HomeServicesFEMA & RBIFFMC Licence & Fintech Regulatory Advisory

FEMA & RBI · NBFC & Financial Services Licensing

FFMC Licence & Fintech Regulatory Advisory

Money changing and fintech are two of the most tightly supervised activities the Reserve Bank of India regulates — because both sit directly on the payment and foreign exchange rails of the economy.

Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986

2,000+Clients since 1986
42 yrsCA practice
4Offices · India & UAE
24 hrsResponse time

Money changing and fintech are two of the most tightly supervised activities the Reserve Bank of India regulates — because both sit directly on the payment and foreign exchange rails of the economy. A Full Fledged Money Changer (FFMC) licence lets you buy and sell foreign currency notes, coins, and travellers' cheques and issue prepaid forex cards to resident and non-resident travellers under the RBI's Master Direction on Money Changing Activities. Fintech businesses — payment aggregators, lending platforms, wallet operators, BNPL providers, neobank-style layers over bank rails — operate in an area where the RBI has progressively tightened the regulatory perimeter since 2020, and where the line between a permitted technology-services arrangement and an activity requiring a licence is easy to cross without realising it. At PNPC Global, our FEMA & RBI practice has advised on cross-border and regulated-financial-services structuring since 1986, with offices in Chennai, Bangalore, Hyderabad, and Dubai giving us a distinct vantage point on India-UAE money flows and remittance-linked fintech models. This service covers FFMC licence applications (Category I, II and III), franchisee and money-transfer agent arrangements, and end-to-end fintech regulatory advisory — helping you identify which RBI framework applies to your model, structure the entity and net-owned-fund position correctly, and stay compliant once you are operating.

What it costs

Govt. feesGovernment & statutory fees as applicable to your case
Professional feeFixed professional fee — confirmed in writing before we start

No hidden charges. The exact figure is set in your engagement letter.

What FFMC Licence & Fintech Regulatory Advisory is

A Full Fledged Money Changer (FFMC) is an entity authorised by the Reserve Bank of India under Section 10(1) of the Foreign Exchange Management Act, 1999 to undertake both purchase and sale of foreign exchange from and to the public — primarily foreign currency notes, coins, and travellers' cheques, and, where separately permitted, issuance and reload of prepaid forex cards. The framework is set out in the RBI's Master Direction on Money Changing Activities, which is updated periodically and consolidates all circulars on the subject. FFMC authorisation comes in three categories. A Category I (full-fledged) licence permits both purchase and sale of foreign exchange. A Category II licence, called a Restricted Money Changer (RMC), permits purchase of foreign currency only — typically issued to established travel agents, hotels, and similar entities as a facilitation measure, and does not permit sale of foreign exchange. Category III (also referred to as a Franchisee arrangement) is not a standalone RBI authorisation at all — it is a business arrangement in which an existing Category I FFMC or an Authorised Dealer Category-I bank appoints a franchisee to conduct restricted money-changing business (purchase of foreign currency and sale of forex to outbound travellers up to prescribed limits, under the principal's registration and supervision) — the franchisee itself is not directly licensed by RBI.

The eligibility bar for a Category I FFMC licence is deliberately high: the applicant must be a company registered under the Companies Act 2013 (Section 8/not-for-profit or other special-purpose entities are not eligible), with a minimum Net Owned Fund (NOF) prescribed by RBI's Master Direction (the specific figure is set out in the current Direction and periodically revised — PNPC confirms the exact applicable NOF threshold at the time of your application), and the promoters and directors must satisfy RBI's 'fit and proper' criteria — no history of default with banks or financial institutions, no conviction for an offence involving moral turpitude, and a clean regulatory track record. Applications are made to the Regional Office of the RBI's Foreign Exchange Department having jurisdiction over the applicant's registered office, along with a detailed business plan, projected financials, and a KYC/AML policy framework compliant with RBI's Master Direction on KYC.

Fintech regulatory advisory is a distinct but often adjacent practice area — many FFMC and money-transfer businesses now sit alongside a technology platform, and conversely many technology-first fintech companies discover mid-build that a piece of their product touches a regulated activity. The RBI regulatory perimeter for fintech includes several distinct frameworks depending on the business model: Payment Aggregators and Payment Gateways are regulated under RBI's Guidelines on Regulation of Payment Aggregators and Payment Gateways (with PAs requiring RBI authorisation above prescribed transaction-processing thresholds, under the Payment and Settlement Systems Act, 2007); Non-Banking Financial Companies (NBFCs) undertaking digital lending are governed by RBI's Digital Lending Guidelines (requiring lending to flow directly between the borrower's bank account and the regulated entity's account, disclosure of the ultimate lender, and a cooling-off period, among other requirements); Prepaid Payment Instrument (PPI) issuers — wallets and prepaid cards — require authorisation under the PSS Act; Account Aggregators require a separate NBFC-AA Certificate of Registration; and Peer-to-Peer lending platforms require an NBFC-P2P Certificate of Registration. A purely technology-services arrangement — where a fintech company builds software for a regulated bank or NBFC and never touches customer funds, never takes credit risk, and does not hold a data or lending relationship in its own name — can often operate without a direct RBI licence, but the line is fact-specific and RBI has issued repeated advisories (including on digital lending apps and 'buy now pay later' arrangements) narrowing what qualifies as pure technology support.

Why this combination matters commercially: an FFMC that also wants to offer app-based forex ordering, wallet top-ups, or remittance-adjacent features needs both frameworks read together — RBI treats money changing and payment system operation as separate authorisations even when delivered through one app. Equally, a fintech startup that assumes its lending-as-a-service or BNPL model is 'just technology' and later discovers RBI treats it as requiring an NBFC licence or a Digital Lending Guidelines-compliant restructuring faces a materially more expensive fix than getting the regulatory classification right at the design stage. PNPC's role is to map your actual business model — not your pitch deck description of it — against the applicable RBI framework before you build, launch, or scale, and to carry that clarity through into the licence application, NOF planning, KYC/AML policy design, and ongoing regulatory reporting once you are operating.

