RBI PPI KYC Penalty 2026: FinTech Founder Checklist
Bhavya Sharma advises founders and companies on corporate law, governance, FEMA and regulatory documentation.
Bhavya Sharma advises founders and companies on corporate law, governance, FEMA and regulatory documentation.
This article moves from the direct answer to the practical implications, common risks, action steps and the final BSA recommendation, so founders can read it in order and act with context.
Bhavya Sharma
Company Secretary and compliance advisor
Bhavya Sharma advises founders and companies on corporate law, governance, FEMA and regulatory documentation.
What happened
On 15 May 2026, reports based on RBI action said Appnit Technologies was penalised Rs. 5.8 lakh for non-compliance relating to Know Your Customer norms and Prepaid Payment Instruments. The reported issues included Aadhaar OTP-based e-KYC PPI accounts continuing beyond the allowed period without required customer identification and lack of periodic account risk review systems.
For fintech founders, the amount of the penalty is less important than the signal: KYC is not a one-time onboarding screen. It is an operating control that must remain live throughout the customer relationship.
Founder risk map
| Area | What can go wrong | Founder control |
|---|---|---|
| Onboarding | Customers are moved into higher-KYC products without complete verification. | Map each product journey to its required KYC tier and block unsupported upgrades. |
| Aadhaar OTP e-KYC | Limited KYC accounts stay active longer than permitted. | Build expiry triggers, alerts and forced re-KYC workflows. |
| Risk categorisation | No periodic review of customer risk levels. | Document low, medium and high-risk criteria and review cadence. |
| Evidence | Compliance exists in chat/email, not in audit-ready records. | Keep board minutes, policy approvals, logs and exception registers. |
FinTech compliance checklist for 2026
- Maintain a product-wise compliance matrix for wallet, payment, lending, card, aggregator or PPI flows.
- Record which entity is regulated, which entity is technology provider, and which licence/partner covers the product.
- Keep KYC policy, AML policy, PMLA controls, risk categorisation and periodic review evidence updated.
- Run sample checks before investor diligence, bank partnership reviews and regulatory inspections.
- Escalate KYC exceptions to a named compliance owner, not only to the product team.
Sources used
FAQs
Building or scaling a fintech product?
BSA can help founders review KYC, PPI, partner-contract and board documentation before launch or diligence.
Talk to BSANeed help applying this to your company?
Share the company stage, urgency and issue. BSA can tell you what matters now, what can wait, and what should be handled before the next filing, investor conversation or expansion step.
Need help applying this to your company?
Share the company stage, urgency and issue. BSA can tell you what matters now, what can wait, and what should be handled before the next filing, investor conversation or expansion step.
Need help applying this to your company?
Share the company stage, urgency and issue. BSA can tell you what matters now, what can wait, and what should be handled before the next filing, investor conversation or expansion step.
Need help applying this to your company?
Share the company stage, urgency and issue. BSA can tell you what matters now, what can wait, and what should be handled before the next filing, investor conversation or expansion step.
