FEMA & RBI · NBFC & Financial Services Licensing
FFMC Licence & Fintech Regulatory Advisory
Money changing and fintech are two of the most tightly supervised activities the Reserve Bank of India regulates — because both sit directly on the payment and foreign exchange rails of the economy.
Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986
Money changing and fintech are two of the most tightly supervised activities the Reserve Bank of India regulates — because both sit directly on the payment and foreign exchange rails of the economy. A Full Fledged Money Changer (FFMC) licence lets you buy and sell foreign currency notes, coins, and travellers' cheques and issue prepaid forex cards to resident and non-resident travellers under the RBI's Master Direction on Money Changing Activities. Fintech businesses — payment aggregators, lending platforms, wallet operators, BNPL providers, neobank-style layers over bank rails — operate in an area where the RBI has progressively tightened the regulatory perimeter since 2020, and where the line between a permitted technology-services arrangement and an activity requiring a licence is easy to cross without realising it. At PNPC Global, our FEMA & RBI practice has advised on cross-border and regulated-financial-services structuring since 1986, with offices in Chennai, Bangalore, Hyderabad, and Dubai giving us a distinct vantage point on India-UAE money flows and remittance-linked fintech models. This service covers FFMC licence applications (Category I, II and III), franchisee and money-transfer agent arrangements, and end-to-end fintech regulatory advisory — helping you identify which RBI framework applies to your model, structure the entity and net-owned-fund position correctly, and stay compliant once you are operating.
What it costs
No hidden charges. The exact figure is set in your engagement letter.
A Full Fledged Money Changer (FFMC) is an entity authorised by the Reserve Bank of India under Section 10(1) of the Foreign Exchange Management Act, 1999 to undertake both purchase and sale of foreign exchange from and to the public — primarily foreign currency notes, coins, and travellers' cheques, and, where separately permitted, issuance and reload of prepaid forex cards. The framework is set out in the RBI's Master Direction on Money Changing Activities, which is updated periodically and consolidates all circulars on the subject. FFMC authorisation comes in three categories. A Category I (full-fledged) licence permits both purchase and sale of foreign exchange. A Category II licence, called a Restricted Money Changer (RMC), permits purchase of foreign currency only — typically issued to established travel agents, hotels, and similar entities as a facilitation measure, and does not permit sale of foreign exchange. Category III (also referred to as a Franchisee arrangement) is not a standalone RBI authorisation at all — it is a business arrangement in which an existing Category I FFMC or an Authorised Dealer Category-I bank appoints a franchisee to conduct restricted money-changing business (purchase of foreign currency and sale of forex to outbound travellers up to prescribed limits, under the principal's registration and supervision) — the franchisee itself is not directly licensed by RBI.
The eligibility bar for a Category I FFMC licence is deliberately high: the applicant must be a company registered under the Companies Act 2013 (Section 8/not-for-profit or other special-purpose entities are not eligible), with a minimum Net Owned Fund (NOF) prescribed by RBI's Master Direction (the specific figure is set out in the current Direction and periodically revised — PNPC confirms the exact applicable NOF threshold at the time of your application), and the promoters and directors must satisfy RBI's 'fit and proper' criteria — no history of default with banks or financial institutions, no conviction for an offence involving moral turpitude, and a clean regulatory track record. Applications are made to the Regional Office of the RBI's Foreign Exchange Department having jurisdiction over the applicant's registered office, along with a detailed business plan, projected financials, and a KYC/AML policy framework compliant with RBI's Master Direction on KYC.
Fintech regulatory advisory is a distinct but often adjacent practice area — many FFMC and money-transfer businesses now sit alongside a technology platform, and conversely many technology-first fintech companies discover mid-build that a piece of their product touches a regulated activity. The RBI regulatory perimeter for fintech includes several distinct frameworks depending on the business model: Payment Aggregators and Payment Gateways are regulated under RBI's Guidelines on Regulation of Payment Aggregators and Payment Gateways (with PAs requiring RBI authorisation above prescribed transaction-processing thresholds, under the Payment and Settlement Systems Act, 2007); Non-Banking Financial Companies (NBFCs) undertaking digital lending are governed by RBI's Digital Lending Guidelines (requiring lending to flow directly between the borrower's bank account and the regulated entity's account, disclosure of the ultimate lender, and a cooling-off period, among other requirements); Prepaid Payment Instrument (PPI) issuers — wallets and prepaid cards — require authorisation under the PSS Act; Account Aggregators require a separate NBFC-AA Certificate of Registration; and Peer-to-Peer lending platforms require an NBFC-P2P Certificate of Registration. A purely technology-services arrangement — where a fintech company builds software for a regulated bank or NBFC and never touches customer funds, never takes credit risk, and does not hold a data or lending relationship in its own name — can often operate without a direct RBI licence, but the line is fact-specific and RBI has issued repeated advisories (including on digital lending apps and 'buy now pay later' arrangements) narrowing what qualifies as pure technology support.
