HomeServicesFEMA & RBIPayment Bank, Payment Gateway & Wallet Licensing

FEMA & RBI · NBFC & Financial Services Licensing

Payment Bank, Payment Gateway & Wallet Licensing

Payment Banks, Payment Aggregators, Payment Gateways, and Prepaid Payment Instruments (wallets) each sit under a distinct Reserve Bank of India licensing and supervisory framework — the Payment and Settlement Systems Act, 2007, the RBI's differentiated Payment Banks licensing guidelines, the Master Direction on Prepaid Payment Instruments, and the Guidelines on Regulation of Payment Aggregators and Payment Gateways.

Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986

2,000+Clients since 1986
42 yrsCA practice
4Offices · India & UAE
24 hrsResponse time

Payment Banks, Payment Aggregators, Payment Gateways, and Prepaid Payment Instruments (wallets) each sit under a distinct Reserve Bank of India licensing and supervisory framework — the Payment and Settlement Systems Act, 2007, the RBI's differentiated Payment Banks licensing guidelines, the Master Direction on Prepaid Payment Instruments, and the Guidelines on Regulation of Payment Aggregators and Payment Gateways. Getting the category wrong — treating a payment gateway build as if it needs a PPI licence, or assuming a wallet product can be launched without RBI authorisation — stalls a product launch by months and can attract regulatory action for operating an unauthorised payment system under Section 4 of the PSS Act. At PNPC Global, we have advised financial services and fintech clients since 1986, with offices in Chennai, Bangalore, Hyderabad, and Dubai. Our Payment Bank, Payment Gateway & Wallet Licensing practice helps promoters, NBFCs, and fintech companies identify the correct RBI authorisation pathway, build the compliance and net worth case the RBI expects, and manage the licensing or authorisation process from application to go-live.

What it costs

Govt. feesGovernment & statutory fees as applicable to your case
Professional feeFixed professional fee — confirmed in writing before we start

No hidden charges. The exact figure is set in your engagement letter.

What Payment Bank, Payment Gateway & Wallet Licensing is

"Payment licensing" is an umbrella term PNPC uses for a family of distinct Reserve Bank of India authorisations that govern who may operate a payment system in India under the Payment and Settlement Systems Act, 2007 (PSS Act). Section 4 of the PSS Act prohibits any person from operating a payment system in India except under and in accordance with an authorisation issued by the RBI. This single provision is the reason every payment bank, wallet issuer, payment aggregator, and payment gateway in India must either hold, or operate under an entity that holds, an RBI authorisation before processing a single transaction. The specific authorisation required depends entirely on what the business actually does — deposit-taking, instrument issuance, or transaction facilitation are regulated as separate activities under separate frameworks.

A Payment Bank is a differentiated banking licence category created by the RBI's November 2014 guidelines for Licensing of Payments Banks, issued under Section 22 of the Banking Regulation Act, 1949. A Payments Bank can accept deposits (currently capped per the RBI's prescribed ceiling per individual customer), issue debit cards, offer payments and remittance services, and act as a business correspondent for other banks — but cannot undertake lending activities or issue credit cards. It operates under the same prudential and licensing rigour as a universal bank promoter evaluation, just with a restricted business model. This is the most heavily regulated and capital-intensive category in this group, and new licences have been issued only in the limited cohort the RBI selected following its 2014 guidelines — it is not a licence category with a routine, always-open application window.

A Prepaid Payment Instrument (PPI) — commonly a digital wallet, prepaid card, or mobile wallet — is governed by the RBI's Master Directions on Prepaid Payment Instruments (last comprehensively updated in August 2021, with subsequent amendments). PPIs are instruments that facilitate purchase of goods and services, or fund transfers, against the value stored on them. Non-bank PPI issuers must obtain a Certificate of Authorisation from the RBI under the PSS Act, meet a prescribed minimum positive net worth at the time of application and maintain it on an ongoing escalating basis, and comply with KYC, escrow account, and interoperability requirements. Banks, being regulated entities, can issue PPIs without a separate authorisation, though they follow the same PPI Master Direction conditions.

A Payment Aggregator (PA) is an entity that facilitates e-commerce merchants to accept payment instruments from customers for completion of their payment obligations, without the need for merchants to create a separate payment integration. A Payment Gateway (PG), by contrast, is purely a technology provider that enables processing of payment transactions by routing and facilitating the exchange of information between the acquiring bank and the customer — it does not handle funds. This distinction matters enormously: under the RBI's March 2020 (updated 2021, and further tightened by the November 2024 circular extending PA regulation to Payment Aggregators – Cross Border, PA-CB) guidelines, Payment Aggregators require RBI authorisation because they handle funds in the payment flow through a nodal or escrow account, while pure Payment Gateways that never touch funds are technology service providers outside direct RBI authorisation, though they are commonly bundled commercially with a PA function and must then meet PA requirements for that combined offering. PNPC's role is to correctly classify which category (or combination) your product model actually falls into before any application is prepared — misclassification is the single most common and costly error we see in this space.

When this advisory is the right starting point

You are building a digital wallet, prepaid card, or gift card product and need to determine whether you require a PPI Certificate of Authorisation from the RBI or can operate as a co-branded partner of an existing licensed PPI issuer

You are an e-commerce, SaaS, or marketplace platform building payment collection for merchants and need to determine whether your model constitutes a Payment Aggregator requiring RBI authorisation, or a pure technology Payment Gateway that does not

You are evaluating whether to apply for a Payments Bank licence, or — more commonly given the closed cohort of existing licences — whether a Business Correspondent, PPI, or NBFC partnership model achieves your commercial goal without a full banking licence

You already hold a PA authorisation and are scaling into cross-border collections, requiring assessment against the PA-CB (Cross Border) framework introduced via the RBI's November 2024 circular

You are a promoter or NBFC exploring an in-house wallet or payments product and need the net worth, board composition, and compliance framework build-out required for an RBI application, structured correctly from the outset

Your existing PPI or PA authorisation is approaching a periodic RBI compliance review or renewal-linked condition and you need an independent compliance health check before the regulator's own review

You are a foreign payments company or UAE-based fintech evaluating entry into the Indian payments market and need India-specific RBI, FEMA, and Companies Act structuring advice from a firm with a genuine India-UAE presence

When another PNPC service is the better starting point

You are simply integrating an existing licensed payment gateway or aggregator (such as a bank's own gateway or an already-authorised third-party PA) into your website or app as a merchant — you do not need any RBI authorisation of your own; this is a commercial integration, not a licensing question

You are setting up a standard NBFC for lending activity with no payment system or wallet component — our dedicated NBFC Registration & Licensing service is scoped specifically for lending NBFC applications under the RBI's NBFC framework

You need general RBI/FEMA compliance review for cross-border transactions unrelated to a payment system authorisation — our FEMA Compliance Advisory & Review service is the correctly scoped engagement

