[Manas Divetia is a IV year B.B.A. LL.B. (Hons.) student at Gujarat National Law University, Gandhinagar]
The Reserve Bank of India’s (“RBI”) 2025 Master Direction on Regulation of Payment Aggregators dated 15 September 2025 consolidates and replaces the fragmented 2020 framework, aligning online, physical point‑of‑sale, and cross‑border aggregation under a single, enforceable code that hardwires escrow architecture, KYC, cyber resilience, and FEMA‑compliant cross‑border rails. The Direction does not merely update definitions; it recasts payment aggregators (“PA”) from payment “pipes” to regulated financial infrastructure responsible for funds, data, identity, documentation, and market conduct across omnichannel acceptance. The Direction repeals the 2020 PA/PG Guidelinesand the 2023 cross‑border PA directions, consolidating a single source of truth while preserving limited savings for in‑flight applications and aligning escrow balances with net demand and time liabilities (“NDTL”) treatment in banks. This consolidation reduces interpretive variance, enables one‑time contract re‑papering, and anchors a unified supervisory perimeter for omnichannel and cross‑border aggregation.
Scope and Governance Framework: What Changes in 2025
The Direction formalises three categories: (i) PA‑Online (“PA‑O”), (ii) PA‑Physical (“PA‑P”), and (iii) PA‑Cross Border (“PA‑CB”) with inward and outward sub‑categories, while clarifying that payment gateways remain outside the licensing perimeter but are encouraged to adopt baseline technology recommendations. This resolves the 2020 regime’s online‑centric focus and absence of a dedicated PA‑P class or an inward/outward segmentation for cross‑border flows, which had left proximity acceptance and e‑commerce trade facilitation in a regulatory twilight.
The Direction retains the ₹15 crore application‑stage and ₹25 crore year‑three net‑worth thresholds, clarifies computation by including compulsorily convertible preference shares and deduction of deferred tax assets, and links change‑of‑control to the 2022 prior‑approval framework for non‑bank payment system operators (“PSO”) to strengthen governance continuity. In contrast, the 2020 directions specified the same thresholds but with a lighter computation narrative and a post‑facto stance on control changes, which is now supplanted by an ex‑ante approval regime. Clarified net‑worth computation and ex‑ante change‑of‑control approvals improve certainty, deter regulatory arbitrage in mergers and acquisitions, reduce post‑closing compliance surprises, and align capital with loss‑absorbing capacity. Collectively, these measures materially enhance supervisory visibility, investor confidence, and transaction predictability in India’s payments ecosystem.
Assisted KYC and Changes to the ‘Core Portion’ Treatment
In onboarding, the “Central Know Your Customer Repository (‘CKYCR’)” is now given priority as the main source, while other sources may be used in cases when CKYCR records are not accessible or access is still pending. Smaller businesses can take use of a proportionality carve-out that allows for easier onboarding based on turnover requirements and is backed by contact point verification, PAN verification, and one legally acceptable document. Significantly, the Directions permit assisted digital KYC and assisted video customer identification process (“V‑CIP”) by designated agents, while preserving ultimate PA liability, thereby codifying a field‑tested inclusion‑friendly pathway that was not formally articulated in 2020.
Furthermore, by hardwiring Financial Intelligence Unit (“FIU”) registration and reporting under the Prevention of Money Laundering Act for all non‑bank PAs, including applicants, the 2025 Directions shift aggregators from passive conduits to anti money laundering (“AML”) entities with direct reporting accountability and regulator‑facing data duties. This elevates compliance maturity and liability, complementing an explicit, risk‑based obligation to continuously monitor merchant transactions against business profiles, not merely at onboarding. The 2020 Guidelines stressed KYC/AML adherence and background checks but lacked this mandatory FIU registration and ongoing monitoring mandate for merchant activity.
The “core portion” eligible for interest is also now formalised within the escrow framework itself with enhanced banker oversight and certificate formats, replacing the 2020 construct that allowed the PA to move the core portion to a separate interest-bearing account (linked to the escrow) and thereby earn interest on that core portion which ultimately complicated reconciliation and created heterogeneous audit practices.
Uniform Escrow Requirements: How They Hurt Early-Stage PAs
The escrow regime separates domestic PA flows from PA‑CB’s inward collection account (“InCA”) and outward collection account (“OCA”), with a hard prohibition on commingling or netting across inward and outward transactions and with a requirement to use a single escrow where both PA‑O and PA‑P are undertaken. By this, the RBI seeks to ensure that customer funds collected by PAs are ring-fenced from operational risks. The principle is simple: funds must flow into a designated account, insulated from misuse, and settled with merchants within prescribed timelines.
