Global PPI Regulations
Regulatory frameworks governing Prepaid Payment Instruments across India, Middle East, Southeast Asia, United States, and Europe.
Understanding regional regulatory frameworks is critical for launching compliant prepaid programs. This section covers PPI regulations across major markets where M2P operates.
India — Reserve Bank of India
The RBI regulates PPIs through its Master Direction on Prepaid Payment Instruments (MD on PPIs), issued under the Payment and Settlement Systems Act, 2007 and updated periodically.
PPI Definition & Categories
Updated Definition (RBI Master Direction): Prepaid Payment Instruments (PPIs) are payment instruments that facilitate purchase of goods and services, including financial services, remittance facilities, etc., against the value stored on such instruments. The value stored represents the value paid for by the holders by cash, bank account, credit/debit cards or any other mode specified by the Reserve Bank.
PPI Types & KYC Tiers
| PPI Type | KYC Requirement | Outstanding Balance/Monthly Limit | Cash Withdrawal | Use Case |
|---|---|---|---|---|
| Closed System | Minimal / None | No regulatory cap | Not permitted | Brand wallets, loyalty programs, gift vouchers |
| Semi-Closed (Min KYC) | OTP-validated mobile/email | INR 10,000 outstanding + INR 10,000 monthly transactions | Not permitted | Digital wallets for merchant payments |
| Semi-Closed (Full KYC) | Full KYC per PMLA norms | INR 200,000 outstanding + INR 200,000 monthly transactions | Not permitted | Premium digital wallets with higher limits |
| Open System (Full KYC) | Full KYC mandatory | No specific outstanding limit (subject to issuer's risk assessment) | Permitted (ATM/PoS/BC outlets) | Prepaid debit cards, forex cards, co-branded cards |
Key Regulatory Requirements
| Category | Requirement |
|---|---|
| Issuance | Only banks and authorized non-banks can issue PPIs |
| Interoperability | Full-KYC PPIs must enable interoperability through authorized payment systems (UPI, IMPS, AEPS) |
| Reloadability | All PPIs except gift instruments must be reloadable |
| Validity | Minimum 3 years from date of issuance (or as per product terms for gift cards) |
| Refunds | Balance refund must be permitted for all PPI types on request/closure |
| Cross-border | Semi-closed and open PPIs can be used for cross-border transactions subject to FEMA regulations |
Min KYC PPIs: As per RBI guidelines, PPIs issued with minimum KYC can be funded only from a bank account in India, debit card, credit card, or through other PPIs issued by authorized issuers.
FEMA Regulations for Forex Cards
Forex card programs must comply with the Foreign Exchange Management Act (FEMA) and the Liberalized Remittance Scheme (LRS).
| Parameter | Requirement |
|---|---|
| LRS Limit | Up to USD 250,000 per resident individual per financial year (April-March) |
| Eligible Purposes | Private visits, gifts, donations, going abroad for employment, emigration, maintenance of close relatives abroad, travel for business, medical treatment, education (including fees, hostel expenses etc.) |
| Prohibited Purposes | Purchase of lottery tickets, proscribed magazines, football pools, sweep stakes, participation in forex trading/derivative trading abroad |
| Eligible Currencies | USD, EUR, GBP, AED, JPY, SGD, and other freely convertible currencies as per RBI guidelines |
| Documentation | Passport, visa (where applicable), Form A2 (for education/medical), purpose declaration, TCS compliance |
| TCS Applicability | 20% TCS on forex remittances exceeding INR 7 lakh in a financial year (as per Income Tax Act) |
| Unspent Balance | Can be retained in the card for future foreign travel or surrendered for refund |
| Card Validity | As per issuer's product terms (typically 3-5 years) |
Additional PPI Norms
| Requirement | Details |
|---|---|
| Master-Slave Cards | Issuers can provide add-on/supplementary cards linked to the primary cardholder's account |
| Name Embossing | Required for open system PPIs; optional for semi-closed PPIs |
| Reporting | Monthly reporting to RBI on PPI volumes, values, outstanding balances, and customer complaints |
| Grievance Redressal | Dedicated customer service channels and escalation matrix as per RBI guidelines |
| Data Localization | Payment system data must be stored in India (one copy mandatory) |
Interoperability Requirements
- PPIs must support UPI for interoperable payments
- Integration with NPCI systems mandatory
- Support for Bharat QR and UPI QR codes required
Middle East
Regulatory Authority: Central Bank of UAE (CBUAE)
| Requirement | Details |
|---|---|
| License | Stored Value Facilities (SVF) license from CBUAE |
| Capital | Minimum paid-up capital varies by category |
| KYC/AML | Strict compliance with UAE AML laws and FATF guidelines |
| Data Localization | Customer data stored within UAE or approved jurisdictions |
| Balance Limits | AED 5,000 – AED 50,000 based on KYC tier |
Key Use Cases: Salary disbursement (WPS), digital wallets, remittance services for expatriates.
