Decoding the PayPal Verdict

The Delhi High Court’s judgement in PayPal Payments Private Limited (PayPal) v. Financial Intelligence Unit – India (FIU) has opened up Pandora’s box. At its heart is the expansive reading of ‘reporting entities’ under the Prevention of Money Laundering Act (PMLA), which may rain on the parade of many fintechs.

The Background

The FIU had claimed PayPal was a ‘Payment Service Operator’ (PSO), an entity that enables payments between foreign remitters and Indian beneficiaries, including clearing, payment or settlement. By extension, PayPal was instructed to register as a ‘reporting entity’ under the PMLA. Reporting entities are usually financial institutions (including PSOs), dealers in precious metals real estate agents, or other designated businesses or professions. As a reporting entity, PayPal would have a laundry list of know your customer (KYC) and anti-money laundering (AML) compliances under the PMLA, including a mandate to periodically report large or suspicious transactions.

PayPal rejected FIU’s directive, claiming that they were not classified as a PSO under the Payment and Settlement Systems Act (PSS Act), but as an Online Payment Gateway Service Provider (OPGSP) instead. As an OPGSP, PayPal operated as a mere technology layer over financial transactions and was not involved in the handling of funds. As the ‘actual’ handling of funds happened through scheduled commercial banks (who are PSOs), only they had to comply with the KYC/AML requirements under the PMLA. Practically, they were akin to Amazon Pay or Google Pay, who were not considered to be PSOs. An additional argument raised by PayPal was that as PSOs shared identical definitions under the PMLA and PSS Act, a more expansive understanding of PSOs (under the PMLA) was legally unsupported.

The FIU rejected these arguments and issued a show cause notice to PayPal for non-compliance. After several months of back and forth, the FIU finally imposed a penalty of Rs. 96 lakhs on PayPal. Aggrieved by this order, PayPal appealed to the Delhi High Court.


The Court observed that the intent behind the PMLA and PSS Act are vastly different. The former seeks to address money laundering, while the latter regulates payment systems. Given this, the definition of PSOs (for the purpose of the PMLA) was to be read widely and included a broad range of entities facilitating transfer of funds. The argument was fortified by noting the usage of equivocal words like “enabling” in defining the role of payment systems under the PMLA. A narrow reading, they observed, would defeat the very purpose of the statute.

Functionally, PayPal facilitated fund transfers between Indian beneficiaries and foreign remitters. While PayPal did not ‘handle’ the fund transfers in these circumstances (which occurred through normal banking channels), it collected information that was not passed on to banks i.e. a remitter’s enrollment information. As money laundering involves the obfuscation of funds, the Court observed that authorities under the PMLA should be empowered to analyse transaction data at every step. Effectively, PayPal’s role limited the visibility of banks only to transaction endpoints, thereby defeating the ability of the FIU to investigate suspicious transactions meaningfully.

The conclusion? You can still be a PSO under the PMLA even if not classified as one under the PSS Act. You just have to be involved in any stage of a transfer of funds. Enabling the FIU, the Court noted that with the progress of technology, it’s essential that all aspects of transaction data are shared with authorities expeditiously. This includes identity information of the beneficiary and the remitter.

To this end, the Court also highlighted the difference between PayPal and technology layers of UPI transactions (like Amazon Pay and Google Pay). Under the UPI framework, transfers happen through partner banks, where both beneficiary and remitter details are captured, in compliance with extant KYC norms.  

PayPal has now challenged the ruling before a division bench of the Delhi High Court. Interestingly, one of their grounds is a previous order by a division bench of the same court, where Google Pay was held to be a mere tech layer and not a PSO. The matter is likely to be heard by the Chief Justice, Satish Sharma, who presided over the Google Pay case.

Of Actions and Consequences

The Court dismissed the penalty imposed by the FIU, recognising good faith on PayPal’s end. They noted that PayPal genuinely thought that the FIU’s actions were erroneous under law. Despite this, PayPal maintained open lines of communications with the FIU and proposed alternate models of information sharing, signaling their intent to cooperate with the authorities. This has been received positively by the industry. It allows them to take more interpretation-based calls, given the current ambiguities in the payment sector.

On the flipside, it raises several concerns as already struggling players also have to grapple with reporting obligations under the PMLA. However, this may not be an immediate risk. The judgement does not automatically classify all fintechs as reporting entities. So unless the FIU issues a notification or individually reaches out, there may not be a proactive requirement to register with the FIU.

Until the appeal is decided by the Delhi High Court, it might be prudent for payments players to start maintaining records of suspicious transactions. As evident from this case, this approach becomes relevant in correspondence with authorities. Recent regulatory and judicial winds are also blowing towards more formal regulation and reporting by erstwhile unregulated fintechs. In the interim, and as with these cases, it can go a long way in establishing good faith through good actions.

This post has been authored by Amit Kiran, Principal Associate and Ayush Verma, Associate.

Image credit: Shutterstock

For more on the topic please reach out to us at

the status quo

Sparking Curiosity...