Why this combination matters commercially: an FFMC that also wants to offer app-based forex ordering, wallet top-ups, or remittance-adjacent features needs both frameworks read together — RBI treats money changing and payment system operation as separate authorisations even when delivered through one app. Equally, a fintech startup that assumes its lending-as-a-service or BNPL model is 'just technology' and later discovers RBI treats it as requiring an NBFC licence or a Digital Lending Guidelines-compliant restructuring faces a materially more expensive fix than getting the regulatory classification right at the design stage. PNPC's role is to map your actual business model — not your pitch deck description of it — against the applicable RBI framework before you build, launch, or scale, and to carry that clarity through into the licence application, NOF planning, KYC/AML policy design, and ongoing regulatory reporting once you are operating.
When this service applies to you
You operate or plan to operate a travel, tourism, hospitality, or currency exchange business and want to buy and sell foreign currency notes, coins, and travellers' cheques to the public under an RBI-authorised FFMC licence
You are a travel agent or hotel that wants to purchase foreign currency from outbound and inbound travellers under a Restricted Money Changer (Category II) authorisation, without needing full FFMC status
You are an existing Category I FFMC or an Authorised Dealer bank's money-changing partner and want to appoint or become a Franchisee (Category III) under RBI's franchisee scheme
You are building a fintech product — payment aggregation, digital lending, a prepaid wallet, an Account Aggregator, or a P2P lending platform — and need clarity on which RBI licence, if any, applies to your specific model before you build or raise funding
Your fintech company works with a bank or NBFC as a technology or servicing partner and you need an independent assessment of whether your arrangement stays within the 'outsourcing/technology support' boundary or has drifted into requiring its own RBI authorisation
You already hold an FFMC or fintech-adjacent RBI authorisation and need help with the annual compliance calendar — NOF maintenance, KYC/AML audits, RBI inspections, periodic returns, and renewal of authorisation
You are acquiring or investing in an existing FFMC, payment aggregator, or NBFC and need regulatory and 'fit and proper' due diligence before the transaction closes
You are a UAE-based exchange house, remittance business, or fintech company evaluating an India entry and need the RBI licensing pathway mapped against your existing UAE Central Bank-regulated structure
When another PNPC service is a better starting point
You only need to receive or send occasional personal remittances under the Liberalised Remittance Scheme — that is a banking transaction through your Authorised Dealer bank, not a licence you need to hold yourself
Your fintech idea is still at the concept stage with no regulatory classification question yet — start with our general business structuring advisory before this specialist regulatory scoping engagement
You need a specific FC-GPR, FC-TRS, or FIRMS portal filing for a foreign investment transaction that has already been structured correctly — our FC-GPR, FC-TRS & FIRMS Portal Reporting service handles that filing directly
You are setting up a standard NBFC for lending, investment, or asset finance with no money-changing or payment-systems element — our dedicated NBFC Registration, Annual Compliance & Takeover Advisory service is scoped precisely for that
You need Microfinance Institution or Housing Finance Company registration specifically — our Microfinance & Housing Finance Company Registration service covers those NBFC sub-categories directly
You have a known past FEMA contravention that needs regularisation through RBI compounding — our FEMA Due Diligence & Compounding Application Support service is the right engagement for that
FFMC categories and related RBI-regulated fintech authorisations compared
| Feature | FFMC Category I | FFMC Category II (RMC) | FFMC Category III (Franchisee) | Payment Aggregator (PA) | NBFC (Digital Lending) |
|---|---|---|---|---|---|
| Governing framework | FEMA Sec 10(1) + RBI Master Direction on Money Changing Activities | Same Master Direction — restricted scope | RBI Franchisee Scheme under the same Master Direction | PSS Act 2007 + RBI PA-PG Guidelines | RBI Act 1934 + Digital Lending Guidelines |
| Who can apply | Company under Companies Act 2013 | Travel agents, hotels, other eligible entities | Not a direct RBI applicant — appointed by a Category I FFMC/AD bank | Company under Companies Act 2013 (bank or non-bank) | Company seeking NBFC Certificate of Registration |
| Activity permitted | Purchase AND sale of forex, TCs, and (if permitted) prepaid forex cards | Purchase of foreign currency only — no sale | Purchase of forex + restricted sale to outbound travellers under principal's licence | Facilitate online payment collection between payer and merchant | Extend credit digitally, directly from own or co-lender's books |
| Direct RBI authorisation | Yes — Certificate of Authorisation issued | Yes — restricted Certificate of Authorisation | No — operates under principal's authorisation and agreement | Yes — RBI authorisation required above processing thresholds | Yes — NBFC Certificate of Registration |
| Net Owned Fund requirement | Prescribed minimum under Master Direction — confirmed at application | Lower/no separate NOF typically required — confirm current norms | Not applicable — no separate NOF; governed by franchise agreement | Prescribed net worth under PA-PG Guidelines, escalating over transition period | Prescribed minimum NOF under NBFC regulatory framework |
| KYC/AML obligations | Full KYC per RBI Master Direction on KYC; STR/CTR reporting to FIU-IND | Full KYC on purchase transactions | KYC responsibility largely with the principal FFMC/AD bank | Merchant and payer due diligence; nodal/escrow account discipline | Borrower KYC, credit appraisal, and Digital Lending Guidelines disclosures |
| Typical applicant profile | Forex bureaux, travel & tourism companies, exchange houses expanding to India | Established travel agents and hotels | Smaller operators wanting to offer forex without full licensing | E-commerce, SaaS, and marketplace platforms collecting payments for merchants | Fintech lenders, BNPL platforms, digital-first NBFCs |
| Renewal / ongoing filings | Periodic returns to RBI Regional Office; renewal of authorisation as prescribed | Periodic returns; renewal as prescribed | Governed by franchise agreement term and principal's own renewal | Periodic reporting to RBI; annual system audit | Statutory NBFC returns (NBS series), annual RBI inspection readiness |
This table gives directional guidance only. RBI's Master Directions on money changing, payment aggregation, and digital lending are each periodically revised, and the exact Net Owned Fund thresholds, transaction limits, and transition timelines applicable to your application must be confirmed against the current Master Direction at the time of filing. PNPC verifies the live regulatory position before every engagement — do not rely on figures quoted in older articles or by unrelated advisors.