Your product is purely a KYC/AML or fraud-technology tool with no fund handling or instrument issuance of its own — our KYC & AML Advisory service addresses that compliance layer without payment-system licensing

You are certain your model is a pure technology Payment Gateway with no fund custody, no nodal account, and no merchant settlement responsibility, and simply want confirmation of that classification — a shorter scoping consultation, rather than a full licensing engagement, may be all that is needed initially; we will tell you honestly if that is the case

Structure Comparison

Payment Bank vs Payment Aggregator vs Payment Gateway vs PPI (Wallet) — how RBI treats each

FeaturePayments BankPayment Aggregator (PA)Payment Gateway (PG) onlyPPI / Wallet Issuer
Governing frameworkRBI Licensing Guidelines for Payments Banks, 2014 + Banking Regulation Act Sec 22RBI Guidelines on Regulation of PAs and PGs, 2020/2021 (+ PA-CB 2024)Not separately RBI-authorised if no fund handling; PSS Act oversight if bundled with PA activityRBI Master Directions on Prepaid Payment Instruments, 2021 (as amended)
Authorisation typeDifferentiated banking licence from RBICertificate of Authorisation under PSS ActNone required for pure technology routing with no fund custodyCertificate of Authorisation under PSS Act
Can hold customer depositsYes — subject to a prescribed per-customer ceilingNo — funds pass through a nodal/escrow account, not held as depositsNo — no fund handling at allYes, but as prepaid value/stored balance, not a deposit; PPI balances are ring-fenced in escrow, not general deposits
Can lend or issue credit cardsNo — explicitly prohibited under the licence conditionsNo — not a lending activityNo — not applicableNo, except limited co-branded/small PPI credit-linked variants under specific RBI permissions
Minimum net worth (illustrative structure — verify current RBI figure before applying)Highest tier — substantial paid-up capital prescribed at licensingPrescribed minimum net worth at application, escalating to a higher figure within a prescribed number of yearsNot applicable — no RBI net worth prescription for pure non-fund-handling gatewaysPrescribed minimum positive net worth at application, escalating over a prescribed timeline as per the PPI Master Direction
Escrow / nodal account requirementNot applicable — operates as a bank with its own deposit accountsMandatory — PA must maintain funds in a nodal account with a scheduled commercial bank per RBI-prescribed structureNot applicable — no funds pass throughMandatory — PPI issuer must maintain an escrow account with a scheduled commercial bank for outstanding PPI balances
Cross-border collectionsGoverned by FEMA/AD-bank framework applicable to banksRequires separate PA-CB authorisation per the RBI's November 2024 circular for cross-border payment collectionNot applicable directly unless bundled with PA-CB activityCross-border PPI use is restricted; primarily a domestic instrument unless specifically permitted
New licence availabilityExtremely limited — RBI issued its 2014 cohort and has not run a continuous open window since; policy toward new differentiated licences evolves periodicallyOpen application window for new entrants meeting eligibility, subject to RBI's processing timelines and periodic pauses on new applications during policy reviewsNo authorisation gate for the pure technology function itselfOpen application window for new entrants meeting eligibility criteria
Typical promoter profileWell-capitalised financial institution, NBFC, telecom, or corporate group with deep banking-grade compliance capabilityFintech, e-commerce platform, or payments-focused company with technology and compliance infrastructureAny technology company building payment routing infrastructure without touching fundsFintech, e-commerce, telecom, or NBFC building a stored-value or wallet product

This table gives directional orientation only. RBI net worth thresholds, escalation timelines, and eligibility criteria are periodically revised through Master Direction updates and circulars — always confirm the current prescribed figures with PNPC or directly against the live RBI Master Direction before building a business case or application budget. Many payments businesses combine categories (a PA that also issues a co-branded PPI, for example), and each combination changes the applicable compliance stack.

How it works
#Stage & What PNPC DoesWhat Generic Advisors MissTimeline
1Business Model Classification — Determine which RBI authorisation your product actually needsWe map your actual transaction flow — does money ever sit in an account you control between payer and payee (PA/PPI territory), or does your system only route information between banks (pure PG, no RBI authorisation)? Founders frequently describe their own product incorrectly, either overstating complexity (assuming a PPI licence is needed when a PA suffices) or understating it (assuming 'just an API' when funds do briefly rest in an account the company controls). This classification decision anchors everything that follows.Week 1
2Regulatory Framework & Eligibility MappingFor PA/PPI applications, we assess current RBI-prescribed net worth thresholds against your promoter group's actual audited financials, and map the escalating net worth timeline you will need to plan capital infusion around. For a Payments Bank enquiry, we give a candid assessment of licence availability given the RBI's limited and non-continuous licensing window for this category, and discuss realistic alternative structures (Business Correspondent, PPI, or NBFC partnership) where a full banking licence is not a realistic near-term path.Week 1–2
3Promoter & Group Due Diligence ReadinessRBI evaluates the 'fit and proper' status of promoters, directors, and significant shareholders — prior regulatory history, credit history, litigation record, and source of funds are all scrutinised. We run an internal readiness check against the same criteria the RBI examiner will apply, surfacing issues (a promoter's unrelated past regulatory notice, an unclear shareholding chain) before they surface in the RBI's own review, where they cause far more damage to application credibility.Week 2–3
4Corporate Structure & Governance Build-OutRBI authorisation requires specific board composition (including independent directors in prescribed proportion for larger entities), a dedicated compliance and risk function, an IT and cybersecurity governance framework, and board-approved policies on KYC/AML, grievance redressal, and business continuity — all of which must exist in substance, not just as documents, before or alongside the application. We build this governance layer with the client rather than handing over a template policy set that will not survive an RBI query.Week 3–6
5Net Worth & Capital StructuringWe work with the promoter group to structure the capital infusion timeline against the RBI's escalating net worth requirement — for example, PPI issuers must meet a starting net worth at application and reach a higher prescribed figure within a set number of financial years. Getting the capital-raise sequencing wrong stalls an otherwise-ready application indefinitely.Week 3–6, in parallel with governance build-out
6Escrow / Nodal Account ArrangementPA and PPI applicants must have a bank-vetted nodal or escrow account structure in place, with the escrow agreement conforming to RBI's prescribed terms (no interest to the issuer on the escrow balance beyond permitted limits, no co-mingling with the company's own funds, and specific withdrawal conditions). We coordinate this directly with scheduled commercial banks experienced in RBI-compliant escrow structures — a generic current account will be rejected at application review.Week 4–7
7Technology & Security Audit ReadinessRBI applications for PA and PPI authorisation require a system audit report from a CERT-In empanelled auditor covering the payment system's technical architecture, data security, and business continuity arrangements. We coordinate the technical documentation and pre-review the scope with the client's technology team before the formal CERT-In empanelled audit is commissioned, to avoid a failed or heavily-qualified audit report reaching the RBI application.Week 6–10
8Policy Documentation PackageBoard-approved policies required typically include: KYC/AML policy aligned to the PMLA and RBI's KYC Master Direction, customer grievance redressal policy with defined turnaround times, data storage and localisation policy (payment system data must be stored only in India per RBI's April 2018 data localisation circular), business continuity and disaster recovery policy, and a fraud risk management framework. PNPC drafts these to reflect the actual operating model — not generic templates that create their own compliance gaps once operations begin.Week 6–9, in parallel with technology audit
9Application Preparation & FilingThe application is compiled — for PA/PPI, this is filed with the RBI's Department of Payment and Settlement Systems (DPSS) through the prescribed format, along with all supporting documents: certificate of incorporation, board resolutions, promoter KYC and net worth certificates, system audit report, and policy documents. We conduct a final internal review against RBI's published application checklist before submission — incomplete applications are frequently returned without substantive review, resetting the timeline.Week 9–11
10RBI Query Response ManagementRBI's DPSS routinely raises clarificatory queries after initial review — on shareholding structure, technology architecture, policy gaps, or promoter background. Response quality and turnaround materially affect the overall timeline; a poorly substantiated response can trigger further rounds of query. We manage this correspondence directly, drawing on our experience of how DPSS examiners typically frame follow-up questions.Ongoing, typically several months from filing to in-principle approval
11In-Principle Approval & Conditions ComplianceRBI authorisations are frequently granted in-principle first, subject to specific conditions being fulfilled within a stipulated period — final capital infusion, appointment of specific senior personnel, or completion of a pending system enhancement. We track every condition against its deadline and coordinate the client's execution so the final Certificate of Authorisation is not delayed by a missed condition.Varies by conditions imposed
12Final Authorisation & Go-Live Compliance SetupOnce the final Certificate of Authorisation (or licence) is issued, we set up the ongoing compliance calendar: periodic RBI reporting (system audit reports, net worth certificates, transaction data returns as prescribed), the annual compliance certificate cycle, and the internal controls needed to operate within the authorisation's conditions from day one of go-live.Immediately following final authorisation
13Ongoing Regulatory Relationship ManagementRBI-authorised payment system operators are subject to ongoing supervision — periodic inspections, data calls, and circular-driven compliance updates (the payments regulatory framework changes frequently, as the PA-CB circular of November 2024 illustrates). PNPC's retainer clients receive proactive alerts when a new RBI circular affects their authorisation conditions, rather than discovering a compliance gap at the next inspection.Lifetime of the authorisation