When this service applies to you

You operate or plan to operate a travel, tourism, hospitality, or currency exchange business and want to buy and sell foreign currency notes, coins, and travellers' cheques to the public under an RBI-authorised FFMC licence

You are a travel agent or hotel that wants to purchase foreign currency from outbound and inbound travellers under a Restricted Money Changer (Category II) authorisation, without needing full FFMC status

You are an existing Category I FFMC or an Authorised Dealer bank's money-changing partner and want to appoint or become a Franchisee (Category III) under RBI's franchisee scheme

You are building a fintech product — payment aggregation, digital lending, a prepaid wallet, an Account Aggregator, or a P2P lending platform — and need clarity on which RBI licence, if any, applies to your specific model before you build or raise funding

Your fintech company works with a bank or NBFC as a technology or servicing partner and you need an independent assessment of whether your arrangement stays within the 'outsourcing/technology support' boundary or has drifted into requiring its own RBI authorisation

You already hold an FFMC or fintech-adjacent RBI authorisation and need help with the annual compliance calendar — NOF maintenance, KYC/AML audits, RBI inspections, periodic returns, and renewal of authorisation

You are acquiring or investing in an existing FFMC, payment aggregator, or NBFC and need regulatory and 'fit and proper' due diligence before the transaction closes

You are a UAE-based exchange house, remittance business, or fintech company evaluating an India entry and need the RBI licensing pathway mapped against your existing UAE Central Bank-regulated structure

When another PNPC service is a better starting point

You only need to receive or send occasional personal remittances under the Liberalised Remittance Scheme — that is a banking transaction through your Authorised Dealer bank, not a licence you need to hold yourself

Your fintech idea is still at the concept stage with no regulatory classification question yet — start with our general business structuring advisory before this specialist regulatory scoping engagement

You need a specific FC-GPR, FC-TRS, or FIRMS portal filing for a foreign investment transaction that has already been structured correctly — our FC-GPR, FC-TRS & FIRMS Portal Reporting service handles that filing directly

You are setting up a standard NBFC for lending, investment, or asset finance with no money-changing or payment-systems element — our dedicated NBFC Registration, Annual Compliance & Takeover Advisory service is scoped precisely for that

You need Microfinance Institution or Housing Finance Company registration specifically — our Microfinance & Housing Finance Company Registration service covers those NBFC sub-categories directly

You have a known past FEMA contravention that needs regularisation through RBI compounding — our FEMA Due Diligence & Compounding Application Support service is the right engagement for that

Structure Comparison

FFMC categories and related RBI-regulated fintech authorisations compared

FeatureFFMC Category IFFMC Category II (RMC)FFMC Category III (Franchisee)Payment Aggregator (PA)NBFC (Digital Lending)
Governing frameworkFEMA Sec 10(1) + RBI Master Direction on Money Changing ActivitiesSame Master Direction — restricted scopeRBI Franchisee Scheme under the same Master DirectionPSS Act 2007 + RBI PA-PG GuidelinesRBI Act 1934 + Digital Lending Guidelines
Who can applyCompany under Companies Act 2013Travel agents, hotels, other eligible entitiesNot a direct RBI applicant — appointed by a Category I FFMC/AD bankCompany under Companies Act 2013 (bank or non-bank)Company seeking NBFC Certificate of Registration
Activity permittedPurchase AND sale of forex, TCs, and (if permitted) prepaid forex cardsPurchase of foreign currency only — no salePurchase of forex + restricted sale to outbound travellers under principal's licenceFacilitate online payment collection between payer and merchantExtend credit digitally, directly from own or co-lender's books
Direct RBI authorisationYes — Certificate of Authorisation issuedYes — restricted Certificate of AuthorisationNo — operates under principal's authorisation and agreementYes — RBI authorisation required above processing thresholdsYes — NBFC Certificate of Registration
Net Owned Fund requirementPrescribed minimum under Master Direction — confirmed at applicationLower/no separate NOF typically required — confirm current normsNot applicable — no separate NOF; governed by franchise agreementPrescribed net worth under PA-PG Guidelines, escalating over transition periodPrescribed minimum NOF under NBFC regulatory framework
KYC/AML obligationsFull KYC per RBI Master Direction on KYC; STR/CTR reporting to FIU-INDFull KYC on purchase transactionsKYC responsibility largely with the principal FFMC/AD bankMerchant and payer due diligence; nodal/escrow account disciplineBorrower KYC, credit appraisal, and Digital Lending Guidelines disclosures
Typical applicant profileForex bureaux, travel & tourism companies, exchange houses expanding to IndiaEstablished travel agents and hotelsSmaller operators wanting to offer forex without full licensingE-commerce, SaaS, and marketplace platforms collecting payments for merchantsFintech lenders, BNPL platforms, digital-first NBFCs
Renewal / ongoing filingsPeriodic returns to RBI Regional Office; renewal of authorisation as prescribedPeriodic returns; renewal as prescribedGoverned by franchise agreement term and principal's own renewalPeriodic reporting to RBI; annual system auditStatutory NBFC returns (NBS series), annual RBI inspection readiness

This table gives directional guidance only. RBI's Master Directions on money changing, payment aggregation, and digital lending are each periodically revised, and the exact Net Owned Fund thresholds, transaction limits, and transition timelines applicable to your application must be confirmed against the current Master Direction at the time of filing. PNPC verifies the live regulatory position before every engagement — do not rely on figures quoted in older articles or by unrelated advisors.

