Transaction Limit Management for prepaid payments instruments

September 2018

Since 2016, the government has been driving the growth of digital payments in the country. With demonetization, the government provided the required boost to the usage of electronic payments instruments and the largest beneficiary of this move were prepaid payments instrument issuers. PPIs comprising-mobile wallets, smart city cards, transit cards, gift cards, meal cards and e-toll tags grew 76.1 % in volume to INR 3459 million in FY 17- 18. The value of PPI transactions rose 69% to INR 1416.3 billion in FY 17-18. Owning to extensive use of PPIs, various stakeholders have approached the Reserve Bank of India (RBI) for rationalization of certain requirements while providing a well regulated ecosystem. With the increase in PPI transaction volumes across different form factors, the need was felt to revisit the KYC and AML guidelines related to PPIs. Accordingly, with a view to ensure safety and security of PPI transactions, RBI has issued a master circular on issuance and operation of PPIs on 11th October, 2017

Challenges in prepaid limit management:

  • Identification of unique customer across products and partners
  • Management of aggregate limits of customers at issuers level
  • KYC norms for issuance of PPIs were made stringent and few existing type of PPIs were discontinued
  • Conversion of existing PPI instruments into new type of the PPIs
  • Interoperability for full KYC customer PPIs issued in form wallet

The RBI directive has far reaching implications as the mandate not only impacts PPI issuers, but also several other players in the payment value chain such as service providers, co-branding partners.

A fundamental challenge in implementing the RBI mandate is limit management at a transaction level on a near real time basis. Additionally, identifying a unique customer based on differential data sets across different systems adds to the complexity of meeting compliance requirements.

The Circular

  • Objective
  • Unique customer identification & tagging across different channels and partners Tracking aggregate customer limit management at issuer level
  • Quick Facts
  • Compliance by 28 February,2018
  • No remittance without compliance to KYC requirement
  • Prepaid meal instruments to be issued in semi closed electronic form only
  • Audit to be done by CERT-in certified auditor within 2 months of FY closure
  • Set up strong Risk Management Systems
  • 2 FA as required by debit card except transit PPIs

Players impacted & Challenges

The players that may be impacted include, PPIs issuers (Banks/ Non-Bank entities), co-branding partners, payment intermediaries involved in payment processing, authentication, messaging services.

Challenges

The new regulation brings in additional complexities that need to be handled in order to ensure timely adherence to the regulations. Following challenges arise for ppi issuers

  • Identification of unique customer across various sources of origination as same customer can be on-boarded using different touch points and co-branded partners
  • Different data sets exist in different formats across in house/partner systems for the same customer 
  • Complexity in aggregate limit management of customer on real time-
    • Transaction limits i.e. monthly debit, maximum load/reload , loading through cash, fund transfer etc. as defined by RBI across different type of PPIs
    • Transaction limits defined by bank based on customer risk profiles 
  • Management of KYC expiry , upgrade, downgrade and restricting certain transaction types for customers
  • Regulation likely to undergo further changes with evolving eco-system
  • Time constraint as deadline has already passed 

 


How PPI issuance and limit management is done currently?

Bank and Non-Bank entities authorized for issuance and operation of PPIs issued PPIs using below 2 approach: 

I. Direct Issuance & operation:

Customers are sourced and on-boarded by PPI issuers in their system. limit checks, transaction processing and authorization are managed by managed in silos for each system

II. Under co-branding arrangement:

PPI issuers enter into co-branding arrangement with third parties (referred to as partners) for issuance and operation of PPIs instrument. In this arrangement customers are sourced and on-boarded by partners in their systems and limit check, transaction processing and authorization are managed by partners. Customer on-boarding and transaction data are shared by partners in Excel/CSV with PPI issuers at a mutually agreed frequency.

The fundamental issue with these approaches is that the limits and KYC are managed at a partner or product level as opposed to transaction level. This does not comply with the new RBI regulations.

In order to adhere the RBI directives and address the existing challenges faced, PPI issuers are evaluating various options like.

Building up a centralized solution

Building up a centralized solution for PPI limit management across multiple inhouse/partner systems

Enhancing existing

Enhancing existing systems to cater to the requirement

Need of the Hour

The new master regulations on issuance and operation of prepaid instruments put the onus on the issuing banks to ensure adherence by distribution partners, thus bringing in additional complexities for the issuers. In order to comply with RBI regulations, issuing banks need to build processes and solutions supporting multi party collaboration, centralized account and limit management, data deduplication, data extraction and reconciliation. 

