Pursuant to the announcement made in its Statement on Developmental and Regulatory Policies dated February 8, 2024, the Reserve Bank of India (RBI) has released the draft directions on Due Diligence of Aadhaar enables Payment System (AePS) Touchpoint Operators (Draft Directions) inviting public comments. The RBI stated that, in recent times, there have been instances of frauds perpetuated through AePS due to identity theft or compromise of customer credentials. To protect bank customers from such frauds, and to maintain trust and confidence in the safety and security of the system, it has been considered necessary to enhance the robustness of AePS. Thus, with the objective of enhancing the robustness of AePS and streamlining the onboarding process of AePS Touchpoint Operators, the RBI has published the Draft Directions. The comments to the Draft Directions were to be provided to the RBI by August 31, 2024.
The key aspects under the Draft Directions include the following aspects:
- Key Definitions: The key definitions under the Draft Directions include the following:
- ‘Aadhaar Enabled Payment System (AePS)’: It is a Payment System in which transactions are enabled through Aadhaar number and biometrics or One-Time Password (OTP) authentication. AePS enables basic banking services, viz., cash withdrawal, balance enquiry, mini statement, cash deposit, fund transfer, etc.
- ‘AePS Touchpoint’:The terminal deployed by acquirer banks to facilitate AePS transactions, using Aadhaar based biometric / OTP authentication.
- Onboarding of AePS Touchpoint Operators: The acquiring bank shall carry out due diligence of all AePS touchpoint operators onboarded by it, in accordance with the Customer Due Diligence procedure for individuals, stipulated in Part-I, Chapter VI of the Master Direction – Know Your Customer Direction, 2016 (as updated from time to time), issued by the Reserve Bank. Further, the acquiring bank shall carry out updation of KYC in cases where an AePS touchpoint operator has not performed any financial transaction for a continuous period of six months, before enabling him / her to transact further. National Payments Corporation of India (NPCI) and acquiring banks shall ensure that any AePS touchpoint operator is onboarded only by one acquiring bank.
- Ongoing Due Diligence: The acquiring bank shall monitor the activities of AePS touchpoint operators on an ongoing basis and set operational parameters, in accordance with the following principles: (i) Transaction limits shall be set for AePS touchpoint operators based on their risk profile; and (ii) Transactions of AePS touchpoint operators shall be consistent with their location of operation and risk profile.
- Adherence to NPCI instructions: All System Participants are required to adhere to the rules and regulations governing the operation of AePS, issued by NPCI (System Provider of AePS).
The Draft Directions may be accessed by clicking on this link.
Authors & Contributors
Partner(s):
Associate(s):
Keshav Pareek
Ishaan Gupta