Policies and disclaimer

India Merchant Onboarding Policy

Adyen India Technology Services Private Limited

  • Scope and objectives

    This policy has been designed to ensure that merchants (domestic and foreign) are onboarded and reviewed in accordance with the applicable laws. This policy should be read in conjunction with Adyen’s Global AML/CFT Policy.

  • Merchant on-boarding team

    Based on policy and procedure determined by Adyen’s compliance function, Adyen’s merchant operations teams (the “Teams”) are responsible for undertaking an assessment of the potential merchant based on the information collected from the said merchant and/or obtained from reliable and independent sources, with oversight of the compliance function and Adyen’s management board. The policy and procedures that set out the criteria and standards for assessing the merchant are reviewed and updated at least annually, in accordance with the applicable law.

  • Merchant onboarding process

    Step – 1: Collection of Information: For the Teams to conduct its background and antecedent check of the merchant, necessary information shall be collected, including the completed onboarding application, KYC identification documents, address proof, description of business model, business related documents/ certifications, bank details, PCI-DSS compliance, and other documents required to verify the credibility of the merchant. For further details, please refer to the following Procedures:

    • Adyen’s Legal Entity Screening Procedure;

    • Adyen’s Natural Person Screening Procedure;

    • Adyen’s Legal Arrangement Screening Procedure;

    • Adyen’s External Account Screening Procedure;

    • Adyen’s PCI-DSS Procedure;

    • Adyen’s Watchlist Screening Procedure; and

    • Adyen’s Business Model Screening Procedure (together, the Procedures)

    Step – 2: Assessment and Evaluation: As part of this check, the Teams shall evaluate, seek additional information and clarifications as may be required, to satisfy itself that:

    additional information and clarifications as may be required, to satisfy itself that:

    1. The merchant does not have any dupious or malafide intention;

    2. The merchant does not sell or engage in fake/ counterfeit, prohibited or restricted products and services. For further details, please refer to Adyen’s Prohibited and Restricted Products and Services List.

    3. The merchant is PCI-DSS / PA-DSS compliant, including that Customer card and related information is not being stored improperly on the merchant website. For further information, please refer specifically to Adyen’s PCI Screening Procedure.

    4. The merchant has the following information clearly displayed on its website:

      1. Terms and conditions of the service

      2. Delivery, Return and Refund policies, including the timeline for processing returns and refunds

      3. Privacy Policy

      4. Contact information Further information is set out in Adyen’s Business Model Screening Procedure.

    Step – 3: Execution of Legal Agreement: On completion of scrutiny, and satisfaction of compliance with applicable laws and Adyen’s internal standards, the merchant shall be required to execute an agreement with Adyen India and its partners which shall include suitable obligations on the merchant with respect to maintaining security/ privacy of customer data, continuous compliance with PCI-DSS/ PA-DSS standards, requirement to report incidents promptly and in the prescribed manner, amongst other responsibilities on the parties. This agreement shall also ensure that the merchant provides a periodic security assessment report, in the prescribed manner. As part of the agreement, Adyen shall also obtain necessary undertakings/ certifications regarding the merchant’s compliance with applicable law.

    Step – 4: Assignment of Merchant Category Code: The Underwriting Team shall assign a Merchant Category Code (MCC) based on applicable business model and industry specific requirements. Further information is set out in Adyens Business Model Screening Procedure.

  • Ongoing compliance

    A security audit of the merchant may be carried out to check compliance with applicable law, as and when required. Adyen India will obtain periodic security assessment reports from the merchant either based on the risk assessment and/or at the time of renewal of contracts. Periodic review of all merchant files, including KYC data as collected and verified in accordance with the Procedures during on-boarding, will be performed per a risk-based review cycle to ensure all data on file remains up-to-date and accurate.

