IFSCA Payment Services

Overview

The International Financial Services Centres Authority (IFSCA) plays a crucial role in regulating Payment Services and infusing trust, security, and transparency into financial transactions. This blog post delves into the intricate aspects of the services encompassing authorisation, operations, compliance, and risk management.

Some Important Definitions to understand the Entire Procedure

Before diving into the compliance intricacies, let's nudge ourselves familiar with some key definitions.

"Applicable Funds": Refers to funds received by a payment service provider from, or for the benefit of, a payment service user for the execution of a payment transaction. It also includes funds received by a payment service provider from another payment service provider for the execution of a payment transaction on behalf of a payment service user.
"Certificate of Authorisation": Refers to the certificate containing the details of the authorisation granted by the International Financial Services Centres Authority (IFSCA) to a payment service provider.
"CrossBorder Money Transfer Service": Unfortunately, the complete definition for this term is not provided in the data. Based on context, it typically refers to a service enabling the transfer of funds from one country to another.
"EMoney": Refers to electronically (including magnetically) stored monetary value as represented by a claim on its issuer. It is accepted by a person other than its issuer and does not include deposit from any person.
"E-Money Issuance Service": Refers to the service of issuing e-money to a payment service user for the purpose of allowing a payment service user to make payment transactions.
"Escrow Service": Refers to the service provided by a payment service provider, whereby money is held by such payment service provider in an escrow account with an IFSC Banking Unit ('IBU') or an IFSC Banking Company ('IBC') on behalf of two parties that are in the process of completing a transaction.
"Group Entities": Refers to an arrangement involving two or more entities related to each other through subsidiary-parent relationship, joint venture, association, common brand name, or investment in equity shares of 20 per cent
"Key Managerial Personnel": The definition is not given in the data provided. However, typically, this term refers to key personnel who have the authority and responsibility for planning, directing, and controlling the activities of an entity.
"Merchant Acquisition Service": Unfortunately, the specific definition from the IFSCA Payment Services Regulations is not available in the data provided.
"Nodal Bank": Typically, a nodal bank is the one that handles all monetary transactions related to a particular service. The specific definition from the IFSCA Payment Services Regulations is not provided in the data.
"Nth-Party Service Provider": Unfortunately, the definition for this term is not provided in the data.
"Significant Payment Service Provider": The definition for this term is not provided in the data. However, in general, a significant payment service provider would indicate a large-scale provider whose operations have substantial impact on the payment system.
"Specified Foreign Currency": The term might refer to certain foreign currencies as specified by the authority. The specific definition is not available in the given data.
"Virtual Digital Asset": The definition for this term is not available in the given data. Typically, it may refer to digital representations of value such as cryptocurrencies or digital tokens.

Authorisation of Payment Service Providers

Introduction

The International Financial Services Centres Authority (IFSCA) Payment Services mark a significant milestone in the regulation of payment service providers within the IFSC. The primary intent behind these regulations is to streamline the process, ensuring efficacy, security, and trust within the financial ecosystem. Through this, we aim to unfurl the critical aspects of Authorisation to Payment Service Providers, as outlined in the IFSCA Payment Services.

The Road to Authorisation

Authorisation serves as the gateway for any entity aspiring to offer payment services within the International Financial Services Centre (IFSC). Here's what the regulation elaborates on the path to obtaining this essential authorization:

Mandatory Authorization Requirement

Entities wishing to provide payment services, either within or from the IFSC, must acquire a Certificate of Authorisation. This certificate is not just a formality but a mandatory credential affirming the entity's compliance with the IFSCA's stringent standards.

Exemptions and Specified Entities

Interestingly, not all entities are painted with the same regulatory brush. Schedule IV of the regulation provides relief to specific entities from the arduous process of obtaining authorisation. These exempted entities include:

IFSC Banking Companies (IBC) or IFSC Banking Units (IBU) which are already licensed under the Banking Regulation Act, 1949.
Entities licensed to conduct the business of issuing credit cards within IFSC.
Other entities or class of entities as may be specified by the Authority from time to time.

This exemption is key for entities operating under different regulatory frameworks within the IFSC, streamlining processes and preventing regulatory overlap.

The Application Journey

For those entities not covered by the exemptions mentioned in Schedule IV, initiating the application process is the first concrete step towards Authorisation. This process is meticulously designed, keeping in mind the varying scales and scopes of potential payment service providers.

Initial Requirements:

The candidate, eager to unleash payment services within the IFSC, should prepare an application directed to the Authority. This step serves as the preliminary interface between the hopeful entities and the regulatory body, setting the stage for a comprehensive review process.
Accompanying the application, a non-refundable fee is required. This fee structure is predetermined by the Authority, underlining its commitment to a transparent and fair evaluation process.

Eligibility:

Upon receiving authorisation, a Payment Service Provider is bestowed with the capability to offer a multitude of payment services, as defined under. However, the journey doesn't end with Authorisation. Entities designated as Significant Payment Service Providers, per the conditions laid out in Part C of Schedule I, carry an enhanced set of responsibilities and operational capabilities.

List of Services PSP allowed to do

The following activities, except the activities specified in Part B, are Payment Services for the purposes of these regulations:

Account issuance service (including e-money account issuance service);
E-money issuance service
Escrow service
Cross border money transfer service
Merchant acquisition service

Certain activities are strictly off-limits for PSPs, particularly those providing e-money issuance services. Here are the prohibitions:

E-money Valuation: Must never be issued at a premium or discount.
Allocation of Collected Funds: These should not be used to extend any loans or credit facilities.
Credit Extensions: No credit may be given to customers nor can any interests, profits, or returns on e-money balances be provided.
Legal Compliance: The e-money platform must not be involved in or linked to any dubious or illegal endeavors.
Cash Withdrawals: It's impermissible to allow cash withdrawals directly from e- money.

