RBI Guidelines on Pre-Paid Instruments, 2021
Prepaid Payment Instruments (PPIs) are those instruments of payment which facilitate the purchase of goods and services, including the transfer of funds, financial services, and remittances, against the value stored within or on the instrument.
The amount that the holder or the instrument has already paid for using whatever method, such as cash, debit from a bank account, credit card, or even other PPIs, is the value held in the instrument. PPIs include payment wallets, smart cards, magnetic chips, coupons, and mobile wallets. In simpler terms, any instrument that can be used to acquire access to a pre-paid amount is referred to be a PPI. Paytm, Google Pay, gift cards, both debit and credit cards are examples of PPIs.
Recently on August 27, 2021, the RBI published Master directives necessitating the prior approval and authorization of the RBI for PPIs. These Directives are provided in accordance with Section 18 of the Payment and Settlement Systems Act, 2007.
Eligibility to Issue PPIs:
The eligibility to issue these PPIs are divided mainly in two-categories:
I. Banking Entities
Banks that meet the qualifying criteria, including those set by RBI, will be allowed to issue PPIs only after receiving RBI clearance. (Which means RBI prior authorisation/approval is mandatory for issuing PPIs).
Banks seeking approval from the RBI under the Payment and Settlement Act of 2007 must apply to the Department of Payment and Settlement Systems (DPSS), Central Office (CO), RBI, Mumbai, within 30 days of receiving such clearance, along with a “No Objection Certificate” from their regulatory department.
2. Non-Banking Entities
Non-banks that meet the eligibility conditions, including those set by the RBI’s relevant regulatory department, will be allowed to issue PPIs after receiving RBI approval.
Non-banks regulated by any of the financial sector regulators seeking approval from the RBI under the PSS Act must apply to the DPSS, CO, RBI, Mumbai, within 30 days of receiving such clearance, together with a “No Objection Certificate” from their respective regulator.
Non-banking entities applying for authorisation for issuing PPIs must compulsorily be registered under the Companies Act, 1956/2013.
Non-bank entities which receive Foreign Direct Investment (FDI), Foreign Portfolio Investment (FPI), or Foreign Institutional Investment (FII) must meet the capital requirements set forth in the Government of India’s current Consolidated FDI policy guidelines.
The non-bank entity’s Memorandum of Association (MoA) must include the anticipated PPIs issuance activity.
All non-bank entities seeking authorisation for issuance of PPIs from the RBI under the PSS Act must have a minimum positive net-worth of Rs.5 crore as per the latest audited balance sheet at the time of submitting the application for authorization.
Types of PPIs
Prior to the Master Directives of 27 August 2021, there were three main types of PPIs which were categorised on the basis of requirement of approval from RBI as well as to whom the payment is made. These are Closed system, semi-closed system and open system PPIs. After these directives, there are two main types of PPIs, namely small and full KYC PPIs. These are categorized on how much money these can hold, for what purpose can the money be used and who issues them.
Issued by banks and non-banks after obtaining minimum details of the PPI holder.
Usage only for purchase of goods and services, which means that transfer of funds or withdrawal of cash from such PPIs shall not be permitted.
These can have cash up to a limit of ₹10,000 loaded per month, not exceeding ₹1.2 lakh in a year.
These are further classified into two categories.
Small PPIs with cash loading facility (loading/reloading shall be from a bank account / credit card / full-KYC PPI)
Small PPIs with no cash loading facility.
Full KYC PPIs
Issued by banks and non-banks after completing Know Your Customer (KYC) of the PPI holder. Thus, the difference is between the procedure and required details of the PPI holder.
Usage for the purchase of goods and services and funds transfer or cash withdrawal.
The amount outstanding shall not exceed ₹2 lakh at any point of time.
Safeguards Against Money Laundering
To cope with the challenges of fraud and assure client safety, PPI issuers need a comprehensive risk management system. For fraud prevention and detection, the PPI issuer must put in place suitable information and data security architecture and processes.
For the safety and security of the payment systems it operates, the PPI issuer must put in place a Board-approved Information Security policy and implement security measures in compliance with it to eliminate recognized risks.
The PPI issuer must examine security measures (a) on an ongoing basis but at least once a year, (b) following any security incident or breach, and (c) before/after any major change to its infrastructure or operations.
In case of wallets, If the same login is supplied for the PPI and other services offered by the PPI issuer, the consumer must be properly advised of this by SMS, email, or other methods. The option to log out of your website/mobile account should be prominently visible.
The issuer must implement adequate measures to prevent multiple invalid attempts to login or access the PPI, as well as inactivity, timeout features, and other similar issues.
The Issuer must implement a system in which all wallet transactions requiring debit to the wallet, including cash withdrawal operations, will require validation via a Two Factor Authentication system (2FA). These additional factor authentication (AFA) system requirements for physical and virtual cards shall be same as required for debit cards. These are not mandatory for PPIs issued as gift cards as well as metro cards.
Fraud Prevention and Security Standards
In the case of wallets, PPI issuers must ensure that if the same login is used for PPI and other services supplied by the PPI Issuer, the client is clearly informed via SMS, email, post, or any other methods.
Issuers must provide adequate measures to prevent multiple invalid attempts to login or access the PPI, as well as inactivity, timeout features, and other similar issues.
Issuers must implement a system that requires explicit consumer approval for each subsequent payment transaction in the wallet.
Issuers must impose a daily limit on the number of beneficiaries who can be added to a PPI. Issuers must develop an alert system to alert the customer whenever a beneficiary is added.
Interoperability RequirementsForm in which PPIs are issuedInteroperability throughWalletsEnabled through Unified Payment Interface(UPI)Cards(Both Virtual and Physical)Affiliated to the authorised card networks. Gift PPI cards issuer (banks and non-banks)Option to offer interoperabilityMetro SystemsExempted from Interoperability
While issuing the instruments, the PPI issuer must disclose all key terms like the type of PPI, fraud and money laundering prevention as well as other conditions like consumer protection (as have been set-out briefly herein) to the holders in clear and straightforward language (ideally in English, Hindi, and the local language). Further, these disclosures must compulsorily include the following:
All charges and fees associated with the use of the instrument; and
The expiry period and the terms and conditions pertaining to expiration of the instrument.
The PPI issuers must establish a formal, publicly acknowledged consumer grievance redressal mechanism, which includes appointing a nodal officer to manage customer complaints and grievances, as well as an escalation matrix and complaint resolution as well as turn-around times.
Customers can file complaints with the Banking Ombudsman Scheme and the Ombudsman Scheme for Digital Transactions for PPIs issued by banks and non-banks respectively.
Implications for Non-Bank PPI Issuers
The following are some of the implications of the guidelines on non-bank PPI issuers:
If you are looking to set up an entity where you wish to issue PPIs as part of your service offerings, register as a Company.
Have a clear mention that your company would be issuing PPIs in your memorandum of association.
Amend your terms and conditions and other policies to be in consonance with the newly issued guidelines.
Ensure that all charges and fees are communicated to the consumers and no hidden charges/fees remain.
Appoint a nodal officer with regard to issuance of PPIs.
If you have any queries regarding the new guidelines and how you can practically implement them, do feel free to reach out to us by clicking the WhatsApp icon given below. Alternatively, you may write to us at: email@example.com