How it works
#Stage & What PNPC DoesWhat Generic Advisors MissTimeline
1Business Model Classification Call — What are you actually doing, not what you call itBefore discussing any licence, we map your actual cash/data/credit flow: do you take custody of customer funds even momentarily? Do you extend credit in your own name or merely refer to a lender? Do you handle forex notes physically or only facilitate a bank's forex service digitally? The RBI classifies activity by substance, not by the branding on your app. Generic advisors often accept the founder's own characterisation of the business without independently testing it against RBI's framework.Week 1
2Regulatory Framework MappingWe identify precisely which RBI framework (or combination) applies — FFMC Master Direction, PA-PG Guidelines, Digital Lending Guidelines, PPI Master Direction, NBFC-AA framework, or NBFC-P2P framework — and flag any activity that sits outside RBI's perimeter entirely (in which case no licence is needed, but the business must be structured to stay outside it). We also flag where a single product touches two frameworks simultaneously, a common and easily missed scenario.Week 1–2
3Entity & Net Owned Fund StructuringFor FFMC and NBFC-track applications, the applicant must be a properly capitalised company meeting the prescribed Net Owned Fund at the time of application — not merely at some future date. We work backward from the current NOF requirement to advise on paid-up capital, free reserves, and permissible deductions (accumulated losses, intangible assets) that determine your actual NOF for RBI's purposes.Week 2–4
4Promoter & Director 'Fit and Proper' ReviewRBI scrutinises promoters and directors for prior loan defaults, cheque bounce history, criminal antecedents, and any adverse regulatory history with RBI, SEBI, IRDAI, or other regulators. We conduct this review internally before filing — a fit-and-proper issue discovered by RBI after submission causes rejection and a mandatory cooling period before re-application; discovered by us beforehand, it can often be addressed or explained proactively.Week 2–4, parallel to Stage 3
5Business Plan & Financial Projections DraftingRBI requires a detailed business plan — projected volumes, geographic branch/outlet plan, technology infrastructure, staffing, and financial projections for at least the first three years. A generic template business plan is a common rejection trigger; we draft one grounded in your actual operating plan and defensible assumptions.Week 3–5
6KYC / AML / PMLA Policy DesignEvery FFMC and payment-systems applicant must submit a Board-approved KYC/AML policy compliant with RBI's Master Direction on KYC and the Prevention of Money Laundering Act, 2002 — covering customer due diligence tiers, Suspicious Transaction Report (STR) and Cash Transaction Report (CTR) triggers, record retention, and a designated Principal Officer for FIU-IND reporting. We draft this policy specific to your operating model, not a copy-pasted template.Week 4–6
7Application Compilation & FilingThe complete application — company documents, NOF certificate from a Chartered Accountant, business plan, KYC/AML policy, promoter/director declarations and documents, premises details for each proposed outlet — is compiled and filed with the jurisdictional RBI Regional Office (for FFMC) or the relevant RBI department (for payment systems/NBFC authorisations).Week 6–7
8RBI Query Handling & ClarificationsRBI Regional Offices and departments raise queries on almost every first-time application — on NOF computation, premises suitability, business plan assumptions, or promoter background. We manage every query round directly with RBI, drafting responses that are complete and precise the first time, since repeated incomplete responses materially slow the process.Week 8–16, varies by RBI office workload and query complexity
9Premises Inspection (FFMC-specific)For FFMC applications, RBI or its designated inspecting authority may require a physical inspection of the proposed money-changing premises to confirm security arrangements, signage compliance, and record-keeping infrastructure. We prepare the premises and the team for this inspection in advance.As scheduled by RBI, typically within the query-handling window
10Certificate of Authorisation / Registration IssuanceOn RBI's satisfaction, the Certificate of Authorisation (FFMC) or Certificate of Registration (NBFC/payment systems track) is issued, specifying the permitted activities, any conditions attached, and the branches/outlets covered.Overall realistic timeline from complete application to authorisation: several months, and can extend further depending on RBI's contemporaneous workload and the complexity of the promoter/business profile — PNPC sets expectations honestly rather than promise a fixed date
11Post-Authorisation Operational SetupWe assist with setting up the operational compliance infrastructure — Principal Officer designation and FIU-IND registration, transaction record formats, the periodic return formats RBI requires (money-changing turnover returns, payment system reporting, or NBFC returns as applicable), and staff training on KYC/AML procedures before the first live transaction.Immediately following authorisation
12Ongoing Regulatory Compliance CalendarAuthorised entities face recurring obligations: periodic RBI returns, an annual system/concurrent audit (for payment aggregators), continued NOF maintenance (for FFMC/NBFC), KYC/AML policy review, and readiness for RBI's periodic on-site inspection. PNPC builds this into an annual compliance calendar so nothing is missed after the licence is in hand.Ongoing, reviewed annually
13Renewal, Expansion & Change ManagementAdding a new outlet, changing promoters or directors, or expanding the scope of authorised activity each require RBI intimation or approval, depending on the change. We manage these change-of-particulars filings as your business evolves, and handle authorisation renewal within the prescribed window before expiry.As needed through the life of the authorisation

FFMC and RBI fintech authorisation timelines are governed by RBI's own processing pace, which PNPC does not control and which varies meaningfully by Regional Office workload, promoter profile complexity, and the completeness of the first submission. A realistic range for a straightforward FFMC application from complete documentation to Certificate of Authorisation is several months; complex fintech authorisations (payment aggregator, NBFC) can take longer. PNPC's role is to eliminate every self-inflicted delay — incomplete documents, weak business plans, unresolved fit-and-proper issues — so that RBI's own processing time is the only variable left.

Document Checklist
Corporate & Entity Documents

Certificate of Incorporation and Memorandum & Articles of Association of the applicant company — must be a company registered under the Companies Act 2013

Board resolution authorising the FFMC/fintech licence application and naming the authorised signatory

Complete shareholding pattern and group corporate structure chart, including any overseas holding company or affiliate

PAN, CIN, GST registration, and (if applicable) existing RBI/SEBI/IRDAI registration details of the applicant or its group entities

Audited financial statements for the preceding three years (or since incorporation, if a newer company), certified by the statutory auditor

Net Owned Fund & Capital Documents

Net Owned Fund computation certified by a practising Chartered Accountant, applying the current RBI-prescribed method (paid-up capital plus free reserves, less accumulated losses and specified intangible/deferred items)

Bank statements and fixed deposit certificates evidencing the capital infusion supporting the NOF, where recently infused

Source-of-funds declaration for share capital, particularly where funded by promoters' personal funds, group company transfers, or foreign investment (which separately triggers FDI/FEMA reporting)

Auditor's certificate confirming no diminution of the certified NOF between the certification date and the application filing date

Promoter & Director Documents

PAN and Aadhaar (or passport, for foreign nationals) of every promoter and director

Detailed profile / CV of each promoter and director, demonstrating relevant business or financial-sector experience where available

Declaration of no default with any bank, financial institution, or NBFC, and no conviction for an offence involving moral turpitude or economic offence

Credit Information Company report (CIBIL or equivalent) for each promoter/director, where required by the specific RBI framework

Declaration of directorships and shareholdings held in any other RBI-regulated entity, to assess concentration and conflict-of-interest concerns

Business Plan & Operational Documents

Detailed business plan covering the proposed scope of activity, target customer segments, geographic branch/outlet plan, and three-year financial projections