Establishing Legal Footprints

A pivotal requirement for any applicant is the necessity of being incorporated as a company. This incorporation should be within the IFSC, underlining the commitment of the applicant to the jurisdiction and the regulatory frameworks it upholds.

Minimum Net Worth Requirements

The IFSCA does not just stop at assessing the legal and operational readiness of an applicant; it goes a step further to ensure financial robustness. As such, adherence to the Minimum Net Worth Requirements is a continuous obligation for every Payment Service Provider.

Net Worth Criteria

The regulations specify the minimum financial thresholds required at various stages:

A regular Payment Service Provider must showcase a minimum net worth of USD 100,000 upon commencing operations, escalating to USD 200,000 by the end of the third financial year.
A Significant Payment Service Provider is expected to scale this financial scaffolding further, reaching a minimum net worth of USD 250,000 within ninety days of designation and USD 500,000 by the end of the third financial year since designation.

These financial benchmarks are critical in ensuring that Payment Service Providers maintain a buffer to withstand adverse scenarios, ensuring uninterrupted and secure services to their patrons.

Beyond Financial Statements

It's not merely about hitting numerical targets; the composition of this net worth is equally scrutinised. The inclusion of items such as paid-up equity capital, free reserves, balance in share premium accounts, and especially, the significance of compulsorily convertible preference shares, underline the Authority's commitment to sustained operational viability and financial safety nets.

Key Requirements within IFSCA Payment Services

The commitment towards establishing a safe, reliable, and robust payment services ecosystem. Three cornerstone elements under these regulations warrant a closer examination: 'Fit and Proper Requirements,' 'Authorisation Requirements,' and the process for 'Issuance of In-Principle Approval.'

Fit and Proper Requirements

The bedrock of a trustworthy financial system is the integrity and competence of those at its helm. The 'Fit and Proper Requirements' set out in are designed to ensure that key personnel involved in payment services meet stringent standards of honesty, integrity, and financial prudence.

Core Principles of the Fit and Proper Criteria

The fit and proper criteria serve as a fundamental benchmark for all Relevant Persons involved in payment services, demanding competence, honesty, integrity, and sound financial standing. Recognizing that these criteria are not exhaustive but foundational, they are to be read alongside applicable legislation and any supplementary guidelines issued by the Authority.

Criteria for Evaluation

Competence: Individuals must demonstrate a thorough understanding and experience in their respective roles within payment services.
Honesty and Integrity: A history of conduct that aligns with ethical practices and legal compliance is non-negotiable. This criterion instills confidence among stakeholders and customers in the payment services offered.
Financial Soundness: The financial behavior and stability of relevant persons are scrutinized to mitigate risks of financial mismanagement or fraud.

This rigorous vetting process ensures that only individuals who meet these high standards are at the forefront of providing payment services, thereby safeguarding the interests of all stakeholders involved.

1. Comprehensive Compliance Framework

Systems and Controls: Payment Service Providers must implement robust systems and controls to guarantee that all Relevant Persons consistently meet the criteria.
Regular Evaluations: A rigorous 'fit and proper' evaluation of Relevant Persons is mandated at the time of their appointment and periodically thereafter, according to the explicit format outlined.

2. Determining 'Fit and Proper' Status

A Relevant Person is considered fit and proper if, based on rigorous evaluation or any pertinent information available, the Payment Service Provider is convinced of the individual's:

Fairness and Integrity
Demonstrable financial integrity.
A solid reputation and character grounded in honesty.

Absence of Disqualifications

No conviction by a court for offenses involving moral turpitude, economic offenses, or securities laws violations.
No pending recovery proceedings initiated by a financial regulatory authority.
No order for winding up issued for malfeasance.
Not declared an undischarged insolvent.
No regulatory restraining order on accessing, providing, or dealing with financial products or services within the last three years.
No recent adverse order by the Authority or any regulatory body within the last three years.
Not found to be of unsound mind by a competent court and that the finding is currently in force.
Not financially unstable or categorized as a willful defaulter.
Not declared a fugitive economic offender.
Free from any other disqualification specified by the Authority.

3. Responsibilities for Payment Service Providers

It becomes imperative for Payment Service Providers to:

Actively ensure compliance with these criteria through diligent monitoring and assessment.
Incorporate these standards into their operational, compliance, and governance frameworks.

The Fit and Proper Requirements articulated in accentuate the IFSCA's commitment to uphold high standards within the payment services ecosystem. These criteria are structured to ensure that individuals in positions of influence or control within these entities not only adhere to exemplary standards of integrity and competence but also possess the financial robustness essential for sustaining confidence in the financial services sector.

Embracing these requirements, Payment Service Providers are well-positioned to foster a culture of trust, accountability, and excellence, thereby strengthening the broader financial system's integrity and stability.

Authorisation Requirements

Securing authorisation as a Payment Service Provider is a testament to an entity's capability, reliability, and compliance with regulatory standards. The evaluation of an application for authorisation encompasses a comprehensive review of various factors.

Comprehensive Evaluation Criteria

Experience: Does the applicant, or its relevant personnel, possess adequate experience in payment services, possibly evidenced by similar authorisations in other jurisdictions?
Infrastructure Adequacy: Evaluation of whether the applicant has the necessary infrastructure, including office space, equipment, and manpower, to effectively operate as a Payment Service Provider.
Financial Health: Assessment of the applicant's financial soundness and whether it satisfies the specified net worth requirements.
Fit and Proper Status: Verification that the applicant and its relevant personnel satisfy the 'fit and proper' criteria, ensuring integrity and competence in operations.
Past Refusals: Consideration of whether the applicant or its group entities have previously been refused authorisation by the Authority and the reasons for such refusals.