Realistic end-to-end timeline for a PA or PPI Certificate of Authorisation, from engagement to final RBI authorisation, commonly runs 6–12 months depending on application quality, promoter readiness, and the RBI's query cycle — this is a regulator-paced process, not a fixed-duration filing. A Payments Bank licence enquiry should be treated as a multi-year strategic decision given the extremely limited licensing window for that category; PNPC will give a candid assessment of feasibility before any engagement begins rather than accepting a mandate we believe has a low probability of a new licence being issued.

Document Checklist
Corporate & Promoter Documents

Certificate of Incorporation and Memorandum/Articles of Association of the applicant entity — objects clause must permit the specific payment system activity applied for

Shareholding pattern and beneficial ownership chain — RBI scrutinises ultimate beneficial ownership closely, particularly where foreign shareholding is present and FDI sectoral conditions for payment system operators apply

Board resolution authorising the application and designating the authorised signatory for RBI correspondence

Promoter and director KYC — PAN, Aadhaar/passport, address proof, and a declaration of any past or pending regulatory, criminal, or civil litigation history for each promoter and proposed director

Net worth certificates of promoters/promoter group, certified by a practising Chartered Accountant, supporting the source and adequacy of proposed capital infusion

Organisational chart showing the compliance, risk, technology, and grievance redressal functions with designated responsible officers

Financial & Net Worth Documents

Audited financial statements of the applicant entity (and promoter group, where relevant) for the preceding financial years

Statutory auditor's certificate confirming the entity's net worth as on a specified date, computed per RBI's prescribed method (paid-up capital plus free reserves, minus accumulated losses and certain deductions)

Capital infusion plan and timeline demonstrating how the entity will meet the RBI's escalating net worth requirement over the prescribed number of years

Bank statements and proof of funds evidencing that promoter capital contribution is from legitimate, traceable sources — RBI applies source-of-funds scrutiny consistent with its broader KYC/AML expectations

Technology & Security Documentation

System audit report from a CERT-In empanelled auditor covering application architecture, data security controls, encryption standards, and penetration testing results

Data localisation compliance confirmation — payment system data must be stored exclusively on servers located in India, per RBI's April 2018 circular on storage of payment system data

Business continuity and disaster recovery plan, including recovery time objectives and a tested failover mechanism

API and integration architecture documentation, particularly for PA/PG applicants, showing how the merchant onboarding, transaction routing, and settlement flow operate end-to-end

Cybersecurity policy approved by the Board, aligned with RBI's cybersecurity framework expectations for payment system operators

Escrow / Nodal Account & Settlement Documents

Escrow or nodal account agreement executed with a scheduled commercial bank, drafted to conform with RBI's prescribed terms — no interest accrual to the operator beyond permitted limits, no co-mingling with operating funds, and defined permissible debits and credits

Merchant settlement policy documenting the maximum permissible settlement cycle (T+1 or as otherwise prescribed) and the mechanism for handling failed or disputed transactions

Reconciliation process documentation between the nodal/escrow account, the technology platform's transaction ledger, and merchant payouts

Policy & Governance Documents (Board-Approved)

KYC and Anti-Money Laundering policy aligned with the Prevention of Money Laundering Act, 2002 and RBI's Master Direction on KYC

Customer grievance redressal policy with defined escalation levels and turnaround commitments, and a nodal grievance officer designated

Fraud risk management and transaction monitoring policy, including suspicious transaction reporting procedures to the Financial Intelligence Unit-India where applicable

Merchant onboarding and due diligence policy (for PA applicants) — covering merchant KYC, category restriction screening, and periodic re-verification

Outsourcing policy, where any technology, KYC, or operational function is outsourced to a third party, consistent with RBI's guidelines on managing outsourcing risk

Post-Authorisation Ongoing Compliance Documents

Periodic system audit reports as prescribed in the authorisation conditions (typically annual, from a CERT-In empanelled auditor)

Annual net worth certificate confirming continued compliance with the prescribed and escalating net worth requirement

Transaction data and MIS returns to RBI's DPSS in the prescribed format and frequency

Board meeting minutes evidencing periodic review of the payment system's risk, compliance, and technology posture as required under the authorisation conditions

Updated policy documents reflecting any material change in business model, technology architecture, or ownership, filed with RBI where prior intimation or approval is a condition of the authorisation