Technology infrastructure description — for fintech applicants, this includes system architecture, data security measures, and (for payment systems) escrow/nodal account arrangements with the settlement bank

Board-approved KYC/AML/PMLA policy, including customer due diligence tiers, STR/CTR trigger thresholds, record retention procedures, and the designated Principal Officer

Premises details for each proposed FFMC outlet — ownership/lease proof, floor plan, and security arrangement description (CCTV, safe/vault, signage compliance)

Draft customer-facing agreements, terms of service, and (for payment aggregators) merchant onboarding and settlement agreements

For Franchisee (Category III) Arrangements

Franchise agreement between the principal Category I FFMC/AD bank and the proposed franchisee, specifying scope of activity, transaction limits, and supervisory responsibilities

Principal's own Certificate of Authorisation, confirming it is currently valid and covers the franchisee arrangement

Franchisee's premises and KYC infrastructure details, as required by the principal's own RBI-approved franchisee scheme

Board resolution of the franchisee entity approving the franchise arrangement

For NBFC-Track Fintech Applications (Lending, AA, P2P)

Detailed note on the proposed lending/data-sharing model, specifically addressing how it aligns with RBI's Digital Lending Guidelines (direct disbursal to/from borrower account, disclosure of lender identity, cooling-off period) or the Account Aggregator / P2P framework as applicable

Information Technology and cybersecurity policy, including data storage and consent-architecture details for Account Aggregator applicants

Co-lending or Lending Service Provider (LSP) agreements, if the business model involves partnering with a bank or another NBFC rather than lending purely on own books

Grievance redressal mechanism and Fair Practices Code, as required for NBFC-track authorisations

For Overseas Promoters / UAE-Linked Structures

Certificate of Incorporation of the overseas parent/promoter entity, apostilled or consularised as applicable

Board resolution of the overseas entity authorising the Indian investment/promotion, apostilled or notarised

FDI reporting compliance evidence (FC-GPR filed on the RBI FIRMS portal) for any equity investment already received from the overseas promoter

UAE Central Bank licence or equivalent regulatory authorisation held by the overseas group entity, where relevant to demonstrate group regulatory standing

Ongoing obligations
PhaseTriggered ByPNPC CA GuidanceRisk If Ignored
Pre-Application StructuringDecision to enter money-changing or a regulated fintech activityBusiness model classification against the correct RBI framework, entity structuring, Net Owned Fund planning, and promoter fit-and-proper pre-review before any application is drafted.Filing under the wrong framework or with an under-capitalised entity leads to rejection, wasted time, and a mandatory cooling period before re-application in some cases.
Application & RBI ReviewDocumentation readyComplete, RBI-ready application compilation; proactive query handling; premises inspection preparation for FFMC applicants.Incomplete or weak applications generate repeated RBI query rounds, each adding weeks to months of delay, and increase the risk of outright rejection.
Authorisation Received — Operational LaunchCertificate of Authorisation/Registration issuedPrincipal Officer designation and FIU-IND registration, transaction record-keeping systems, KYC/AML staff training, and periodic return format setup before the first live transaction.Operating without the required FIU-IND registration or without a compliant KYC process from day one is itself a fresh compliance breach, independent of holding a valid licence.
Ongoing OperationsBusiness as usualPeriodic RBI returns (money-changing turnover data, payment system reporting, or NBFC NBS returns as applicable), continued NOF maintenance, KYC/AML policy currency, STR/CTR filing discipline.Missed periodic returns and NOF shortfalls are flagged in RBI's supervisory review and can trigger show-cause proceedings, restriction on fresh business, or in serious cases, cancellation of authorisation.
RBI InspectionScheduled or surprise on-site/off-site inspectionPre-inspection readiness review, document organisation, and representation during the inspection process; remediation plan for any observations raised.Adverse inspection findings left unaddressed can escalate to restrictions on business, monetary penalty, or referral for cancellation of the Certificate of Authorisation.
Expansion / Change of ParticularsNew outlet, new product feature, change in promoters or directorsChange-of-particulars filing with RBI, fresh fit-and-proper review for incoming promoters/directors, and assessment of whether the expanded activity requires an additional or amended authorisation.Operating an unapproved outlet or an activity outside the authorised scope (e.g., an FFMC quietly adding payment-aggregation features) is treated as unauthorised business and can jeopardise the existing licence.
RenewalAuthorisation validity period approaching expiryRenewal application prepared and filed within RBI's prescribed window, incorporating any regulatory framework changes issued since the original authorisation.Lapsed authorisation halts the business entirely until re-authorised, and a gap in valid authorisation can itself trigger regulatory scrutiny of transactions conducted in the interim.
Exit / Surrender / CancellationBusiness wind-down, M&A, or voluntary exitFormal surrender application to RBI, closure of nodal/escrow accounts, final periodic return filing, and record-retention compliance for the prescribed post-closure period.An authorisation not formally surrendered can continue to attract periodic-return obligations and inspection exposure even after the business has effectively ceased operating.
Frequently asked
What exactly is an FFMC and who needs one?

A Full Fledged Money Changer (FFMC) is a company authorised by the Reserve Bank of India under Section 10(1) of FEMA, 1999 to purchase and sell foreign currency notes, coins, and travellers' cheques from and to the public, and — where separately permitted — to issue and reload prepaid forex cards. You need this authorisation if your business model involves buying or selling physical foreign currency or travellers' cheques directly with retail customers, such as a forex bureau, a currency exchange counter at an airport or hotel, or a travel company offering forex services alongside its core business.

Practitioner noteA common misconception is that a travel agency 'facilitating' forex through a tie-up with a bank does not need its own authorisation. If the travel agency itself takes custody of currency or handles the transaction in its own name rather than purely referring the customer to the bank, RBI treats it as conducting money-changing business and expects it to hold at least a Category II (Restricted Money Changer) authorisation.
What is the difference between Category I, Category II, and Category III FFMC authorisation?

Category I (full-fledged) permits both purchase and sale of foreign exchange and is the only category that allows a standalone business built entirely around money changing. Category II, called a Restricted Money Changer (RMC), permits purchase of foreign currency only — no sale — and is typically granted to established travel agents and hotels as a facilitation measure alongside their core business. Category III is not a direct RBI authorisation at all; it is a franchisee arrangement in which an existing Category I FFMC or an Authorised Dealer bank appoints a franchisee to conduct restricted money-changing business under the principal's own registration and supervision.