Regulatory Authority: Saudi Central Bank (SAMA)
| Requirement | Details |
|---|---|
| License | Payment services license from SAMA |
| Network | Mada network integration mandatory |
| Compliance | Shariah compliance for Islamic finance principles |
| KYC/AML | Saudi AML laws and FATF compliance |
Key Use Cases: Cashless economy (Vision 2030), government salary programs, Hajj/Umrah prepaid cards.
Regulatory Authority: Central Bank of Bahrain (CBB)
| Requirement | Details |
|---|---|
| License | PSP or E-Money Institution license |
| Sandbox | Fintech regulatory sandbox available |
| Open Banking | Framework for open banking initiatives |
Key Use Cases: Regional fintech hub, blockchain-friendly innovation, cross-border payment initiatives.
Southeast Asia
Regulatory Authority: Monetary Authority of Singapore (MAS)
License Types under Payment Services Act (2019):
| License | Purpose | Capital Requirement |
|---|---|---|
| Standard Payment Institution | Lower-volume payment services | SGD 100,000 |
| Major Payment Institution | Higher-volume services | SGD 250,000 – SGD 1,000,000 |
| E-Money Issuance | Issuing stored value instruments | Varies by volume |
Notable Features:
- Cross-border payment links with Thailand (PromptPay) and India (UPI)
- Digital bank licenses granted to non-bank players
- Strong fintech sandbox programs
Regulatory Authority: Bank Negara Malaysia (BNM)
| Requirement | Details |
|---|---|
| License | E-Money license from BNM |
| Capital | RM 5 million minimum paid-up capital |
| Interoperability | DuitNow real-time payment integration |
| Compliance | BNM AML/CFT Policy Document |
Market: Touch 'n Go e-wallet dominance, Shariah-compliant prepaid products, Malaysia-Singapore QR interoperability.
Regulatory Authority: Bank Indonesia (BI) & Financial Services Authority (OJK)
| KYC Tier | Balance Limit |
|---|---|
| Unregistered | IDR 2,000,000 |
| Registered | IDR 10,000,000 |
| Full KYC | IDR 20,000,000 |
Requirements: NPG integration mandatory, QRIS QR code support, payment data localization in Indonesia.
Regulatory Authority: Bangko Sentral ng Pilipinas (BSP)
| KYC Tier | Balance Limit |
|---|---|
| Basic/Lite | PHP 50,000 |
| Semi-Verified | PHP 100,000 |
| Fully Verified | PHP 200,000 – PHP 500,000 |
Requirements: E-Money Issuer (EMI) license, PHP 100M minimum capital, PESONet and InstaPay integration.
United States
The US has a fragmented, multi-layered regulatory structure for PPIs.
Federal Regulations
State-Level Requirements
Most states require a Money Transmitter License (MTL). Programs may need licenses in 47+ states depending on business model.
| Requirement | Details |
|---|---|
| Licensing | State-by-state MTL applications |
| Surety Bonds | $25,000 – $7,000,000+ depending on state |
| Net Worth | Minimum tangible net worth requirements |
| Examinations | Regular state examinations and reporting |
| PCI-DSS | Payment Card Industry Data Security Standards |
Europe
EU-Level Frameworks
| Regulation | Scope | Key Provisions |
|---|---|---|
| PSD2 | Payment services across EEA | PI/EMI licensing, SCA, Open Banking, passporting |
| EMD2 | Electronic money issuance | EUR 350,000 initial capital, fund safeguarding, redemption at par |
| GDPR | Data privacy | Consent requirements, data portability, up to 4% turnover penalties |
| AMLD5/6 | Anti-money laundering | CDD, transaction monitoring, PEP screening, beneficial ownership |
Country Highlights
Regulator: Financial Conduct Authority (FCA)
Post-Brexit, the UK retains PSD2/EMD2 in domestic law but no longer supports EU passporting. Separate licenses needed for EU operations. Strong fintech ecosystem with Revolut, Monzo, and Starling.
Regulator: BaFin
Strong consumer protection and data privacy requirements. Home to N26 and Solarisbank with significant digital banking/prepaid offerings.
Regulator: ACPR
EMI license from ACPR required. Full PSD2, EMD2, and GDPR compliance. Strong digital wallet adoption market.
Regulator: De Nederlandsche Bank (DNB)
Business-friendly EMI licensing. Popular choice for fintechs establishing EU headquarters.