Guidelines on Regulation of Payment Aggregators and Payment Gateways

Reserve Bank of India has vide its Circular DPSS.CO.PD.No.1810/02.14.008/2019-20March 17, 2020 issued the above guidelines to all the  Payment System Providers and System Participants in India. These guidelines have been issued for regulating the entire activities of the Payment Aggregators as well as to provide baseline technology-related recommendations to Payment Gateways.

Key Terms

Payment Aggregators (PAs): are defined as those entities which facilitate e-commerce sites and merchants to accept various payment instruments from the customers for completion of their payment obligations. PAs also facilitate merchants to connect with acquiring banks. In the process, they receive payments from customers, pool and transfer them on to the merchants in due course.

Payment Gateways(PGs): are entities that provide technology infrastructure to route and facilitate processing of an online payment transaction without any involvement in handling of funds.

Applicability of the Guidelines:

These guidelines are mandatory and fully applicable to PAs. They need to seek the RBI authorization for doing the business of PAs along with compliance of other mandatory conditions including adopting technology related standard into its business model. Also, only a company incorporated in India under the Companies Act, 1956 / 2013 may apply to RBI for operating as a PA and the Memorandum of Association (MoA) of the applicant entity must cover the proposed activity of operating as a PA.

It is also pertinent to highlight here that though both  banks as well as non-bank PAs handle funds as part of their activities, however, banks which provide PA services as part of their normal banking relationship would not be required to seek separate authorization from the RBI.  

Additionally, as regards the PGs, there is no requirement for them to get authorization from RBI. Further, their adherence to the baseline technology-related recommendations.is not mandatory. PGs are however advised to adhere to these recommendations, as a measure of good practice.

Capital Requirements:

Existing PAs are required  to achieve a net-worth of Rs.15 crore and a net-worth of Rs.25 crore in a phased manner. Thereafter, the net-worth of Rs.25 crore has to be maintained at all times.

Whereas, the New PAs should have a minimum net-worth of Rs.15 crore at the time of application for authorisation and should attain a net-worth of Rs.25 crore by the end of third financial year of grant of authorisation. Thereafter the net-worth of Rs.25 crore has to be maintained at all times.

Mandatory Governance Compliance

There are some prescribed conditionalities under the guidelines which stipulate following mandatory compliance for ensuring good governance practices by PAs:

• PAs should be managed professionally. The applicant entity and its promoters have to satisfy the ‘fit and proper’ criteria prescribed by RBI.
• Any takeover or acquisition of control or change in management of a non-bank PA has to be   advised to the Chief General Manager, Department of Payment and Settlement Systems (DPSS),   RBI, Central Office, Mumbai. RBI will examine the ‘fit and proper’ status of the management   and, if necessary, may place suitable restrictions on such changes.
• Agreements between PAs, merchants, acquiring banks, and all other stake holders should be clear about the roles and responsibilities of the involved parties.
• PAs have to disclose comprehensive information regarding merchant policies, customer grievances, privacy policy and other terms and conditions on their website/mobile application.\
• PAs have to frame a Board approved policy for disposal of complaints / dispute resolution mechanism / time-lines for processing refunds, etc., as per RBI instructions on Turn Around Time (TAT) for resolution of failed transactions.
• PAs have to appoint a Nodal Officer responsible for regulatory and customer grievance handling functions and display details thereof on their website.
• The RBI would also check ‘fit and proper’ status of the applicant entity as well the management through inputs from other regulators, government departments etc. 

Safeguards against Money Laundering (KYC / AML / CFT) Provisions

PAs have to follow Know Your Customer (KYC) / Anti-Money Laundering (AML) / Combating Financing of Terrorism (CFT) guidelines  issued by RBI before making any agreements with the merchants and shall follow the same precisely Further, provisions of Prevention of Money Laundering Act, 2002 and Rules framed thereunder, as amended from time to time, are also applicable to them.

Merchant On-boarding

PAs should have a Board approved policy for merchant on-boarding. Further, PAs should undertake background and antecedent check of the merchants, to ensure that such merchants do not have any malafide intention of duping customers and do not sell fake / counterfeit / prohibited products, etc.

