Unified Payments Interface (UPI) is a real-time payment system developed by the National Payments Corporation of India (NPCI) that enables instant peer-to-peer (P2P) and peer-to-merchant (P2M) transactions. It is a popular payment system in India that has revolutionized the digital payment ecosystem in the country. In order to provide payment services through the UPI system, businesses need to obtain a UPI Aggregator License. This license is issued by the Reserve Bank of India (RBI) and it allows businesses to aggregate payment requests and facilitates payments using the UPI system.
The UPI Aggregator License is significant in India's digital payment ecosystem because it has enabled small and medium-sized businesses to offer digital payment options to their customers. The license has also played a significant role in reducing the dependency on cash transactions, making payments more convenient, secure and efficient.
Payment Aggregators - Meaning
Payment aggregators, also known as merchant aggregators, are essentially service providers that enable payments to be made through the use of mobile and online retailers that can manage payment transactions. The payment aggregator typically offers payment gateway services that allow merchants to accept payments from various payment modes, including credit/debit cards, net banking, mobile wallets, UPI, and other digital payment modes. Payment aggregators simplify the payment process for merchants by enabling them to accept multiple payment modes through a single integration, reducing the complexity of payment acceptance. Thus, delivering an effective payment solution that replaces traditional payment methods is of the key objectives of a payment aggregator.
In India, the Reserve Bank of India (RBI) regulates payment aggregators under the Payment and Settlement Systems Act, 2007. The Notification[1] dated 17-03-2020 issued by the RBI, defined the term “Payment Aggregator” as follows:
“PAs are entities that facilitate e-commerce sites and merchants to accept various payment instruments from the customers for completion of their payment obligations without the need for merchants to create a separate payment integration system of their own. PAs facilitate merchants to connect with acquirers. In the process, they receive payments from customers, pool and transfer them on to the merchants after a time period.”
Payment aggregation services are growing rapidly in India due to the increasing popularity of digital payments. Payment aggregators are playing a crucial role in enabling businesses of all sizes to accept digital payments and reach a wider customer base. The payment aggregator model is helping to promote financial inclusion in India by providing access to digital payment services to underserved segments of the population.
Eligibility Criteria for UPI License
To be eligible for a UPI Aggregator License in India, applicants must meet the eligibility criteria set by the National Payments Corporation of India (NPCI) and the Reserve Bank of India (RBI). Here are the key eligibility criteria:
a) Type of entity: The applicant must be a company registered in India or a non-bank entity registered under the Companies Act, 2013;
b) Net worth: The applicant must have a minimum net worth of Rs. 15 crore as per the last audited financial statements;
c) Experience: The applicant should have at least 3 years of experience in providing digital payment services, or alternatively, should have a tie-up with a third-party entity that has experience in providing such services;
d) Technical capability: The applicant should have the necessary technical capability to operate the UPI system, including the ability to integrate with the UPI platform and develop mobile applications for customers;
e) Infrastructure: The applicant should have the necessary infrastructure, such as servers, databases, and network infrastructure, to support UPI transactions;
f) Compliance: The applicant should have a track record of compliance with regulatory requirements related to digital payments, such as KYC norms, data privacy, and security;
g) Fit and proper criteria: The RBI will also assess the "fit and proper" status of the applicant, which includes factors such as the reputation of the applicant, past conduct, and financial soundness.
Regulatory Requirements
To obtain a UPI Aggregator License in India, businesses are required to adhere to certain regulatory requirements set by the Reserve Bank of India (RBI) and the National Payments Corporation of India (NPCI). Here's a brief overview of some of the key regulatory requirements:
a) Eligibility criteria: Businesses must meet the eligibility criteria set by the NPCI and RBI, which includes being a registered company or a non-bank entity, and having a minimum net worth of Rs. 15 crore;
b) Compliance with the Payment and Settlement Systems Act, 2007: UPI license holders must comply with the guidelines set out in the Payment and Settlement Systems Act, 2007, which include requirements related to data privacy, security, and customer protection;
c) Risk management framework: Businesses must have a robust risk management framework in place to identify, assess, and mitigate risks related to payment processing and fraud prevention;
d) Compliance with Know Your Customer (KYC) guidelines: UPI license holders must comply with the KYC guidelines set out by the RBI to ensure the authenticity of customers and prevent money laundering and other illegal activities;
e) Security requirements: Businesses must adhere to the security requirements set out by the RBI, which include implementing security measures to protect customer data and prevent cyber attacks.
f) Compliance reporting: UPI license holders must submit periodic reports to the RBI on their compliance with regulatory requirements.
Overall, adherence to these regulatory requirements is essential for businesses that want to obtain and maintain a UPI Aggregator License in India. Non-compliance can result in penalties, and in severe cases, revocation of the license.
Documents Required for Payment Aggregator License:
The following documents are required to obtain a Payment Aggregator License:
a) Application Form;
b) Certificate of incorporation of Company received from Registrar of Companies;
c) The Director’s PAN Card or Address proof;
d) DSC and DIN of the Directors;
e) Board Resolution authorizing the application;
f) Details of the KYC framework and procedures;
g) Details of Data privacy and security policies and procedures;
h) Audited Financial statements for the past 3 years;
i) Details of the Bank Account of the Company;
j) Business plan of the Company for five years;
k) Code-testing report by a software agency.
