On July 26, 2024, The Reserve Bank of India (RBI) imposed monetary penalties on three payment system operators for non-compliance with regulatory guidelines. The RBI’s actions, based on powers under Sections 30 and 31 of the Payment and Settlement Systems Act, 2007, highlight deficiencies in regulatory compliance. However, these penalties do not comment on the validity of any transactions or agreements between the entities and their customers.
- Name – Manappuram Finance Limited
Fine – INR 41,50,000
Reason – Non-compliance with regulatory guidelines, non-compliance with certain directions of the Know Your Customer (KYC) guidelines. - Name – Ola Financial Services Pvt. Ltd.
Fine – INR 33,40,000 + INR 54,15,000
Reason – Non-compliance with regulatory guidelines, non-compliance with certain directions of the Know Your Customer (KYC) guidelines
Contravention of certain provisions contained in the Master Directions on Prepaid Payment Instruments (PPIs) dated August 27, 2021 - Name – Visa Worldwide Pte. Limited
Fine – INR 24,074,000
Reason – Non-compliance with regulatory guidelines
Manappuram Finance Limited and Ola Financial Services Pvt. Ltd. were found non-compliant with the RBI’s KYC requirements. Consequently, the RBI issued notices to these entities, requiring them to show cause as to why penalties should not be imposed for their non-compliance. After reviewing their written responses and oral submissions during the personal hearing, the RBI concluded that the charges of non-compliance were substantiated, justifying the imposition of monetary penalties. Additionally, Ola Financial Services Pvt. Ltd. reported instances of shortfall in the balance of its escrow account and filed an application for compounding this violation. After analyzing the compounding application and considering the oral submissions made during the hearing, the RBI determined that the contravention could be compounded.
Visa Worldwide Pte. Limited implemented a payment authentication solution without obtaining regulatory clearance from the RBI. Consequently, the RBI issued a notice to the entity, requiring it to show cause as to why a penalty should not be imposed for this non-compliance. In response, Visa Worldwide filed an application for compounding the violation. After reviewing the compounding application and considering the oral submissions made during the personal hearing, the RBI determined that the contravention could be compounded.
What Are The Compliance Necessities For Payment System Operators In India?
1- Data Localization
Payment system operators in India are mandated to store all data related to their payment systems within the country. This requirement encompasses end-to-end transaction details, including payment instructions, transaction logs, and related customer information. The objective is to enhance data security and sovereignty by ensuring that sensitive information does not cross international borders. The RBI's guidelines on data localization aim to facilitate effective monitoring, enforce data privacy standards, and respond swiftly to any regulatory inquiries or security breaches.
2- Regulatory Reporting
Payment system operators must adhere to rigorous reporting standards established by the Reserve Bank of India (RBI). This includes submitting detailed reports on transaction volumes, transaction values, types of transactions, fraud incidents, and other critical operational metrics. Regular reporting ensures that the RBI can continuously monitor the health of the payment ecosystem, detect trends or anomalies, and enforce regulatory compliance. Operators are required to provide periodic updates and real-time alerts for any significant deviations or security concerns.
3- Customer Protection and Dispute Resolution
A robust framework for customer protection and dispute resolution is essential for payment system operators. Operators must establish effective mechanisms for handling customer complaints and resolving disputes promptly. This involves setting up transparent communication channels, providing clear guidelines for escalation, and ensuring that issues are addressed within defined timelines. Operators must also implement procedures for compensating customers in cases of fraud or service failures, and maintain a record of complaints and their resolution to ensure accountability and continuous improvement.
4. Cybersecurity Framework
To safeguard against data breaches and cyber-attacks, payment system operators are required to implement a comprehensive cybersecurity framework. This includes conducting regular security audits, vulnerability assessments, and penetration testing to identify and mitigate potential risks. Operators must follow the RBI’s IT framework guidelines, which outline best practices for data protection, encryption, and secure software development. Additionally, operators should have incident response plans in place to address any breaches or attacks swiftly and effectively.
5. Anti-Money Laundering (AML) and Know Your Customer (KYC) Compliance
Compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations is critical for payment system operators. They must carry out thorough customer due diligence to verify the identities of their clients, including collecting and validating identification documents. Operators are required to monitor transactions for suspicious activities, such as unusual patterns or large transactions that may indicate money laundering or terrorist financing. Any suspicious transactions must be reported to the Financial Intelligence Unit (FIU-IND). Additionally, operators must maintain comprehensive records of transactions and customer interactions to support ongoing monitoring and regulatory audits.
What Are The AML/KYC Guidelines For Payment Operators In India?
Regulatory Framework & Reporting
Payment processors and system operators must follow specific guidelines issued by the RBI concerning AML and KYC and must adhere to the guidelines under the Payment and Settlement Systems Act, 2007. Payment processors must also submit Suspicious Transaction Reports (STRs) and Cash Transaction Reports (CTRs) to the FIU-IND and compliance status and suspicious activities to the RBI.
Stay updated about the latest regulatory changes by following us on LinkedIn
KYC Requirements
Payment processors are required to conduct KYC processes to verify the identity of their users. This involves collecting and verifying identification documents such as Aadhaar cards, passports, or driving licenses. Detailed guidelines are available in the RBI’s KYC Master Direction.
AML Compliance
Payment processors must perform due diligence to understand their customers’ financial behavior, source of funds, and purpose of transactions. Continuous monitoring of transactions to identify and report suspicious activities is essential. For high-risk customers, payment processors must implement enhanced due diligence procedures. Maintaining records of transactions and customer identification documents for a specified period (usually 5-10 years) is important.
What Are The Laws For Payment Processing Systems In India?
Payment processing systems in India are governed by various laws and regulations to ensure their smooth and secure functioning. The key laws are outlined below
Payment and Settlement Systems Act, 2007
Provides a legal framework for the regulation and supervision of payment systems in India. It grants the Reserve Bank of India (RBI) the authority to regulate and supervise payment systems, ensuring their safety, security, and efficiency.
Reserve Bank of India Act, 1934
RBI is empowered to issue directives and guidelines to payment system operators. This includes regulating electronic funds transfer, digital wallets, and other payment instruments.
Information Technology Act, 2000
Provides a legal framework for electronic transactions and digital signatures. It includes provisions for cybersecurity, data protection, and handling electronic records, which are crucial for payment processing systems.
Prevention of Money Laundering Act (PMLA), 2002
Mandates payment system operators to adhere to Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations.
Foreign Exchange Management Act (FEMA), 1999
Regulates cross-border transactions and foreign exchange in India. Payment system operators involved in international transactions must comply with FEMA regulations.
How Can ZIGRAM Fulfill Your Requirements?
ZIGRAM provides up-to-date information on regulatory changes and requirements with its advanced compliance software tools for real-time monitoring, screening and reporting. ZIGRAM has robust Anti-Money Laundering (AML) solutions to ensure adherence to regulatory norms and tools for conducting periodic audits and managing compliance risks effectively.
By leveraging ZIGRAM’s expertise and technology, financial firms can enhance their compliance processes, mitigate risks, and ensure seamless adherence to regulatory standards.
Book a FREE DEMO and get secured!
- #AntiMoneyLaundering
- #PaymentSystemOperators
- #Compliance
- #RBI
- #India
- #KYC