| # | Stage & What PNPC Does | What Generic Advisors Miss | Timeline |
|---|---|---|---|
| 1 | Business Model Classification Call — What are you actually doing, not what you call it | Before discussing any licence, we map your actual cash/data/credit flow: do you take custody of customer funds even momentarily? Do you extend credit in your own name or merely refer to a lender? Do you handle forex notes physically or only facilitate a bank's forex service digitally? The RBI classifies activity by substance, not by the branding on your app. Generic advisors often accept the founder's own characterisation of the business without independently testing it against RBI's framework. | Week 1 |
| 2 | Regulatory Framework Mapping | We identify precisely which RBI framework (or combination) applies — FFMC Master Direction, PA-PG Guidelines, Digital Lending Guidelines, PPI Master Direction, NBFC-AA framework, or NBFC-P2P framework — and flag any activity that sits outside RBI's perimeter entirely (in which case no licence is needed, but the business must be structured to stay outside it). We also flag where a single product touches two frameworks simultaneously, a common and easily missed scenario. | Week 1–2 |
| 3 | Entity & Net Owned Fund Structuring | For FFMC and NBFC-track applications, the applicant must be a properly capitalised company meeting the prescribed Net Owned Fund at the time of application — not merely at some future date. We work backward from the current NOF requirement to advise on paid-up capital, free reserves, and permissible deductions (accumulated losses, intangible assets) that determine your actual NOF for RBI's purposes. | Week 2–4 |
| 4 | Promoter & Director 'Fit and Proper' Review | RBI scrutinises promoters and directors for prior loan defaults, cheque bounce history, criminal antecedents, and any adverse regulatory history with RBI, SEBI, IRDAI, or other regulators. We conduct this review internally before filing — a fit-and-proper issue discovered by RBI after submission causes rejection and a mandatory cooling period before re-application; discovered by us beforehand, it can often be addressed or explained proactively. | Week 2–4, parallel to Stage 3 |
| 5 | Business Plan & Financial Projections Drafting | RBI requires a detailed business plan — projected volumes, geographic branch/outlet plan, technology infrastructure, staffing, and financial projections for at least the first three years. A generic template business plan is a common rejection trigger; we draft one grounded in your actual operating plan and defensible assumptions. | Week 3–5 |
| 6 | KYC / AML / PMLA Policy Design | Every FFMC and payment-systems applicant must submit a Board-approved KYC/AML policy compliant with RBI's Master Direction on KYC and the Prevention of Money Laundering Act, 2002 — covering customer due diligence tiers, Suspicious Transaction Report (STR) and Cash Transaction Report (CTR) triggers, record retention, and a designated Principal Officer for FIU-IND reporting. We draft this policy specific to your operating model, not a copy-pasted template. | Week 4–6 |
| 7 | Application Compilation & Filing | The complete application — company documents, NOF certificate from a Chartered Accountant, business plan, KYC/AML policy, promoter/director declarations and documents, premises details for each proposed outlet — is compiled and filed with the jurisdictional RBI Regional Office (for FFMC) or the relevant RBI department (for payment systems/NBFC authorisations). | Week 6–7 |
| 8 | RBI Query Handling & Clarifications | RBI Regional Offices and departments raise queries on almost every first-time application — on NOF computation, premises suitability, business plan assumptions, or promoter background. We manage every query round directly with RBI, drafting responses that are complete and precise the first time, since repeated incomplete responses materially slow the process. | Week 8–16, varies by RBI office workload and query complexity |
| 9 | Premises Inspection (FFMC-specific) | For FFMC applications, RBI or its designated inspecting authority may require a physical inspection of the proposed money-changing premises to confirm security arrangements, signage compliance, and record-keeping infrastructure. We prepare the premises and the team for this inspection in advance. | As scheduled by RBI, typically within the query-handling window |
| 10 | Certificate of Authorisation / Registration Issuance | On RBI's satisfaction, the Certificate of Authorisation (FFMC) or Certificate of Registration (NBFC/payment systems track) is issued, specifying the permitted activities, any conditions attached, and the branches/outlets covered. | Overall realistic timeline from complete application to authorisation: several months, and can extend further depending on RBI's contemporaneous workload and the complexity of the promoter/business profile — PNPC sets expectations honestly rather than promise a fixed date |
| 11 | Post-Authorisation Operational Setup | We assist with setting up the operational compliance infrastructure — Principal Officer designation and FIU-IND registration, transaction record formats, the periodic return formats RBI requires (money-changing turnover returns, payment system reporting, or NBFC returns as applicable), and staff training on KYC/AML procedures before the first live transaction. | Immediately following authorisation |
| 12 | Ongoing Regulatory Compliance Calendar | Authorised entities face recurring obligations: periodic RBI returns, an annual system/concurrent audit (for payment aggregators), continued NOF maintenance (for FFMC/NBFC), KYC/AML policy review, and readiness for RBI's periodic on-site inspection. PNPC builds this into an annual compliance calendar so nothing is missed after the licence is in hand. | Ongoing, reviewed annually |
| 13 | Renewal, Expansion & Change Management | Adding a new outlet, changing promoters or directors, or expanding the scope of authorised activity each require RBI intimation or approval, depending on the change. We manage these change-of-particulars filings as your business evolves, and handle authorisation renewal within the prescribed window before expiry. | As needed through the life of the authorisation |
FFMC and RBI fintech authorisation timelines are governed by RBI's own processing pace, which PNPC does not control and which varies meaningfully by Regional Office workload, promoter profile complexity, and the completeness of the first submission. A realistic range for a straightforward FFMC application from complete documentation to Certificate of Authorisation is several months; complex fintech authorisations (payment aggregator, NBFC) can take longer. PNPC's role is to eliminate every self-inflicted delay — incomplete documents, weak business plans, unresolved fit-and-proper issues — so that RBI's own processing time is the only variable left.
