Article:
The Reserve Bank of India has issued a consolidated Master Direction regulating all Payment Aggregators that unifies rules for online, proximity (physical), and cross‑border operations, tightening norms on authorization, capital, security, KYC, and fund settlement with immediate effect from mid‑September 2025. Key changes include three PA categories (PA‑O, PA‑P, PA‑CB), fresh net‑worth thresholds, stricter merchant due diligence, escrow segregation with T+1 settlement, and defined limits for cross‑border flows.
Scope and structure
The Master Direction titled “Regulation of Payment Aggregators Directions, 2025” consolidates and supersedes prior circulars on PA‑PG and cross‑border PAs, creating a single rulebook for entities routing digital payments across e‑commerce, proximity acceptance, and international flows. RBI distinguishes between bank PAs and non‑bank PAs, allowing banks to continue PA business while imposing an authorization pathway and prudential tests on non‑banks.
Categorisation of PAs
The framework recognises three functional categories: PA‑O (online), PA‑P (proximity/physical), and PA‑CB (cross‑border), enabling risk‑tailored requirements across channels and geographies. This taxonomy aligns governance, capital, onboarding, escrow, and settlement rules with the operating model of each aggregator, addressing gaps beyond the earlier online‑only focus.
Authorization timeline
Banks may continue PA activities without fresh RBI approval, while non‑bank PAs must obtain authorization by December 31, 2025; entities that fail to comply must wind down operations by February 28, 2026 under the transition plan indicated in public notices. Applications will be assessed against eligibility, fit‑and‑proper, capital, systems, and compliance readiness parameters under DPSS oversight.
Capital and net‑worth
Non‑bank PAs must meet a minimum net‑worth of ₹15 crore at application and ₹25 crore by the end of the third financial year post‑authorization, maintaining these thresholds on an ongoing basis thereafter. FDI‑receiving entities must also comply with FEMA and sectoral caps, with periodic certification to evidence compliance.
Governance and security
The Direction strengthens governance through explicit responsibilities for risk management, merchant grievance handling, disclosures of MDR and fees, and continuous monitoring for fraud and prohibited products. It expects robust data security, dispute resolution, and operational controls commensurate with scale and complexity, especially given expanded PA‑P and PA‑CB scopes.
KYC and merchant due diligence
Merchant onboarding is tightened with enhanced KYC and background checks, calibrated for small merchants but comprehensive for higher‑risk categories, with ongoing surveillance of transaction patterns and end‑use. Non‑bank PAs handling customer funds are expected to align with AML/CFT obligations including FIU‑IND registration, suspicious transaction reporting, and sanctions screening.
Escrow and settlement
PAs must hold customer receipts in an escrow account with scheduled banks, with strict segregation from corporate funds, permitted credit/debit rules, and settlement to merchants within prescribed timelines, generally on a T+1 basis. The Directions bar using PA escrow accounts for activities like cash‑on‑delivery settlement credits and tighten cross‑border escrow treatment, including limits on interest and segregation of inward and outward flows.
Cross‑border requirements
PA‑CBs face per‑transaction caps (illustratively ₹25 lakh) for both inward and outward transactions, segregation of flows, and differentiated onboarding for foreign merchants to manage jurisdictional risk. Currency conversion must be handled via authorised dealers; outward transactions cannot be routed using small PPIs, reinforcing forex controls and AML/CFT integrity.
Transitional compliance
The Directions take effect immediately from mid‑September 2025, with explicit year‑end authorization deadlines and operational upgrades expected in escrow, KYC, security, and reporting. Aggregators should plan capital augmentation, compliance system enhancements, and contract updates to align fee disclosures, grievance redressal, and settlement SLAs with the new framework.
What this means for stakeholders
- Banks: Continue PA activity but align escrow, KYC, and security operations with the harmonised rules across online, proximity, and cross‑border.
- Non‑bank PAs: Apply by December 31, 2025; meet ₹15 crore/₹25 crore net‑worth milestones; upgrade escrow/KYC; ensure FIU‑IND alignment where applicable.
- Merchants: Expect stronger onboarding checks, clearer fee disclosures, T+1 settlement discipline, and differentiated handling for cross‑border transactions.
If a single‑line subtitle is needed:
- Subtitle: A unified RBI rulebook for Payment Aggregators covering authorization, net‑worth, KYC, security, escrow, and T+1 settlements across online, proximity, and cross‑border models.
XXX