By requiring a diverse set of criteria to be met, the IFSCA ensures that only entities that are fully prepared and capable of upholding the standards of the payment services ecosystem are granted authorisation.

Issuance of In-Principle Approval

The path to obtaining full authorisation includes the issuance of in-principle approval, a step that allows applicants to meet all conditions precedent to the formal authorisation.

Process and Significance

Assessment: Initial scrutiny of the application and supporting documents to ensure compliance with regulatory requirements.
Conditional Approval: The in-principle approval is conditional, providing applicants a clear framework within which they must operate and fulfill any remaining conditions.
Final Authorisation: Upon satisfying the conditions set forth in the in-principle approval, applicants can proceed to secure the final authorisation, marking their official entry as a Payment Service Provider in the IFSC.

IFSCA Payment Services Authorisation: From Grant to Surrender

The International Financial Services Centres Authority (IFSCA) Payment Services represents a significant step forward in codifying the operational and regulatory ethos for payment service providers (PSPs) within IFSCs. Central to these regulations are the processes concerning the grant and refusal of authorisation, along with the protocols for revocation, surrender of authorisation, and the treatment of security deposits in such scenarios. Here, we delve into each of these critical phases, presenting a simplified yet comprehensive overview.

Grant of Authorisation

The journey towards becoming an authorised PSP within an IFSC begins with the grant of authorisation by the IFSCA. This crucial milestone follows a rigorous assessment process where applicants need to demonstrate their operational readiness, compliance with legal requirements, and adherence to the financial benchmarks set out by the IFSCA.

Keys to Authorization:

Comprehensive Application: Applicants must present a complete dossier, highlighting their business model, operational strategies, and how they intend to meet the IFSCA's regulatory standards.
Financial Stability: Showing evidence of financial health, including meeting minimum net worth requirements, is a must.
Operational Readiness: Demonstrating the infrastructure and capacity to provide secure and efficient payment services is crucial.

The grant of authorisation is, in essence, a green light for entities to commence their payment services operations, signaling their full compliance with IFSCA standards.

Refusal of Authorisation

Not all journeys through the regulatory landscape end in approval. The IFSCA may refuse authorization for reasons that typically revolve around:

Deficiency in Application: Incomplete or unsatisfactory applications with respect to IFSCA's requirements.
Financial Inadequacy: Failure to meet the prescribed financial thresholds.
Operational Concerns: Concerns regarding the operational capabilities or infrastructure that might impede secure or efficient service delivery.

If refusal comes, it's not without a fair chance, as entities are given opportunities to address and rectify the deficiencies noted by the IFSCA within a stipulated timeframe.

Revocation of Authorisation

Authorisation is not an eternal guarantee. The IFSCA reserves the right to revoke it if a PSP:

Violates Regulations: Engages in activities contrary to the conditions of its authorisation or IFSCA regulations.
Operates Fraudulently: Is found guilty of fraudulent activities or gross misconduct.
Endangers Financial Stability: Poses a risk to the financial stability of the IFSC ecosystem.

Revocation is a serious action, typically taken as a last resort, following a thorough investigation and opportunity for the PSP to present their case.

Surrender of Authorisation

A PSP may opt to surrender its authorization, stepping back from its operations within an IFSC. This intentional cessation requires:

Formal Application: Submission of a written application expressing the intent to surrender.
Operational Wind-down: Ensuring no new liabilities are incurred and that a phased plan for winding down operations is in place.

The IFSCA assesses these surrender applications with as much seriousness as grant applications, focusing on ensuring minimal disruption to the payment ecosystem and protecting the interests of payment service users.

Understanding the Process of Surrendering Authorisation for Payment Service Providers

When a Payment Service Provider decides to cease operations, it's crucial they follow a defined procedure to ensure the interests of all stakeholders are considered. In this post, we'll outline the steps a service provider must take to surrender their authorisation under the IFSCA Payment Services Regulations 2024.

Surrendering Authorisation For a Payment Service Provider in Operation

1. Formal Request
Providers that are in business and wish to halt operations need to formally lodge this intention to the Authority. This involves crafting a written request that includes the company's reasons and plans for surrendering the authorisation.

2. Account Overview
This request should come alongside a certified brief from the company's Chartered Accountant. It must contain the number and nature of customer accounts, the amount held in these accounts, details of the Escrow account, any outstanding amount, and more importantly, liabilities.

3. Plan of Action
The service provider should also present a proposed course of action and timeframe for settling these liabilities, whether they involve Payment Service Users, Merchants, or any other parties.

4. Undertaking Letter
An authorised signatory must sign a formal undertaking, stating that the company won't incur new liabilities while winding down.

Once the Authority receives this comprehensive request, evaluation follows. Decisions will be based purely on the merits of the request. After this, the Authority notifies the service provider about whether or not the surrender request is approved.

If approved, the Authority may then direct the Payment Service Provider to:

a. Issue a Public Notice

Notices should appear in print or visual media, in English, Hindi, and a vernacular language, thrice. The announcements should alert Payment Service Users and Merchants about the service provider's intent to cease operations.

The notice should mention how to redeem balances or request refunds from their e- wallets and the timeline for doing so. Additionally, the company's Nodal Officer contact details and expected timeframe for balance redemption should be clearly stated.

b. Submit Progress Reports

On a monthly basis, service providers need to present a report to the Authority showcasing progress made in discharging their liabilities.

5. Submitting a 'No Liability' Certificate
Once they successfully extinguish their liabilities, providers are expected to furnish the Authority with a 'No liability' certificate, validated by a statutory auditor.

6. Cancellation of Certificate of Authorisation
Lastly, the Payment Service Provider must return the original Certificate of Authorisation to the Authority to complete the cancellation process.