Security / privacy of customer data

It is the responsibility of the PAs to check Payment Card Industry-Data Security Standard (PCI-DSS) and Payment Application-Data Security Standard (PA-DSS) compliance of the infrastructure of the merchants on-boarded. Further, Merchant site should not save customer card and such related data. A security audit of the merchant may be carried out to check compliance, as and when required.

Agreement with merchant should have provision for security / privacy of customer data. PAs agreement with merchants shall include compliance to PA-DSS and incident reporting obligations.

Settlement and Escrow Account Management

Non-bank PAs have to keep the amount collected by them in a non-interest bearing escrow account with any scheduled commercial bank. Escrow account balance has to be kept with only one scheduled commercial bank at any point of time. Amounts deducted from the customer’s account should be remitted to the escrow account maintaining bank on Tp+0 / Tp+1 basis. Final settlement with the merchant by the PA shall be effected as under:

• Where PA is responsible for delivery of goods / services the payment to the merchant should not be made later than on Ts + 1 basis, where ‘Ts’ stands for date of intimation by the merchant to the intermediary about shipment of goods.
• Where merchant is responsible for delivery, the payment to the merchant should not be made later than on Td + 1 basis, for where ‘Td’ stands date of confirmation by the merchant to the intermediary about delivery of goods to the customer.
• Where the agreement with the merchant provides for keeping the amount by the PA till expiry of refund period, the payment to the merchant should not be made later than on Tr + 1 basis, where ‘Tr’ stands for date of expiry of refund period as fixed by the merchant.
• At the end of the day, the amount in escrow account should not be less than the amount already collected from customer or the amount due to the merchant.
• PAs are permitted to pre-fund the escrow account with own / merchant’s funds. However, in the latter scenario, merchant’s beneficial interest should be created on the pre-funded portion.
• The escrow account should not be operated for ‘Cash-on-Delivery’ transactions.

Important: A certificate signed by the auditor(s), shall be submitted by the authorised entities to the respective Regional Office of DPSS, RBI, where the registered office of the PA is situated, certifying that the entity has been maintaining balance in the escrow account in compliance with these instructions, as per the periodicity prescribed under the guidelines.

 Permitted credits / debits to the escrow account shall be as set out below:

 Credits

• Payment from various customers towards purchase of goods / services.
• Pre-funding by merchants / PAs.
• Transfer representing refunds for failed / disputed / returned / cancelled transactions.
• Payment received for onward transfer to merchants under promotional activities, incentives, cash-backs etc

 Debits

• Payment to various merchants / service providers.
• Payment to any other account on specific directions from the merchant.
• Transfer representing refunds for failed / disputed transactions.
• Payment of commission to the intermediaries. This amount shall be at pre-determined rates frequency.
• Payment of amount received under promotional activities, incentives, cash-backs, etc.
• Settlement of funds with merchants should not be co-mingled with other business, if any, handled by the PA.

Customer Grievance Redressal and Dispute Management Framework

Another, important disclosures requirement is that PAs have to put in place a formal, publicly disclosed customer grievance redressal and dispute management framework, including designating a nodal officer to handle the customer complaints / grievances and the escalation matrix.

PAs should have a dispute resolution mechanism binding on all the participants.

Security, Fraud Prevention and Risk Management Framework

• PAs should put in place adequate information and data security infrastructure and systems for  prevention and detection of frauds.
• PAs should put in place Board approved information security policy for the safety and security of the payment systems operated by them and implement security measures in accordance with this policy to mitigate identified risks.
• PAs should establish a mechanism for monitoring, handling and follow-up of cyber security incidents and breaches.
• PAs should not store the customer card credentials within their database or the server accessed by the merchant.

