New Framework for Payment Systems Operators | 05 Aug 2021
Why in News
Recently, the Reserve Bank of India (RBI) has issued a framework for payment and settlement related activities by payment system operators.
- This framework is issued under provisions of Payment and Settlement Systems Act, 2007.
- The Payment and Settlement Systems Act, 2007 provides for the regulation and supervision of payment systems in India and designates the RBI as the authority for that purpose and all related matters.
Payment System
- A payment system is a system used to settle financial transactions through the transfer of monetary value and consist of the various mechanisms that facilitate the transfer of funds from one party (the payer) to another (the payee).
- A payment system includes the participants (institutions) and the users (customers/clients), the rules and regulations that guide its operation and the standards and technologies on which the system operates
- The Board for Regulation and Supervision of Payment and Settlement Systems (BPSS), a sub-committee of the Central Board of the RBI is the highest policy making body on payment systems in India.
Payment System Operators (PSOs)
- PSOs by virtue of services they provide and the construct of models on which they operate, largely outsource their payment and settlement-related activities to various other entities.
- It is an institution which has been granted an authorisation for the operation of a payment system.
Key Points
- New Framework:
- Licensed non-bank Payment System Operators (PSOs), cannot outsource core management functions.
- Core management functions include risk management and internal audit, compliance and decision-making functions such as determining compliance with KYC norms.
- It will be applicable to all service providers, whether located in India or abroad.
- Licensed non-bank Payment System Operators (PSOs), cannot outsource core management functions.
- Objective:
- To put in place minimum standards to manage risks in outsourcing of payment and settlement-related activities including tasks such as onboarding customers and IT-based services.
- Need:
- There is a potential area of operational risk associated with outsourcing by payment system operators and participants of authorised payments systems.
- India’s tech ecosystem has seen several high-profile cyber attacks such as those at Juspay, Upstox and Mobikwik over the last year targeting customers’ payments data.
- There is a potential area of operational risk associated with outsourcing by payment system operators and participants of authorised payments systems.
- Related Previous Initiative:
- Earlier, the RBI has put in place restrictions with respect to investments in payments system operators (PSOs) by new entities from jurisdictions that have weak measures to deal with money laundering and terrorist financing activities.
Way Forward
- Since, India is the second-fastest digital adapter among 17 of the most-digital economies globally, and rapid digitisation does require forward-looking measures to boost cybersecurity.
- It is important for the corporates or the respective government departments to find the gaps in their organisations and address those gaps and create a layered security system, wherein security threat intelligence sharing is happening between different layers.