Operating Without a PA License in India? Legal & Regulatory Risks

India’s digital payments ecosystem has witnessed explosive growth over the last decade. From UPI-driven QR payments in small towns to global ecommerce transactions routed through Indian gateways, the backbone of this ecosystem is the Payment Aggregator (PA) model.

However, many fintech startups and digital platforms misunderstand one critical compliance requirement: you cannot legally operate as a Payment Aggregator in India without authorization from the Reserve Bank of India (RBI).

If your business is onboarding merchants, collecting customer payments, routing transactions, or settling funds — and you do not have a valid PA license RBI approval, you may be exposed to serious legal and regulatory consequences.

This article provides a comprehensive, India-focused breakdown of:

• What a PA license is

• Who requires RBI authorization

• Legal risks of operating without approval

• Real regulatory consequences

• Compliance framework and penalties

• Practical steps to mitigate risk

Understanding the PA License Under RBI Regulations

The concept of a Payment Aggregator was formally regulated in 2020 under guidelines issued by the RBI under the Payment and Settlement Systems Act, 2007 (PSS Act).

A Payment Aggregator (PA) is a non-bank entity that:

• Onboards merchants

• Collects payments from customers

• Processes and routes transactions

• Maintains escrow accounts

• Settles funds to merchants

Unlike payment gateways that provide only technology infrastructure, payment aggregators handle funds. That is precisely why RBI mandates licensing — to ensure systemic stability and consumer protection.

Why RBI Regulates Payment Aggregators

India’s payment volumes run into billions of transactions annually. If aggregators mishandle funds, ignore KYC, or fail to maintain escrow discipline, it can:

• Endanger merchant liquidity

• Expose consumers to fraud

• Create AML and terror-financing risks

• Disrupt financial stability

Therefore, RBI approval is mandatory before commencing operations.

Who Needs a PA License in India?

1. Banks

Scheduled banks are allowed to operate as PAs under their existing authorization. They do not require a separate PA license.

2. Non-Bank Fintech Companies

You require RBI authorization if your company:

• Directly onboards merchants

• Collects customer payments in your name

• Maintains escrow accounts

• Handles settlement cycles

• Offers checkout/payment infrastructure tied to fund flow

If your fintech is functioning in any of the above capacities without RBI authorization, it may be considered unauthorized payment system operation under the PSS Act.

What Happens If You Operate Without a PA License in India?

Operating without approval is not a minor compliance gap. It is a statutory violation.

Below are the legal and regulatory risks:

1. Immediate Regulatory Action by RBI

The RBI has sweeping supervisory powers. It may:

• Issue cease-and-desist orders

• Direct banks to freeze settlement accounts

• Stop onboarding of new merchants

• Block escrow operations

In practice, once banks receive RBI directives, payment flows can stop instantly — crippling business operations.

2. Monetary Penalties Under the PSS Act

Under the Payment and Settlement Systems Act:

• Unauthorized operation can attract heavy financial penalties

• Continued violations may incur daily fines

• Failure to comply with directions can escalate penalty exposure

These fines can accumulate quickly, especially for high-transaction businesses.

3. Criminal Liability

In serious cases involving willful non-compliance or misrepresentation:

• Directors and key managerial personnel may face prosecution

• Imprisonment provisions may apply

• Additional compounding penalties may be imposed

This risk is often underestimated by founders.

4. Reputational Damage

In India’s tightly regulated financial ecosystem:

• Banks may terminate relationships

• Investors may withdraw funding

• Customers may lose trust

• Media exposure can harm brand equity

Regulatory non-compliance in fintech travels fast across the ecosystem.

5. Application Rejection and Forced Wind-Down

Many companies applied for PA license RBI approval after the 2020 guidelines.

If RBI rejects an application:

• The entity must stop PA operations

• Merchant migration must be facilitated

• Escrow balances must be settled properly

Operating first and “regularizing later” is a risky approach.

Minimum Net Worth & Eligibility Requirements

To obtain RBI approval, non-bank PAs must meet:

• ₹15 crore net worth at the time of application

• ₹25 crore net worth within prescribed timelines

• Proper board governance structure

• Fit & proper management criteria

• Strong IT and cybersecurity systems

• Escrow arrangement with a scheduled bank

Failure to maintain ongoing compliance may result in license cancellation.

