Published :
Updated :
For all latest news, follow The Financial Express Google News channel.
Bangladesh Bank (BB) has published the draft 'Payment System Operator (PSO) Regulation 2025'.
This move is set to integrate the regulation with the existing Payment and Settlement Systems Act, 2024.
The central bank recently published the draft regulation seeking public feedback. After consultations with stakeholders, a committee will finalise the regulation.
According to the draft, every PSO must maintain a sufficient balance in its Trust and Settlement Account (TSA) at the close of every business day to fully cover all outstanding merchant liabilities.
Any shortfall in the TSA will attract a significant penalty, defined as the lower amount between Tk 30 lakh or the prevailing Standing Lending Facility (SLF) rate, which is currently 11.50 percent.
Additionally, the directors, CEO, and treasury officers will be held personally liable for any TSA shortfall. If the shortfall continues for more than 14 days, an additional fine of Tk10,000 per day will apply.
PSOs, acting as intermediaries, provide payment channels that facilitate acquiring, processing, and clearing of payment instructions, as well as settlement of obligations. However, they are not permitted to issue e-money, and all settlements must occur through scheduled commercial banks.
Currently, authorised PSO services include merchant acquiring, ATM acquiring, and payment switching. Prominent PSOs operating in Bangladesh include SSLCOMMERZ Ltd, shurjoPay, IT Consultants Ltd, aamarPay, and PayStation.a
To qualify for a licence, according to the regulation, a company must be incorporated under the Companies Act 1994, with payment services explicitly mentioned in its Memorandum of Association.
The licensing process will be completed in two stages - first by obtaining a No Objection Certificate (NOC) and then the main licence. The application fee is Tk 50,000, while the licence fee is Tk 5 lakh. A licensed PSO must commence operations within 120 days, according to the draft.
Minimum capital requirements vary by service type - Tk 1 crore for digital merchant acquiring and up to Tk 20 crore for ATM/CRM services.
Additionally, PSOs must maintain ongoing capital equivalent to 0.3% of their average monthly transaction volume (over the past 12 months) for merchant acquiring and payment initiation, and 0.1% for switching, ATM, and card scheme services.
According to the draft, each PSO must have a board of at least five members, two-thirds of whom must be non-executive directors. The chairman must also be a non-executive member.
Moreover, board members must have a minimum of five years of professional experience and meet integrity standards. Directors cannot be loan defaulters or hold positions in any other PSO simultaneously.
The CEO or managing director must have a graduate degree and five years of experience in finance, payments, fintech, IT, or telecom - including at least two years in a senior leadership role. Appointment of a CEO requires prior approval from Bangladesh Bank, along with a background check, educational verification, and CIB report.
PSOs are required to complete KYC verification for all merchants, maintain written settlement agreements, and ensure that sales proceeds are settled within five working days. Cash settlement is strictly prohibited.
ATM and CRM outlets must be located in secure and accessible areas, with downtime not exceeding 12 hours in urban areas or 24 hours in rural areas without prior approval. A central monitoring system will be mandatory.
As per the draft, each PSO must establish a comprehensive risk management framework covering liquidity, operational, custody, fraud, and money laundering risks. Boards will define risk appetite and strategy, while senior management will oversee implementation, monitoring, and stress testing.
Sponsor shareholders will be prohibited from transferring shares within five years without central bank approval. PSOs will be subject to both off-site and on-site inspections by Bangladesh Bank.
Any customer charges will require prior approval from the central bank, and all transaction data must be preserved for at least 12 years.
If a major operational incident occurs, PSOs must report it within 24 hours, and any data breach must be reported within 72 hours.