 Compliance within Transition Period

  

Net-worth compliance:

• Existing PAs must ensure a net worth of INR 15 crores by March 31, 2021 and INR 25 crores by March 31, 2023. For the new PAs, a net worth of INR 15 crores is required for making an application for grant of authorization and they must achieve a net worth of INR 25 crores by the third financial year-end occurring after the application is made. A net worth of INR 25 crores is to be maintained at all times thereafter.
• The PAs that are not able to comply with the net-worth requirement within the given time frame would have to wind-up their payment aggregation business. biggest examples of this- PhonePe, a Flipkart company, and Paytm’s payment aggregator business are already separate entities from the marketplace models.

Authorization Compliance

• Existing non-bank PAs need to apply for an authorisation under the Payment and Settlement Systems Act, 2007 (PSS Act) prior to June 30, 2021 and will be allowed to operate until they are granted/ refused an authorization
• E-commerce marketplace entities providing PA services shall segregate their PA business from the marketplace business and apply for an authorisation on or before June 30, 2021.

Digest for mind:

It appears that many of the prescribed compliances as per the Guidelines are similar to those already prescribed by the RBI for payment system operators, such as e-wallet and gift card issuers, and it appears that the RBI is placing PAs on the same pedestal as such payment system providers in terms of regulation.

Also, providing the transition period to match the prescribed Net worth and authorization, is to allow the PA to ensure the full-fledged adoption of these guidelines in true spirit of objective. However, these Guidelines don’t contain the provision stating whether existing PAs should continue to comply with the Intermediary Directions or comply with the Guidelines by April 1, 2020. How, the PAs would be able to conduct the full-fledged background checks of merchant’s history to ensure the compliance of these guidelines.

It is imperative to state that trade associations including NASSCOM made the representation before the RBI on extending the implementation date of these guidelines amid the scenario of lockdown announced by the Government in wake of combating the spread of COVID-19 as the same is applicable from 01.04.2020.

Lastly, while concluding the write up, it is relevant to mention that vide these guidelines, the RBI brought forth comprehensive regulations to control the functioning of payment aggregators, in India, which would led to significant change in e-commerce industry in coming time.

Available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11822&Mode=0.

This Article has been Compiled by GD Chugh (Associate Partner) and Deepika Sharma (Senior Associate)

You can direct your queries or comments to the authors at gdchugh@factumlegal.com

Disclaimer-

The contents of this article should not be construed as legal opinion. This article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances. We expressly disclaim any financial or other responsibility arising due to any action taken by any person on the basis of this article.

EVOLUTION OF FOREIGN EXCHANGE REGULATIONS IN INDIA

Historical Background of Law relating to Foreign Exchange

v  Foreign Exchange Regulation Act, 1947 and Foreign Exchange Regulation Act, 1973

Scarcity of Foreign Exchange in India led to its control since the beginning of World War II.  Exchange control was introduced in India under the Defence of India Rules on September 3, 1939 on a temporary basis. The statutory power for exchange control was provided by the Foreign Exchange Regulation Act (FERA) of 1947.

Foreign Exchange Regulation Act, 1947 was enacted initially for a period of ten years in temporary basis. However, 10 years of economic development did not ease the foreign exchange constraint, FERA permanently entered the statue book in the year 1957. Subsequently, Foreign Exchange Regulation Act, 1947 was replaced by the Foreign Exchange Regulation Act, 1973 (FERA, 1973), which came into force with effect from January 1, 1974. FERA, 1973 came into force, for regulating certain payments, dealings in foreign exchange and securities, transactions indirectly affecting foreign exchange and the import and export of currency, for the conservation of the foreign exchange resources of the country and the proper utilization thereof in the interests of the economic development of the country.

v  Foreign Exchange Regulation Act, 1973, ‘The Major Constraints’

·  In the year 1974, FERA was completely overhauled with all violations being considered as criminal offences with mens rea. The Enforcement Directorate was empowered to arrest any person without even an arrest warrant.

·  In 1991 government of India initiated the policy of Economic Liberalization, Privatization and Globalization. Foreign investments in many sectors were permitted. This resulted in increased flow of foreign exchange in India and foreign exchange reserves increased substantially, hence the government engaged itself in framing a law containing a comprehensive framework for dealing and regulating the foreign exchange inflow and outflow in India.