Certificate of Incorporation and Memorandum & Articles of Association of the applicant company — must be a company registered under the Companies Act 2013
Board resolution authorising the FFMC/fintech licence application and naming the authorised signatory
Complete shareholding pattern and group corporate structure chart, including any overseas holding company or affiliate
PAN, CIN, GST registration, and (if applicable) existing RBI/SEBI/IRDAI registration details of the applicant or its group entities
Audited financial statements for the preceding three years (or since incorporation, if a newer company), certified by the statutory auditor
Net Owned Fund computation certified by a practising Chartered Accountant, applying the current RBI-prescribed method (paid-up capital plus free reserves, less accumulated losses and specified intangible/deferred items)
Bank statements and fixed deposit certificates evidencing the capital infusion supporting the NOF, where recently infused
Source-of-funds declaration for share capital, particularly where funded by promoters' personal funds, group company transfers, or foreign investment (which separately triggers FDI/FEMA reporting)
Auditor's certificate confirming no diminution of the certified NOF between the certification date and the application filing date
PAN and Aadhaar (or passport, for foreign nationals) of every promoter and director
Detailed profile / CV of each promoter and director, demonstrating relevant business or financial-sector experience where available
Declaration of no default with any bank, financial institution, or NBFC, and no conviction for an offence involving moral turpitude or economic offence
Credit Information Company report (CIBIL or equivalent) for each promoter/director, where required by the specific RBI framework
Declaration of directorships and shareholdings held in any other RBI-regulated entity, to assess concentration and conflict-of-interest concerns
Detailed business plan covering the proposed scope of activity, target customer segments, geographic branch/outlet plan, and three-year financial projections
Technology infrastructure description — for fintech applicants, this includes system architecture, data security measures, and (for payment systems) escrow/nodal account arrangements with the settlement bank
Board-approved KYC/AML/PMLA policy, including customer due diligence tiers, STR/CTR trigger thresholds, record retention procedures, and the designated Principal Officer
Premises details for each proposed FFMC outlet — ownership/lease proof, floor plan, and security arrangement description (CCTV, safe/vault, signage compliance)
Draft customer-facing agreements, terms of service, and (for payment aggregators) merchant onboarding and settlement agreements
Franchise agreement between the principal Category I FFMC/AD bank and the proposed franchisee, specifying scope of activity, transaction limits, and supervisory responsibilities
Principal's own Certificate of Authorisation, confirming it is currently valid and covers the franchisee arrangement
Franchisee's premises and KYC infrastructure details, as required by the principal's own RBI-approved franchisee scheme
Board resolution of the franchisee entity approving the franchise arrangement
Detailed note on the proposed lending/data-sharing model, specifically addressing how it aligns with RBI's Digital Lending Guidelines (direct disbursal to/from borrower account, disclosure of lender identity, cooling-off period) or the Account Aggregator / P2P framework as applicable
Information Technology and cybersecurity policy, including data storage and consent-architecture details for Account Aggregator applicants
Co-lending or Lending Service Provider (LSP) agreements, if the business model involves partnering with a bank or another NBFC rather than lending purely on own books
Grievance redressal mechanism and Fair Practices Code, as required for NBFC-track authorisations
Certificate of Incorporation of the overseas parent/promoter entity, apostilled or consularised as applicable
Board resolution of the overseas entity authorising the Indian investment/promotion, apostilled or notarised
FDI reporting compliance evidence (FC-GPR filed on the RBI FIRMS portal) for any equity investment already received from the overseas promoter
UAE Central Bank licence or equivalent regulatory authorisation held by the overseas group entity, where relevant to demonstrate group regulatory standing
| Phase | Triggered By | PNPC CA Guidance | Risk If Ignored |
|---|---|---|---|
| Pre-Application Structuring | Decision to enter money-changing or a regulated fintech activity | Business model classification against the correct RBI framework, entity structuring, Net Owned Fund planning, and promoter fit-and-proper pre-review before any application is drafted. | Filing under the wrong framework or with an under-capitalised entity leads to rejection, wasted time, and a mandatory cooling period before re-application in some cases. |
| Application & RBI Review | Documentation ready | Complete, RBI-ready application compilation; proactive query handling; premises inspection preparation for FFMC applicants. | Incomplete or weak applications generate repeated RBI query rounds, each adding weeks to months of delay, and increase the risk of outright rejection. |
| Authorisation Received — Operational Launch | Certificate of Authorisation/Registration issued | Principal Officer designation and FIU-IND registration, transaction record-keeping systems, KYC/AML staff training, and periodic return format setup before the first live transaction. | Operating without the required FIU-IND registration or without a compliant KYC process from day one is itself a fresh compliance breach, independent of holding a valid licence. |
