RBI Bolsters AePS Onboarding Rules Aligned with KYC to Boost Security

The Reserve Bank of India (RBI) has issued new directives to strengthen security for Aadhaar-enabled Payment System (AePS) touchpoint operators. Effective from January 1, 2026, these measures require banks to apply the same due diligence and Know Your Customer (KYC) standards for operators as for regular customers.

KYC for Long-Inactive Operators

Banks must re-verify the KYC of an AePS operator if they remain inactive for three consecutive months. This ensures only verified operators can resume transactions, reducing the risk of fraud.

Leverage Existing Verifications

If an operator has already undergone due diligence as a business correspondent or sub-agent, banks may rely on that process. The new rules standardize onboarding across AePS.

Also Read About: PSU Banks Lag in Data Accuracy & Timeliness, Despite Leading in Completeness: RBI’s New Supervisory Index

Continuous Monitoring and Risk-Based Limits
Banks must:

• Continuously monitor operator activity using transaction monitoring tools.
• Define operational parameters—such as location, transaction volume, and velocity—based on each operator’s risk profile.
• Periodically review parameters to stay ahead of evolving fraud patterns.

Compliance Under Legal Mandate

RBI issued the final guidelines under the Payment and Settlement Systems (PSS) Act, 2007, reflecting a strategy to combat rising identity-theft and credential-related fraud in AePS transactions.

Protecting Customer Trust in Digital Payments

RBI introduced these reforms following its February 8, 2024, policy statement on fraud prevention. The goal is to enhance confidence in the AePS framework and safeguard rural customers accessing financial services via biometric authentication.

About AePS & RBI Initiatives
The Aadhaar-enabled Payment System (AePS), managed by NPCI, allows banking services—like cash withdrawal, balance checks, and fund transfers—using Aadhaar and biometric or OTP authentication. RBI’s new rules aim to secure this system by treating operators with the same scrutiny as banking customers during onboarding and ongoing operations.