The Reserve Bank of India escalated its supervisory actions against Paytm Payments Bank Limited in the fourth quarter of 2023, barring the entity from onboarding new merchants in November 2023, following the imposition of a Rs 5.39 crore monetary penalty in October 2023 for non-compliance with Know Your Customer norms, licensing conditions, and cybersecurity framework requirements. The regulatory actions represented an intensification of the RBI's concerns regarding systemic compliance deficiencies at one of India's largest payments banks.
Background
Paytm Payments Bank Limited, promoted by One97 Communications Ltd., had been granted a payments bank licence by the RBI and commenced operations in 2017. As a payments bank, PPBL was subject to the full suite of RBI regulations applicable to banking entities, including the RBI (Know Your Customer) Directions, 2016, the Guidelines for Licensing of Payments Banks, and the Cybersecurity Framework for Banks.
The RBI had been engaged in supervisory dialogue with PPBL over a sustained period regarding compliance deficiencies. The October 2023 penalty was imposed for violations spanning multiple regulatory domains. Critically, the RBI's supervisory examination had identified instances where multiple accounts were linked to the same Permanent Account Number, with over a thousand users reportedly sharing a single PAN — a finding that raised serious anti-money laundering concerns. Additionally, multiple accounts had been opened without adequate identification verification, potentially facilitating the layering of illicit funds.
Key Provisions
The RBI's supervisory actions through late 2023 encompassed the following measures:
Monetary penalty: A penalty of Rs 5.39 crore was imposed in October 2023 for non-compliance with KYC directions, payments bank licensing guidelines, and the cybersecurity framework for banks.
Merchant onboarding restriction: In November 2023, PPBL was barred from onboarding new merchants, restricting the growth of its payment acceptance network.
Compliance deficiencies identified: The RBI's findings included: (a) inadequate KYC verification for account openings, (b) multiple accounts linked to identical identification documents, (c) non-compliance with related party transaction norms, and (d) deficiencies in the cybersecurity framework.
Ongoing supervisory engagement: The RBI continued its supervisory review of PPBL's remediation efforts, with the indication that further regulatory action could follow if compliance was not achieved.
Implications for Practitioners
The Paytm Payments Bank matter carries significant implications for the fintech regulatory landscape. Banking and payments law practitioners should note that the RBI's approach demonstrates a willingness to impose graduated and escalating regulatory consequences — from monetary penalties to business restrictions — when compliance deficiencies persist despite supervisory dialogue.
For fintech entities operating under RBI licences, the case underscores the non-negotiable nature of KYC and anti-money laundering compliance. The finding of shared PANs across thousands of accounts suggests systemic weaknesses in automated onboarding processes, a warning for all digital-first banking platforms that prioritise customer acquisition velocity over verification rigour.
Compliance officers at payments banks and small finance banks should conduct proactive assessments of their KYC infrastructure, ensuring that technology systems are calibrated to detect and prevent the opening of multiple accounts with identical or suspicious identification details. The RBI's graduated enforcement approach suggests that early self-identified remediation carries better regulatory outcomes than post-inspection correction.