RBI AePS new rules 2026 will enforce stricter KYC, real-time fraud monitoring, and one operator–one bank policy from January 1. Read full details for competitive exam preparation.
RBI Tightens AePS Rules to Combat Fraud From January 2026
Strengthening the AePS Framework
The Reserve Bank of India (RBI) issued a directive on June 27, 2025, introducing stricter regulations for Aadhaar-Enabled Payment System (AePS) operators, effective January 1, 2026. This comprehensive plan emphasizes robust KYC procedures at the onboarding stage, mandatory periodic KYC refreshers, real-time transaction monitoring, and a “one operator–one acquiring bank” policy These measures ensure heightened accountability of touchpoint operators (e.g., Business Correspondents, Bank Mitras) and fortify risk management.
Tightened Onboarding & KYC Norms
Under the new guidelines, banks must conduct full due diligence on AePS Touchpoint Operators (ATOs), aligning with the RBI’s Master Direction on KYC, 2016 Existing KYC done for BCs or sub-agents may be adopted. Additionally, if an ATO remains inactive for three months, banks are required to redo their KYC before reactivation
Real-time Monitoring & Customized Risk Controls
Acquiring banks must deploy real-time transaction monitoring systems to detect anomalies promptly. They are also mandated to establish customized risk controls—such as transaction limits—based on each operator’s location, transaction volume, and velocityThese parameters must be periodically reviewed to adapt to emerging fraud patterns.
One Operator, One Bank Rule
To improve traceability and curb misuse, the RBI insists on a one operator–one acquiring bank principle. This restriction ensures every AePS operator aligns with a single bank and NPCI clearly assigns responsibilities
Strengthening Technical Safeguards
Banks must also implement system-level controls to ensure AePS APIs and software are used only for authorized Aadhaar-based transactions, preventing unauthorized usage
 "RBI AePS new rules")
Why This News Is Important
Safeguarding Digital Financial Inclusion
AePS plays a crucial role in India’s digital financial inclusion, especially in rural and underserved areas. However, rising incidents of identity theft and fraudulent Aadhaar-based transactions have eroded trust RBI’s guidelines aim to restore confidence in the system by enhancing operator accountability and transaction security.
Enhancing Fraud Detection & Accountability
By enforcing strict KYC, real-time monitoring, and a one-operator–one-bank rule, these measures close existing loopholes. Banks can now quickly detect and block unauthorized transactions, reducing losses and protecting customer data. This proactive approach aligns with RBI’s mandate for a secure digital payment infrastructure.
Regulatory Compliance & Risk Management
These guidelines underscore the RBI’s commitment to robust regulatory oversight under the Payment and Settlement Systems Act, 2007. Financial institutions must now adjust their internal compliance systems, KYC processes, and monitoring frameworks to meet the January 2026 deadline.
Historical Context
India’s AePS—launched by NPCI in 2016—allowed biometric Aadhaar authentication for basic banking tasks at BC touchpoints, significantly boosting rural access to financial services. However, the system has seen increasing fraud cases involving stolen credentials and duplicate identities during the past year.
In response, the RBI had imposed similar due diligence norms in June 2024 and reiterated them in its Statement on Developmental and Regulatory Policies. The rising misuse of AePS necessitated today’s broader, more stringent guidelines. These regulatory upgrades continue a decade-long trend of tightening Aadhaar-based services to balance financial inclusion with security.
Key Takeaways from RBI’s AePS Directive
| S. No. | Key Takeaway |
|---|---|
| 1 | Full KYC at Onboarding: Banks must perform KYC under RBI’s Master Direction before enrolling AePS operators |
| 2 | KYC for Inactive Operators: ATOs inactive for over 3 months require fresh KYC before reactivation . |
| 3 | One Operator–One Bank Policy: Each AePS operator must register with only one acquiring bank . |
| 4 | Real-time Monitoring: Banks need live transaction surveillance and risk-based controls tailored to operator profiles . |
| 5 | API & Tech Restrictions: AePS-related technology, including APIs, must be strictly used for approved functions only . |
FAQs: Frequently Asked Questions
1. What is AePS?
AePS stands for Aadhaar Enabled Payment System. It is a digital payment method developed by NPCI that allows customers to carry out basic banking transactions using Aadhaar authentication through Business Correspondents (BCs).
2. Why did RBI introduce new rules for AePS?
The RBI implemented stricter rules to curb rising fraud and misuse of AePS in rural and semi-urban areas. The new rules enhance KYC norms, monitoring mechanisms, and restrict operators to a single bank for accountability.
3. What is the effective date for the new AePS guidelines?
The new rules and compliance mechanisms will come into force starting January 1, 2026.
4. What does the ‘one operator–one bank’ rule mean?
This rule mandates that each AePS operator must be affiliated with only one acquiring bank, making it easier to monitor and regulate transactions and minimize fraud risk.
5. How does real-time monitoring help prevent fraud?
Real-time monitoring systems help acquiring banks to instantly detect suspicious activity like unusually high transaction volumes, location mismatch, or multiple failed authentication attempts, which helps in quick preventive action.
Some Important Current Affairs Links
