In June 2025, Mumbai (Maharashtra) Reserve Bank of India (RBI) issued final guidelines for the due diligence of Aadhaar Enabled Payment System (AePS) Touchpoint Operators(ATOs) to streamline onboarding and enhance fraud risk management. These new guidelines will come into force from January 01, 2026.
- These guidelines are issued under the Payment and Settlement Systems (PSS) Act, 2007, to safeguard customers from identity theft and maintain trust in the AePS.
- In July 2024, RBI issued final draft guidelines on AePS due diligence for public and stakeholder feedback.
Note: AePS is operated by Mumbai based National Payments Corporation of India (NPCI), provides interoperable transactions using Aadhaar-enabled authentication.
Key Points:
i.Define ATO: The new guidelines have defined ATO as an individual onboarded by the acquiring bank who operates the AePS touchpoint, using Aadhar number and biometrics or One-Time Password (OTP) authentication.
ii.Compulsory due diligence: Acquiring banks are now required to conduct due diligence before onboarding ATOs, in line with the Customer Due Diligence (CDD) or Know Your Customer (KYC) norms outlined in RBI’s ‘Master Direction – Know Your Customer(KYC), 2016’.
- However, in a case where ATO has already undergone KYC as a Business Correspondent (BC) or sub-agent, that can be adopted.
iii.Re-KYC for inactive ATOs: As per RBI’s guidelines, if an ATO remains inactive for 3 consecutive months, which means no financial transaction has been carried out for a customer during this time period, then, in such case, acquiring bank is required to carry out KYC of ATO before allowing him/her to resume operations.
iv.Enhanced Risk Management: Acquiring banks are required to monitor the activities of ATOs through their transaction monitoring systems on an ongoing basis.
- They should also consider operational parameters like: location, type of ATO, volume and velocity of transactions, among others, based on the business risk profile of the ATOs and integrate them in their respective fraud risk management framework.
- These operational parameters should be reviewed on a periodic basis, indicating emerging fraud risks.
Recent Related News:
In May 2025, RBI has relaxed norms for Foreign Portfolio Investors (FPIs) to buy local corporate bonds by removing “short-term debt investment limits” and the ‘concentration limits’, aimed at providing greater ease of investment to FPIs.
- As per RBI directions, all these new rules came into force with immediate effect.
