Category: India

  • Payment Aggregator Licences Are India’s Next Fight Club

    Payment Aggregator Licences Are India’s Next Fight Club

    The Reserve Bank of India’s payment aggregator stamp has quietly become the most coveted badge in Indian fintech. Since January 2025, the central bank has issued just nine final approvalsPayU, BillDesk, Adyen and, in the past week alone, Quicktouch and Getepay—while hundreds of hopefuls remain in limbo. The figure is striking, given that over 185 companies applied for authorisation more than two years ago. A payment aggregator licence is beginning to look like a scarce operating permit—one that could decide who gets to dictate price, data access and bargaining power in India’s booming merchant-acquiring market.

    Licence scarcity and the coming knife-fight over merchants

    Every entity that touches customer funds on behalf of an online merchant must now hold a payment aggregator licence or risk being switched off. That alone invites turf wars, but scarcity supercharges them: with each new approval the remaining unlicensed rivals watch their addressable market shrink. Several fintechs have already whispered that licensed incumbents are nudging merchants to sign exclusivity clauses, arguing that “RBI-authorised” status shields them from regulatory surprises. Once the payment aggregator cohort settles around perhaps 60–70 entities, a plausible end-state given current approval rates, competition among the survivors could get messy.

    Pricing caps: the next round starts at 0.3%

    Into this mix walks a debate over merchant discount rates. A lobbying letter from the Payments Council of India, leaked late April, urges the Prime Minister’s Office to back a 0.3% MDR on large-ticket UPI transactions. Aggregators argue they need the fee to subsidise compliance overhead that now includes quarterly system audits, escrow maintenance and real-time fraud reporting. Consumer groups counter that any MDR will be passed straight to shoppers. RBI has not endorsed the PCI number, but officials tell journalists the Bank is “open-minded about sustainable economics” so long as small merchants stay shielded.

    The outcome matters because payment aggregator licences re-bundle costs that used to sit with disparate gateways and processors: escrow interest lost, collateral for settlement guarantees, periodic CERT-In audits, tokenisation infrastructure. Licensees need a revenue line to pay for those. If the MDR debate lands above zero but below 0.5%, the fight will turn on who can squeeze the most operating leverage from scale, data science and interchange rebates. Cut the cap any lower and only the best-funded aggregators will survive, cementing early movers’ dominance.

    Enter the Digital Competition Bill

    Scarcity and pricing power would normally bring the Competition Commission into the ring after the fact. This time the referee may arrive early. The Draft Digital Competition Bill (DCB), based on recommendations of the Committee on Digital Competition Law, is being polished for Parliament’s monsoon session and will give regulators ex-ante powers to label “systemically significant digital enterprises” (SSDEs) across nine “core digital services”, including payments. If passed in its current form, the bill could force the largest payment aggregators—think aggregators processing ₹1 trillion-plus a year—to pre-clear any preferential pricing, self-preferencing or exclusivity clauses and to open key APIs on fair, reasonable and non-discriminatory (FRAND) terms.

    Combine that with the RBI’s licensing scarcity and you get an intriguing tension: the central bank is narrowing the field to enforce safety and soundness, while the competition authority is preparing to police the victors for gate-keeping. Lawyers call it regulatory twin peaks; founders are already calling it a compliance minefield.

    A preview of the first skirmishes

    • Data access. Under RBI rules, aggregators must store customer card data only in tokenised form after August 2025, but they still retain rich behavioural metadata. Smaller payment processors fear licensed payment aggregators will amass an information advantage that can be parlayed into credit-scoring or loyalty-adtech businesses, precisely the kind of cross-market leverage the DCB wants to nip.
    • Bundled services. Several newly licensed aggregators are also offering point-of-sale hardware and SME loans. Competitors argue that tying escrow settlement to working-capital pricing could become anti-competitive if merchant lock-in raises switching costs. The DCB’s clause against “bundling that forecloses the market” would make such packages contestable.
    • On-soak and off-soak routing. Foreign card networks hope licensed payment aggregators will still let merchants route high-value payments over cards instead of UPI. If a handful of SSDE payment aggregators were to steer that volume preferentially to their own UPI-first pipes, the Competition Commission could intervene on grounds of discriminatory access.

    What’s next for payment aggregators

    Within the next month RBI is expected to publish an updated list of in-principle approvals and returns. Observers will parse whether household names like PhonePe or Google Pay finally move from the “pending” column to “authorised”, reshaping competitive dynamics overnight. Parliament’s monsoon calendar will signal whether the Digital Competition Bill is tabled in July or pushed to the winter. If both timelines hold, India’s biggest payment aggregators could find themselves juggling RBI compliance audits and ex-ante competition filings in the same quarter.

    For merchants and developers the message is: today’s supplier choice will decide tomorrow’s bargaining leverage. For investors, a payment aggregator licence is clearly gold—but fight club rules apply. In the coming mêlée over MDR caps, API access, and SSDE thresholds, everyone may trade blows. And the first rule of India’s next fintech fight club? You talk about fees, data, and power—because the regulators certainly will.