Practitioner noteWe see founders assume Category III is a 'lighter' RBI licence they can apply for directly. It is not an RBI-issued authorisation at all — it is a commercial arrangement with an existing licence-holder, and the franchisee's compliance obligations flow through that agreement rather than a direct RBI relationship.
What is the minimum Net Owned Fund required for an FFMC licence?

RBI's Master Direction on Money Changing Activities prescribes a minimum Net Owned Fund (NOF) for Category I FFMC applicants, computed as paid-up capital plus free reserves, less accumulated losses and specified deductions such as intangible assets. The exact figure is set out in the current Master Direction and has been revised by RBI over time, so PNPC always confirms the applicable threshold at the time of your specific application rather than quoting a fixed number that may be outdated.

Practitioner noteWe insist on a fresh NOF certificate close to the actual filing date, not one prepared months earlier during planning. RBI has queried applications where the NOF certificate date is materially removed from the filing date, since capital positions can change in the interim.
Which entity types are eligible to apply for an FFMC licence?

Only a company registered under the Companies Act 2013 is eligible to apply for FFMC authorisation. Partnership firms, proprietorships, LLPs, and trusts are not eligible applicants under RBI's Master Direction. The company's Memorandum of Association should reflect money-changing as an authorised object.

Practitioner noteIf your business is currently structured as a partnership or LLP and you want to pursue FFMC authorisation, the entity conversion to a company needs to be planned and completed before the FFMC application — building this timeline into your overall project plan is something we do at the very first scoping call.
What does RBI's 'fit and proper' criteria for promoters and directors actually check?

RBI reviews each promoter and director for a clean financial and legal track record — no default with any bank, financial institution, or NBFC; no conviction for an offence involving moral turpitude or an economic offence; no adverse regulatory action by RBI, SEBI, IRDAI, or any other financial regulator; and, generally, relevant business or financial-sector experience or a credible operational plan supported by qualified management.

Practitioner noteWe conduct an internal fit-and-proper pre-review before any promoter or director is named in the application. Discovering an issue — even an old, resolved loan default that still shows in credit records — after RBI raises it as a query is far harder to manage than addressing it proactively with supporting context in the original submission.
How long does it take to get an FFMC licence from RBI?

There is no statutorily fixed timeline. RBI processing depends on the completeness of the application, the complexity of the promoter and business profile, and the workload of the relevant Regional Office. A realistic range for a well-prepared application from filing to Certificate of Authorisation is several months. Applications with incomplete documentation, weak business plans, or unresolved fit-and-proper questions can take considerably longer due to repeated query cycles.

Practitioner noteWe tell every client honestly: the single biggest driver of delay is not RBI's pace but the quality of the first submission. A complete, well-documented application with no loose ends materially shortens the query-response cycle, which is where most of the elapsed time actually accumulates.
Can a foreign or NRI promoter set up an FFMC in India?

Yes, subject to FDI policy for the relevant sector and RBI's fit-and-proper review of the foreign promoter. Any equity investment from a non-resident constitutes FDI under FEMA and must be reported via Form FC-GPR on the RBI FIRMS portal within the prescribed timeline, in addition to the FFMC authorisation process itself. UAE-based exchange houses and forex businesses evaluating an India entry commonly go through this dual-track process — FDI structuring and FFMC licensing in parallel.

Practitioner noteOur Dubai office regularly advises UAE exchange houses and remittance businesses on India entry. The FDI reporting and the FFMC licensing are two separate regulatory processes with two separate RBI touchpoints, and we run them as a coordinated single engagement rather than as disconnected workstreams.
What KYC and anti-money-laundering obligations apply to an FFMC?

FFMCs must maintain a Board-approved KYC/AML policy compliant with RBI's Master Direction on KYC and the Prevention of Money Laundering Act, 2002. This includes tiered customer due diligence based on transaction value, mandatory identity verification for currency exchange above prescribed thresholds, Suspicious Transaction Report (STR) and Cash Transaction Report (CTR) filings with the Financial Intelligence Unit-India (FIU-IND), a designated Principal Officer registered with FIU-IND, and prescribed record retention periods.

Practitioner noteFIU-IND registration of the Principal Officer is a step some new licence-holders overlook because it happens after the RBI authorisation is issued, not as part of the RBI application itself. We build this into the post-authorisation checklist so the business is not operating with a compliance gap on day one.
What happens during an RBI inspection of an FFMC?

RBI conducts periodic on-site and off-site supervision of FFMCs, reviewing transaction records, KYC documentation, STR/CTR filing discipline, NOF maintenance, and adherence to the conditions attached to the Certificate of Authorisation. Adverse findings can range from an observation requiring a written response, to a monetary penalty, to — in serious or repeated cases — restrictions on business or cancellation of the authorisation.

Practitioner noteWe help clients build inspection-ready record-keeping from the start, rather than scrambling to reconstruct transaction histories when an inspection is scheduled. The businesses that struggle most in inspections are consistently the ones treating compliance as a launch-time exercise rather than an ongoing discipline.
What is a Payment Aggregator and does my e-commerce or SaaS platform need to become one?

A Payment Aggregator (PA) is an entity that facilitates e-commerce sites and merchants to accept payment instruments from customers for completion of their payment obligations, without itself being a merchant. Under RBI's Guidelines on Regulation of Payment Aggregators and Payment Gateways, non-bank PAs handling payment collection and settlement on behalf of merchants require RBI authorisation once they cross prescribed processing thresholds and criteria set out in the Guidelines. A platform that merely integrates a licensed PA's API and never itself holds customer or merchant funds is generally not a PA requiring separate authorisation — but the precise dividing line depends on your actual fund flow, not your marketing description of the product.

Practitioner noteThis is one of the most common misclassification points we see in early-stage fintech and marketplace platforms. Founders often assume that because a licensed bank or PA sits somewhere in their payment stack, they are automatically exempt — but if the platform's own nodal account or nomenclature suggests it is collecting and holding funds on behalf of merchants, RBI can view the platform itself as conducting PA activity.
My fintech app connects borrowers to an NBFC lender — do I need my own RBI licence?