·  In 1997, the Tarapore Committee on Capital Account Convertibility (CAC) constituted by the Reserve Bank, which recommended change in the legislative framework governing foreign exchange transactions.

·  Keeping in view the changed environment, the Foreign Exchange Management Act (FEMA) was enacted in 1999 to replace FERA. FEMA became effective from June 1, 2000. The philosophical approach was shifted from that of conservation of foreign exchange to the management of foreign exchange,  facilitating trade and payments as well as developing orderly foreign exchange market.

Authorities governing the enforcement of FEMA

·      Foreign Exchange Department of Reserve Bank of India (RBI) – fema.rbi.org.in

· Directorate of Enforcement, Department of Revenue, Ministry of Finance- http://directorateofenforcement. gov.in

· Capital Markets Division, Department of Economic Affairs, Ministry of Finance – http:// finmin.nic.in/the ministry/dept eco affairs/

· Investment Division, Department of Economic Affairs, Ministry of Finance - https://dea.gov.in/divisionbranch/investment-division#IT

· Foreign Trade Division, Department of Economic Affairs, Ministry of Finance – http:// finmin.nic.in/theministry/dept eco affairs/

Machinery responsible for various aspects of FEMA

·      Enforcement Directorate

·      Adjudicating Authority

·      Special Director (Appeals)

·      Appellate Tribunal 

·      Foreign Exchange Department of RBI

·      Foreign Investment Promotion Board*

·      Department for Promotion of Industry and Internal Trade (DIPP)**

*Erstwhile FIPB was mandated to play an important role in the administration and implementation of the Government’s FDI policy. The Central Government has since abolished the Foreign Investment Promotion Board, and the work of granting of approval for foreign investment has been entrusted to the concerned Administrative Ministry/Department vide office Memorandum issued by Ministry of Finance F.No. 01/01/FC12017 –FIPB dated 5^th June, 2017.

**The Department for Promotion of Industry and Internal Trade (DIPP) was established in 1995 and has been reconstituted in the year 2000 with the merger of the Department of Industrial Development. DIPP is responsible for formulation and implementation of promotional and developmental measures for growth of the industrial sector, keeping in view the national priorities and socio-economic objectives. The government has notified changed the name of the Department of Industrial Policy & Promotion (DIPP) to the Department for Promotion of Industry and Internal Trade (DPIIT) under the Ministry of Commerce and Industry. The DPIIT shall also be responsible for (a) the promotion of internal trade (including retail trade); (b) the welfare of traders and their employees;(c) matters relating to facilitating Ease of Doing Business; and (d) matters relating to start-ups.

Type of transactions under FEMA

v  Capital account transaction (CAT) -These transactions are of capital nature. It alters assets or liabilities including contingent liabilities, outside India of persons resident in India or assets or liabilities in India of persons resident outside India,. CAT are regulated by Foreign Exchange Management (Permissible Capital Account Transactions) regulations, 2000 and covers, among others, the following transactions:

·      Foreign Direct Investment (FDI);

·      Overseas Direct Investment (ODI);

·      External Commercial Borrowings (ECBs);

·      Sale and purchase of Immovable property either in or Outside India;

·      Investment in firms or proprietary concerns in India.

v  Current account transaction (CuAT)-These transactions  other than capital account transactions. CuAT are regulated by Foreign Exchange Management (Current Account Transaction) rules, 2000. Most of the current account transactions do not require the Reserve Bank’s prior approval. Approval of the Reserve Bank is required for those transactions listed in Schedule–III to the Foreign Exchange Management (Current Account Transactions) Rules, 2000, where the remittance to be made is beyond the stipulated limit.

Important change under FEMA regulating governing CAT

The Finance Act,  amended Section 6 (Capital Account Transaction), Section 46 (Power of Central Government to make rules) and section 47 (Power of RBI to make rules) of the Foreign Exchange Management Act, 1999 (FEMA, 1999). These amendments has the effect of  altering the powers of the Central Government and Reserve Bank of India (RBI).

