RBI Guidelines & Regulatory Compliance

Last updated: April 19, 2026

NexraPay, operated by Nexra Corppe Private Limited, is committed to full compliance with the regulations set forth by the Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), and other regulatory bodies governing digital payments in India.

1. Payment Aggregator (PA) License

NexraPay operates under RBI's framework for the regulation of Payment Aggregators as per the guidelines dated March 17, 2020 (RBI/DPSS/CO.PD/No.1810/02.14.008/2019-20) and subsequent amendments.

• We facilitate payments between customers and merchants as a Payment Aggregator.
• We maintain a nodal/escrow account with a scheduled commercial bank for settling merchant payments.
• All funds are settled to merchants within T+1 business days.

2. KYC (Know Your Customer) Compliance

In accordance with RBI's Master Direction on KYC (updated February 2023):

• Merchant KYC: All merchants undergo mandatory e-KYC before activation. Documents include PAN, Aadhaar, GST certificate, bank account verification, and business registration proof.
• Customer Verification: For AEPS and high-value transactions, Aadhaar-based biometric authentication is mandated.
• Ongoing Due Diligence: Periodic re-verification of merchant KYC on an annual basis.
• Risk Categorization: Merchants are categorized into risk tiers based on business type, transaction volumes, and compliance history.

3. Data Localization

As per RBI's circular RBI/2017-18/153 dated April 6, 2018:

• All payment data (end-to-end transaction details, card data, and customer information) is stored exclusively on servers located in India.
• No payment data is processed or stored outside India.
• Our infrastructure partners are certified for India-based data center operations.

4. Escrow/Nodal Account

As mandated by the RBI PA/PG guidelines:

• Funds collected from customers are held in a designated escrow account with a scheduled commercial bank.
• The escrow account is exclusively used for settling merchant payments.
• No diversions of funds from the escrow account for any purpose other than merchant settlements and refunds.
• Monthly reconciliation of the escrow account is performed and audited.

5. Transaction Limits

• UPI: ₹1,00,000 per transaction (as per NPCI guidelines)
• AEPS Cash Withdrawal: ₹10,000 per transaction, ₹50,000 per day
• DMT: ₹25,000 per transaction, ₹3,00,000 per month per beneficiary
• Wallets: As per respective wallet provider limits (KYC/non-KYC based)

6. Fraud Prevention & AML

In compliance with Prevention of Money Laundering Act (PMLA), 2002:

• Real-time transaction monitoring using AI-driven fraud detection systems
• Suspicious Transaction Reports (STR) filed with FIU-IND as required
• Cash Transaction Reports (CTR) for high-value transactions
• Sanctions screening against government-issued lists (UNSC, OFAC, etc.)
• Velocity checks and anomaly detection on all payment routes

7. Customer Grievance Redressal

As per RBI's Integrated Ombudsman Scheme, 2021:

• Level 1: Customers can raise complaints through our support portal or email at support@nexrapay.nexralink.com. Response within 24 hours.
• Level 2: If unresolved within 30 days, escalate to the Grievance Officer at grievance@nexrapay.nexralink.com.
• Level 3: If still unresolved, customers may approach the RBI Ombudsman through the Complaint Management System (CMS).

8. Merchant Due Diligence

Before onboarding, merchants undergo the following checks:

• Website/app review for compliance with consumer protection laws
• Verification of business registration (CIN/LLP/MSME/GST)
• Background check on directors/proprietors
• Assessment of business model for legality and risk
• Ongoing monitoring of transaction patterns for suspicious activity

9. Security Standards

• PCI DSS Level 1: Highest level of payment card industry security compliance
• ISO 27001: Information Security Management System framework
• AES-256-GCM: Encryption standard for data at rest
• TLS 1.2+: Secure communication protocol for data in transit
• VAPT: Quarterly Vulnerability Assessment and Penetration Testing

10. Regulatory References

• RBI Guidelines on Regulation of Payment Aggregators & Payment Gateways (March 2020)
• RBI Master Direction – KYC Direction, 2016 (Updated 2023)
• RBI Circular on Storage of Payment System Data (April 2018)
• NPCI (National Payments Corporation of India)
• Digital Personal Data Protection Act (DPDP), 2023

11. Nodal Officer

As required under RBI PA guidelines:

• Name: Nodal Officer, Nexra Corppe Pvt. Ltd.
• Email: nodal@nexrapay.nexralink.com
• Phone: +91 62011 47648
• Address: Nexra Corppe Private Limited, Office No. 11, Siddharth Street, Siddarth Vihar, Ghaziabad, UP – 201009