  • RBI Digital Lending Directions 2025: Turning India’s Wild-West Loan Apps into a Regulated Main Street

    RBI Digital Lending Directions 2025: Turning India’s Wild-West Loan Apps into a Regulated Main Street

    The Reserve Bank of India has pressed the “consolidate” button. On 8 May 2025 it issued the long-trailed Reserve Bank of India (Digital Lending) Directions 2025, stitching together the 2022 lending guidelines, the 2023 default-loss-guarantee circular and two years of FAQ clarifications into one rulebook. The new master directions arrive with sharper teeth—as every fintech, NBFC and bank offering loans through an app is now discovering.

    What changes on the ground?

    Key-Fact Statement (KFS) must appear before the borrower blinks. Lenders have to display a one-page digital KFS covering APR, all fees, cooling-off rights and a hyperlink to full terms, then capture acceptance with an e-signature. The days of burying processing charges in page 34 are over.

    Public registry of lending apps goes live 1 July. Regulated entities (REs) must upload their digital lending applications (DLAs) to the RBI’s CIMS portal by 15 June, after which the list will be published for consumers to verify a lender’s bona fides. Side-loaded rogue APKs lose the cloak of anonymity.

    Default Loss Guarantee (DLG) cap is codified at 5 percent. A fintech can still provide first-loss cover to its bank partner, but only up to 5 percent of the disbursed portfolio, and only in cash, liened fixed-deposit or bank guarantee form. Synthetic securitisation and back-dated indemnities are expressly off the menu.

    Borrower cooling-off window becomes mandatory: at least one calendar day for loans under seven days and three days for longer tenors, during which a borrower may exit penalty-free.

    Data stays local and consent becomes granular. The Directions copy-paste RBI’s 2024 data-governance template: personal data may only be collected on a clear need-to-know basis, stored in India, and shared with Lending Service Providers (LSPs) under a board-approved outsourcing contract.

    Why this matters for the ecosystem

    Borrowers

    A standardised KFS brings payday-style micro-credit into line with card and mortgage disclosure norms. Instant comparison fosters trust; borrowers see the total cost of credit before tapping “Accept” rather than after an unpleasant SMS alert.

    Regulated entities

    Banks and NBFCs must overhaul API flows so every partner app can serve a compliant KFS and capture an e-signature timestamp. Many will need to renegotiate revenue-share deals because hidden fees are no longer available.

    Lending Service Providers

    Fintechs that built valuation on fast origination now face heavyweight compliance chores. Yet the 5 percent DLG cap, applied uniformly, levels the playing field; smaller players can compete on UX instead of how much first-loss cash they can front.

    Big Tech wallets and super-apps

    The public DLA registry reduces reputational risk for platform ecosystems; only white-listed loan products can ride their checkout rails. Expect tighter curation and a swing toward co-branded credit lines where a regulated bank owns the balance-sheet risk.

    Compliance timelines you can’t ignore

    DeadlineRequirement
    15 June 2025Upload DLA list to CIMS.
    1 July 2025RBI publishes the public DLA registry.
    Q3 2025REs certify data-sharing frameworks and cooling-off mechanisms to their boards.

    Miss a date and the penalties bite: the RBI may disable an app’s loan disbursal API on 24 hours’ notice.

    Strategic plays for 2025

    • Re-paper outsourcing. Every LSP agreement needs fresh clauses on data localisation, DLG limits and borrower grievance redress.
    • Automate KFS delivery. Embed templated KFS PDFs into app journeys; link them to your e-sign provider so the audit trail is one click away.
    • Optimise DLG economics. With a hard 5 percent cap, focus on better underwriting models rather than deeper pockets; every basis point of risk scoring accuracy now has P&L leverage.
    • Use the registry as a marketing tool. A public RBI seal of approval lets compliant apps shout “licensed, listed, legit” in ad copy—expect to see QR codes that link directly to the regulator’s site.

    The bigger picture

    India’s digital lending boom was built on speed. Speed bred excess: ghost charges, aggressive collections, data scrapes. The 2025 Directions aim to keep the velocity while injecting credibility. They convert what were scattered FAQs and selective compliance into a single, enforceable contract between the RBI and every pixel that presents a loan offer to an Indian citizen.

    If the industry adapts quickly, it could export this compliance stack to the rest of Asia as a trust-premium feature. Drag its feet, and the regulator has shown it will simply shut rogue apps down. Either way, the era of scale-first, compliance-later lending is formally over.

  • India Finally Wakes its Payments Regulatory Board – Here’s What Comes Next

    India Finally Wakes its Payments Regulatory Board – Here’s What Comes Next

    On 9 May 2025, a bureaucratic sleeper cell came to life. With a short notice – S.O. 2031(E), signed on 6 May, the Ministry of Finance pressed “activate” on §152 and §153 of the Finance Act 2017, the long-dormant clauses that add sweeping new powers onto the Payment and Settlement Systems Act 2007 (PSS Act). In one stroke the Reserve Bank of India (RBI) gains a fully-fledged Payments Regulatory Board (PRB)—a single referee for every rail that moves money inside the country, from UPI’s instant QR codes to prepaid transit cards. Eight years after lawmakers drew up the plan, the regulator finally has a pulse.

