Declined: RBI returns a large number of payment aggregator licence applications

The Reserve Bank of India’s guidelines mandate stringent compliance norms around merchant on-boarding and KYC.  (Photo: Mint)
The Reserve Bank of India’s guidelines mandate stringent compliance norms around merchant on-boarding and KYC.  (Photo: Mint)

Summary

  • The central bank has returned a majority of payment aggregator applications it received from firms, big and small
  • Payment aggregators are crucial for online payments—such companies receive, process, pool and transfer user payments to merchants. About 180 firms applied for licences last year.

NEW DELHI : On a pleasant morning in February this year, the chief executive officer (CEO) of a fintech startup received some disheartening news. His company had applied to be authorized as a ‘payment aggregator’, a crucial spoke in the giant wheel of online payments—such companies receive, process, pool and transfer user payments to merchants.

However, India’s central bank, the Reserve Bank of India (RBI), returned the application.

The company did not comply with eligibility criteria prescribed in the ‘Guidelines of Payment Aggregators and Payment Gateways’, first circulated on 17 March 2020, the return memo from the RBI stated. “Further, you are advised to stop the payment aggregation activity within 180 days from the date of this letter. During this period, you are not allowed to undertake fresh business or on-board new merchants," the memo ordered.

All companies applying for the licence were mandated to have a net-worth of 15 crore as of 31 March 2021. This startup’s net-worth was lower but the CEO still took a chance with the application—many in the payments industry assumed the RBI would be flexible with the net-worth requirement.

The central bank wasn’t. It didn’t budge on this requirement. Nor on any of the other conditions the guidelines state. That resulted in a flood of rejections, a long list that includes both the big and the small, Indian startups and multinationals, e-commerce companies and payment firms.

About 180 applications were filed, an executive from a company whose application was returned, said. “Of this, over 100 applications have been either rejected or returned," he said. The executive didn’t want to be identified. Companies whose applications have been returned may be allowed to re-apply after a year, he added. This information was corroborated by three other executives who were familiar with the situation but declined to be identified.

Companies that applied for the licence include BillDesk, PayU, Razorpay, CCAvenue, Cashfree Payments, Paytm, MobiKwik, BharatPe, PhonePe, Juspay, Google, Amazon, Cred, Bajaj Finserv, Zomato, M2P Fintech (through Livquik), Instamojo, SafexPay, and FSS.

According to many sources, MobiKwik’s application was one of the first to be returned. Similarly, the applications of Livquik (in which M2P is the largest shareholder), Paykun, AggrePay, Hypto, Safexpay, FSS, Zomato, Pay10, and even Google may have been returned.

“We don’t seem to have any intimation on rejection or return of our applications. There have been instances in the past where RBI asked for some additional information as part of the application, which we refurnished," a Google spokesperson said.

An Amazon spokesperson, on being asked whether its application has been returned, stated: “We don’t have any such communication."

M2P, a company that provides financial technology infrastructure, admitted that their application that it made via Livquik was returned. M2P founder Madhusudanan R. said that the company has made a representation to the RBI and is waiting to hear back. Similarly, Paykun, a payments gateway company, confirmed that its application was returned. A spokesperson from Zomato said that the information about their application being returned is “not true". Ravi Gupta, founder of payments company Safexpay, said, “Our licence is in progress and there is no intimation from the RBI yet."

Questions sent to AggrePay, Pay10, FSS, MobiKwik, and Hypto over email and LinkedIn didn’t elicit any response. A query sent to an RBI spokesperson last month and a subsequent reminder on Tuesday was not answered either.

The flurry of returns, meanwhile, have taken the industry by surprise. “Everybody has become cautious. They are staying away from any public relations activity and have gone silent in the last few months," a payments consultant who didn’t want to be identified said.

This also leads to the more important question. Why did the RBI come out with the guidelines in 2020 when payment aggregators have existed for well over a decade now? BillDesk started in 2000.

Non-bank companies offering payments services to merchants were asked to apply for authorization by 30 September 2021.

Well, the term ‘payment aggregator’ is a fairly new coinage. Earlier, all the companies in the business of processing payments were simply called ‘payment gateways’. The RBI is clear the two are distinct roles. While payment aggregators will facilitate payments to merchants by handling the money, payment gateways will just offer the technology platform—they won’t get involved in the settlement of funds.

In the last five years, many companies offering the aggregator service, or those who handle the money, have mushroomed with the growth of ecommerce in India. The RBI, sources said, is increasingly concerned about the possibility of money laundering and fraud. But more of this in a bit.

Not for trade

Let’s recap the sort of companies which applied for the payment aggregator authorization.

There were four cohorts. One, the very young startups. According to industry watchers, some set up shop simply to bag the licence, trade it, or bump up valuations. The second category had companies with large consumer or business-to-business play; a payments aggregation licence could result in a new line of business (for example, Zomato). The third cohort comprised smaller payment gateway firms, and last, the pure-play payment companies (like BillDesk, PayU, Razorpay etc.)

The RBI has concerns around each of these cohorts.