Ongoing obligations
PhaseTriggered ByPNPC CA/Regulatory GuidanceRisk If Ignored
Pre-Application Structuring (Month 1–2)Decision to launch a payments productBusiness model classification against PA/PG/PPI/Payments Bank frameworks. Candid feasibility assessment — particularly for Payments Bank enquiries given the limited licensing window. Corporate structure and shareholding review for FDI sectoral compliance where foreign capital is involved.Building and launching a product under the wrong regulatory assumption — for example, operating as an unauthorised payment aggregator while believing the model is 'just a gateway' — exposes the company to action under Section 4 and Section 26 of the PSS Act for operating an unauthorised payment system.
Governance & Net Worth Build-Out (Month 2–6)Application readiness assessmentBoard composition, compliance function, and policy documentation built to RBI's actual evaluation standard. Capital infusion plan sequenced against the escalating net worth requirement. Escrow/nodal account arrangement finalised with a scheduled commercial bank.An application filed with inadequate governance substance is either rejected or generates extensive query cycles that add months to the timeline and increase professional cost through repeated remediation.
Application & RBI Review (Month 6–12+)Application filed with RBI DPSSQuery response management, drawing on experience of how RBI examiners frame follow-up questions on shareholding, technology, and policy adequacy. Tracking of in-principle approval conditions against their deadlines.Delayed or poor-quality query responses extend the review timeline indefinitely and can result in application withdrawal being recommended by RBI rather than a formal rejection on record — a materially worse outcome for future re-application.
Go-Live & Early Operations (Month 1–12 post-authorisation)Certificate of Authorisation issuedCompliance calendar setup for periodic reporting, transaction MIS returns, and the first system audit cycle. Internal controls testing to confirm actual operations match the policies filed with RBI at application.A gap between the policies filed at application and actual day-one operations is the most common finding in an RBI's first post-authorisation inspection — remediation under regulatory scrutiny is materially more disruptive than building it right the first time.
Steady-State Supervision (Ongoing, Annual)RBI's periodic supervisory cycleAnnual net worth certification, system audit report submission, and policy refresh against new RBI circulars — the payments regulatory framework is amended frequently (data localisation in 2018, PA/PG guidelines in 2020/2021, PA-CB in 2024 are recent examples). PNPC's retainer clients receive proactive alerts on circulars affecting their authorisation.Non-compliance with ongoing conditions — a missed system audit, an unreported material change in ownership or technology — risks suspension or cancellation of the Certificate of Authorisation under the PSS Act, halting the business entirely.
Scale & Expansion (As business grows)Cross-border collections, new product lines, M&A interestAssessment of whether scaling into cross-border payment collection triggers PA-CB authorisation requirements. Evaluation of whether a new product (co-branded PPI, BNPL-linked wallet feature) requires an amendment to the existing authorisation or a fresh one. Investor and acquirer regulatory due diligence support.Scaling into cross-border collection without PA-CB authorisation, or launching a materially new payment feature without confirming it falls within the existing authorisation's scope, creates fresh unauthorised-operation exposure even for an already-licensed entity.
Regulatory Change & Renewal EventsNew RBI circular, periodic authorisation review, or licence condition changeImpact assessment of new circulars against existing operations (for example, tightened net worth thresholds, revised data localisation requirements, or new interoperability mandates). Coordination of any required systems or policy changes within RBI's compliance deadline.The payments regulatory space changes faster than most other RBI-regulated categories; operators who do not track circulars proactively risk falling out of compliance without any single deliberate act of non-compliance — simply through inaction as the rules moved.
Exit, Sale, or Wind-DownM&A, strategic exit, or business closure decisionRegulatory approval requirements for change in control or shareholding transfer of an RBI-authorised entity. Orderly wind-down plan for outstanding PPI balances or escrow funds if the authorisation is being surrendered, ensuring customer funds are fully settled before deregistration.Change in control of a PA/PPI-authorised entity without prior RBI intimation or approval (as required under the authorisation conditions) is itself a compliance breach that can complicate or block the underlying M&A transaction.
Frequently asked
What is the difference between a Payment Gateway and a Payment Aggregator — and why does RBI treat them differently?

A Payment Gateway is purely a technology layer that routes and encrypts transaction information between the customer, the merchant's website, and the banks involved — it never takes custody of the actual funds. A Payment Aggregator, by contrast, receives the customer's payment into an account it controls (a nodal or escrow account) and then settles the net amount to the merchant after deducting fees. Because a Payment Aggregator briefly holds customer funds, RBI treats it as a payment system operator requiring authorisation under the PSS Act. A pure Payment Gateway that never touches funds generally falls outside that specific authorisation requirement — but in practice, most commercial payment processing platforms in India combine both functions, which brings the combined entity within PA regulation.

Practitioner noteWe see this distinction misunderstood constantly. A founder will describe their product as 'just a gateway' while the actual fund flow shows money sitting in a company-controlled account for even a few hours before settlement — that is Payment Aggregator activity requiring authorisation, regardless of what the product is called internally.
Do I need RBI authorisation to build a digital wallet or prepaid card product?

Yes, if you are a non-bank entity issuing the instrument. Prepaid Payment Instruments (PPIs) — which include digital wallets, prepaid cards, and gift cards that store value for future purchases or fund transfers — require a Certificate of Authorisation from the RBI under the PSS Act, granted per the Master Directions on Prepaid Payment Instruments. Banks can issue PPIs without a separate authorisation because they are already RBI-regulated entities, but a non-bank fintech or NBFC building a wallet product from scratch must obtain PPI authorisation before issuing instruments to customers, or partner with an already-authorised PPI issuer under a co-branding arrangement.

Practitioner noteCo-branding with an existing authorised PPI issuer is often the faster commercial path for a fintech that wants to launch a wallet feature quickly rather than building the full net worth, governance, and authorisation stack from zero. We advise on both paths and the trade-offs honestly — a co-brand arrangement trades speed for less control over the product roadmap and commercial terms.
Can I still apply for a Payments Bank licence in India?

Technically the framework exists, but practically this is the most constrained licensing category PNPC advises on. RBI issued its Payments Bank licensing guidelines in November 2014 and granted licences to a limited cohort of applicants from that process; RBI has not run a continuous, always-open application window for new Payments Bank licences since. Policy toward new differentiated bank licences is periodically reviewed by RBI, and any prospective applicant should treat this as a multi-year strategic question rather than a routine application process. In most cases, promoters seeking similar commercial outcomes (deposit-like products, payments and remittance services) achieve them faster through a Business Correspondent arrangement with an existing bank, a PPI authorisation, or an NBFC structure.

Practitioner noteWe give every Payments Bank enquiry a candid feasibility conversation before any engagement begins. If a full new banking licence is not realistically achievable in your timeframe, we say so and present the alternative structures that can deliver a similar customer proposition without a multi-year uncertain licensing process.
What is the minimum net worth required for a Payment Aggregator or PPI licence?

RBI prescribes a minimum net worth at the time of application, with a requirement to reach a higher, escalating net worth figure within a specified number of financial years thereafter — this structure is designed to ensure only adequately capitalised entities remain authorised as they scale. Because these prescribed figures are revised periodically through RBI Master Direction updates and circulars, PNPC always verifies the current applicable figures directly against the live RBI Master Direction at the time of your engagement rather than relying on a fixed number from a prior year — quoting an outdated threshold is one of the most common errors we see from advisors who have not kept pace with RBI's updates.

