RBI Penalty Report – 16th March 2026 | Cashfree Payments India Private Limited

Based on the RBI’s finding of “impermissible debits from the escrow account,” the root causes likely stem from operational and systemic gaps in escrow fund management:

• Flawed Escrow System Logic: The core API or accounting logic managing the escrow account lacked hardcoded constraints to strictly whitelist permissible debit destinations (e.g., merchant settlements, refunds) and block operational/administrative debits.
• Ineffective Maker-Checker Protocols: Absence or circumvention of a robust manual or automated multi-tier approval system for processing non-standard escrow transactions.
• Reconciliation Lags: Delayed reconciliation processes (T+1 or later instead of real-time/T+0) failing to identify and flag unauthorized debits promptly during the inspection period (April 2024 – June 2025).
• Inadequate Regulatory Mapping: Failure to translate the specific clauses of the RBI PA/PG guidelines into hard systemic rules within the core payment processing engine.

To prevent recurrence and ensure strict adherence to the Payment and Settlement Systems Act, the following controls should be implemented:

• Automated Whitelisting for Escrow Debits: Implement systemic hard-stops at the bank API level. Only predefined, whitelisted beneficiary accounts (verified merchants, customer refund sources) should be capable of receiving funds from the escrow account.
• Real-Time Escrow Reconciliation: Deploy an automated reconciliation engine that matches nodal/escrow debits against authorized transaction batches in real-time, triggering immediate alerts for any anomalies.
• Enhanced Access Management (RBAC): Enforce strict Role-Based Access Control. Any manual intervention or manual debit initiation from the escrow account must require a mandatory 3-way maker-checker-approver workflow involving the compliance/finance heads.
• Concurrent Audits: Institute daily or weekly concurrent audits specifically focused on escrow account integrity, moving away from post-facto monthly reviews.

Escrow Sanctity is Non-Negotiable:

The RBI treats the sanctity of the escrow/nodal account as the most critical pillar for Payment Aggregators. Commingling of funds or utilizing escrow funds for anything other than merchant settlements and permitted refunds is a severe regulatory breach.

Compliance Must Be Code:

Relying on human vigilance or periodic manual checks is insufficient for regulatory compliance at scale. Regulatory guidelines must be directly embedded into the technical architecture as immutable code and strict system guardrails.