How to Become a Payment Aggregator (PA) in India: Step-by-Step

Quick answer: To get a Payment Aggregator licence in India you must be a company incorporated under the Companies Act 2013, meet a prescribed minimum net worth, hold a clean compliance and management record, submit a detailed application to the RBI’s Department of Payment and Settlement Systems with an audited net-worth certificate and a board-approved policy stack, and then maintain ongoing compliance with merchant due diligence, escrow operation, data localisation, and reporting requirements. Realistic application-to-final-authorisation timelines run 9 to 18 months.

A Payment Aggregator licence from the Reserve Bank of India is what separates a payments product you can scale from one that lives or dies on a partner’s tolerance for risk. If your business model involves collecting funds from customers on behalf of merchants and remitting them — that is, the textbook PA function — you need this licence, full stop. The grey-market era of operating without one ended when the RBI issued the Guidelines on Regulation of Payment Aggregators and Payment Gateways in March 2020.

Here’s the step-by-step we walk founders through at OpenMalo when they ask, “what does it actually take to get a PA licence?”

Step 1 — Decide which PA licence you need

There are three related licences and they are not interchangeable:

• PA-Online — the core domestic Payment Aggregator licence, for online merchant collections
• PA-Physical — the offline / face-to-face PA licence, for POS-style merchant collections
• PA-CB — the cross-border Payment Aggregator licence, for import or export collections; introduced via separate RBI guidance

Some companies hold more than one. Pick the right starting point before you draft the application — the documentation differs.

Step 2 — Establish net worth

The RBI requires a minimum net worth (subject to a transition timeline that has been adjusted by circular). Net worth means paid-up capital plus free reserves minus accumulated losses minus deferred revenue expenditure — assessed at the date of application. You will need a chartered accountant’s net-worth certificate following the prescribed RBI format.

[VERIFY 2026] RBI has issued multiple revisions to the PA net-worth threshold and transition timeline since the original 2020 circular. Confirm the current operative minimum and the deadline by which existing applicants must meet the higher figure.

Step 3 — Get your corporate structure right

You must be:

• Incorporated under the Companies Act 2013 (LLPs and partnerships are not eligible)
• Engaged primarily in payment activity — diversified holdcos generally face additional scrutiny
• Tax-compliant with no pending material adverse orders
• Fit-and-proper at the promoter and director level — the RBI runs a comprehensive check

Step 4 — Build the policy stack before you apply

The RBI will not accept the application without a board-approved version of each of these:

1. Information security policy (with details of independent assessment)
2. Merchant due diligence and onboarding policy
3. Customer grievance redressal policy with named officer
4. Outsourcing policy (covering all material outsourced functions)
5. Fraud monitoring and risk management policy
6. Business continuity and disaster recovery policy
7. KYC and AML policy

Write these as living operating documents, not boilerplate. The RBI reads them and asks follow-up questions.

Step 5 — Architect the escrow setup

Funds collected from customers must flow into an escrow account with a scheduled commercial bank, with debits permitted only for prescribed purposes:

• Settlement to merchants
• Refunds to customers
• Fees to the PA (within the scope of the merchant agreement)
• Service tax / GST remittance
• Bank charges

No general working-capital draw against the escrow. No mixing of PA float with other corporate funds. Build the accounting from day one assuming the auditor will reconcile every paisa.

Step 6 — Submit the application

The application package goes to the Department of Payment and Settlement Systems (DPSS), Central Office, Reserve Bank of India, Mumbai. The package includes:

• Application in the prescribed format
• Certificate of incorporation and MoA/AoA
• Latest audited financials and net-worth certificate
• Board resolution authorising the application
• All policy documents
• IT architecture diagrams and security audit report
• KYC and antecedents of directors and key managerial personnel
• Application fee (refer current circular for amount)

Step 7 — Survive the back-and-forth

The RBI typically responds with queries — sometimes several rounds, sometimes spread over months. The most common reasons for delay or rejection:

• Net-worth shortfall as on application date (vs. transition deadline)
• IT security audit not from a CERT-In empanelled auditor
• Promoter / director adverse history
• Inadequate merchant due-diligence framework
• Escrow architecture that mixes settlement and operational accounts

If you get an in-principle approval, you have a defined window to operationalise the requirements and apply for final authorisation.

Step 8 — Operate within the perimeter

After the licence is granted you live inside ongoing obligations:

• Merchant due diligence at onboarding and periodic refresh
• Data localisation — payment data must be stored in India
• Reporting to RBI in prescribed formats
• No prohibited categories (e.g., no aggregation for gambling, no aggregation outside the licence scope)
• Cyber incident reporting within prescribed timelines

What this realistically costs

Excluding the regulatory net-worth, the application and first-year compliance bill commonly runs into seven figures (INR) when you account for legal, security audit, policy drafting, escrow setup, technology, and dedicated compliance hiring. The realistic application-to-final-authorisation timeline is 9 to 18 months depending on the quality of the submission.

CTA: Whether you’re applying for PA, PA-CB, or building on top of one, OpenMalo’s payments gateway module is the merchant-side technology stack that lives alongside the licence. See the module →

Closing

The PA licence is one of the more demanding licences the RBI issues to private fintechs, and that’s by design — the regulator is choosing who gets to sit between merchants and the banking rails. Treat the application as a technology, governance, and operating-model audit rolled into one. Companies that do are licensed. Companies that treat it as a paperwork exercise are not.