Practitioner noteBuilding your capital-raise timeline around the wrong net worth figure is one of the costliest planning mistakes in this space — either you raise too little and stall the application, or you raise capital prematurely at a worse valuation than necessary. We confirm the exact current figure with you before any capital planning begins.
What is a nodal account or escrow account, and why is it mandatory?

A nodal account (used interchangeably with escrow account in RBI's payment aggregator framework) is a special bank account maintained with a scheduled commercial bank, into which customer payments are received and from which merchant settlements are made, under terms that RBI prescribes to prevent the Payment Aggregator from co-mingling customer funds with its own operating funds or earning undue benefit from holding customer money. RBI mandates this structure specifically to ring-fence customer and merchant funds from the operational or insolvency risk of the Payment Aggregator itself.

Practitioner noteBanks that regularly service RBI-authorised nodal accounts understand the specific escrow agreement terms RBI expects. We coordinate directly with banks experienced in this structure — a standard current account or a generic escrow arrangement not drafted to RBI's specific conditions will be flagged at application review and needs to be redone, losing weeks.
What happens if I operate a payment system without RBI authorisation?

Section 4 of the Payment and Settlement Systems Act, 2007 prohibits operating a payment system in India without RBI authorisation, and Section 26 of the PSS Act prescribes penal consequences for contravention, including fines and, in specified circumstances, imprisonment for persons responsible for the contravention. Beyond the direct statutory exposure, an unauthorised operator faces practical business risk: banking partners typically require confirmation of RBI authorisation status before enabling nodal accounts or settlement rails, and investors conduct regulatory due diligence that will surface unauthorised operation as a material finding, commonly a deal-breaker or valuation-reducing issue.

Practitioner noteWe have advised founders who built and scaled a payment collection feature inside a broader product without realising it required separate PA authorisation — the fix at that stage (retroactive authorisation while continuing limited operations, or a temporary pause) is materially more disruptive than getting the classification right before launch.
How long does it take to get RBI authorisation for a Payment Aggregator or PPI licence?

There is no fixed statutory timeline — this is a regulator-paced process. In PNPC's experience, a well-prepared application with adequate governance, net worth, and technology documentation in place typically runs 6–12 months from initial filing to final Certificate of Authorisation, factoring in RBI's query and clarification cycles. Applications with governance or documentation gaps take considerably longer, as each query round can add several weeks. Building the governance and compliance infrastructure before filing — rather than filing early and fixing gaps reactively — is consistently the faster overall path.

Practitioner noteWe tell clients upfront: a rushed, incomplete application filed to 'get the clock started' almost never actually saves time, because RBI's query cycle on an underprepared application takes longer than the additional weeks spent preparing properly beforehand.
Can a foreign company or NRI promoter apply for PA or PPI authorisation in India?

Yes, subject to standard FDI and FEMA compliance for the sector, and subject to RBI's promoter fit-and-proper evaluation applying equally to foreign promoters. Foreign investment in payment system operators is permitted under the FDI framework applicable to the relevant category, though specific conditions (including the Press Note 3 (2020) government-route requirement for investment from entities with beneficial ownership in a country sharing a land border with India) must be checked against the current promoter and shareholding structure. PNPC's Chennai, Bangalore, Hyderabad, and Dubai offices allow us to coordinate India entity structuring, FEMA/FDI compliance, and the RBI authorisation application under one engagement for foreign or NRI promoters.

Practitioner noteFor our UAE-based fintech clients specifically, we structure the Indian subsidiary, handle the FDI/FEMA reporting (FC-GPR filings on share allotment), and run the RBI authorisation application in parallel — rather than the client managing three disconnected advisors across two jurisdictions.
What is the PA-CB framework and does it apply to my business?

PA-CB (Payment Aggregator – Cross Border) is the framework RBI introduced via its November 2024 circular extending payment aggregator-style regulation specifically to entities facilitating cross-border payment collections for the import and export of goods and services. If your Payment Aggregator business is expanding into, or already handles, cross-border transaction collection — for example, enabling Indian exporters to collect payments from overseas buyers, or Indian consumers to pay overseas merchants — this framework's specific eligibility and authorisation conditions apply in addition to, or in place of, standard domestic PA authorisation, depending on your existing licensing status.

Practitioner noteThis is a relatively recent regulatory development, and we recommend any client with existing or planned cross-border collection volume get a specific PA-CB applicability assessment rather than assuming domestic PA authorisation alone is sufficient — the conditions and reporting requirements are materially different.
Is a system audit mandatory before applying for PA or PPI authorisation?

Yes. RBI requires a system audit report from a CERT-In (Indian Computer Emergency Response Team) empanelled auditor as part of the application, covering the technology architecture, data security controls, and business continuity arrangements of the payment system. This audit examines whether the platform meets RBI's expected security and resilience standards — encryption in transit and at rest, access controls, incident response readiness, and data localisation compliance among other areas.

Practitioner noteWe coordinate a pre-review of the technology stack with the client's engineering team before the formal CERT-In empanelled audit is commissioned. A failed or heavily-qualified audit report submitted with the RBI application creates a worse impression than simply taking a few additional weeks to remediate gaps before the formal audit is run.
What is data localisation, and does it apply to payment system operators?

Yes, and it is one of the most operationally significant requirements for any payment system operator. RBI's April 2018 circular on the storage of payment system data requires that the entire data relating to a payment system — the full end-to-end transaction details, and any payment system data collected, carried, or processed as part of the transaction — be stored only in systems located within India. Any foreign leg of the transaction data may be stored abroad in addition to, but not instead of, the mandatory Indian copy. This requirement affects technology architecture decisions from day one — a global SaaS payments platform designed with servers only in another jurisdiction cannot simply add an India authorisation later without a material architecture change.

Practitioner noteWe flag data localisation requirements at the very start of the technology architecture discussion, before significant engineering investment goes into an infrastructure design that later needs to be substantially rebuilt to add India-only data storage.
Can an NBFC also operate a payment aggregator or issue a PPI?

Yes, subject to obtaining the specific PA or PPI Certificate of Authorisation separately from its NBFC registration — an NBFC licence to carry on non-banking financial business does not itself authorise payment system operation. Many NBFCs pursue a combined lending-plus-payments strategy (for example, a consumer NBFC that also issues a co-branded PPI or wallet), but each regulated activity requires its own specific authorisation and ongoing compliance, and RBI evaluates the group's overall risk and governance posture across both when assessing a combined application.

Practitioner noteWe frequently advise NBFC clients on sequencing — whether to pursue PPI authorisation for the group entity or a separate subsidiary, weighing governance complexity against balance sheet and regulatory capital considerations specific to combining lending and payment system activities under one entity.
What ongoing compliance is required after receiving PA or PPI authorisation?