    Onboarding of Domestic Merchants

    Adyen India will carry out the on-boarding process of domestic merchants in compliance with applicable laws in India including the relevant provisions stipulated under the Reserve Bank of India’s (‘RBI’) Master KYC Direction, the RBI PA Guidelines and the Prevention of Money Laundering Act, 2002 (the ‘PMLA’), as amended and updated from time to time (among others) and this merchant on-boarding policy that has been approved by its Board of Directors. Incremental Due Diligence - Onboarding of Foreign Merchant – for Payment Aggregator Cross Border Import Business of Adyen India Adyen India will carry out the on-boarding process of foreign merchants in compliance with the RBI’s PA-CB Circular and this merchant on-boarding policy that has been approved by its Board of Directors. In addition to the standard process for onboarding that is followed by Adyen India for its domestic merchants in India, for the foreign merchants that wish to avail the Payment Aggregator Cross Border Import (PA-CB-I) solution from Adyen India, the following onboarding process shall apply:

    1. Adyen will consider the country risk attributable to the domicile of the foreign merchant and India’s foreign trade policies and trade sanctions at the time of on boarding.

    2. Adyen will collect and validate documents, subject to local laws and regulations of the country of domicile the foreign merchant, and in accordance with the Master Directions on KYC issued by the Reserve Bank of India.

    3. Incase documents as provided in the KYC Master Directions are not available for legitimate reasons as the merchant is located outside India, alternative equivalent documents shall be obtained and process (including relying on KYC documents stipulated or collected by other group entities that are regulated outside India) to identify, verify and screen the foreign merchant, authorized signatories and ultimate beneficial ownership shall be undertaken.

    4. In case the per unit price of goods/services offered by a foreign merchant is more than INR 2,50,000 (Indian Rupees two lakh fifty thousand), Adyen India will ensure contractually and operationally that the foreign merchant obtains at the time of check out, the permanent account number (PAN) number of the end customer.

    5. Adyen will restrict the foreign merchants availing the PA-CB-I product from selling goods/services that have a per unit price exceeding INR 25,00,000 (Indian Rupees twenty-five lakhs). As part of its onboarding check and periodic review, it will ensure that the merchant confirms that none of its good/services has a per unit price exceeding INR 25,00,000 (Indian Rupees twenty-five lakhs). As an additional measure, Adyen India will consider imposing transaction limits to ensure compliance as stipulated by the RBI from time to time.

  • Review of Policy

    The Board of Adyen India would be responsible for reviewing and monitoring compliance with this Policy on a periodic basis, assisted by the Principal Officer and the Adyen Compliance Function. This Policy shall be reviewed at least annually, or if significant regulatory changes occur to ensure its continuing suitability, adequacy, and effectiveness. In the event of any conflict between the provisions of this Policy and applicable RBI guidelines or any other statutory enactments, rules, the provisions of the applicable RBI guidelines or statutory enactments, rules shall prevail over and automatically be applicable to this Policy and should be read in tandem with the provisions of the Policy. The relevant provisions of the Policy would be amended/modified in due course to make it consistent with the applicable law. Any deviations from the procedures specified in this Policy shall be permitted only with the approval of the Principal Officer. However, no approvals shall be granted where such a deviation results in breach of any circular, direction, order or guidelines issued by any regulatory authority including the Reserve Bank of India.

  • Version Management

    <p>Version 1.0</p>

    Drafted/updated by

    Regulatory (India)

    Approved by

    Adyen India Technology Services Private Limited Board (“Adyen India”)

    Date of approval

    June 1, 2021

    <p>Version 1.0</p>

    Drafted/updated by

    Regulatory (India)

    Approved by

    Adyen India Board

    Date of approval

    May 17, 2022

    <p>Version 1.1</p>

    Drafted/updated by

    Regulatory (India)

    Approved by

    Adyen India Board

    Date of approval

    May 08, 2023

    <p>Version 1.2</p>

    Drafted/updated by

    Regulatory (India)

    Approved by

    Adyen India Board

    Date of approval

    April 22, 2024