| Ongoing Operations | Business as usual | Periodic RBI returns (money-changing turnover data, payment system reporting, or NBFC NBS returns as applicable), continued NOF maintenance, KYC/AML policy currency, STR/CTR filing discipline. | Missed periodic returns and NOF shortfalls are flagged in RBI's supervisory review and can trigger show-cause proceedings, restriction on fresh business, or in serious cases, cancellation of authorisation. |
| RBI Inspection | Scheduled or surprise on-site/off-site inspection | Pre-inspection readiness review, document organisation, and representation during the inspection process; remediation plan for any observations raised. | Adverse inspection findings left unaddressed can escalate to restrictions on business, monetary penalty, or referral for cancellation of the Certificate of Authorisation. |
| Expansion / Change of Particulars | New outlet, new product feature, change in promoters or directors | Change-of-particulars filing with RBI, fresh fit-and-proper review for incoming promoters/directors, and assessment of whether the expanded activity requires an additional or amended authorisation. | Operating an unapproved outlet or an activity outside the authorised scope (e.g., an FFMC quietly adding payment-aggregation features) is treated as unauthorised business and can jeopardise the existing licence. |
| Renewal | Authorisation validity period approaching expiry | Renewal application prepared and filed within RBI's prescribed window, incorporating any regulatory framework changes issued since the original authorisation. | Lapsed authorisation halts the business entirely until re-authorised, and a gap in valid authorisation can itself trigger regulatory scrutiny of transactions conducted in the interim. |
| Exit / Surrender / Cancellation | Business wind-down, M&A, or voluntary exit | Formal surrender application to RBI, closure of nodal/escrow accounts, final periodic return filing, and record-retention compliance for the prescribed post-closure period. | An authorisation not formally surrendered can continue to attract periodic-return obligations and inspection exposure even after the business has effectively ceased operating. |
What exactly is an FFMC and who needs one?
A Full Fledged Money Changer (FFMC) is a company authorised by the Reserve Bank of India under Section 10(1) of FEMA, 1999 to purchase and sell foreign currency notes, coins, and travellers' cheques from and to the public, and — where separately permitted — to issue and reload prepaid forex cards. You need this authorisation if your business model involves buying or selling physical foreign currency or travellers' cheques directly with retail customers, such as a forex bureau, a currency exchange counter at an airport or hotel, or a travel company offering forex services alongside its core business.
What is the difference between Category I, Category II, and Category III FFMC authorisation?
Category I (full-fledged) permits both purchase and sale of foreign exchange and is the only category that allows a standalone business built entirely around money changing. Category II, called a Restricted Money Changer (RMC), permits purchase of foreign currency only — no sale — and is typically granted to established travel agents and hotels as a facilitation measure alongside their core business. Category III is not a direct RBI authorisation at all; it is a franchisee arrangement in which an existing Category I FFMC or an Authorised Dealer bank appoints a franchisee to conduct restricted money-changing business under the principal's own registration and supervision.
What is the minimum Net Owned Fund required for an FFMC licence?
RBI's Master Direction on Money Changing Activities prescribes a minimum Net Owned Fund (NOF) for Category I FFMC applicants, computed as paid-up capital plus free reserves, less accumulated losses and specified deductions such as intangible assets. The exact figure is set out in the current Master Direction and has been revised by RBI over time, so PNPC always confirms the applicable threshold at the time of your specific application rather than quoting a fixed number that may be outdated.
Which entity types are eligible to apply for an FFMC licence?
Only a company registered under the Companies Act 2013 is eligible to apply for FFMC authorisation. Partnership firms, proprietorships, LLPs, and trusts are not eligible applicants under RBI's Master Direction. The company's Memorandum of Association should reflect money-changing as an authorised object.
What does RBI's 'fit and proper' criteria for promoters and directors actually check?
RBI reviews each promoter and director for a clean financial and legal track record — no default with any bank, financial institution, or NBFC; no conviction for an offence involving moral turpitude or an economic offence; no adverse regulatory action by RBI, SEBI, IRDAI, or any other financial regulator; and, generally, relevant business or financial-sector experience or a credible operational plan supported by qualified management.
How long does it take to get an FFMC licence from RBI?
There is no statutorily fixed timeline. RBI processing depends on the completeness of the application, the complexity of the promoter and business profile, and the workload of the relevant Regional Office. A realistic range for a well-prepared application from filing to Certificate of Authorisation is several months. Applications with incomplete documentation, weak business plans, or unresolved fit-and-proper questions can take considerably longer due to repeated query cycles.