Ongoing obligations typically include: periodic system audit reports (commonly annual) from a CERT-In empanelled auditor, annual net worth certification confirming continued compliance with the prescribed and escalating threshold, transaction data and MIS returns to RBI's Department of Payment and Settlement Systems in the prescribed format, maintenance of the escrow/nodal account per RBI's conditions, and prior intimation or approval for material changes such as a change in control, shareholding, or business model. RBI also conducts periodic supervisory inspections of authorised payment system operators.

Practitioner noteThe compliance workload does not end at authorisation — it intensifies, because you are now under active RBI supervision. We set up a standing compliance calendar the moment the Certificate of Authorisation is issued, rather than waiting for the first reporting deadline to approach.
What is the KYC requirement for PPI (wallet) customers?

RBI's PPI Master Direction prescribes tiered KYC requirements depending on the type and maximum value of the PPI. Minimum-detail PPIs (issued with limited KYC, typically OTP-based verification for small-value instruments) carry lower balance and usage limits, while full-KYC PPIs — where the customer's identity is verified per RBI's KYC Master Direction, typically through Aadhaar-based e-KYC or equivalent — permit higher balances and broader usage including fund transfers. Issuers must build KYC tiering into the product from the outset, since retrofitting a KYC framework onto an already-scaled wallet customer base is a significant operational undertaking.

Practitioner noteWe map the KYC tier structure to the client's target customer segment and use case at the product design stage — a wallet aimed at small-ticket, high-frequency use cases has very different KYC tiering needs than one aimed at higher-value transactions, and the tiering decision affects onboarding conversion rates materially.
Does a payment gateway or aggregator need to register separately in each Indian state?

No — RBI authorisation under the PSS Act operates at the central, national level; there is no state-by-state payment system licensing requirement. However, GST registration is required in each state where the entity has a fixed place of business or crosses the relevant threshold, and this is a separate, unrelated compliance requirement from the RBI payment system authorisation. Founders sometimes conflate the two — GST is a tax registration, RBI authorisation is a sectoral regulatory licence, and they follow entirely independent processes.

Practitioner noteWe handle both strands for clients under one engagement where needed, but we are always explicit that they are legally and procedurally distinct — a common source of confusion is assuming GST registration in a new state has any bearing on payment system authorisation, which it does not.
What is interoperability, and is it mandatory for PPI issuers?

Interoperability refers to the ability of a customer to use their PPI (wallet) balance to transact with, or transfer funds to, instruments or accounts issued by other providers — for example, transferring wallet balance to a bank account via UPI, or between wallets issued by different providers. RBI's PPI Master Direction has progressively mandated interoperability for full-KYC PPIs through UPI and card networks, moving away from the earlier closed-loop wallet model where funds could only be used within the issuer's own ecosystem. PPI issuers must build interoperability into their technology architecture and settlement arrangements as a compliance requirement, not merely a product feature.

Practitioner noteInteroperability requirements have evolved meaningfully since the original 2017 PPI directions, and we always confirm the current mandatory scope against the live Master Direction at the time of a client's application or product design review, since the interoperability rules have been a recurring area of RBI amendment.
What is the difference between a closed, semi-closed, and open system PPI?

RBI's PPI framework historically classified instruments as closed system (usable only for goods/services from the issuer itself, such as a single retailer's gift card — generally outside the need for RBI authorisation since no third-party payment or cash withdrawal function exists), semi-closed system (usable at a group of clearly identified merchant locations under contract with the issuer, but not for cash withdrawal — the most common wallet type, requiring RBI authorisation), and open system (usable at any merchant for goods/services and permitting cash withdrawal, typically issued only by banks). The classification determines both the authorisation requirement and the permissible use cases and limits.

Practitioner noteA closed-system gift card issued by a single retailer does not require RBI authorisation, but the moment that instrument is usable across a network of unrelated merchants, it typically becomes a semi-closed PPI requiring authorisation. We see retailers inadvertently cross this line as their loyalty or gift card programme expands into an accepting-merchant network without realising the regulatory classification has changed underneath them.
Can a startup launch a payment feature using a licensed third-party PPI issuer instead of getting its own authorisation?

Yes, and this is a common and often commercially sensible path — a co-branding or program manager arrangement with an already RBI-authorised PPI issuer allows a startup to offer a wallet or prepaid-instrument feature to its customers without independently obtaining RBI authorisation, since the licensed partner remains the regulated entity issuing the instrument and bearing the compliance obligations. The trade-off is reduced control over product features, commercial terms, and the underlying compliance posture, since these remain governed by the licensed partner's own risk appetite and RBI relationship.

Practitioner noteWe help clients negotiate the co-branding or program management agreement itself — the commercial and liability allocation terms in these arrangements vary widely between licensed PPI issuers, and a poorly negotiated agreement can leave the unlicensed partner with more operational risk than the arrangement's structure suggests at first glance.
What is the role of the Financial Intelligence Unit-India (FIU-IND) for payment system operators?

RBI-authorised payment system operators — including PAs and PPI issuers — are 'reporting entities' under the Prevention of Money Laundering Act, 2002, obligated to maintain records of specified transactions and report suspicious transactions, cash transactions above prescribed thresholds, and certain other transaction categories to the Financial Intelligence Unit-India. This runs alongside, and is enforced in parallel with, RBI's own supervisory framework — a payment system operator's AML/CFT (Counter Financing of Terrorism) compliance is scrutinised both by RBI during inspections and can independently attract FIU-IND action for reporting failures.

Practitioner noteWe build FIU-IND reporting obligations into the compliance policy suite from the application stage — this is not a separate afterthought exercise once the RBI authorisation is granted; RBI examiners specifically check whether the AML policy addresses FIU-IND reporting correctly.
How does PNPC charge for payment licensing advisory — is it a fixed fee?

PNPC scopes and quotes this engagement based on the specific authorisation sought (PPI, PA, PA-CB, or Payments Bank feasibility), the promoter group's current readiness (existing governance and technology maturity versus a from-scratch build-out), and whether the engagement covers the full application lifecycle or a defined phase (such as classification and feasibility only, versus full application management through to authorisation). We provide a written scope and fee proposal before any engagement begins — this is not a service PNPC prices as a flat, one-size-fits-all package given the material variation in starting readiness between applicants.

Practitioner noteWe are candid that this is one of the more complex and time-intensive advisory categories PNPC handles, given the regulator-paced timeline and the depth of governance build-out often required. We would rather scope accurately upfront than under-quote and create friction mid-engagement.
Why should I engage PNPC rather than a payments-specific fintech consultancy?

Many fintech-focused consultancies are strong on technology architecture and product strategy but do not have the underlying Chartered Accountancy, FEMA/FDI, and corporate law depth that an RBI application actually requires — net worth certification, promoter due diligence documentation, escrow account structuring, and the ongoing statutory compliance calendar all sit squarely in CA-firm territory, not pure technology consulting. PNPC combines both: we understand the payment system technology and business model questions well enough to classify your product correctly, and we have the CA-firm infrastructure to certify net worth, structure FDI-compliant shareholding, and manage the RBI relationship as an ongoing regulatory matter — not just get you to the application filing.

