The Reserve Bank of India (RBI), on June 27, 2025, released the final version of the draft directions on due diligence of Aadhaar-enabled Payment System (AePS). These draft directions were first published on July 31, 2024 and they were kept open for stakeholder comments.
The concept of AePS Touchpoint Operator (ATO) was first introduced in these guidelines. These directions also aimed at streamlining the process for onboarding of the ATOs by acquiring banks.
What is AePS
According to the National Payments Corporation of India (NPCI), AePS, is a payment service offered by banks allowing customers to use Aadhaar as their identity proof to access their Aadhaar-enabled bank account and perform basic banking activities, such as balance enquiry, cash withdrawals, and remittances through a Business Correspondent (BC).
Advertisement
The customer will also be able to perform tasks, such as generating mini statements, and Aadhaar-to-Aadhaar fund transfer. But in order for AePS to work, the customer must have an account with such a bank which participates in AePS. The customer's Aadhaar should be mandatorily linked to their bank account, and transactions can only be completed through the customer's biometric authentication only.
What is an ATO
ATO or the AePS Touchpoint Operator is an agent appointed by the acquiring banks to operate a terminal (often a Micro ATM) to facilitate the AePS transactions. They basically enable customers to perform basic banking transactions using their Aadhaar number and biometric authentication. They act as a mini-bank branch, primarily serving in rural and semi-urban areas, which are unbanked or underbanked.
Advertisement
What are Acquiring Banks
Acquiring banks are those that facilitate credit and debit card transactions on behalf of merchants. Such banks primarily perform as middlemen between the card networks and the merchants.
Key Features of the New Directions
The RBI says that the fresh directions target two chief areas: due diligence and risk management. First, acquiring banks now have to perform exhaustive background checks on any individual or entity prior to appointing them as AePS Touchpoint Operators. This involves checking their identity, financial status, and their previous track record.
Second, the rules include specific risk management instructions to be followed by banks. These cover transaction monitoring, fraud reporting, customer grievance redressal, and regular audits. The idea is to protect both the customer and the bank from losses due to unauthorised or fraudulent activities.
Advertisement
Why Was This Needed
By holding banks accountable for complete screening and monitoring of ATOs, RBI aims to reduce risks while promoting the safe use of Aadhaar-based services. RBI has also made it clear that the final regulations were formulated after considering stakeholders' comments to the draft circulated a year back.
The new directions, which the RBI has issued under Section 18 of the Payment and Settlement Systems (PSS) Act, 2007, will come into effect from January 1, 2026.