Can a foreign or NRI promoter set up an FFMC in India?
Yes, subject to FDI policy for the relevant sector and RBI's fit-and-proper review of the foreign promoter. Any equity investment from a non-resident constitutes FDI under FEMA and must be reported via Form FC-GPR on the RBI FIRMS portal within the prescribed timeline, in addition to the FFMC authorisation process itself. UAE-based exchange houses and forex businesses evaluating an India entry commonly go through this dual-track process — FDI structuring and FFMC licensing in parallel.
What KYC and anti-money-laundering obligations apply to an FFMC?
FFMCs must maintain a Board-approved KYC/AML policy compliant with RBI's Master Direction on KYC and the Prevention of Money Laundering Act, 2002. This includes tiered customer due diligence based on transaction value, mandatory identity verification for currency exchange above prescribed thresholds, Suspicious Transaction Report (STR) and Cash Transaction Report (CTR) filings with the Financial Intelligence Unit-India (FIU-IND), a designated Principal Officer registered with FIU-IND, and prescribed record retention periods.
What happens during an RBI inspection of an FFMC?
RBI conducts periodic on-site and off-site supervision of FFMCs, reviewing transaction records, KYC documentation, STR/CTR filing discipline, NOF maintenance, and adherence to the conditions attached to the Certificate of Authorisation. Adverse findings can range from an observation requiring a written response, to a monetary penalty, to — in serious or repeated cases — restrictions on business or cancellation of the authorisation.
What is a Payment Aggregator and does my e-commerce or SaaS platform need to become one?
A Payment Aggregator (PA) is an entity that facilitates e-commerce sites and merchants to accept payment instruments from customers for completion of their payment obligations, without itself being a merchant. Under RBI's Guidelines on Regulation of Payment Aggregators and Payment Gateways, non-bank PAs handling payment collection and settlement on behalf of merchants require RBI authorisation once they cross prescribed processing thresholds and criteria set out in the Guidelines. A platform that merely integrates a licensed PA's API and never itself holds customer or merchant funds is generally not a PA requiring separate authorisation — but the precise dividing line depends on your actual fund flow, not your marketing description of the product.
My fintech app connects borrowers to an NBFC lender — do I need my own RBI licence?
It depends on precisely what your app does. If you are a Lending Service Provider (LSP) that only sources, evaluates, and services loans on behalf of a regulated lender — with the loan disbursed directly between the borrower's account and the regulated lender's account, and with the regulated lender's identity clearly disclosed to the borrower as required by RBI's Digital Lending Guidelines — you may operate without your own NBFC licence, structured as a technology/servicing arrangement. If your app takes on any credit risk, disburses funds through its own account, or is not transparent about the ultimate lender, RBI's guidelines and enforcement posture treat that as requiring the entity itself to be a regulated lender.
What is an Account Aggregator and does my personal finance app need to become one?
An Account Aggregator (AA) is an NBFC category — NBFC-AA — that RBI licenses specifically to enable consent-based sharing of a customer's financial data across institutions (banks, NBFCs, insurers, and other Financial Information Providers) without the AA itself storing or reading the underlying financial data. If your app needs to pull a customer's bank or financial data from another regulated institution with the customer's consent, you generally need to either become an NBFC-AA yourself or route your data access through an already-licensed AA — you cannot build a parallel data-pulling mechanism outside the AA framework for regulated financial data.
What is a P2P lending licence and how is it different from a standard NBFC?
A Peer-to-Peer (P2P) lending platform is a distinct NBFC category — NBFC-P2P — regulated under RBI's Master Direction for NBFC-P2P Lending Platforms. It operates purely as a marketplace connecting individual lenders to individual borrowers, is prohibited from raising deposits, from lending on its own account, from providing any credit guarantee, and is subject to a cap on the aggregate exposure of a single lender across all P2P platforms. A standard lending NBFC, by contrast, lends from its own balance sheet and takes credit risk directly.
Is 'Buy Now, Pay Later' (BNPL) separately regulated by RBI?
RBI has not created a dedicated BNPL licence category; BNPL arrangements are regulated depending on how they are structured. Where BNPL is extended as a form of credit by a bank or NBFC, it falls under existing lending regulation, including the Digital Lending Guidelines where the arrangement is app/platform-mediated. RBI has also clarified that non-bank PPI issuers cannot load PPIs using credit lines — a clarification that specifically affected several PPI-linked BNPL and co-branded card models and forced restructuring of those products.
What is a Prepaid Payment Instrument (PPI) and does my wallet or gift-card product need a licence?
A Prepaid Payment Instrument is a payment instrument — a wallet, a prepaid card, or similar — that stores value and facilitates purchase of goods and services against that stored value, regulated under the PSS Act, 2007 and RBI's Master Direction on PPIs. Issuing PPIs to the public — a consumer wallet, a reloadable prepaid card — requires RBI authorisation as a PPI issuer, subject to prescribed net worth and other eligibility criteria. A single-purpose, closed-system gift card usable only for goods/services from the issuer itself (with no cash-out and no interoperability) is generally exempt from PPI licensing, but semi-closed or open-system instruments usable across multiple merchants or for cash withdrawal require authorisation.