Practitioner noteWe frequently pick up engagements where a technology-focused advisor got the application filed but the underlying net worth certification, escrow agreement, or FEMA shareholding structure had gaps that surfaced only when RBI queried them. Getting all three dimensions right together, from one advisor, avoids that handoff risk.
What does the PNPC payment licensing engagement typically include?

A typical full-scope engagement includes: business model classification and authorisation-category determination, feasibility assessment (particularly important for Payments Bank enquiries), promoter and group due diligence readiness review, corporate governance and policy documentation build-out, net worth structuring and capital-raise sequencing advisory, escrow/nodal account coordination with a scheduled commercial bank, technology and CERT-In system audit coordination, application compilation and filing, RBI query response management through to authorisation, and post-authorisation compliance calendar setup. The exact scope is confirmed in writing before engagement based on your specific starting point.

Practitioner noteClients who engage us at the idea stage — before any product has been built — get the most value, because we can influence the technology architecture and governance design before expensive rework becomes necessary.
Is a virtual office address acceptable as the registered office for an RBI-authorised payment system operator?

The Companies Act itself does not prohibit a virtual or shared office address as a registered office, and RBI's payment system authorisation guidelines do not separately mandate a specific type of premises. In practice, however, RBI's promoter and operational due diligence for PA/PPI applications does examine the substance of the applicant's operational infrastructure — a registered office alone with no demonstrable operational capability (staff, systems, governance function) raises questions during the fit-and-proper and technology review stages, even if the address itself is not disqualifying.

Practitioner noteWe advise clients to ensure the operational substance behind the application — actual compliance staff, a functioning technology team, genuine governance meetings — is real and demonstrable, since RBI's review goes well beyond checking box-ticking documents against an address.
What is a Business Correspondent, and is it an alternative to a Payments Bank licence?

A Business Correspondent (BC) is an agent appointed by a licensed bank to provide banking services — account opening, cash deposit/withdrawal facilitation, remittances — on the bank's behalf in locations or customer segments the bank does not serve directly, under RBI's BC guidelines. Operating as a BC does not require the agent itself to hold an RBI payment system or banking authorisation, because the BC acts under the principal bank's licence and supervision. For promoters seeking a payments and financial-inclusion-style business model without pursuing the demanding and largely closed Payments Bank licensing route, a BC partnership with an existing bank is frequently the faster, lower-capital commercial path to a similar customer-facing proposition.

Practitioner noteWe present the BC route candidly as the pragmatic alternative in almost every Payments Bank feasibility conversation — it delivers much of the commercial outcome promoters are seeking, without the multi-year uncertainty of a new differentiated banking licence.
Does RBI authorisation for a PA or PPI expire, or is it perpetual?

Certificates of Authorisation issued under the PSS Act are not typically granted for a fixed expiry date in the way some other statutory licences operate, but they remain conditional on continuous compliance with the authorisation conditions, and RBI retains the power to suspend or cancel an authorisation for non-compliance under the PSS Act. In practice, this makes ongoing compliance — not a renewal date — the operative discipline: an authorisation that is technically perpetual can still be revoked at any point if the operator falls out of compliance with net worth, reporting, or governance conditions.

Practitioner noteWe frame this for clients as 'perpetual but not permanent' — there is no renewal deadline to calendar, but there is a continuous compliance obligation that, if neglected, creates the same practical risk as a lapsed renewal would under other licensing regimes.
What is the escalating net worth requirement, and why does RBI structure it that way rather than a single fixed threshold?

RBI structures net worth requirements for PA and PPI authorisation as an initial threshold at application, rising to a higher figure within a prescribed number of subsequent financial years, rather than a single flat number, because it wants applicants to demonstrate a credible entry-stage capital base while also committing to build institutional-grade capital adequacy as transaction volumes and systemic importance grow. This mirrors a broader RBI regulatory philosophy applied across NBFC and payment system categories — proportionate initial entry barriers paired with escalating requirements tied to scale and maturity.

Practitioner noteWe build the capital-raise plan around this escalation from day one of the engagement, because promoters who plan only for the initial application threshold and treat the later escalation as a future problem often find themselves scrambling for a capital round under regulatory time pressure rather than on their own commercial timeline.
Can a Payment Aggregator also process cross-border e-commerce export/import payments without PA-CB authorisation?

Following RBI's November 2024 circular, entities facilitating cross-border payment collection for the import or export of goods and services are brought within the PA-CB (Cross Border) framework, which imposes its own eligibility and authorisation conditions distinct from, or in addition to, domestic PA authorisation depending on the entity's existing status. An entity handling meaningful cross-border collection volume without assessing PA-CB applicability risks operating outside the scope of its existing domestic authorisation for that specific cross-border activity.

Practitioner noteThis is a genuinely evolving area of RBI regulation, and PNPC recommends any client with cross-border collection ambitions get a fresh, dedicated PA-CB applicability review rather than assuming an existing domestic PA authorisation automatically extends to cover cross-border flows.
What role does FEMA play in a payment licensing engagement, separate from the RBI payment system authorisation itself?

FEMA governs the cross-border capital flow dimension — any foreign investment into the applicant entity (FDI via share allotment, reported through FC-GPR), any foreign shareholder or promoter, and any cross-border fund flow the payment system itself facilitates, are all subject to FEMA in addition to the PSS Act authorisation for the payment system activity itself. These are two distinct and separately-administered regulatory frameworks — RBI's Department of Payment and Settlement Systems oversees the PSS Act authorisation, while FEMA compliance (FDI reporting, sectoral caps, pricing guidelines) is assessed against the RBI's separate foreign exchange regulatory framework, even though both ultimately sit within the RBI as regulator.

Practitioner noteWe coordinate both strands under a single engagement for clients with foreign promoters or investors, because treating them as entirely separate workstreams with separate advisors creates a real risk of the FEMA shareholding structure and the PSS Act application working against each other — for example, a shareholding structure optimised purely for FEMA purposes that creates a promoter due diligence complication for the RBI payment system application.
What is the biggest reason PA/PPI applications get delayed or rejected at RBI?

In PNPC's experience, the most common causes are: governance and policy documentation that exists only as templates without operational substance behind them, net worth or capital structure that does not hold up under RBI's specific computation method, escrow/nodal account arrangements that do not conform to RBI's prescribed terms, and incomplete or inconsistent promoter due diligence disclosure that raises fit-and-proper concerns during review. Technology and system audit gaps are also common, particularly around data localisation compliance and business continuity planning.

Practitioner noteNone of these are typically fatal if caught and addressed before filing — they become serious only when an application is filed prematurely and RBI's own review surfaces them, at which point the credibility cost to the application is higher than the underlying gap itself would otherwise warrant.
Does PNPC also handle Payment Bank, PA, or PPI licensing for clients based in the UAE expanding into India?