About 70 companies, which did not meet the net-worth criteria, attached a letter with their applications stating that they could secure the capital requirements from investors once the licence is okayed. “These applications were rejected straight away," said a senior executive from a payment gateway who didn’t want to be identified.

“The RBI is being doubly cautious to not make the payment aggregator licence a trade-able thing, where companies just take the licence, increase their valuation on the back of it, and eventually sell it," said the co-founder of a top payment gateway company who didn’t want to be identified.

The central bank, industry watchers said, has learnt its lesson from the prepaid payment instruments (PPI) licences it issued. The PPI licence permits companies to operate payments systems such as digital wallets, prepaid transit cards, vouchers and so on. Some entities were bought or sold only for these licences. Take the example of HipBar, a liquor delivery startup that didn’t really take off. The company, however, had a PPI licence, obtained in 2016. Credit card bill payments company Cred acquired HipBar in 2021, reportedly to enter the wallet business. In March this year, New Delhi-based non-bank lender DMI Finance acquired a controlling stake in payment system operator Appnit Technologies Private Ltd, which offers payment products across banking channels. Appnit is a PPI license holder.

Ram Rastogi, member of governance council at the Fin-Tech Association for Consumer Empowerment, a non-profit, elaborated on the RBI’s other concerns.

Many of the companies who applied had no knowledge of payments. “Some of them have not even read the eligibility criteria. The memorandum of association, a legal document that represents the charter of the company, did not mention that they can do payment aggregation—in about 20 applications," he said.

Some of the applications, he added, were returned due to technical gaps. There are 32 points on data and IT security, which an aggregator has to have before submission of applications.

A payment gateway executive told Mint that the RBI is wary of authorizing Big Tech firms such as Google and Amazon because of concerns around data privacy.

The RBI’s guidelines mandate stringent compliance norms around merchant on-boarding and KYC (know your customer). “There have been instances of popular gateway companies not executing proper KYC of merchants. We all saw how the Chinese digital loan apps were operating. Most of these companies are being asked to clean their books and put in strict KYC processes in place," a payment consultant said.

“In-fact, there are a few big companies which faced scrutiny over improper KYC checks earlier. They have been working on cleaning up their systems and processes at the backend for quite some time," the consultant added.

Crypto worries

India’s central bank, meanwhile, is zeroing in on applications that involve companies with a history of crypto transactions. In April 2018, the RBI had banned banks from supporting crypto transactions. While the Supreme Court called the ban ‘unconstitutional’ in 2020, the RBI continues to hold that cryptocurrencies pose a systemic risk—RBI governor Shaktikanta Das recently said that “cryptocurrencies are a clear danger".

A popular payment gateway, which once powered crypto transactions, applied for the payment aggregator licence. A co-founder, who didn’t want to be identified, said the company was called in for several rounds of discussions in the past two months. “We made presentations. Our due diligence is ongoing and our systems are being checked," the co-founder informed. On one occasion, last month, the company met a six member RBI panel.

“There have been tax evasion and money laundering issues where payment gateways were used as shell companies to launder the money. So, the RBI is asking a lot of questions around risk mitigation, anti-money laundering processes, etc.," the co-founder said. “We were also asked about the company’s ownership, the venture capitalists, as also about our usage of data," he added.

When needed, the RBI is seeking the help of agencies such as the enforcement directorate (ED) in the scrutiny, another payment gateway company executive said.

A big boys club?

So, how many companies could finally end up with the payment aggregator licence? Not too many.

Initially, the industry believed that about 30-40 companies may be authorized but given the rate of rejections, hopes are more tempered now.

“The RBI might start with approving just 10-15 applications in the first lot. The second lot may have a few more," a senior executive from a payment gateway said. The first set of approvals are expected next month.

Industry insiders said that BillDesk, PayU, Worldline, Razorpay and CCAvenue are expected to make the cut—these companies are fairly large in the payments processing domain already.

“There are 180 plus applications—it’s quite a large list. I am sure the RBI will look at serious players in the business. Currently, the market is well developed with largely the top 10-12 players catering to the majority of the market," Dewang Narella, CEO of Atom, a payments firm, said.

A few aren’t happy that only a handful of licences could be rolled out, which would make the aggregator space a big boy’s club.

“India is a large market, I don’t understand how just a handful of companies will cater to this large, growing market. No payment aggregator has a pan-India presence today," an executive from a payment gateway, quote earlier, said.

But since it’s clear that a majority of the companies asking for licences won’t get them, what happens to their businesses? Will they shut shop? All is not lost.

Like one of the executives quoted earlier mentioned, most of these companies should be able to re-apply for the licence after a year. In the meantime, expect a scramble for alternative business models.

One business model could be to simply operate as payment gateway or a technology service provider to banks and the licenced payment aggregators.

“Since many banks don’t have tech capabilities to build a full-fledged payment aggregator business, they all use white-labeled solutions from major payment aggregators currently. This means banks will be willing to partner fintechs. Banks such as Kotak Mahindra and Yes Bank are reaching out to the fintechs now," one fintech executive said. His company’s payment aggregator application, too, was returned recently.

Catch all the Industry News, Banking News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
more

topics

MINT SPECIALS