 In terms of  amended prosions of FEMA, the Central Government has made Foreign Exchange Management (Non-Debt Instruments) Rules, 2019 ("NDI Rules") on October 17, 2019 superseding the erstwhile Foreign Exchange Management (Transfer of Issue of Security by a Person Resident outside India) Regulations, 2017 ("TISPRO") and the Foreign Exchange Management (Acquisition and Transfer of Immovable Property in India) Regulations, 2018, whereas RBI has notified Foreign Exchange Management (Debt Instruments) Regulations, 2019 superseding TISPRO, and the Foreign Exchange Management (Mode of Payment and Reporting of Non-Debt Instruments) Regulations, 2019, which provides for reporting requirements in relation to any investment made under the NDI Rules.

v  Non-Debt Instruments:

·      All investments in equity in incorporated entities (public, private, listed, unlisted)

·      Capital participation in LLPs

·      Instruments of investment as in FDI policy

·      investment in units of Alternative Investment Funds, Real Estate Investment Trust and Infrastructure Investment Trusts;

·      investment in units of mutual funds and Exchange-Traded Fund which invest more than fifty per cent in equity;

·      Juniormost layer (e.g. equity tranche) of securitization structure

·      Acquisition, sale or dealing directly in immovable property

·      Contribution to trusts

·      Depository receipts issued against equity instruments

v  Debt Instruments

Debt  Instruments means all instruments other than non-debt instruments enumerated above.

v  Hybrid  Securities: A definition of “hybrid securities ” has been included in the Non-Debt Rules.

v  Hybrid securities means s instruments such as optionally or partially convertible preference shares or debentures and other such instruments as specified by the Central Government from time to time, which can be issued by an Indian company or trust to a person resident outside India.

However, the Non Debt Rules, as notified by the Central Government do not contain any provision regarding FDI in the hybrid securities. For the reason not apparently clear Reserve Bank of India have yet frame directions regarding the Non Debt incorporated Rules and Debt Regulations

Key Changes in Reporting Machanism of Foreign Direct Investment in India since 1973 till March 2020

v  Physical Form

From the time of introduction of the FERA and FEMA, 1999 and till 2016, reporting was to be made in physical form.

v  e-Biz platform

Later, with a view to promote the ease of reporting of transactions related to Foreign Direct Investment (FDI), RBI has enabled online filing of the returns through the e-Biz portal. On 1st February 2016, RBI vide AP (DIR) Series Circular No. 40 (Ref Notification No. RBI/2015-16/303) introduced the concept of online filing/ reporting through e-Biz platform (http://www.ebiz.gov.in). which was made effective from 8th February 2016.

v  FIRMS (Foreign Investment Reporting and Management System)

With the objective of integrating the extant reporting structures of various types of foreign investment in India, RBI vide A.P (DIR) Circular No. 30 dated 7th June 2018 (Ref Notification No. RBI/2017-18/194) introduced Single Master Form (SMF), which shall be filed online. This form provides facility for reporting of total foreign investment in an Indian entity as per FEMA FDI Regulations, 2017. SMF is a master form containing 9 reports. They are FC-GPR, FC-TRS, LLP-I, LLP-II, CN, ESOP, DRR, DI and InVi. which was made effective from 1st September 2018.

Upcoming Mandatory Compliance by Listed Companies towards "Good Corporate Governance"

1.   An Introduction

The Market Regulator, Securities and Exchange Board of India (SEBI) issued amendments to the SEBI (Listing Obligations and Disclosure Requirements) Regulation, 2015 vide its circular dated 09^th and 10^th May 2018 taking into consideration the recommendations issued by Kotak Committee under the chairmanship of Mr. Uday Kotak in the field of Good Corporate Governance. Most of the amendments were effective w.e.f. 1st April, 2019, while other amendments applicable on listed entities w.e.f. 1st April, 2020. This article will acquaint readers about those amendments which are decided to be effective from 01.04.2020.

