Rbi Tightens Payment Compliance: New Penalty & Compounding Framework Explained

1. Introduction

On January 30^th, 2025, the Reserve Bank of India(“RBI”) introduced a revised framework[1] for imposing monetary penalties and compounding offences under the Payment and Settlement Systems Act, 2007 (“PSS Act”)[2]. This framework supersedes the earlier guidelines issued in 2020[3] and incorporates amendments introduced by the Jan Vishwas (Amendment of Provisions) Act, 2023[4]. The revisions aim to streamline enforcement actions, enhance compliance, and align penalties with contemporary regulatory needs.

The revised framework aims to:

1. Increased Penalty Limits: This is done to ensure stricter compliance with the PSS Act and ensure rigid adherence to compliance.

2. Expanded Scope of Compounding: Offences are now eligible for compounding thereby reducing litigation.
3. Rationalization of Enforcement: The framework consolidates enforcement actions under the RBI’s enforcement department, emphasizing proportionality and transparency in penalties.

This article examines the key changes introduced, the legal implications, and how the payment system operators should prepare for compliance.

1. Key Changes Introduced

The following table outlines the significant changes brought by the revised framework:

S. No.	Aspect	Previous Framework (2020)	Revised Framework (2025)
	Maximum Monetary Penalty	INR 5 lakhs	INR 10 Lakhs (or twice the amount involved in contravention, whichever is higher.)
	Additional Penalty for Continuing Default	INR 10,000/- per day	INR 25,000 /- per month
	Scope of Compounding	Limited offences under Section 26 of PSS Act	Expanded to include Sections 26(1), (3), (4), (5), and (6)
	Enforcement Authority	Decentralized approach	Centralized under the RBI’s Enforcement Department
	Disclosure Requirement	Limited public disclosure	Mandatory disclosure in financial statements and RBI’s press releases
	Penalty Determination Factor	Not explicitly outlined	Includes proportionality, intent, monetary gain, loss to stakeholders, etc.

The increase in penalties and broader compounding options emphasize RBI’s intent to ensure stricter compliance in the payment sector.

1. Applicability and Key Violations Under Section 26 of the PSS Act

The revised framework applies to all payment system operators and banks governed under the PSS Act. Key contraventions subject to penalties includes[5]:

1. Unauthorized Operation [Section 26(1)]: Running a payment system without RBI authorization or violating authorization conditions.

1. False/ Misleading Statements [Section 26(2)]: Wilful misrepresentation or omission of material facts in regulatory filings.

1. Failure to Furnish Information [Section 26(3)]: Non-compliance in providing documents, returns, or statements to RBI.

1. Prohibited Disclosure [Section 26(4)]: Unauthorized disclosure of information.

• Data Localisation Violation [Section 26(4) & 26(6)]: Non-compliance with RBI’s data storage requirements for payment system operators.

• Non-Compliance with RBI Directions [Section 26(6)]: Breach of know-your-customer(“KYC”) /anti-money-laundering (“AML”) norms, failure to maintain net worth requirements, or exceeding Prepaid Payment Instrument (“PPI”) limits.

1. Determination of Monetary Penalties

With the aid of this notification, the RBI attempted to specifically mention, as how to assess the penalty quantum. As per the notification, the factors are as follows:

1. Proportionality: Penalties must align with the severity, frequency, and financial impact of the contravention.
2. Gain/Loss Assessment: Quantifiable gains to the contravener or losses to stakeholders.
3. Mitigating Factors: Voluntary disclosures, cooperation, and corrective actions.
4. Statutory Limits: Penalties cannot exceed INR10 lakh (or twice the contravention amount) plus daily fines for continuing defaults, with an additional INR 25000/- per day for continuing violations.

• Compounding of Offences: A New Compliance Window

The revised framework provides for a structured mechanism for compounding of certain contraventions which inter alia includes for unauthorised operation of running a payment system, non-compliance in furnishing information, unauthorised disclosure of information and data localisation violations among others.

The process requires the contravening entity to submit a compounding application with supporting documents to the RBI, which then reviews the case, conducts a hearing if necessary, and issues a compounding order within six months of receiving the application. The compounding amount varies based on the nature of the contravention, with first-time offences eligible for a 25% reduction from the maximum penalty, while repeat contraventions within five years attract a 50% increase in the compounding amount.

• Consequences of Non-Compliance

Failure to comply with RBI’s penalty or compounding orders can lead to severe legal and financial repercussions, including:

1. Monetary Penalties: Unpaid penalties beyond 30 days may result in criminal proceedings or license revocation under Sections 8, 30(3), or 33 of the PSS Act.
2. Loss of Compounding Benefits: If an entity fails to pay the compounding amount within 30 days, it loses the compounding benefit and faces prosecution.
3. Mandatory Public Disclosure: All penalty and compounding actions will be published in financial statements and RBI press releases, impacting the entity’s reputation.

• Implication for Regulated Entities

The RBI’s revised framework imposes stricter compliance standards on payment system operators and banks. Firstly, entities must ensure strict adherence to RBI’s authorization terms, data storage mandates, and regulatory directives, as proactive compliance can help prevent regulatory scrutiny. Secondly, the framework introduces increased financial and reputational risks, with higher penalties leading to greater financial liabilities and public disclosure of violations potentially harming credibility and investor confidence. Thirdly, there is an emphasis on enhanced record-keeping and transparency, requiring payment operators to maintain comprehensive records and implement strong internal compliance mechanisms to mitigate regulatory risks.

• Conclusion

The revised framework underscores the RBI’s commitment to fostering a secure and compliant payment ecosystem. By increasing penalties, expanding compounding options, and emphasizing proportionality, the framework balances deterrence with fairness. Regulated entities must align their operations with these guidelines to avoid enforcement actions and reputational risks.

---

[1] Refer to Notification EFD.CO.No.1/02.08.001/2024-25 dated 30^th January 2025.

[2] Payment and Settlement Act, 2007 (Act No. 51 of 2007), available at: https://www.indiacode.nic.in/bitstream/123456789/2082/4/a2007-51.pdf

[3] Refer to Circular DPSS.CO.OD.No.1328/06.08.005/2019-20 dated January 10, 2020

[4] Jan Vishwas (Amendment of Provisions) Act, 2023 (18 of 2023), which has come into force from January 22, 2024 [Gazette notification Nos. S.O. 318(E) dated January 22, 2024 of Ministry of Finance, Department of Financial Services]

[5] Refer to Notification EFD.CO.No.1/02.08.001/2024-25 dated 30^th January 2025.