India: Master direction on regulation of payment aggregators, 2025 entered into force with grace period

On 15 September 2025, the Reserve Bank of India (RBI) issued the Regulation of Payment Aggregators Directions, 2025. The directions apply to all bank and non-bank payment aggregators operating in India. They cover three categories, including payment aggregator–physical (PA–PA-Physical), payment aggregator–online (PA–Online), and payment aggregator–cross border (PA–Cross Border). Authorised Dealers (ADs) and Scheduled Commercial Banks (SCBs) are also included. It also states that payment aggregators must have a minimum net worth of INR 15 crore at the time of authorisation, rising to INR 25 crore by the third financial year. They are required to establish governance frameworks, dispute resolution mechanisms, and fraud prevention systems. Escrow accounts must be maintained to safeguard merchant funds. All merchants must undergo Know Your Customer (KYC) and due diligence checks. Aggregators are also required to comply with cybersecurity standards, including Payment Card Industry Data Security Standard (PCI-DSS) compliance, regular audits, and vulnerability assessments.