This procedure ensures a seamless and efficient transition for both the Payment Service Provider surrendering authorisation and its stakeholders. By adhering to these guidelines, service providers can uphold the trust and assurance bestowed upon them by their users and the Authority, emphasizing the importance of seamless transition and sustainability within the financial ecosystem.

Surrendering Authorisation for Payment Service Providers

For an Operational Payment Service Provider

Key Steps for Surrendering Authorisation:

Submission of a Formal Request
Provision of Account Overview
Outline of a Proposed Plan of Action
Issuance of an Undertaking Letter
Evaluation by the Authority
Public Notice Requirement
Monthly Progress Reports Submission
'No Liability' Certificate Handover
Cancellation of the Certificate of Authorisation

For a Payment Service Provider That Has Yet to Commence Operations

For those providers that haven't started their business but wish to voluntarily surrender their authorisation, the process maintains a similar structure, emphasizing transparency and careful planning.

Essential Documents and Steps:

Draft a Written Request
Initiate by submitting a written request endorsed by an authorised signatory. This request should include a resolution from the Board of Directors, stating the rationale and intention behind the surrender of authorisation.
Certification of Non-operation
Accompany your request with a certificate from a Chartered Accountant. This document should verify that the provider hasn't started its operations for which the authorisation was granted.
Latest Audited Balance Sheet
Include a copy of the most recent audited balance sheet, further evidencing the status of your operations.
Authority's Consideration and Processing
Similar to operational providers, the request will be evaluated on its merits. The Authority's decision will be communicated following a thorough review.
Submission of the Authorisation Certificate
Finally, the provider must return the original Certificate of Authorisation to the Authority for official cancellation.

Irrespective of whether a Payment Service Provider has already ventured into operations or is reconsidering its decision to start, the IFSCA mandates a structured, clear path for surrendering the authorisation. This ensures a smooth wind-down process, allowing for proper closure and transparency to all involved parties.

Appropriation of Security Deposit

Whether authorization is revoked or surrendered, there exists a protocol for the appropriation of any security deposit held by the IFSCA. This financial safeguard can be applied towards:

Settling Outstanding Liabilities: Directing funds to cover any dues or claims from service users or other claimants.
Protection of Customer Interests: Ensuring that end users of the PSP are not adversely affected financially by its cessation or failure.

The aim is clear: even in termination scenarios, financial responsibility and user protection remain paramount.

The journey for payment service providers within the IFSC ecosystem—spanning grant, refusal, revocation, and surrender of authorisation—is framed by stringent regulatory scrutiny aimed at upholding the highest standards of financial and operational integrity. The IFSCA Payment Services articulate a comprehensive framework ensuring that only the most capable, transparent, and resilient entities thrive in this dynamic financial landscape.

Mastering the Launch and Leadership in IFSCA's Payment Service

Provide essential blueprints for payment service providers (PSPs) on initiating operations and establishing robust governance frameworks.

Commencement of Operations

The commencement of operations is a landmark phase for any PSP, marking the transition from preparation to action within the IFSCA framework. Here's what PSPs need to know:

Lay Down Your Operational Blueprint

Before serving your first customer, your operational plan must be set in stone. This includes, but is not limited to, technology infrastructure, customer service mechanisms, and compliance systems. Each of these components must adhere to IFSCA’s standards, ensuring your readiness to deliver with excellence.

Financial Assurance is Key

Securing and maintaining a robust financial base is non-negotiable. PSPs must demonstrate their financial stability, ensuring they have sufficient funds not just for daily operations but also as a safety net for unforeseen circumstances.

Seek Authority’s Nod

Launching operations isn’t as simple as opening your doors to the public. You must first seek and receive explicit permission from the IFSCA, following a detailed review of your readiness and compliance with the regulations.

Governance

Draft a Clear Governance Framework

Your governance framework is the backbone of your organizational structure. It must detail the roles and responsibilities of the Board, its committees, and senior management. A well-defined framework ensures that everyone knows their role, fostering a culture of accountability and decisiveness.

Embrace Comprehensive Reporting

Communication lines between management and the Board must be clear, ensuring timely and effective decision-making. It's not just about reporting what has happened but also about forecasting challenges and opportunities, enabling proactive governance.

Define Risk Management and Internal Controls

Risk is an inevitable companion of operation. Establishing robust risk management practices and internal controls is crucial. These measures should not only identify and mitigate potential risks but also ensure compliance with regulatory requirements.

Recruit Strategically

Board members and senior management must not only be chosen for their expertise and experience but also for their alignment with the company’s vision and ethics. Moreover, comprehensive procedures for their appointment must be documented, ensuring transparency and meritocracy in recruitment practices.

Performance Accountability

A culture of performance accountability must pervade throughout the organization. Processes should be in place to evaluate the performance of the Board, its committees, and management—ensuring that governance is not just about oversight but also about fostering excellence and continuous improvement.

Beyond Payment Services

Of note, PSPs are restricted to their core services unless otherwise permitted by the IFSCA. This ensures that entities remain focused on delivering their promised services while maintaining the option to diversify with explicit regulatory consent.

Mandatory Statement Disclosure to Customers:

Every PSP must inform customers with the following statement:

"[Name of PSP] is authorised by the International Financial Services Centres Authority (IFSCA) to provide payment services. It is important to understand that if [Name of PSP] goes out of business, there is no guarantee that all funds you paid will be recoverable."

To ensure effective communication of this statement:

Public Availability: It should feature in at least one piece of public material issued by the PSP.
Prior Disclosure: Potential customers must receive this information before using the services provided by the PSP.
Written Confirmation: Customers who have not already received the statement through prior disclosure should get it in writing.
Clarity: The statement must be prominently displayed, not obscured by other text, and of a legible size and font.