    A Regulator Born in Slow Motion

    The Finance Act 2017 was passed during India’s cash-crunch upheaval, but its payment-reform sections never took effect. Successive governments worried that a heavy central hand might smother the frenetic innovation that made UPI the world’s busiest real-time network. Yet success creates its own risks: by mid-2024 UPI was clearing more than 12 billion transactions a month, zero-fee merchant discount rates (MDRs) were squeezing PSP margins, and outages on single points of failure, NPCI’s switch or a large issuer’s core, were no longer merely inconvenient; they were systemic. The Finance Ministry’s notification is Delhi’s admission that DIY self-governance has run its course.

    What Exactly Can the PRB Do?

    The amendments hand the Board powers that go well beyond the RBI’s existing supervisory toolkit. It can set or cap any fee charged by a “payment system or participant”; declare a rail or operator “systemically important” (triggering tougher resilience rules); and issue binding directions on interoperability to end closed-loop silos. Non-compliance invites penalties of up to ₹10 crore (about US $1.2 million) per breach – high enough to sting even deep-pocketed super-apps.

    Crucially, the PRB is chaired by the RBI Governor but includes representatives from the Treasury and the Department of Electronics & IT, knitting policy, prudence and infrastructure under one roof. In effect, India’s payments stack now answers to its own mini-Basel committee.

    Winners, Losers and the Fee-Cap Puzzle

    For merchants and consumers the Board’s very first agenda item matters most: fees. Today UPI operates on a politically popular but economically awkward zero-MDR model. PSPs depend on float income and data-driven cross-sell to survive, a margin recipe that thins as interest rates fall and privacy rules tighten. If the PRB uses its fee-setting power to replace the hard zero with a flexible cap, say 10–15 bps on high-value or commercial transactions, banks and fintechs gain breathing room without shocking small merchants.

    Wallet and BNPL operators have a different headache. Interoperability directives could force closed-loop apps to expose open APIs or embrace tokenised card standards, eroding the walled-garden grip that boosts stickiness, and valuation. Yet the upside is a bigger total addressable market: uni-wallet users become multi-rail shoppers overnight.

    Banks, meanwhile, eye the new systemically important label warily. Today that tag applies only to NPCI, but a next-tier designation for the largest UPI issuers or gateway banks would trigger higher resilience spending and, potentially, extra capital buffers. Shareholders will want clarity before the PRB’s first consultation paper, expected in Q3 2025, drops into inboxes.

    The View from Asia—Copycats Incoming

    India is the region’s petri dish for instant payments at scale, and its regulatory moves rarely stay within its borders. Indonesia, the Philippines and Malaysia each juggle real-time rails, overlay QR schemes and a patchwork of older card systems. Their central banks have so far relied on memorandum-style coordination committees; India’s single-board model offers a more aggressive template. Watch for Jakarta’s BI-FAST task-force or Manila’s InstaPay Governance Committee to pick up language straight from the PSS amendment playbook.

    What Industry Players Should Do Now

    For payment service providers, the three-month runway to the PRB’s first policy paper is not downtime; it is prep time.

    • Model Fee Scenarios: Swap the current zero-MDR assumption for a sliding cap in your 2025–27 forecasts; decide whether a small processing fee could be passed on or must be absorbed.
    • Audit Interoperability Gaps: If any QR, NFC or in-app flow still runs on proprietary standards, map the cost of migration to Bharat QR and EMVCo specifications now. The Board will almost certainly mandate convergence.
    • Tighten Resilience Playbooks: High-traffic PSPs should treat a “systemic” designation as inevitable. Stress-test plans for 99.995 % uptime, geographic failover and 15-minute public incident disclosure—levels already whispered in RBI corridors.

    A New Normal – Regulated, Yet Still Restless

    Sceptics fear the PRB could become a speed-brake on India’s hard-won payment agility. But the lesson from mature markets is that scale without structure breeds fragility; when a rail processes half the nation’s GDP on peak festival days, the social cost of downtime dwarfs the private cost of compliance. The Board’s challenge is to temper risk without dulling innovation—perhaps by using penalty sticks sparingly and consulting liberally with industry caucuses.

    For stakeholders outside India, the signal is loud: payments are now considered critical infrastructure, and critical infrastructure gets a dedicated regulator. Align early, on fees, uptime and open standards, and the coming ruleset will feel like a catalyst, not a cage. Ignore it, and the ₹10-crore stick will be the least of your worries.

    As India’s Payments Regulatory Board settles into its new office on Mint Street, expect a year of white papers, stakeholder round-tables and, inevitably, court challenges. Yet the direction of travel is locked in: real-time payments have finally outgrown their startup hoodie and slipped into a tailored regulator’s suit. The rest of Asia is likely already taking notes.