Read more in details - Eligibility Criteria for Payment Aggregator License in India

Escrow and Fund Flow Compliance

One of the most scrutinized aspects of PA operations is escrow discipline.

RBI mandates:

• Merchant funds must be parked in a dedicated escrow account

• Settlement timelines must be adhered to

• No co-mingling of operational funds

• Daily reconciliation

Improper escrow management is a major trigger for regulatory scrutiny.

Merchant KYC and AML Compliance

Payment aggregators must perform:

• Full merchant KYC

• Risk profiling

• Ongoing transaction monitoring

• Suspicious transaction reporting

Weak merchant onboarding can expose the PA to money laundering and fraud risk — leading to enforcement action.

Data Localization & Cybersecurity Requirements

RBI requires:

• Storage of payment data within India

• Compliance with PCI-DSS standards

• Regular system audits

• Incident reporting protocols

Cybersecurity lapses are taken seriously in financial infrastructure.

RBI’s Increasing Regulatory Scrutiny

Over the past few years, the RBI has tightened oversight across the fintech sector. Regulatory actions against digital lenders and payment entities have signaled a clear message:

Payment system compliance is non-negotiable.

Entities operating in gray areas are increasingly being identified through:

• Bank reporting

• Transaction monitoring

• Market intelligence

• Inspection audits

The enforcement environment is significantly stricter today than in the early fintech boom years.

Grey Areas: Payment Gateway vs Payment Aggregator

Many companies assume they are “only a technology provider.”

However, if your platform:

• Touches funds

• Controls settlement

• Operates escrow accounts

• Contracts directly with merchants

You likely fall under PA regulation.

Misclassification is one of the most common compliance mistakes in India’s fintech ecosystem.

Risk to Directors & Founders

Non-compliance risk is not limited to the company entity.

Under Indian financial laws:

• Directors may be held personally liable

• Compliance officers may be questioned

• Promoters may face restrictions

Founders often overlook the personal exposure component.

How to Mitigate Legal & Regulatory Risk

If you are currently operating without a PA license RBI approval, immediate steps are critical:

Conduct a Regulatory Gap Assessment

Review whether your operations qualify as PA activity.

Engage RBI Regulatory Advisors

Work with professionals experienced in fintech compliance.

Restructure Operations (If Needed)

Consider partnership with an authorized PA while applying for license.

Strengthen Governance & Compliance

Implement:

• Internal compliance officer

• AML framework

• IT audit systems

• Escrow monitoring controls

Prepare Robust License Application

The RBI application requires:

• Detailed business model

• Fund flow diagram

• IT architecture documentation

• Risk management framework

• Financial statements

• Board declarations

Incomplete or poorly structured applications are frequently delayed or rejected.

Strategic Importance of Compliance in India

India is one of the world’s fastest-growing digital payment markets. Regulatory compliance is no longer a back-office function — it is a strategic necessity.

Licensed entities gain:

• Stronger banking relationships

• Higher investor confidence

• Merchant trust

• Scalability opportunities

• Cross-border payment expansion potential

Operating without authorization may provide short-term speed — but long-term risk exposure is substantial.

Frequently Asked Questions (India Focused)

Is PA license mandatory in India?

Yes, for non-bank entities handling fund flow and merchant settlement.

Can I operate while my application is under process?

Only if specifically permitted under transitional provisions. Otherwise, unauthorized operation is risky.

What law governs Payment Aggregators?

The Payment and Settlement Systems Act, 2007.

What is the minimum net worth for RBI PA license?

₹15 crore at application stage, increasing to ₹25 crore as prescribed.

Final Thoughts

If your business model includes merchant onboarding, payment collection, escrow handling, or settlement facilitation, obtaining a PA license from RBI is not optional — it is legally mandatory in India.

Operating without authorization exposes your company to:

• Regulatory shutdown

• Financial penalties

• Criminal exposure

• Investor backlash

• Reputational damage

In India’s evolving fintech ecosystem, compliance is competitive advantage.

Before scaling your payments business, ensure that your regulatory foundation is solid, structured, and RBI-aligned.