However, the rigidity of escrow usage has ripple effects. First, locking funds in escrow constrains the working capital of PAs, particularly smaller fintechs that rely on short-term liquidity to fuel growth. Second, prescribed settlement cycles, while protective, may delay merchant cash flows in practice. A comparison with Singapore’s Payment Services Act of 2019 reveals that regulators there adopt a tiered safeguarding approach, allowing smaller players some flexibility while maintaining broad customer protection. Under section 22(1) of the Singapore Act, every major payment institution (“MPI”) has to maintain security (cash deposit/bank guarantee/other allowed form) with the Monetary Authority of Singapore (“MAS”) for due performance to customers. However, such a mandate is not applicable to standard payment institutions (“SPI”), i.e., the PAs who do not exceed the transactional thresholds or value triggers under section 6(5) of the Act, at which point they must upgrade to a major payment institution and then become subject to section 22 andsection 23 by default.
Furthermore, according to the regulatory framework applicable to the payment institutions in the United Kingdom, safeguarding is mandatory for authorised payment institutions under regulation 23 of the Payment Services Regulations 2017, which sets segregation or insurance/guarantee methods for “relevant funds.” By contrast, under regulation 23(16) of the said Regulations, small payment institutions can choose to safeguard; if they opt in, they must meet the same protections and notify the FCA, but safeguarding is not a default obligation for the small tier.
Escrow accounts demand banking integrations, reconciliations, audit trails, and idle liquidity buffers, all of which translate into fixed compliance overhead that scales poorly at low volumes typical of early‑stage aggregators. Because the mandate applies uniformly across PA‑O, PA‑P, and PA‑CB, smaller firms cannot stage their compliance by channel, pushing them to seek scale or partnership early or exit aggregation altogether. In the Indian context, the RBI’s one-size-fits-all model risks disproportionately impacting entrants, potentially stifling innovation in an ecosystem that thrives on agility.
Cross Border Transactions, Marketplace and Contractual limitations
For cross-border payments, PA-CB operations face a hard-cap of ₹25 lakh per‑transaction, with small prepaid payment instruments (“PPI”) such a digital wallets, not permitted for outward payments. Such forex sale/purchase by PA-CBs must be routed through authorised dealer (“AD”) banks. PA-CBs are also now mandated provide all required documents and information of the exporter/importer to the AD Bank for the purpose of flagging such transactions in the RBI’s IDPMS (Import Data Processing and Monitoring System) and EDPMS (Export Data Processing and Monitoring System). Non‑INR settlement is expressly permitted only for directly onboarded Indian exporters, curbing multi‑hop risk and improving traceability, while outward arrangements may be structured either through directly onboarded overseas merchants or through express agreements with overseas PAs/marketplaces.
A flat ₹25 lakh per‑transaction cap secures rails against outlier misuse while aligning with documentation and AD‑bank workflows, yet it may unduly constrain legitimate high‑value software and enterprise service exports that increasingly rely on aggregator rails for global receivables. A calibrated framework, such as higher caps for specific merchant category codes, enhanced documentation tiers, or exporter risk‑ratings could preserve AML/FX integrity without disintermediating compliant digital exporters back to bespoke bank collections.
The 2025 directions further prohibit PAs from running marketplaces and mandate that a PA shall aggregate funds only for the merchant with whom it has a contractual relationship. These directions appear to be an overbroad sledgehammer that punishes product integration rather than policing and misuse, despite existing rigorous ring-fencing and settlement rules in place. Super-apps that aggregate ticketing, recharges, bill pay, and investments will incur costs, duplicate compliance, and disrupt user experiences that have been established over time. Recent rent-payment shutdownsdemonstrate the impact of blanket limitations on major payment systems, resulting in the loss of significant verticals. The legislation restricts global marketplace e-commerce businesses from expanding into India’s PA market, reducing competition and promoting cross-subsidization for MSMEs and consumers. Maintaining markets while implementing audited firewalls, related-party limitations, and ledger segregation is optimal considering the prevailing market situations and consumer preferences.
Conclusion
The RBI’s approach towards payment aggregators has seen a significant shift with the 2025 Master Directions, going from being passive facilitators to a completely responsible financial infrastructure. The RBI aims to uphold systemic stability, establish confidence, and bring India in line with international payment standards by integrating escrow, control, and compliance into a single code. However, there is a genuine risk of displacing smaller fintechs and consolidating market dominance among incumbents due to the uniformity of requirements, regardless of size, channel, or risk. Despite the RBI’s positive intentions, cross-border limitations, marketplace restrictions, and rigid escrow regulations may limit consumer choice and discourage innovation. The task before the RBI, therefore, is to preserve the spirit of innovation while policing risk, by bringing out a proportionate regulation that evolves with the market, rather than rigid mandates that could outpace it. Only such balance will ensure India’s payments ecosystem remains both trusted and dynamic.
– Manas Divetia