’ble Supreme Court judgment in Vijay Mandanlal v. Union of India (‘PMLA judgment’), the power of search, seizure and investigation has been expanded significantly under the Prevention of Money Laundering Act, 2002, raising concerns for Regulated Entities.
THE RISK OF WHITE-COLLAR CRIMES IN THE DIGITAL LENDING ECOSYSTEM
The Report of the Working Group on Digital Lending including Lending through Online Platforms and Mobile Apps highlights several issues with the current framework of digital lending in the country, and identified three areas that require regulatory/supervisory interpositions [21]; within the said areas, money laundering was determined as a concern.[22] In this regard, the Report makes reference to a BIS paper[23], wherein it was recommended that for concerns such as anti-money laundering/combating the financing of terrorism (‘AML/CFT’), an activity-based approach[24] may be needed to achieve the primary policy goals, as opposed to an entity-based approach[25]. Moreover, on a comparative study of the regulation of Fintech in various countries, the Report of the Working Group states that anti-money laundering requirements are a priority for regulators in many countries.[26]
Money laundering is specifically prohibited under Section 3 of the Prevention of Money Laundering Act, 2002 (‘PMLA’). The offence of ‘money laundering’ itself is defined under the same Section 3, and the punishment for the offence is prescribed under Section 4. The Hon’ble Supreme Court, in the PMLA judgment, upheld the provisions under the PMLA, which relate to the power of the Directorate of Enforcement (famously known as the ‘ED’) to arrest, attach, search and seize. The Apex Court also held that the term ‘investigation’ under PMLA, does not limit itself to the matter of investigation concerning the offence of money laundering, and instead expanded the term to be interchangeable with the function of ‘inquiry’ to be undertaken by the Authorities under the Act.
The ED is presently inquiring into Fintech companies for alleged breaches of PMLA, and in particular, for links with Chinese betting apps. Cases such as these demonstrate the need for targeted regulation in the digital lending ecosystem, particularly because it is a growing industry, and any gaps in regulation may provide leeway for criminal proceeds to enter and exit the system undetected.
Aside from the crime of money laundering, there are other vulnerabilities that the digital lending space, and the financial sector in general, is exposed to due to the absence or insufficiency of regulation. Cybersecurity breaches present in Fintech products can be abused to facilitate crimes, which are not adequately covered under the Information Technology Act, 2000. These are some of the more points that need to be addressed so that in a growing economy like that of India, one can witness the growth of the Digital Lending space also.
Moreover, the ED is also investigating companies in the business of digital lending, for breaches under the Foreign Exchange Management Act, 1999 (‘FEMA’). The ingress and egress of foreign exchange in India are regulated as per FEMA. Aside from the issue of high rates of interest being levied by such companies, which are then allegedly illegally remitted outside of India, there is also the concern of consumer data from India being sent and used abroad.[27]
CONCLUSION
The use of digital payment and digital lending services has increased with the growth in access to the internet, and as seen during the Covid-19 pandemic, such services provide significant support and value. The RBI released the preliminary accepted recommendations on digital lending, with a view to preserving the general public’s confidence in the digital lending ecosystem[28] – a measure which should be welcomed, for its potential to streamline the future of digital lending.
Even when the Working Group on ‘digital lending including lending through online platforms and mobile apps was first constituted on 13th January 2021, the RBI recognized that digital lending has the potential to make access to financial products and services more fair, efficient and inclusive. However, as a regulator, RBI also acknowledged the need for a balanced approach to be followed, so that the regulatory framework supports innovation, while also ensuring data security, privacy, confidentiality and consumer protection.[29] These considerations are prioritized by the RBI in the Digital Landing Guidelines released on 2nd September 2022.
However, as already mentioned, it was reported that PAs are likely to approach RBI regarding the preliminary recommendations accepted by RBI.[30] At the time of writing this article, it remains unclear whether there are PAs who are still dissatisfied with the Digital Lending Guidelines that have been released after acceptance of the preliminary recommendations by RBI. Additionally, there are reports of Fintech companies who have begun restructuring their business model(s) to accommodate and adhere to the preliminary recommendations accepted by RBI [31], and in an industry that thrives on innovation, the DL Guidelines may prove to be a necessary direction to stakeholders.
Moreover, in an industry where there are several business models – some of which are novel in themselves – a recognition of certain basic activities that need to be regulated is important, to ensure that consumer rights and interests are protected, irrespective of how small the activity may be, in comparison to an entity’s composite business model. Protection of consumer rights will have to be balanced by Regulated Entities, with their interests, in light of the exposure they face in the commission of white-collar crimes. In this regard, transactions will have to be structured in a way that there exists a firewall, to safeguard the RE from accountability.
[1] Reserve Bank of India, Guidelines on Regulation of Payment Aggregators and Payment Gateways, DPSS.CO.PD.No.1810/02.14.008/2019-20 dated March 17, 2020, guidelines for the regulation of Payment Aggregators (PAs) and Payment Gateways(PGs).
[2] See Clauses 1.1.1 and 1.1.2 of Guidelines on Regulation of Payment Aggregators and Payment Gateways in Note 1.
