Response to Discussion Paper on Guidelines for Payment Gateways and Payment Aggregators - CashlessConsumer
CashlessConsumer welcomes RBI’s discussion paper Guidelines for Payment Gateways and Payment Aggregators. Payment Gateways and Aggregators are key players in enabling merchant widen payments acceptance and having more regulatory attention in growing payments ecosystem is a welcome step.
Among the options provided by the RBI, we would prefer a Full and Direct Regulation, however with significant changes to scope and modalities of regulation.
1.Authorisation / Licencing :-
If an authorization / licensing regime is put in place, it might also be useful to have on-tap licensing / authorization notified for this class of entities.
> 1.8 :- “Payment Gateways and Payment Aggregators shall deal with only those merchants who have a physical presence in the country”
This deeply limits the scope of e-commerce and must be revisited. Physical presence to be substituted with Legal Entity Identifier / Bank account in the country.
2 Capital Requirements
- The capital requirements pose a steep challenge for new entrants / startups to enter this space, thereby limiting innovation / competition. A multi tier approach of having capital requirements proportional to transaction processing volume / value restrictions will help new entrants into the space without compromising on consumer protection needs. It is to be noted that aggregators / gateways don’t handle funds as they are anyway held by banks even when they are in transit.
- The reasoning for regulation included gateways / aggregtors accessing consumer data as part of transaction. The consumer provides this data without a choice and data obtained by gateway / processor is incidental to the process. Hence it must be mandated that gateways / processors do not share this data (which could be used for credit profiling / monitoring) as it would violate the privacy of the consumer since the purpose of the data collected was not to build profile, but to perform transaction. This cannot be left to privacy policies of the payment aggregator / processor.
- The Payment Gateways / Aggregators must also come under the Digital Ombudsman framework of the RBI for any complaints that is not resolved with in the internal grievance redress mechanism under the Nodal Officer.
4 Safeguards against Money Laundering (KYC / AML / CFT) Provisions
- This needs to be reasonable and proportionate to the real incidence of money laundering through gateways / aggregators (who settle merchants in bank) and hence the merchant accounts are anyway KYC compliant. Treating issuers and intermediaries at the same level for KYC / AML / CFT provisions disproportionately will increase cost of providing services with no tangible benefit. There also needs to additional evidence to support money laundering happens through gateways / aggregators and why it is necessary.
6 Merchant On-boarding
6.7 The contract between merchant and payment aggregator / gateway must also have agreement between merchant (as a consumer of payment services) on merchant data and its usage rights. It has been observed that many aggregators use merchant transaction data to provide other financial services and any since the merchant transaction data also has a value for the merchant, there must be explicit consent for using merchant data for purposes other than transaction processing.
7 Customer Grievance Redressal & Dispute Management Framework
- The customer grievance redressal report that is made to RBI must be published on the website of payment gateway / aggregator.
- Gateways / Aggregators must also be made part of Harmonisation of Turn Around Time (TAT) and customer compensation for failed transactions using authorised Payment Systems and payments have to be made by gateway / aggregator and not issuer in case if failure reason is solely established to gateway / aggregator.
For a fair cashless society