It depends on precisely what your app does. If you are a Lending Service Provider (LSP) that only sources, evaluates, and services loans on behalf of a regulated lender — with the loan disbursed directly between the borrower's account and the regulated lender's account, and with the regulated lender's identity clearly disclosed to the borrower as required by RBI's Digital Lending Guidelines — you may operate without your own NBFC licence, structured as a technology/servicing arrangement. If your app takes on any credit risk, disburses funds through its own account, or is not transparent about the ultimate lender, RBI's guidelines and enforcement posture treat that as requiring the entity itself to be a regulated lender.

Practitioner noteRBI has issued repeated advisories tightening the digital lending space, including on disbursal and recovery only through regulated entities' accounts and mandatory disclosure of the lending entity's name at the point of sanction. We review the actual money flow diagram of every digital lending client against the current Digital Lending Guidelines before they finalise their technology architecture — retrofitting compliant flows after launch is materially more disruptive.
What is an Account Aggregator and does my personal finance app need to become one?

An Account Aggregator (AA) is an NBFC category — NBFC-AA — that RBI licenses specifically to enable consent-based sharing of a customer's financial data across institutions (banks, NBFCs, insurers, and other Financial Information Providers) without the AA itself storing or reading the underlying financial data. If your app needs to pull a customer's bank or financial data from another regulated institution with the customer's consent, you generally need to either become an NBFC-AA yourself or route your data access through an already-licensed AA — you cannot build a parallel data-pulling mechanism outside the AA framework for regulated financial data.

Practitioner noteWe advise most early-stage fintechs to route through an existing licensed AA rather than seek their own NBFC-AA Certificate of Registration, given the NOF and governance requirements involved — becoming an AA yourself is usually only justified once data-access volume and strategic control considerations make it worthwhile.
What is a P2P lending licence and how is it different from a standard NBFC?

A Peer-to-Peer (P2P) lending platform is a distinct NBFC category — NBFC-P2P — regulated under RBI's Master Direction for NBFC-P2P Lending Platforms. It operates purely as a marketplace connecting individual lenders to individual borrowers, is prohibited from raising deposits, from lending on its own account, from providing any credit guarantee, and is subject to a cap on the aggregate exposure of a single lender across all P2P platforms. A standard lending NBFC, by contrast, lends from its own balance sheet and takes credit risk directly.

Practitioner noteThe prohibition on the platform lending on its own account is the feature most new entrants find restrictive — many P2P business plans quietly assume the platform can provide first-loss guarantees or fund gaps in matching, both of which conflict with the NBFC-P2P framework as currently structured. We flag this at the business-model stage, not after the application is drafted.
Is 'Buy Now, Pay Later' (BNPL) separately regulated by RBI?

RBI has not created a dedicated BNPL licence category; BNPL arrangements are regulated depending on how they are structured. Where BNPL is extended as a form of credit by a bank or NBFC, it falls under existing lending regulation, including the Digital Lending Guidelines where the arrangement is app/platform-mediated. RBI has also clarified that non-bank PPI issuers cannot load PPIs using credit lines — a clarification that specifically affected several PPI-linked BNPL and co-branded card models and forced restructuring of those products.

Practitioner noteBNPL is one of the fastest-moving areas of RBI's regulatory perimeter. A model that was compliant eighteen months ago may not be compliant today. We treat every BNPL engagement as requiring a fresh regulatory read against the current circulars, not a reuse of a prior client's structure.
What is a Prepaid Payment Instrument (PPI) and does my wallet or gift-card product need a licence?

A Prepaid Payment Instrument is a payment instrument — a wallet, a prepaid card, or similar — that stores value and facilitates purchase of goods and services against that stored value, regulated under the PSS Act, 2007 and RBI's Master Direction on PPIs. Issuing PPIs to the public — a consumer wallet, a reloadable prepaid card — requires RBI authorisation as a PPI issuer, subject to prescribed net worth and other eligibility criteria. A single-purpose, closed-system gift card usable only for goods/services from the issuer itself (with no cash-out and no interoperability) is generally exempt from PPI licensing, but semi-closed or open-system instruments usable across multiple merchants or for cash withdrawal require authorisation.

Practitioner noteThe closed-versus-semi-closed distinction is where we spend the most time with retail and hospitality clients who assume a 'loyalty wallet' is automatically exempt. If the wallet balance can be used at any affiliated outlet beyond the issuing entity itself, it typically loses closed-system status and needs to be assessed against the PPI framework.
Can an FFMC also operate as a payment aggregator or offer digital wallet services under one licence?

No. RBI treats money-changing authorisation (under the Money Changing Master Direction) and payment-systems authorisation (under the PSS Act and related Guidelines) as entirely separate regulatory frameworks, even if both activities are delivered through the same customer-facing app. An FFMC wanting to add app-based forex ordering can typically do so as an extension of its money-changing activity, but adding a general-purpose payment aggregation or wallet feature requires a separate authorisation under the relevant framework.

Practitioner noteWe have seen FFMC clients quietly add wallet-style features to their app to improve customer experience, without realising this created a fresh, unauthorised payment-systems activity sitting alongside their valid FFMC licence. Any new feature involving fund storage or third-party payment facilitation should be checked against the regulatory perimeter before it ships, not after.
What is RBI's Regulatory Sandbox and is it relevant to my fintech product?

RBI's Regulatory Sandbox is a framework that allows fintech entities to test innovative products, services, or business models with real customers within a limited, RBI-defined environment, before seeking full-scale authorisation (or confirming that no authorisation is required). It is theme-based, with RBI announcing specific cohorts (for example, cross-border payments, MSME lending, or fraud prevention themes) and inviting applications within defined windows. It is not a general-purpose fast-track licensing route — entry is selective and cohort-specific.

Practitioner noteThe Sandbox is a useful validation tool but not a substitute for proper regulatory classification. We advise fintech clients to pursue Sandbox participation, where a relevant cohort exists, as one input into their regulatory strategy — not as a way to avoid the underlying question of which licence, if any, their business model ultimately needs at scale.
What is the penalty for operating a money-changing or payment business without RBI authorisation?