Can an FFMC also operate as a payment aggregator or offer digital wallet services under one licence?
No. RBI treats money-changing authorisation (under the Money Changing Master Direction) and payment-systems authorisation (under the PSS Act and related Guidelines) as entirely separate regulatory frameworks, even if both activities are delivered through the same customer-facing app. An FFMC wanting to add app-based forex ordering can typically do so as an extension of its money-changing activity, but adding a general-purpose payment aggregation or wallet feature requires a separate authorisation under the relevant framework.
What is RBI's Regulatory Sandbox and is it relevant to my fintech product?
RBI's Regulatory Sandbox is a framework that allows fintech entities to test innovative products, services, or business models with real customers within a limited, RBI-defined environment, before seeking full-scale authorisation (or confirming that no authorisation is required). It is theme-based, with RBI announcing specific cohorts (for example, cross-border payments, MSME lending, or fraud prevention themes) and inviting applications within defined windows. It is not a general-purpose fast-track licensing route — entry is selective and cohort-specific.
What is the penalty for operating a money-changing or payment business without RBI authorisation?
Conducting money-changing business without RBI authorisation is a contravention of Section 10(1) of FEMA, 1999, exposing the entity and its officers to adjudication proceedings that can result in a penalty up to three times the sum involved (or up to ₹2 lakh where the amount is not quantifiable), plus further penalty for continuing contravention. Operating a payment system without RBI authorisation is an offence under the Payment and Settlement Systems Act, 2007, which separately provides for penalties and, in serious cases, imprisonment for contravention of its provisions.
How does PNPC assess whether my fintech idea needs an RBI licence before I build the product?
We start with a structured business-model classification call — mapping the actual flow of funds, data, and credit risk in your proposed product against the current RBI frameworks for payment aggregation, digital lending, PPIs, Account Aggregation, and P2P lending. We then issue a written classification memo identifying which framework (if any) applies, what authorisation (if any) is required, and what structural choices — such as routing settlement through a licensed partner rather than your own account — could keep you outside a licensing requirement if that is commercially preferable at your stage.
Does my FFMC or fintech licence application affect my ability to raise venture capital?
It can, in both directions. Sophisticated fintech investors specifically diligence regulatory classification and licensing status before investing, and an unresolved question of whether your model requires an RBI authorisation you do not hold is a common deal-delaying or deal-killing finding. Conversely, holding the correct authorisation (or a well-documented basis for not needing one) is itself a credibility signal to investors evaluating a regulated-adjacent business.
What ongoing returns does an FFMC need to file with RBI?
FFMCs are required to submit periodic returns to their jurisdictional RBI Regional Office covering money-changing turnover, branch-wise transaction data, and other formats prescribed under the Master Direction on Money Changing Activities, in addition to responding to any ad hoc information requests raised during supervisory review. The specific return formats and periodicity are set out in the current Master Direction and its updates.
Can an existing NBFC add money-changing or payment-aggregation activity to its existing licence?
No. An NBFC Certificate of Registration authorises the specific category of NBFC activity registered (such as investment and credit, or a specific sub-category like NBFC-P2P or NBFC-AA). Money-changing authorisation under the FFMC framework and payment-systems authorisation under the PSS Act are entirely separate regulatory approvals. An NBFC wanting to add either activity must apply for the relevant separate authorisation; it cannot simply expand its existing Certificate of Registration to cover it.
What is a nodal account and why does it matter for payment aggregators?
A nodal account is a dedicated bank account, opened with a scheduled commercial bank, through which a payment aggregator routes customer payments before settling funds to the merchant, structured so that funds do not commingle with the PA's own operating funds and settlement occurs within RBI-prescribed timelines. RBI's PA-PG Guidelines mandate this account structure specifically to protect merchant and customer funds from the PA's own business risk.
How does PNPC's UAE presence help with fintech and remittance business structuring?
PNPC operates from Chennai, Bangalore, Hyderabad, and Dubai. For fintech and remittance businesses with an India-UAE dimension — a UAE exchange house entering India, an India-based remittance fintech routing flows through UAE corridors, or a group with entities regulated by both RBI and the UAE Central Bank — we coordinate the Indian RBI licensing and compliance work with the UAE regulatory and corporate advisory from a single engagement team, rather than requiring you to brief two disconnected firms across two jurisdictions.
What does PNPC charge for FFMC and fintech regulatory advisory?
PNPC charges a fixed, scoped professional fee agreed in writing before work begins, based on the specific engagement — a full FFMC licence application, a fintech classification memo, an ongoing compliance retainer, or a combination. Given the fact-specific nature of regulatory classification and the variability in RBI processing timelines, we scope each engagement individually after the initial business-model classification call rather than quoting a standard package fee upfront.
Why should I engage PNPC rather than a generalist company-registration service for this?
FFMC and RBI fintech licensing are specialist regulatory practice areas, not standard company registration. A generalist portal or firm can file your SPICe+ incorporation but has no basis to assess whether your business model requires an RBI authorisation, what your defensible Net Owned Fund position is, or how RBI's Digital Lending Guidelines apply to your specific fund-flow architecture. PNPC's FEMA & RBI practice has advised on cross-border and regulated-financial-services matters since 1986, and we stay current on RBI's frequently updated Master Directions and Guidelines as a core part of the practice, not as an occasional add-on service.
