info@arridae.com 9019854583

RBI Guidelines Overview

On March 17, 2020, the Reserve Bank of India (RBI) introduced comprehensive guidelines for regulating Payment Aggregators (PA) and Payment Gateways (PG). These guidelines require entities to obtain RBI authorization to facilitate merchant payments within specified transaction timelines.
RBI Circular


The "Guidelines on Regulation of Payment Aggregators and Payment Gateways" focus on:

  1. Regulating all activities of payment aggregators.
  2. Establishing baseline technology and cybersecurity standards for payment gateways.

These measures aim to enhance the security, efficiency, and transparency of the payments ecosystem.

Indicative baseline technology-related recommendations for adoption by the PAs (mandatory) and PGs (recommended) are

  • Information Security Governance
  • Data Security Standards
  • Security Incident Reporting
  • Comprehensive Security Assessment during Merchant Onboarding
  • Cyber Security Audit and Reports: Quarterly Internal Audits, Annual External Audit Reports, Bi-Annual Vulnerability Assessment / Penetration Test (VAPT) reports, PCI-DSS including Attestation of Compliance (AOC) & PCI-DSS including Report of Compliance (ROC) compliance report
  • Board Approved Information Security Policy
  • Board Approved IT Governance Policy
  • IT Steering Committee
  • Enterprise Information Model
  • Cyber Crisis Management Plan
  • Enterprise Data Dictionary
  • Risk Assessment
  • Access to Application
  • Competency of Staff
  • Vendor Risk Management
  • Maturity and Roadmap
  • Cryptographic Requirement
  • Forensic Readiness
  • Data Sovereignty
  • Data Security in Outsourcing
  • Payment Application Security

At Arridae Infosec, we specialize in assisting organizations in understanding and complying with these RBI guidelines. As a CERT-In Empanelled Security Auditor, we offer expertise in interpreting, managing, and implementing the cybersecurity and compliance requirements outlined in the RBI's March 2020 guidelines.

OUR SERVICE

Our RBI PA and PG Audit service focuses on helping organizations meet these regulatory standards through a structured, efficient, and thorough audit process.

Key Features of Our Service:

  1. Comprehensive Audit:
    • We perform an in-depth audit of your organization’s data storage, processing, and transmission mechanisms to ensure compliance with RBI PA and PG Audit requirements.
    • Our team of experienced auditors reviews end-to-end data flow, ensuring that all customer data, transaction records, and other relevant information are stored locally as per the guidelines.
  2. Gap Analysis and Risk Assessment
    • We identify potential areas of non-compliance and security gaps in your data storage systems.
    • Our auditors evaluate the risks associated with the existing data management practices and provide actionable insights on mitigating risks and closing any gaps.
  3. Internal Controls Review
    • We assess the adequacy of internal controls and security protocols related to data access and management.
    • This includes reviewing encryption protocols, access controls, and user privileges to ensure compliance with data security best practices.
  4. Regulatory Compliance Documentation
    • Our service ensures that all necessary compliance documentation, is prepared and submitted to RBI as per the stipulated timelines.
    • We assist in filing reports, audit trails, and other necessary documentation, ensuring seamless interaction with regulators.
  5. Recommendations and Remediation Support
    • After identifying gaps or vulnerabilities, we provide detailed recommendations on how to enhance your systems to meet RBI compliance standards.
    • Our team can assist in implementing necessary changes and ensure continuous monitoring for future compliance.
  6. Follow-up Audits
    • In cases where corrective actions are needed, we conduct follow-up audits to ensure that all recommended measures are properly implemented.
    • We also help prepare your organization for future audits and compliance checks by the RBI