Conducting money-changing business without RBI authorisation is a contravention of Section 10(1) of FEMA, 1999, exposing the entity and its officers to adjudication proceedings that can result in a penalty up to three times the sum involved (or up to ₹2 lakh where the amount is not quantifiable), plus further penalty for continuing contravention. Operating a payment system without RBI authorisation is an offence under the Payment and Settlement Systems Act, 2007, which separately provides for penalties and, in serious cases, imprisonment for contravention of its provisions.

Practitioner noteWe treat unauthorised operation as the single highest-severity risk in this practice area — far more serious than a late filing under an existing valid licence. If there is any doubt about whether your current activity already requires authorisation you do not hold, that question should be resolved immediately, not after RBI or a bank counterparty raises it.
How does PNPC assess whether my fintech idea needs an RBI licence before I build the product?

We start with a structured business-model classification call — mapping the actual flow of funds, data, and credit risk in your proposed product against the current RBI frameworks for payment aggregation, digital lending, PPIs, Account Aggregation, and P2P lending. We then issue a written classification memo identifying which framework (if any) applies, what authorisation (if any) is required, and what structural choices — such as routing settlement through a licensed partner rather than your own account — could keep you outside a licensing requirement if that is commercially preferable at your stage.

Practitioner noteThis classification memo is often the single most valuable early deliverable for a fintech founder — it lets you make an informed build-versus-partner decision before writing production code or signing a term sheet, rather than discovering the regulatory question during investor due diligence.
Does my FFMC or fintech licence application affect my ability to raise venture capital?

It can, in both directions. Sophisticated fintech investors specifically diligence regulatory classification and licensing status before investing, and an unresolved question of whether your model requires an RBI authorisation you do not hold is a common deal-delaying or deal-killing finding. Conversely, holding the correct authorisation (or a well-documented basis for not needing one) is itself a credibility signal to investors evaluating a regulated-adjacent business.

Practitioner noteWe prepare clients for this specific diligence question — a clean regulatory classification memo, and where applicable a valid Certificate of Authorisation, materially smooths the fundraising process compared to an unresolved or unexamined regulatory position.
What ongoing returns does an FFMC need to file with RBI?

FFMCs are required to submit periodic returns to their jurisdictional RBI Regional Office covering money-changing turnover, branch-wise transaction data, and other formats prescribed under the Master Direction on Money Changing Activities, in addition to responding to any ad hoc information requests raised during supervisory review. The specific return formats and periodicity are set out in the current Master Direction and its updates.

Practitioner noteWe build the applicable return calendar into every FFMC client's annual compliance plan immediately after authorisation is granted, so returns are filed proactively rather than in response to an RBI reminder.
Can an existing NBFC add money-changing or payment-aggregation activity to its existing licence?

No. An NBFC Certificate of Registration authorises the specific category of NBFC activity registered (such as investment and credit, or a specific sub-category like NBFC-P2P or NBFC-AA). Money-changing authorisation under the FFMC framework and payment-systems authorisation under the PSS Act are entirely separate regulatory approvals. An NBFC wanting to add either activity must apply for the relevant separate authorisation; it cannot simply expand its existing Certificate of Registration to cover it.

Practitioner noteGroup structures where one entity holds multiple RBI authorisations (say, an NBFC and an FFMC under the same corporate group but as separate legal entities) are common and generally the cleanest approach — we advise on this group structuring explicitly when a client's ambitions span more than one regulated activity.
What is a nodal account and why does it matter for payment aggregators?

A nodal account is a dedicated bank account, opened with a scheduled commercial bank, through which a payment aggregator routes customer payments before settling funds to the merchant, structured so that funds do not commingle with the PA's own operating funds and settlement occurs within RBI-prescribed timelines. RBI's PA-PG Guidelines mandate this account structure specifically to protect merchant and customer funds from the PA's own business risk.

Practitioner noteWe review nodal account structuring closely for payment-adjacent clients — an improperly structured settlement account (for example, commingled with general business funds) is one of the more common technical gaps we find during regulatory health checks, even for entities that believe they are already compliant.
How does PNPC's UAE presence help with fintech and remittance business structuring?

PNPC operates from Chennai, Bangalore, Hyderabad, and Dubai. For fintech and remittance businesses with an India-UAE dimension — a UAE exchange house entering India, an India-based remittance fintech routing flows through UAE corridors, or a group with entities regulated by both RBI and the UAE Central Bank — we coordinate the Indian RBI licensing and compliance work with the UAE regulatory and corporate advisory from a single engagement team, rather than requiring you to brief two disconnected firms across two jurisdictions.

Practitioner noteIndia-UAE remittance corridors are among the largest in the world by volume, and the regulatory frameworks on both sides — RBI's money-changing and payment-systems rules in India, and the UAE Central Bank's exchange house and payment-services regulations — interact in ways that a single-jurisdiction advisor on either side will not fully capture.
What does PNPC charge for FFMC and fintech regulatory advisory?

PNPC charges a fixed, scoped professional fee agreed in writing before work begins, based on the specific engagement — a full FFMC licence application, a fintech classification memo, an ongoing compliance retainer, or a combination. Given the fact-specific nature of regulatory classification and the variability in RBI processing timelines, we scope each engagement individually after the initial business-model classification call rather than quoting a standard package fee upfront.

Practitioner noteWe provide a written scope and fee letter before any billable work begins on every engagement. If your business model classification changes materially during the engagement — a not-uncommon outcome once the actual fund flows are mapped in detail — we revisit scope and fee transparently rather than absorbing or silently expanding the engagement.
Why should I engage PNPC rather than a generalist company-registration service for this?

FFMC and RBI fintech licensing are specialist regulatory practice areas, not standard company registration. A generalist portal or firm can file your SPICe+ incorporation but has no basis to assess whether your business model requires an RBI authorisation, what your defensible Net Owned Fund position is, or how RBI's Digital Lending Guidelines apply to your specific fund-flow architecture. PNPC's FEMA & RBI practice has advised on cross-border and regulated-financial-services matters since 1986, and we stay current on RBI's frequently updated Master Directions and Guidelines as a core part of the practice, not as an occasional add-on service.

Practitioner noteWe regularly encounter fintech founders who received a generic 'you don't need a licence' opinion from a non-specialist advisor, only to discover during investor diligence or a bank's counterparty review that their model does, in fact, sit inside RBI's regulatory perimeter. Getting this classification right the first time, from an advisor who tracks the current RBI framework closely, avoids a materially more expensive correction later.
If I already hold an FFMC licence, can PNPC take over ongoing compliance from my previous advisor?

