loader

Disclaimer

The Bar Council of India does not permit advertisement or solicitation by advocates in any form or manner. By accessing this website, www.khaitanco.com, you acknowledge and confirm that you are seeking information relating to Khaitan & Co of your own accord and that there has been no form of solicitation, advertisement or inducement by Khaitan & Co or its members. The content of this website is for informational purposes only and should not be interpreted as soliciting or advertisement. No material/information provided on this website should be construed as legal advice. Khaitan & Co shall not be liable for consequences of any action taken by relying on the material/information provided on this website. The contents of this website are the intellectual property of Khaitan & Co.

Please accept the above
PROCEED TO WEBSITE
Close

Search

See all results for ""

RBI releases guidelines for due diligence of AEPS Touchpoint Operators

download
16-Jul-2025

Background

Following multiple reports on identity theft and compromise of customer credentials in the use of Aadhaar enabled Payment System (AePS), the Reserve Bank of India (RBI) has issued guidelines under Section 18 read with Section 10(2) of the Payment and Settlement Systems Act, 2007 on ‘Aadhaar Enabled Payment System – Due Diligence of AePS Touchpoint Operators’ on 27 June 2025 (Guidelines) to protect customers’ interest.

AePS was launched with the objective to promote financial inclusion and enable secure and interoperable digital transactions, particularly for rural populations in India residing in remote locations with limited ATMs and bank branch access. As a result, individuals in the remotest parts of the country can now withdraw money from a local shop (which is designated as an AePS Touchpoint Operator (ATO)) by providing their Aadhaar number and biometrics on the operator’s micro–ATM. To clarify, ATOs are the individuals appointed by the acquiring banks to facilitate the AePS transactions. This initiative by the National Payments Corporation of India (NPCI) has unparallel potential to facilitate interoperable digital transactions and promote financial inclusion in India. However, to avoid any missteps, the RBI has now stepped in to ensure paramount protection of customer interests.

Applicability and effective date

The Guidelines are applicable to the acquiring banks which are essentially banks which acquire transactions initiated through the devices provided by them to the ATO (Acquiring Banks). The Acquiring Banks route transactions initiated through their devices, regardless of whether the customer holds a bank account with that bank or not, to the NPCI, which then forwards it to the issuer bank (the bank where the customer’s Aadhaar linked account is held) for processing of the transaction. The Guidelines are effective on the acquiring banks from 1 January 2026.

Salient features of the guidelines

  • Due diligence: Acquiring Banks are required to carry out due diligence of all ATOs before onboarding them, adopting the same standards required under the Customer Due Diligence Procedure for Individuals under the RBI’s ‘Master Direction - Know Your Customer (KYC) Direction, 2016’ dated 25 February 2016 (MD). This move will ensure the Acquiring Banks follow strict procedures as followed for individual customers onboarding under the MD. However, if the due diligence of ATOs has been done in their capacity as business correspondents (entities or individuals engaged by banks to provide financial services in unbanked or underbanked areas) / sub-agent (individuals or entities appointed by business correspondents to perform the same functions), then the same will suffice as far as the onboarding formalities are concerned. Additionally, ATOs not functioning for a period of 3 (three) months are required to go through KYC before making any new transactions.
  • Ongoing transaction monitoring and risk management: The Acquiring Banks are required to monitor the activities of ATOs through the transaction monitoring systems on an ongoing basis and set operational parameters, based on business risk profile of the ATOs. Further, the Acquiring Banks are required to regularly review these parameters to adapt to emerging risks and are also required to implement strict controls, such as using Application Programing Interfaces (APIs) solely for AePS transactions to prevent unauthorized access.

Comments

The Guidelines issued by RBI aim to prevent fraud, enhance trust of users, and streamline operations of AePS which will ultimately lead to greater trust in digital banking amongst users in underserved regions. By enhancing fraud prevention, and streamlining operations, these measures pave the way for a more inclusive financial ecosystem. This proactive step also ensures that the digital banking is more actively adopted in the rural regions which have traditionally been less interested in the emerging methods of banking, empowering communities and driving India’s financial inclusion forward.

  • Harsh Walia (Partner) and Rupendra Gautam (Senior Associate)

    For any queries please contact: editors@khaitanco.com

Harsh Walia (partners)

We have updated our Privacy Policy, which provides details of how we process your personal data and apply security measures. We will continue to communicate with you based on the information available with us. You may choose to unsubscribe from our communications at any time by clicking here.

For private circulation only

The contents of this email are for informational purposes only and for the reader’s personal non-commercial use. The views expressed are not the professional views of Khaitan & Co and do not constitute legal advice. The contents are intended, but not guaranteed, to be correct, complete, or up to date. Khaitan & Co disclaims all liability to any person for any loss or damage caused by errors or omissions, whether arising from negligence, accident or any other cause.

© 2024 Khaitan & Co. All rights reserved.

Mumbai

One World Centre
10th, 13th & 14th Floor, Tower 1C
841 Senapati Bapat Marg
Mumbai 400 013, India

Mumbai

One Forbes
3rd & 4th Floors, No. 1
Dr. V. B. Gandhi Marg
Fort, Mumbai 400 001

Delhi NCR (New Delhi)

Ashoka Estate
11th Floor, 1105 & 1106,
24 Barakhamba Road,
New Delhi 110 001, India

Kolkata

Emerald House
1B Old Post Office Street
Kolkata 700 001, India

Bengaluru

Embassy Quest
3rd Floor
45/1 Magrath Road
Bengaluru 560 025, India

Delhi NCR (Noida)

Max Towers,
7th & 8th Floors,
Sector 16B, Noida
Uttar Pradesh 201 301, India

Chennai

8th Floor,
Briley One No.30
Ethiraj Salai
Egmore
Chennai 600 008, India

Singapore

Singapore Land Tower
50 Raffles Place, #34-02A
Singapore 048623

Pune

Raheja Woods
03-108-111, 3 Floor
8, Central Avenue, Kalyani Nagar
Pune - 411 006, India

Gurugram (Satellite Office)

Suite No. 660
Level 6, Wing B,
Two Horizon Center
Golf Course Road, DLF 5
Sector 43, Gurugram
Haryana 122 002, India

Ahmedabad

1506 - 1508, B-Blockr
Navratna Corporate Parkr
Iscon Ambli Road, Ahmedabadr
Gujarat - 380058