Representation of Regulation by Authority:

Accuracy: Any public statements regarding the breadth of the PSP’s regulation by IFSCA must be truthful and not misleading.

Communication Clarity:

Materials provided to clients or potential clients should be:

Intelligible and Accurate: Clearly understandable, precise, and not misleading in any form, regardless of delivery channel.

Inclusion in Advertisements and Promotions:

All marketing materials must feature:

Identification: The PSP’s contact information.
Authority Endorsement: A claim stating that the PSP is authorised by the Authority.
Service Summary: The main terms and conditions of the Payment Service offered.
Promotion Details: Eligibility criteria and the duration of any promotional offers.
Dispute Resolution: Contact details for the PSP’s dispute resolution mechanism.

Pre-Transaction Summary Details:

Before transaction approval, customers must receive a summary that includes:

Beneficiary Details: Such as the name and contact information.
Transaction Value: The full amount of the transaction.
Fees and Charges: All associated costs with the transaction.
Caution on Time Limits: A notice regarding the execution period for the transaction and the point from which these limits are considered, including finality and irrevocability.
Exchange Rate Info: If applicable, the relevant average interbank exchange rate that is applied.

Transaction Confirmation Issuance:

After each transaction, PSPs must issue, free of charge, a confirmation that at minimum includes:

Beneficiary’s Details: Name and other relevant details if needed.
Transaction Amount: The transferred value.
Completion Date: When the transaction was finished.
Account Numbers: Details of beneficiary’s and originator’s accounts or wallets, where relevant.
Dispute Mechanism Contacts: Information on how to get in touch for resolution of any issues.

By strictly following these guidelines, PSPs ensure transparency, build user trust, and comply with the regulatory requirements put forth by the IFSCA.

Risk Management in Third-Party Service Relationships

In the constantly evolving landscape of financial services, the International Financial Services Centres Authority (IFSCA) Payment Services, stands as a comprehensive guide specifically tailored to fortify the management of third-party service relationships. This pivotal delineates a strategic framework, ensuring that Payment Service Providers (PSPs) maintain the highest standards of operational integrity and customer trust.

Risk Management of Third-Party Service Relationships

The cornerstone of a secure payment ecosystem is robust risk management, especially concerning third-party service engagements. Key strategies include:

Identify Critical Services: PSPs must first demarcate which third-party services are critical. This determination hinges on how significantly these services impact the PSP's financial, operational, and strategic landscape.
Assess Risks Regularly: It’s imperative for PSPs to conduct periodic risk assessments of these critical services, ensuring any potential threats are identified and mitigated proactively.
Monitor and Manage Risks: Having a dynamic system to continuously monitor and address risks associated with third-party relationships is not just recommended—it’s essential.

Onboarding and Ongoing Monitoring

Entering into a new third-party service relationship is not to be taken lightly. The regulations suggest a meticulous approach:

Conduct Due Diligence: Before formalizing any relationship, PSPs should undertake comprehensive due diligence. This includes evaluating the third party's operational capabilities, track record, and financial stability.
Continuous Vigilance: The relationship doesn’t end with the contract. PSPs must keep a keen eye on the third party's performance and compliance, ensuring they live up to the established expectations and standards.

Exit Strategies

Not all relationships last forever, and a strategic exit plan is crucial for minimizing associated risks:

Plan for the Unexpected: PSPs should have predefined exit strategies for ending third-party service relationships. This includes ensuring that the exit process doesn’t negatively impact the PSP's operations or customer services.

Reporting of Incidents

Transparency in the face of operational hurdles is crucial for maintaining trust:

Immediate Notification: In the event of any incident impacting the third- party’s ability to deliver critical services, PSPs should be informed promptly, allowing for quick action and minimal service disruption.

Record of Third-Party Service Relationships

Keeping meticulous records is more than a regulatory requirement—it’s a pivotal aspect of risk management:

Comprehensive Documentation: PSPs are tasked with maintaining detailed and updated records of all third-party relationships. This includes contracts, assessments, incident reports, and compliance verifications.

Exemplifying Excellence in Financial Services

By adhering to these guidelines, PSPs not only comply with regulatory standards but also position themselves as trustees of their customers' trust and champions of operational excellence

Here is an interpretation of the duties of Payment Service Providers (PSPs) based on the provided snippets from the IFSCA Payment Services Regulations 2024:

Duties of Payment Service Providers within IFSCA as per Guideline

As trusted custodians of public funds, Payment Service Providers shoulder a substantial responsibility in securing not just financial transactions but the entire financial ecosystem. The IFSCA Payment Services carefully outlines these obligations ensuring integrity, security, and customer-centricity. Let's break down their duties:

Duty to Protect Applicable Funds

Financial safeguarding: PSPs must vigilantly protect all 'Applicable Funds', ensuring full compliance with standards and protocols outlined in the regulations and Schedule VI.
Segregation of funds: Providers are required to keep Applicable Funds separate from any other types of funds that they manage, further fortifying financial integrity.

Duty to Comply with Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer (AML, CTF & KYC) Guidelines

AML, CTF & KYC compliance: PSPs must ensure strict adherence to international AML, CTF & KYC guidelines, and the Prevention of Money Laundering Act, 2002 and related rules.
Monitoring Agents: If PSPs are employing agents for service provision, these agents should be incorporated into compliance programs. Up-to-date agent lists need to be maintained.
Transaction accountability: All transactions carried out by authorized agents fall under the PSP's responsibility.

Streamlining Customer Fund Safeguarding for Payment Service Providers

For any Payment Service Provider (PSP), ensuring the security of customer funds is non- negotiable. The IFSCA outlines clear directives to Regular and Significant Payment Service Providers involved in specific payment services. Let’s unpack these directives to simplify the expectations placed on PSPs.