Yes — this is a specific strength of PNPC's structure. With an operating office in Dubai alongside Chennai, Bangalore, and Hyderabad, we coordinate the full engagement for UAE-based fintech and payments companies entering India: Indian subsidiary incorporation, FEMA/FDI structuring and FC-GPR reporting for the capital inflow, RBI payment system authorisation (PA, PPI, or PA-CB as applicable), and the India-UAE tax and DTAA considerations for the group structure — as one coordinated engagement rather than a UAE advisor and an unconnected Indian advisor working in isolation from each other.

Practitioner noteWe have seen UAE-based fintech promoters lose meaningful time when their UAE counsel and an unrelated Indian filing agent do not communicate — shareholding structures get finalised on the UAE side that then create complications for the Indian RBI application's promoter disclosure requirements. Running both sides from one firm avoids that.
Do I need a separate authorisation if I only process payments for my own e-commerce marketplace and not third-party merchants?

This depends on the actual structure of your fund flow, not simply on whether merchants are 'third party' in a legal sense. If your marketplace collects customer payment into an account it controls before paying out to sellers or service providers on the platform — even if those sellers are onboarded directly onto your own marketplace rather than being external clients of a separate payment product — that fund flow can itself constitute Payment Aggregator activity requiring RBI authorisation, because RBI's PA/PG guidelines look at the substance of the payment collection and settlement mechanism, not merely the commercial label of the underlying marketplace relationship.

Practitioner noteThis is a frequent blind spot for marketplace and platform businesses — the founding team often assumes 'we're an e-commerce company, not a payments company' and does not realise their own checkout and seller-payout flow has independently created payment aggregator exposure. We assess this specifically as part of the initial classification stage of every engagement.
What is the process if RBI rejects a PA or PPI application?

RBI does not always issue a formal rejection on record; in many cases, where an application has material gaps, RBI's DPSS will informally indicate the application is unlikely to succeed in its current form, giving the applicant the option to withdraw and reapply once the gaps are addressed, rather than carrying a formal rejection in its regulatory history. Where a formal rejection does occur, reapplication is possible, but the applicant should expect heightened scrutiny on a subsequent attempt, making it especially important to remediate the specific issues that led to the earlier outcome rather than reapplying with only cosmetic changes.

Practitioner noteWe treat any early informal signal from RBI that an application is struggling as an opportunity to pause and rebuild the weak areas properly, rather than pushing forward and risking a formal rejection that then colours every future RBI interaction for that entity.
How does PNPC stay current on RBI's frequently changing payment system regulations?

RBI's Department of Payment and Settlement Systems issues circulars, Master Direction amendments, and FAQs on an ongoing basis — the PA/PG guidelines alone have been substantively updated multiple times since their original 2020 issuance, most recently with the PA-CB framework in November 2024. PNPC's FEMA/RBI advisory team tracks DPSS circulars as part of standing practice, and retainer clients receive proactive advisories when a regulatory change affects their specific authorisation or business model, rather than discovering the change only when it affects an inspection or filing.

Practitioner noteWe explicitly avoid quoting fixed regulatory figures (net worth thresholds, specific timelines) from memory in client conversations without confirming them against the current live Master Direction first — this is a fast-moving regulatory area, and a stale figure quoted confidently is worse than acknowledging we need to verify the current position before committing to a number.
Why PNPC Global

PNPC Global vs typical alternatives for payment system licensing

DimensionPNPC GlobalFintech-focused ConsultancyLaw Firm AloneIn-House / DIY
Business model classification (PA vs PG vs PPI vs Bank)Core diagnostic step of every engagement, grounded in CA-firm regulatory practice since 1986Often strong on technology framing, less consistent on regulatory nuanceLegally accurate but sometimes disconnected from operational/technology substanceHigh risk of self-serving misclassification — founders often want the lighter-touch answer
Net worth certification & capital structuringIn-house CA certification and capital-raise sequencing as standard practiceTypically outsourced to a separate CA — adds coordination overheadNot a core competency — referred outFrequently underestimated or planned too late
FEMA/FDI coordination for foreign promotersIntegrated — same firm handles FC-GPR, shareholding structuring, and RBI applicationVariable; foreign investment structuring often outside core scopeStrong on FEMA legal interpretation, weaker on the ongoing filing executionHigh risk of missed FC-GPR deadlines and shareholding structure errors
Escrow/nodal account bank coordinationDirect coordination with scheduled commercial banks experienced in RBI-compliant escrow termsVaries by firm's banking relationshipsNot typically part of law firm scopeFounders often present a generic current account that fails review
Ongoing post-authorisation complianceStanding compliance calendar and circular-tracking as part of retainer relationshipFrequently ends at authorisation — limited ongoing retainer modelTypically transactional, not a continuing compliance relationshipEasy to fall behind without a dedicated compliance function
India-UAE cross-border coordinationGenuine operating presence in Dubai alongside Chennai, Bangalore, HyderabadRare to have a genuine UAE office, not just a referral partnerOccasional UAE desk, but not integrated day-to-dayRequires managing two unconnected advisors across jurisdictions
Fee transparencyWritten scope and fee proposal before engagement begins, tailored to actual readinessOften bundled into broader technology consulting retainersTypically hourly billing with less cost predictabilityNo professional fee, but highest risk of costly rework

What the PNPC package includes

  1. 01

    Business model classification against PA, PG, PPI, PA-CB, and Payments Bank frameworks, with a candid feasibility assessment before engagement

  2. 02

    Promoter and group fit-and-proper readiness review benchmarked against RBI's actual evaluation criteria

  3. 03

    Net worth certification and capital infusion sequencing aligned to RBI's prescribed and escalating thresholds

  4. 04

    Corporate governance and board composition structuring, including compliance, risk, and grievance redressal function design

  5. 05

    Full policy documentation suite — KYC/AML, fraud risk management, grievance redressal, business continuity, outsourcing, and data localisation policies

  6. 06

    Escrow/nodal account coordination with scheduled commercial banks experienced in RBI-compliant terms

  7. 07

    CERT-In empanelled system audit coordination and pre-review of technology architecture for data security and localisation compliance

  8. 08

    Complete application compilation, filing with RBI's Department of Payment and Settlement Systems, and query response management through to authorisation

  9. 09

    FEMA/FDI structuring and FC-GPR reporting for foreign promoters and investors, coordinated under the same engagement

  10. 10

    Post-authorisation compliance calendar — periodic system audits, net worth certification, MIS returns, and proactive alerts on new RBI circulars affecting the authorisation

Before you build the product or promise a launch date, get a candid RBI classification and feasibility assessment from a CA firm that has managed cross-border financial services compliance since 1986 — talk to PNPC Global's FEMA & RBI advisory team in Chennai, Bangalore, Hyderabad, or Dubai.

← Back to FEMA & RBI
Talk to a CA