The Reserve Bank of India (RBI) has published detailed guidelines to strengthen India’s digital payments ecosystem. With this, RBI aims to improve security, control and compliance among banks, gateways, wallets and other non-banking entities.
The new rules are directly applicable for scheduled commercial banks, small finance banks, payment banks and credit card-issuing Non-Banking Financial Companies (NBFC). It also specifies the criteria under which regulated entities can form partnerships and interact with third-party apps and ecosystem players.
All regulated entities have been given six months to ensure compliance.
The guidelines issues specifications on a diverse set of application areas, including mandates from source code protection of third-party UPI apps, cyber security guidelines for safety against external attacks, card payments and internet banking security protocols. Further, under the guidelines RBI has also specified that a payment operator or a bank cannot delay settlements to nodal settlement accounts beyond 24 hours.
According to RBI, while the guidelines will be technology and platform agnostic, it will create an enhanced and enabling environment for customers to use digital payment products in a more safe and secure manner. Necessary guidelines will be issued separately. “The Board and Senior Management shall be responsible for implementation of this policy. The policy shall be reviewed periodically, at least on a yearly basis. REs may formulate this policy separately for its different digital products or include the same as part of their overall product policy,” the RBI added.