Immediate Safeguarding of Customer Funds:

PSPs, upon receiving funds from the Payment Service User (PSU), must secure such funds by the following business day. The complete safeguarding actions include:

Obtaining Guarantees: Soliciting a binding undertaking or guarantee from a safeguarding institution, fully assuming liability for the funds.
Trust Account Deposits: Storing the funds in a trust account upheld by a safeguarding institution.
Customized Methods: Or, in other prescribed manners as laid out by the Authority.

Focused Directions for Specific Payment Services:

There are additional regulations for PSPs offering services such as cross-border money transfers, merchant acquisition, or those services stated by the Authority.

E-money Issuance Service Providers: Must balance the books daily, ensuring escrow account balances are not less than the amount of e-money issued.

Escrow Accounts:

Fully comprehending how to manage escrow accounts is crucial.

Transactions Allowed:

Credits:
Money from issued e-money,
Reloaded funds on e-wallets,
Reimbursements for failed or disputed transactions.

Debits:
Payments to merchants or other PSPs for acquired services,
Funds transferred to IBUs (International Banking Units) or IBCs (International Business Corporations) for processing transfer instructions,
Tax liabilities,
Refunds for cancelled transactions affecting e-money balance,
Other contractual dues to the PSP from users.

Restrictive Measures:

Certain activities are strictly off-limits for PSPs, particularly those providing e-money issuance services. Here are the prohibitions:

E-money Valuation: Must never be issued at a premium or discount.
Allocation of Collected Funds: These should not be used to extend any loans or credit facilities.
Credit Extensions: No credit may be given to customers nor can any interests, profits, or returns on e-money balances be provided.
Legal Compliance: The e-money platform must not be involved in or linked to any dubious or illegal endeavors.
Cash Withdrawals: It's impermissible to allow cash withdrawals directly from e- money.

Escrow Agreement Stipulations:

Any agreement with IBUs concerning escrow account maintenance must include a clause that restricts the usage of escrow funds, strictly to the purposes detailed in the IFSCA regulations.

Duty to Comply with Laws

Assistance during audit/inspection: Payment Service providers must assist the relevant authorities during audits or inspections.

Duty of Cooperation with Authority

Compliance with regulatory requests: PSPs have a duty to provide necessary information to regulatory authorities such as their logs of transactions over the past decade.

Duty towards Payment Service Users

Customer interest protection: PSPs must prioritize protecting user interests, preventing them from getting misled through transparent and honest communication.
Regulatory disclosures: All disclosure requirements mentioned in Schedule VII must be complied with, assuring transparency for users.

Duty to Secure Information Technology Systems and Infrastructure

IT system and infrastructure security:PSPs must diligently secure their IT systems and related infrastructure against unauthorized access and manipulation.
Security policy documentation:viders need to have a written security policy in place that outlines the measures taken to secure their IT systems and infrastructure.

Redressal of Grievances and Dispute Resolution

Addressal of complaints and disputes: PSPs should implement efficient and effective grievance redressal and dispute resolution mechanisms to promptly address any user complaints.

Action in Case of Default

Default management: In case of any default, PSPs are expected to take appropriate actions correctly and promptly while following the protocols mentioned in the guidelines.

Place of Business or Registered Office

Business location: PSPs must maintain a registered office or business place according to the Guidelines.

By adhering to these guidelines, PSPs play a pivotal role in shaping a robust, secure, and reliable financial ecosystem. The IFSCA Payment Services serves as an important fulcrum, balancing the dual needs of operational flexibility for PSPs and the overarching mandate of user protection and system integrity.

Understanding Payment Services and Thresholds under IFSCA as per Regulations

As we step into a new era of financial regulation, the IFSCA Payment Services Regulations 2024 emerge as a blueprint for overseeing a gamut of payment-related activities. Schedule I delineates with clarity what qualifies as Payment Services, what doesn’t, and what thresholds and conditions are set for Significant Payment Service Providers. Let's delve into these crucial categories.

Part A: Recognized Payment Services

Account Issuance Service: This includes any service that helps set up an account for users to execute payment transactions.
E-Money Issuance: Services that issue stored value in an electronic form, commonly used for online transactions.
Escrow Services: Facilitating transactions by holding funds until the transaction conditions are met.
Cross Border Money Transfers: Services enabling money transfers across national borders.
Merchant Acquisition Services: Enabling merchants to accept payments, in other words setting up systems to process payments for goods and services.

These are the services which, under the ambit of IFSCA regulations, are recognized as official payment services warranting oversight.

Part B: Exclusions from Payment Services

Agent-based Transactions: Payments performed by agents authorized to negotiate or conclude sales on behalf of payers or payees aren't considered payment services.
Specific Document-based Transactions:These are traditional forms like cheques, cash orders, or postal orders which are drawn for the intent of placing money in the hands of a payee.
Inter-System Transactions: Payments made within a payment or securities settlement system between certain institutions like central banks or clearinghouses fall outside the scope of being classified as payment services.
Securities Asset Servicing:Transactions that revolve around the servicing of securities assets, including dividends or the redemption or sale processes, are also excluded.

Part C: Significant Payment Service Provider Criteria

Value Thresholds: To be designated as a Significant Payment Service Provider, a Regular Payment Service Provider must exceed certain value thresholds over a calendar year in the services provided:
For a single payment service: A monthly average total value accepted, processed, or executed over $2 million.
For multiple payment services: The combined monthly average exceeds $4 million.

Special Attention to E-Money Services: If an entity provides e-money account issuance service, the average daily value of e-money stored across all payment accounts needs specific monitoring.