If I already hold an FFMC licence, can PNPC take over ongoing compliance from my previous advisor?
Yes. We regularly onboard existing FFMC and fintech-licensed clients for ongoing compliance management — reviewing your current KYC/AML policy, periodic return filing history, NOF maintenance position, and any outstanding RBI observations, then building forward from a clean, current compliance calendar rather than assuming the prior advisor's work was complete.
Can a foreign fintech company set up an India subsidiary to operate under one of these RBI frameworks?
Yes, subject to the applicable FDI policy for the specific activity and RBI's licensing requirements for the entity itself. Certain fintech-adjacent activities carry sector-specific FDI conditions or government-route requirements depending on the activity and the investor's country of origin — this must be checked at the structuring stage, before incorporation, alongside the RBI licensing pathway for the underlying regulated activity.
What is the difference between an Authorised Dealer (AD) bank's money-changing business and an FFMC?
Authorised Dealer Category-I banks are separately licensed by RBI under FEMA to deal in foreign exchange as part of their broader banking business, including money-changing, and operate under a different (though related) authorisation framework than a standalone FFMC. A non-bank company cannot become an AD bank; it can only pursue FFMC (or RMC, or franchisee) authorisation for money-changing activity specifically.
How does RBI treat cryptocurrency and virtual digital asset businesses — is that covered under this service?
Cryptocurrency and virtual digital asset (VDA) exchanges are not regulated under the FFMC, PA-PG, or standard NBFC frameworks described here — RBI has historically expressed caution regarding banking-channel access for VDA-related businesses, and the sector is separately subject to the Prevention of Money Laundering Act reporting-entity obligations (VDA service providers are notified as reporting entities under PMLA) and a dedicated VDA taxation regime under the current Income Tax Act (the specific taxing provision has been renumbered with the transition from the Income-tax Act, 1961 to the Income Tax Act, 2025 — PNPC confirms the applicable section reference at the time of advice rather than quoting a number that may already be superseded). If your business involves VDA trading, custody, or exchange services rather than fiat money-changing or the fintech categories described above, PNPC advises on this as a distinct, separately scoped engagement given the fast-evolving and still-developing regulatory posture in this specific area.
| Feature | Generic Company Registration Portal | General Corporate Law Firm | PNPC Global |
|---|---|---|---|
| Business model classification | Not offered — files what you ask for | Sometimes offered, often generalist and not RBI-framework-specific | Structured classification against current FFMC, PA-PG, Digital Lending, PPI, AA, and P2P frameworks before any filing |
| Net Owned Fund planning | Not offered | May flag the requirement without detailed computation support | CA-certified NOF computation and capital structuring advice specific to the applicable Master Direction |
| Fit-and-proper pre-review | Not offered | Rarely performed proactively | Internal review of every promoter/director before filing — issues addressed before RBI raises them |
| KYC/AML/PMLA policy drafting | Not offered | General template, may not reflect current RBI KYC Master Direction | Custom policy drafted for your specific operating model and transaction profile |
| RBI query handling | Not offered — no ongoing relationship after filing | Available but may lack current RBI Master Direction familiarity | Direct, proactive management of every RBI query round to minimise elapsed time |
| Fintech-specific classification (PA, digital lending, PPI, AA, P2P) | Not offered | Limited — most firms are not RBI-fintech specialists | Core practice area — current on RBI's frequently updated fintech Guidelines and circulars |
| India-UAE coordination | Not offered | Rare — most firms operate India-only | Chennai, Bangalore, Hyderabad, and Dubai offices under one engagement team |
| Post-authorisation compliance | Not offered | Reactive — acts on client request | Proactive annual compliance calendar — returns, NOF maintenance, inspection readiness |
| When RBI raises a supervisory observation | Not applicable — no ongoing relationship | Available, cost depends on firm | Direct access to your engagement CA to manage the response and remediation |
What the PNPC package includes
- 01
Structured business-model classification call — mapping your actual fund/data/credit flow against current RBI frameworks
- 02
Written regulatory classification memo — which authorisation (if any) applies, and what structural choices affect that outcome
- 03
Entity and Net Owned Fund structuring advice, with CA-certified NOF computation for the application
- 04
Promoter and director fit-and-proper pre-review before any name is submitted to RBI
- 05
Business plan and financial projections drafted for RBI's specific requirements — not a generic template
- 06
Board-approved KYC/AML/PMLA policy drafted for your specific operating model
- 07
Complete application compilation and filing with the jurisdictional RBI Regional Office or relevant RBI department
- 08
Direct, proactive management of every RBI query round through to Certificate of Authorisation/Registration
- 09
Premises inspection preparation for FFMC applicants
- 10
Post-authorisation operational setup — Principal Officer/FIU-IND registration, record-keeping systems, staff training
- 11
Ongoing regulatory compliance calendar — periodic returns, NOF maintenance, inspection readiness, renewal tracking
- 12
India-UAE coordinated advisory for cross-border exchange houses, remittance businesses, and fintech groups
Speak directly with a PNPC Chartered Accountant who tracks RBI's Master Directions and fintech Guidelines as a core practice — not a portal that files forms without knowing whether your business needs a licence at all, and not a generalist firm learning the framework alongside you.