Yes. We regularly onboard existing FFMC and fintech-licensed clients for ongoing compliance management — reviewing your current KYC/AML policy, periodic return filing history, NOF maintenance position, and any outstanding RBI observations, then building forward from a clean, current compliance calendar rather than assuming the prior advisor's work was complete.

Practitioner noteOur first step with any transitioning client is always a compliance health check — confirming what has actually been filed and maintained, not simply taking over the calendar as described. We have found gaps in transitioning clients' compliance history more often than not, which is precisely why the health check comes first.
Can a foreign fintech company set up an India subsidiary to operate under one of these RBI frameworks?

Yes, subject to the applicable FDI policy for the specific activity and RBI's licensing requirements for the entity itself. Certain fintech-adjacent activities carry sector-specific FDI conditions or government-route requirements depending on the activity and the investor's country of origin — this must be checked at the structuring stage, before incorporation, alongside the RBI licensing pathway for the underlying regulated activity.

Practitioner noteWe coordinate the FDI/FEMA structuring work (through our Foreign Investment Structuring service) and the RBI licensing work under this service as a single engagement for foreign fintech entrants, since the entity structure decided at the FDI stage directly affects the licensing application later.
What is the difference between an Authorised Dealer (AD) bank's money-changing business and an FFMC?

Authorised Dealer Category-I banks are separately licensed by RBI under FEMA to deal in foreign exchange as part of their broader banking business, including money-changing, and operate under a different (though related) authorisation framework than a standalone FFMC. A non-bank company cannot become an AD bank; it can only pursue FFMC (or RMC, or franchisee) authorisation for money-changing activity specifically.

Practitioner noteWe are occasionally asked whether a non-banking company can obtain 'AD status' to conduct money changing — it cannot. AD Category-I status is reserved for banks under a distinct RBI framework; the FFMC route is the correct and only pathway for a non-bank company.
How does RBI treat cryptocurrency and virtual digital asset businesses — is that covered under this service?

Cryptocurrency and virtual digital asset (VDA) exchanges are not regulated under the FFMC, PA-PG, or standard NBFC frameworks described here — RBI has historically expressed caution regarding banking-channel access for VDA-related businesses, and the sector is separately subject to the Prevention of Money Laundering Act reporting-entity obligations (VDA service providers are notified as reporting entities under PMLA) and a dedicated VDA taxation regime under the current Income Tax Act (the specific taxing provision has been renumbered with the transition from the Income-tax Act, 1961 to the Income Tax Act, 2025 — PNPC confirms the applicable section reference at the time of advice rather than quoting a number that may already be superseded). If your business involves VDA trading, custody, or exchange services rather than fiat money-changing or the fintech categories described above, PNPC advises on this as a distinct, separately scoped engagement given the fast-evolving and still-developing regulatory posture in this specific area.

Practitioner noteWe flag this distinction clearly because founders sometimes conflate 'fintech regulation' generally with the FFMC/payment-systems frameworks covered by this service. VDA-related regulatory advisory draws on a different and still-evolving body of rules and should be scoped as its own engagement.
Why PNPC Global
FeatureGeneric Company Registration PortalGeneral Corporate Law FirmPNPC Global
Business model classificationNot offered — files what you ask forSometimes offered, often generalist and not RBI-framework-specificStructured classification against current FFMC, PA-PG, Digital Lending, PPI, AA, and P2P frameworks before any filing
Net Owned Fund planningNot offeredMay flag the requirement without detailed computation supportCA-certified NOF computation and capital structuring advice specific to the applicable Master Direction
Fit-and-proper pre-reviewNot offeredRarely performed proactivelyInternal review of every promoter/director before filing — issues addressed before RBI raises them
KYC/AML/PMLA policy draftingNot offeredGeneral template, may not reflect current RBI KYC Master DirectionCustom policy drafted for your specific operating model and transaction profile
RBI query handlingNot offered — no ongoing relationship after filingAvailable but may lack current RBI Master Direction familiarityDirect, proactive management of every RBI query round to minimise elapsed time
Fintech-specific classification (PA, digital lending, PPI, AA, P2P)Not offeredLimited — most firms are not RBI-fintech specialistsCore practice area — current on RBI's frequently updated fintech Guidelines and circulars
India-UAE coordinationNot offeredRare — most firms operate India-onlyChennai, Bangalore, Hyderabad, and Dubai offices under one engagement team
Post-authorisation complianceNot offeredReactive — acts on client requestProactive annual compliance calendar — returns, NOF maintenance, inspection readiness
When RBI raises a supervisory observationNot applicable — no ongoing relationshipAvailable, cost depends on firmDirect access to your engagement CA to manage the response and remediation

What the PNPC package includes

  1. 01

    Structured business-model classification call — mapping your actual fund/data/credit flow against current RBI frameworks

  2. 02

    Written regulatory classification memo — which authorisation (if any) applies, and what structural choices affect that outcome

  3. 03

    Entity and Net Owned Fund structuring advice, with CA-certified NOF computation for the application

  4. 04

    Promoter and director fit-and-proper pre-review before any name is submitted to RBI

  5. 05

    Business plan and financial projections drafted for RBI's specific requirements — not a generic template

  6. 06

    Board-approved KYC/AML/PMLA policy drafted for your specific operating model

  7. 07

    Complete application compilation and filing with the jurisdictional RBI Regional Office or relevant RBI department

  8. 08

    Direct, proactive management of every RBI query round through to Certificate of Authorisation/Registration

  9. 09

    Premises inspection preparation for FFMC applicants

  10. 10

    Post-authorisation operational setup — Principal Officer/FIU-IND registration, record-keeping systems, staff training

  11. 11

    Ongoing regulatory compliance calendar — periodic returns, NOF maintenance, inspection readiness, renewal tracking

  12. 12

    India-UAE coordinated advisory for cross-border exchange houses, remittance businesses, and fintech groups

Speak directly with a PNPC Chartered Accountant who tracks RBI's Master Directions and fintech Guidelines as a core practice — not a portal that files forms without knowing whether your business needs a licence at all, and not a generalist firm learning the framework alongside you.

← Back to FEMA & RBI
Talk to a CA