Frequently Asked Questions (FAQs)

What is the rationale behind the issuance of the PS Regulations?

The PS Regulations have been introduced to define a clear framework that allows entities to apply for authorization as Payment Service Providers (PSPs). These regulations are designed to guide PSPs in offering their services both within and beyond the International Financial Services Centre (IFSC), ensuring compliance with the specified terms and conditions.

How do Payment Services differ from Payment Systems?

Payment Services and Payment Systems represent two distinct aspects of financial transactions. Payment Systems are broader structures that include various instruments, banking rules, procedures, and processes that enable the movement of funds between banks and other financial institutions. These systems are operated by entities called Payment System Operators (PSOs), which include participants like banks and other financial organizations.

On the flip side, Payment Services involve the day-to-day operations that facilitate transactions for end-users, such as managing transaction accounts, payment instruments (cards, cheques, etc.), and providing service channels (POS terminals, payment apps). In a typical scenario, PSPs manage the 'Front End' where user transactions take place, while PSOs handle the 'Back End' systems that process these transactions.

What does the authorization and designation mechanism under the PS Regulations entail?

According to the PS Regulations, entities that meet certain criteria can be authorized to operate as PSPs. They are then allowed to offer a spectrum of payment services as long as they stay compliant with the regulations. This authorization does not expire unless it's either revoked by the regulatory Authority or willingly given up by the PSP.

If a PSP's business volume reaches a certain threshold, the Authority can designate it as a "Significant" PSP (SPSP). Until then, PSPs are known as Regular PSPs (RPSP). To become an SPSP, a PSP does not need to apply for the designation; it's a status conferred based on the existing performance metrics outlined in the regulations. However, initial authorization as a PSP is required and applied for.

Are all activities related to payments regulated under the PS Regulations?

No, not all payment-related activities fall under the PS Regulations. To qualify as a payment service under these regulations, an activity must involve providing a transaction account, a payment order issuance mechanism, or a service channel connecting payers to payees. Currently, five such services are sanctioned by the regulations.

Exemptions include transactions within related parties (like between a parent company and its subsidiaries), banking services offered by banks, and technical support services related to payment services (such as the maintenance of terminals). This exclusion rationale is because such activities do not align directly with regulated payment services or because the entities, like banks and card networks, offering them are already authorized under different frameworks.

Entities excluded from the requirement of authorization under the PS Regulations are inherently capable of offering payment services as part of their licensed operations and therefore, do not require separate authorization.

When is the company to be formed for the authorization as PSP under the PS Regulations?

The steps for acquiring PSP authorization and the formation of the company are outlined as follows:

Application for Authorization:
The application process invites entities that wish to become authorized as PSPs to submit their applications to the Authority as specified in the regulations.
It's important to note that at the application stage, the entity need not be an established company. Applicants can be parent companies or their group companies planning to establish a PSP as a subsidiary.

In-Principle Approval:
Upon applying, the Authority will review the application and may request additional information or clarifications.
If the initial review is satisfactory, the Authority will issue an In-principle approval, along with a list of conditions that must be met by the applicant.

Setting Up a Company:
One key condition following the In-principle approval is the formation of a company with its registered office in the IFSC.
This new company needs to be adequately capitalized to meet the minimum net worth criteria outlined in the regulations.

Rectifying Deficiencies:
Any issues identified during the application review need to be addressed within a prescribed timeline.
Failure to rectify these deficiencies in time may result in the refusal of authorization.

Issuance of Certificate of Authorization:
Once all conditions, including the formation of the company and capitalization, are satisfied, the Authority will issue a Certificate of Authorization to the applicant.
The newly authorized company is expected to commence operations within a specified time frame, as required by the PS Regulations.

Process Flow for Authorization as a PSP:

Application for Authorization:Parent or group companies submit applications for PSP authorization.
In-Principle Approval:The Authority reviews and gives conditional approval to suitable applicants.
Setting Up a Company:Applicants must establish a company in IFSC and meet the required capital criteria.
Grant of Authorization:Upon satisfying the approval conditions, a Certificate of Authorization is issued.

The Authority suggests prospective PSPs to consult and discuss their business model and operational plan with them before formally applying. The complete application process is considered the final stage in setting up a PSP.

(6) When Do You Need Authorization to Provide Payment Services in IFSC?

What Makes You a PSP in IFSC?

Must-have: A place of business in IFSC.
What You Do There: Provide one or more payment services listed in Part A of Schedule I of the regulations, either as your main focus or alongside other business activities.

(7) What Exactly Falls Under "Merchant Acquisition Services"?

Understanding Merchant Acquisition Services:

Main Service: Payment aggregation, helping merchants to accept various payment methods so customers have the freedom to pay how they like.
Also Includes: Moving money from banks or payment issuers directly to merchants.
Not Included: Payment gateway services, as these are classified under technical services.

(8) What's Included in Cross-Border Money Transfer Services?

Scope of Cross-Border Money Transfer:

A PSP in IFSC accepting money to transmit outside IFSC, or vice versa, falls under this service.
It also covers sending money from outside IFSC to another foreign location.
Key Point: The service applies regardless of whether the money's sender and receiver are the same person and doesn't require both parties to be in IFSC.

(9) How to Safeguard Money in Mixed Payment Service Transactions?

Safeguarding Funds Across Services:

Rule: All money held by the PSP for any transaction must be safeguarded according to regulation 23(1) along with Schedule VI of the regulations.
Applies To: Any combination of services (e.g., cross-border money transfers and merchant acquisition) within a single transaction.
Essentially: The total money under PSP's control for a transaction must meet safeguarding requirements until the transaction is fully processed.

These simplified answers aim to clarify when and how to comply with PSP authorization and operations in IFSC, including specifics on merchant services and cross-border transfers.