Overview of Regulatory requirements for Data Privacy:
As a UPI license holder, businesses are required to comply with various regulatory guidelines related to data privacy, security, and customer protection. Here's an overview of some of the key regulatory compliance requirements for UPI license holders in India:
a) Compliance with Payment and Settlement Systems Act, 2007 (PSS Act): UPI license holders are required to comply with the PSS Act, which provides the regulatory framework for payment and settlement systems in India. The Act sets out various requirements related to the operation and management of payment systems, including UPI;
b) KYC norms: UPI license holders are required to comply with the KYC (know your customer) norms prescribed by the RBI. This includes verifying the identity of customers and maintaining records of transactions;
c) Data privacy and security: UPI license holders are required to comply with the data privacy and security guidelines prescribed by the RBI. This includes implementing appropriate data security measures, maintaining the confidentiality of customer data, and ensuring that customer data is not misused;
d) Anti-money laundering (AML) guidelines: UPI license holders are required to comply with the AML guidelines prescribed by the RBI. This includes implementing appropriate measures to prevent money laundering and terrorist financing;
e) Customer protection: UPI license holders are required to comply with the customer protection guidelines prescribed by the RBI. This includes ensuring that customers are not subjected to unfair practices, such as hidden charges or misleading advertising;
f) Compliance with other regulations: UPI license holders are also required to comply with other relevant regulations, such as the Foreign Exchange Management Act (FEMA) and the Prevention of Money Laundering Act (PMLA);
In addition to the above regulatory compliance requirements, UPI license holders are also required to comply with various guidelines related to data privacy, security, and customer protection. These guidelines are designed to protect the interests of customers and ensure that their data is not misused. Some of the key guidelines related to data privacy, security, and customer protection include:
a) RBI Guidelines on Information Security, Electronic Banking, Technology Risk Management, and Cyber Frauds;
b) Guidelines for Payment Aggregators and Payment Gateways issued by the RBI;
c) RBI's Code of Conduct for Customer Service in the Banking Industry;
d) NPCI's UPI 2.0 Guidelines, which provide the technical and operational framework for UPI;
e) Guidelines for Mobile Banking Transactions issued by the RBI.
Penalties under the Payment and Settlement Systems Act, 2007 (PSS ACT):
The PSS Act outlines the guidelines and procedures for the operation of payment systems and sets penalties for non-compliance. Under the PSS Act, the Reserve Bank of India (RBI) has the power to impose penalties on payment system providers, including payment aggregators, for any violation of the regulatory framework. The penalties may include monetary fines, revocation of licenses, and criminal prosecution in severe cases. The RBI may impose penalties for various non-compliance issues, such as:
1. Violation of terms and conditions of the License: Punishable by imprisonment for a term that must be at least 1 month and may not exceed 10 years, as well as by a fine of up to Rs. 1,00,00,000/- and an additional fine of up to Rs. 1,00,000/-for every day that the contravention continues
2. Any wilful ct or omission causing to make a false statement in the application: Punishable by imprisonment for a term that may extend to 3 years, as well as by a fine that must not be less than Rs. 10,00,000/- and may not exceed Rs. 50,00,000/-.
3. Failing to respond or provide Information. Statements or returns to an Inspecting Officer u/s 14: Punishable with fine that could reach Rs. 10,00,000/- for each offence and a higher fine of Rs. 25,000 for every day, if the offence continues.
4. Disclosure of Information prohibited u/s 22: Penalty that may include both imprisonment for a term up to 6 months and a fine of up to Rs. 5,00,000/-, or a sum equal to twice the amount of the damages caused by the disclosure, whichever is higher.
5. Any violation of the rules, regulations, directions, orders etc., imposed by the RBI: Reserve Bank can launch a criminal investigation, seek a penalty of imprisonment for a term that must not be less than 1 month but may extend to 10 years, a fine that may reach Rs. 1,00,00,000/-, or if the offender continues to violate the direction, a further fine that may reach Rs. 1,00,000/- for each day.
6. Specific contraventions: If found guilty, RBI may impose fines of up to Rs. 10,00,000/- well as an additional fine of up to Rs. 25,000/- for each subsequent daythat the contravention or default continues.
Conclusion:
The UPI (Unified Payments Interface) license plays a vital role in promoting digital payments in India. The UPI system has transformed the way Indians make transactions, by enabling them to make instant and secure payments using their mobile phones. The license ensures that the UPI system is regulated and that all participants in the payment ecosystem adhere to a standard set of guidelines and regulations. The UPI license has helped to promote digital payments in India by providing a platform that enables the interoperability of different payment systems and allows for seamless transactions across different banks and payment service providers. It has also facilitated the growth of new fintech players and startups, who are leveraging the UPI system to provide innovative payment solutions to Indian consumers;
Furthermore, the license has helped to promote financial inclusion, by making digital payments accessible to a larger section of the population. With the UPI system, even those who do not have a bank account can make digital payments using their mobile phones, which have helped to increase the adoption of digital payments in rural and semi-urban areas.
In conclusion, the UPI license has played a crucial role in promoting digital payments in India, by providing a regulated and interoperable platform that has enabled new players to enter the market and facilitated financial inclusion. The UPI system is poised to continue to drive the growth of digital payments in India, and the license will continue to play a critical role in ensuring its success.
Commentaires