How challenges can be addressed

Account Management

  • Maintain the central customer data base inclusive of
    • Registration profile, KYC flag
    • Balance data and applicable limit of all customer at any instance
  • Manage the various life cycle stages of customer relationship

Limit Management

  • Manage aggregated limit (Debit/Credit) for an individual across all PPIs
  • Limit Management for expired PPIs
  • Limit Management for existing PPI type issued in case conversion is not exercised by customer
  • Manage other limit parameters defined by Bank based on risk profile of customers

Customer identification and de duplication

  • Dedupe customers across sources to identify unique customers and assign unique IDs
  • API based integration with partners to share customer information in pre-defined formats

Data extraction

  • Exchange transaction data with partner on near real time using API/File transfer
  • Availability of data ( aggregated for all PPIs) for regulatory reporting and escrow management in pre defined formats

Reconciliation

  • Reconciliation between partners and central system
  • Process to take corrective action in case of limit breach

Conclusion

A centralized limit management system not only allows compliance to regulatory guidelines, it presents an opportunity for issuers to get access to customer information which so far was maintained by partners. This centralized repository of information becomes a tool for enabling cross sell of issuer products to a larger base of customers. Apart from providing a single view of the customer, a centralized solution lends itself to consolidated risk management, easier RBI reporting, escrow reconciliation and MIS reporting. With the deadline for compliance having passed, issuers may need to quickly implement the basic features of deduplication and limit management and continue to make enhancements to realize the complete potential of a centralized PPI limit management solution. The following steps maybe undertaken to overcome the immediate challenges in meeting compliance requirements: 

I. Build a PPI limit management solution:

Players have 2 options for building out a centralized solution

  • Cloud based systems on subscription model using software as a service "SaaS"
  • On-premises systems requiring investment in infrastructure 

II. Integration and migration:

  • API based integration with partner systems
  • Integration between internal bank systems like prepaid wallet, smart city card management system, etoll system
  • Migration of necessary customers and limit data from Partner/Bank systems to PPI limit management system
  • Data harmonization between above mentioned systems 

III. Set up processes:

Issuers need to set up processes for:

  • KYC data exchange with partners at the time of customer onboarding
  • Centralized transaction limit checks specifically for credit transactions on real time basis
  • Reconciliation between Partner and Bank on a daily basis d. Governance and reporting framework for exception scenarios (violation of limits)

Going with Cloud based systems on subscription model using software as a service "SaaS will prove to be sustainable as it allows PPI issuers to focus on core business using existing infrastructure while limiting technology overheads.

Payments Technology Updates

Payment apps seek access to Aadhaar database

Live Mint

The prepaid payments instrument (PPI) industry will write to UIDAI to allow mobile wallet providers to verify customers using their Aadhaar numbers

Read more about this news

RBI plans separate ombudsman for resolving digital payments

Economic Times

RBI now proposes to set up separate ombudsman to deal with complaints regarding digital payments

Read more about this news

IPPB ties up with FSS for Banking and Payment services

BusinessLine

India Post Payments Bank has tied up with Financial Software and Systems (FSS), a leading payments technology and transaction processing systems, to offer a wide range of banking solutions to financially underserved customer segments- especially rural households, small and medium enterprises and women.

Read more about this news


Amazon Pay said to acquire Tapzo in digital payment push

Live Mint

Amazon Pay India, Amazon India’s payments arm, has acquired Bengaluru-based app aggregator Tapzo to ramp up its digital payments business in the country amid increased competition from rivals

Read more about this news

Amazon Pay launches Amazon Pay EMI

Economic Times

Global tech giants “Amazon Pay” riding the digital payments wave in India are now making steady strides into lending, If Google announced early entry into lending through Google Pay now its turn for Amazon.

Read more about this news

With inputs from Mihir Gandhi, Geetika Raheja, Sadanand Ojha, Yashika Kishnani, Rohit Patekar

Contact us

Vivek Belgavi

Vivek Belgavi

Partner and Leader – FinTech, Alliances and Ecosystems, PwC India

Mihir Gandhi

Mihir Gandhi

Partner, Payments Transformation, PwC India

Follow us