(10) What Kinds of Payment Accounts Are Included in the Account Issuance Service?

Defining an Account Issuance Service:

Any service that issues a payment account to someone in IFSC or beyond.
What Constitutes a Payment Account? Both physical (like a charge card) and virtual (like an e-wallet) accounts.
Key Point: To determine if an account qualifies as a payment account, PSPs must refer to the full definition in the regulations, especially noting whether the account can facilitate payment orders or transactions.

(11) Is Adding Funds to an E-Wallet an Activity of Account Issuance?

Topping Up E-wallets:

No, replenishing an e-wallet's funds, unless it's by the PSP's "agents," is not seen as a part of account issuance.

(12) Can an E-Wallet Store Cryptocurrencies or Stablecoins?

E-Wallet Content Restrictions:

E-Wallets can't hold cryptocurrencies like Bitcoin or stablecoins.

(13) Which Currencies Can an E-Wallet Hold?

Accepted Currencies for E-Wallets:

E-Wallets can presently hold: USD, EUR, JPY, GBP, CAD, AUD, CHF, HKD, SGD, AED and RUB, collectively known as "specified currencies."

(14) Is it Possible for an E-Wallet to Hold Indian Rupee (INR)?

Indian Rupee in E-Wallets:

An e-wallet is not permitted to store the Indian Rupee (INR) in any way.

(15) What Should an India-based Company Consider Regarding Foreign Exchange Laws Before PSP Authorization? Can Foreign Firms Apply?

PSP Authorization Considerations:

Indian Companies: Need to check the Foreign Exchange Management Act, 1999's rules about setting up foreign subsidiaries and transferring capital to them.
Foreign Companies: Parent companies located outside India may apply to establish an IFSC-located PSP subsidiary.

(16) Are PSPs Obligated to Follow AML/CFT Protocols?

Compliance Requirements for PSPs:

As "regulated entities" under the IFSCA Guidelines, 2022, authorized PSPs must obey these guidelines' rules.

(17) Does Requiring PSPs to Maintain Security Deposits Ensure Payment Service User's Funds?

Reason for Security Deposit Requirement:

The security deposit, which the Authority can demand, isn't there to guarantee user's funds.
Instead, it's used to settle outstanding sums if a PSP's authorization is surrendered or revoked. This may help users recover some losses but does not fully insure against all potential losses.

(18) Under What Conditions Does IFSCA Require a PSP to Maintain a Security Deposit?

Key Points on Security Deposit:

When: IFSCA may ask for a security deposit based on their assessment of a PSP’s business model or operational structure. It could be before starting operations or anytime after that.
How Much: The amount depends on the PSP's business volume and expected growth.

(19) What is the Purpose of the Security Deposit?

Understanding the Use of Security Deposit:

Not for Repayment: The deposit isn't there to directly repay customers or service suppliers if the PSP fails to do so.
Why: PSPs must safeguard customer funds separately (like in an escrow account), and suppliers should rely on their credit assessments rather than the security deposit for due payments.

(20) Why Are There Regulations for Third Party Service Providers?

Rationale Behind Third Party Service Provider Regulations:

Purpose: To ensure PSPs responsibly select and monitor any third-party services they use, considering their quality, financial stability, and alternatives if those services stop.
Decision-Making: When approving PSP applications, the Authority looks closely at how much PSPs rely on third-party services.

(21) Why Can't PSPs Lend Money or Offer Cash Withdrawals?

Restrictions Explained:

No Lending or Advancing Money:
Reason: To focus PSPs on managing the risks of payment services without the added complexity of credit risk, which demands different expertise and more capital.
No Cash Withdrawals from E-Wallets:
Why: Aligns with IFSCA's goal of maintaining a cashless environment in IFSC and encourages the use of electronic transactions, mirroring international e-wallet practices.

(23) Why is There No Universal Cap on E-Wallet Balances?

E-Wallet Cap Flexibility:

Principle-Based Approach: IFSCA prefers regulations that are adaptable, so a fixed cap isn't in line with their regulatory philosophy.
Risk Management: IFSCA expects PSPs to use their internal risk management to set caps if needed, based on customer transaction history and other relevant factors.
User Control: PSPs are encouraged to let users set their own limits on their e-wallets, promoting a user-centric and dynamic approach to managing funds.

(24) How Does IFSCA Handle E-Money Threshold Breaches Due to Exchange Rate Changes?

Managing Currency Exchange Impacts:

Assessment of Breaches: IFSCA looks at why a threshold was breached due to exchange rate changes and whether the PSP took steps to foresee and prevent such breaches.
Reasonable Measures: PSPs are expected to have strategies in place to manage the risks of currency fluctuations.

(25) Why Must a PSP Use a Nodal Bank, and Can They Use Other Banks?

Nodal Bank Requirement and Flexibility:

Mandatory Nodal Bank Usage:
Supervision: IFSCA monitors PSPs through their transactions with a designated nodal bank.
Key Transactions: Essential activities like managing escrow accounts and security deposits are tracked using the nodal bank.
Use of Additional Banks:
Operational Reasons: PSPs may need multiple bank accounts to ensure operational smoothness, like handling outages with the nodal bank.
Justified Multiplicity: PSPs can open accounts with other banks but must explain the necessity for their transactions.

Our Blog

PSARA LICENSE – Estabizz Fintech

By admin_estabizz / December 1, 2021

PSARA License Today Security is the Big issue. Every Body in India who is having name and fame needs security...

AUTHORISED PERSONS (APs) FRAMEWORK – Estabizz Fintech

By admin_estabizz / November 22, 2021

Market Access through Authorised Persons :- Attention of Members’ is drawn to Exchange circular NSE/INSP/42448 dated October 18, 2019, which...