[3] It has been reported that Pine Labs, Razorpay and Stripe have recently received in-principle approval for payment aggregator licences by the Reserve Bank of India, see RBI clears payment aggregator licence for Razorpay, PineLabs & Stripe | Business StandardNews.
[4] Except for certain activities, for which specific effective dates were mentioned separately.
[5] See Clauses 3.2 and 3.3 of the Guidelines on Regulation of Payment Aggregators and Payment Gateways in Note 1.
[6] See Clause 3.4 of the Guidelines on Regulation of Payment Aggregators and Payment Gateways in Note 1.
[7] Arti Singh for The Mint, Declined: RBI returns a large number of payment aggregator licence applications | Mint, July 7, 2022; see also, Tarush Bhalla & Saloni Shukla for the Economic Times, RBI lens on companies seeking payment aggregator licence – The Economic Times, April 25, 2022; see also, ET Now, RBI to reject payment aggregator licence of fintechs like Mobikwik? April 25, 2022.
[8] Reserve Bank of India, Regulation of Payment Aggregators – Timeline for submission of applications for authorization – Review, CO.DPSS.POLC.No.S-761/02-14-008/2022-23 dated July 28, 2022, RBI Notification.
[9]Reserve Bank of India, Guidelines on Digital Lending, DOR.CRE.REC.66/21.07.001/2022-23 dated September 02, 2022, https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12382&Mode=0.
[10] Reserve Bank of India, Report of the Working Group on Digital Lending including Lending through Online Platforms and MobileApps, November 18, 2021, Reserve Bank of India – Reports.
[11] Reserve Bank of India, Reserve Bank constitutes a Working Group on digital lending including lending through online platforms and mobile apps, Press Release: 2020-2021/934 dated January 13, 2021, https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=50961.
[12] Reserve Bank of India, Recommendations of the Working group on Digital Lending – Implementation, Press Release: 2022-2023/689 dated August 10, 2022, Press Release.
[13] See Footnote No. 2 of Reserve Bank of India, Recommendations of the Working group on Digital Lending – Implementation at Note 12.
[14] All Non-Banking Finance Companies (NBFCs), Miscellaneous Non-Banking Companies (MNBCs) and Residuary Non-Banking Companies (RNBCs). All authorised persons (APs) including those who are agents of the Money Transfer Service Scheme (MTSS), regulated by the Regulator.
[15] Reserve Bank of India, Recommendations of the Working group on Digital Lending – Implementation at Note 12.
[16] Clause 2.5 of Reserve Bank of India, Guidelines on Digital Lending at Note 9.
[17] Reserve Bank of India, Guidelines on Digital Lending at Note 9.
[18] This is a general prohibition; such disbursals are not allowed, except as provided for under the Digital Lending Guidelines.
[19] Reserve Bank of India, Recommendations of the Working group on Digital Lending – Implementation at Note 12.
[20] Saloni Shukla for the Economic Times, Payment aggregators to approach RBI seeking relief – The Economic Times, August 24, 2022,; see also, Gargi Sarkar for INC42, Digital Lending Guidelines: Payment Aggregators To Approach RBI Seeking Relief, August 24, 2022, Digital Lending Guidelines: Payment Aggregators To Approach RBI Seeking Relief.
[21] See Clause 3.3, Reserve Bank of India, Report of the Working Group on Digital Lending including Lending through Online Platforms and Mobile Apps at Note 10.
[22] See Clauses 3.3.1.3 and 3.3.2.3, Reserve Bank of India, Report of the Working Group on Digital Lending including Lending through Online Platforms and Mobile Apps at Note 10.
[23] Fernando Restoy for BIS, Occasional Paper, No. 17, February 2, 2021, Fintech regulation: how to achieve a level playing field.
[24] With reference to the BIS paper, and for the purposes of this article, an ‘activity-based approach’ means framing regulations that focus on the service being rendered, and not on who is providing the service. Thus, different entities (with different models) that undertake a regulated activity, will be obligated to follow the regulations framed for such an activity.
[25] With reference to the BIS paper, and for the purposes of this article, an ‘entity-based approach’ means imposing regulations on specific entities (for example, those with a certain type of licence) that perform a combination of activities, but not the activities themselves.
[26] See Regulatory Aspects of Annex A, Reserve Bank of India, Report of the Working Group on Digital Lending including Lending through Online Platforms and Mobile Apps at Note 10.
[27] PGurus, Enforcement Directorate (ED) seizes Rs.131-cr funds of Chinese-controlled PC Financial Services for instant loan frauds through Mobile App, October 1, 2021.
[28] Reserve Bank of India, Recommendations of the Working group on Digital Lending – Implementation at Note 12.
[29] Reserve Bank of India, Reserve Bank constitutes a Working Group on digital lending including lending through online platforms and mobile apps at Note 11.
[30] Saloni Shukla for the Economic Times, Payment aggregators to approach RBI seeking relief – The Economic Times, August 24, 2022; see also, Gargi Sarkar for INC42, Digital Lending Guidelines: Payment Aggregators To Approach RBI Seeking Relief, August 24, 2022.
[31] Saloni Shukla for the Economic Times, Payment aggregators to approach RBI seeking relief – The Economic Times, August 24, 2022.