Explanation for reader: The top 500 and 1000 entities shall be determined on the basis of market capitalisation, as at the end of the immediate previous financial year.

2.   Amendments to be effective from 01^st April 2020

  v  Composition of Board

A proviso to Regulation 17 (1)(a) has been inserted which reads as:

“Provided that the Board of directors of the top 500 listed entities shall have at least one independent woman director by April 1, 2019 and the Board of directors of the top 1000 listed entities shall have at least one independent woman director by April 1, 2020; “

Commentary: The women director is now proposed to be independent for top 1000 Listed entities. At present, most of the women directors are either from the family of the promoters or the wife/daughter of the directors. Therefore, in order to increase gender diversity on the Board and reduce the biasness to make the board effective.  the SEBI took such initiative.

  v  Minimum no. of directors in listed entities

  

       New sub-clause to regulation 17(1)(c) as appended below:

“the board of directors of the top 1000 listed entities (with effect from April 1, 2019) and the top 2000 listed entities (with effect from April 1, 2020) shall comprise of not less than six directors.”

Commentary: The proposed amendment mandates the minimum no. of directors to be not less than six, which is double the requirement for public companies as prescribed under Companies Act 2013, for the top 2000 listed entities.

 v Separation of role of Non-Executive Chairman and Managing Director/Chief Executive Office (MD/CEO)

  

       New sub-clause to regulation 17(1B) as appended below:

“(1B). With effect from April 1, 2020, the top 500 listed entities shall ensure that the Chairperson of the board of such listed entity shall -

(a) be a non-executive director;

(b) not be related to the Managing Director or the Chief Executive Officer as per the definition of the term “relative” defined under the Companies Act, 2013”

Commentary: In order to ensure working of the board in best interest of the Company and all stakeholder, the Chairman of 500 listed would required to be a non-executive director and not related to MD or the CEO in light of definition of relative provided under the Companies Act, 2013.

However, the SEBI as on January 10, 2020 vide notification No. SEBI/ LAD-NRO/GN/2020/02. notified Securities and Exchange Board Of India (Listing Obligations And Disclosure Requirements) (Amendment) Regulations, 2020, hence in the Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015, in regulation 17 (1B), the number “2020” shall be substituted by the number “2022”, which means the amended regulation 17(IB) shall be effective from 01.04.2022. 

v  Quorum of BM

New regulation 17(2A) as appended below:

“(2A) The quorum for every meeting of the board of directors of the top 1000 listed entities with effect from April 1, 2019 and of the top 2000 listed entities with effect from April 1, 2020 shall be one-third of its total strength or three directors, whichever is higher, including at least one independent director”

Commentary: The proposed regulation requires 1/3rd of the total strength or 3 directors, whichever is higher, including at least one independent director, w.e.f. 01.04.2020 for top 2000 listed entities. As this is more stringent than provisions as specified in Companies Act 2013, which requires the presence of 1/3rd of the total strength or 2 directors, whichever is higher, for a valid meeting , this amendment was inserted  so that strength of board increased would be enhance along with presence of at least one independent director to ensure the working of board in best interest of all stakeholders especially minority shareholders.

  v  Number of directorship

 New regulation 17A as appended below:

“(1) A person shall not be a director in more than eight listed entities with effect from April 1, 2019 and in not more than seven listed entities with effect from April 1, 2020:

Provided that a person shall not serve as an independent director in more than seven listed entities.”

(2) Notwithstanding the   above, any person   who is serving   as a whole time director / managing director in any listed entity shall serve as an independent director in not more than three listed entities”

Commentary: The regulations have been stricter because the Committee believes that multiple directorships beyond a reasonable limit may lead to a director not being able to allocate sufficient time. Hence, w.e.f. 01.04.2020, number of listed entities in which a person can hold directorship is restricted to 8 from 01.04.2019 and to 7 from 01.04.2020. Further, a person who has been appointed as a whole time director or as a managing director in any listed company would not be able to serve as an independent director in more than three listed company.

Views expressed are personal and do not necessarily reflect the views of the Firm.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.