Hi folks, and welcome to the latest edition of an ongoing theme that I have exploring, which is about how all roads in fintech lead to license aggregation, and what are some themes that seem to be playing out, just basis how fintechs are going after licenses. In 2025, a few themes played out:

1. Consolidation of licenses across payments (PA), cross border payments (PA-CB), prepaid instruments like your wallets, prepaid cards - which is more of a method / loyalty instrument play (PPI), NBFC (for lending), broking, getting a UPI certification (the latest being Zet), and Account Aggregators (AA)

2. Certain stack specializations playing out:

   1. NBFC + PPI + UPI App for a combined lending and wallet play, to act almost as a method of payment.

   2. Full stack payments play: PA (which as per the November 2025 RBI guidelines also includes the PA-O (online), and PA - P (Physical), PA-CB, UPI App,

3. Crossborder being a standalone play: The likes of Brisk, Skydo, and Xflow sit here, with the logic (and rightly so), that cross border payments, both inward and outward remittances are big TAMs, and complex enough to warrant single minded focus.

You can read more about it in a past article I wrote, below:

[#74] Do all roads in fintech lead to license aggregation? (Part 6): Multi-license fintechs are driving profits and IPOs

Ambika Pande

·

September 22, 2025

Hi folks, and welcome back to this edition of: Do all roads in fintech lead to license aggregation?

Read full story

2025 also brought with it updates in how these payment licenses specifically are seen, which now cover use cases across online, offline and PA-CB, instead of separate licenses (PA vs PA-CB), or lack of clarity (where does PA-P sit)

In the last year, the Indian payments landscape has consolidated significantly , and not just in sheer volume of licences granted, but in regulatory clarity and structural definition. Whereas earlier frameworks (2020, 2021 and the initial PA‑CB regime) left gaps in how different payments businesses mapped to risk, capital and customer flows, RBI’s Regulation of Payment Aggregators Directions, 2025 has, for the first time, provided a unified umbrella with clear sub categories

It also makes the requirements more stringent: with stronger compliance, more oversight, and more compliances around escrow, and fund flow in general, to reduce risk of arbitrage, and fund co-mingling. Some key call-outs

1. PA‑O (Online) and PA‑P (Physical) are now accepted as defaults for domestic acquiring and remote payments

2. PA‑CB (Cross‑Border) is bifurcated into Inward (I) and Outward (O) flows: essential for international transactions.

3. Entities operating in both PA-O, and PA-P need to use the same escrow for both. This is interesting to me, not just because it reduces regulatory arbitrage (high risk concentrated in one escrow, using funds of one escrow to cover the liquidity crunch in another), but also because 1) it unifies risk at an entity level, and 2) it also seems to indicate, that more and more a pure online or pure offline play doesn’t work, and this is a consequence of a lot of players going after both a PA- O and PA-P license. Big entities such as Razorpay, Pinelabs, are already in online and offline. PayU is the next player trying to go offline as well with a (reportedly) strategic acquisition. Zoho launched with both the PA-O and PA-P plays. This also means that for players such as Cashfree (which is going heavy on crossborder, or smaller players such as Easebuzz, there could be possible activity offline here)

What is interesting is that RBI, through its 2025 guidelines has moved to a 1 license regime for payments, which is functionally segmented

This has moved to a one licence regime - but functionally segmented by flow type and risk profile. This is similar to other regions I looked at: Singapore, EU, and the UK, which usually have one overall license, and some sub segments underneath the.

However, what is different from India and other regions is also stark.

1. There is no license separation between infra and actual fund flow, which results in everyone going after the same umbrella PA license in India, despite having no play in money movement. Example: even if you are NOT involved in fund flow, but just in payment initiation (think, a payment orchestrator, or even a UPI app), you would still need to probably get a PA license

2. There is no compliance reduction based on entity scale in India: Compare this to entities in UK and Singapore. For newer / smaller entities operating at a smaller scale (details here), the license is different, and the compliance and reporting burden is lesser, allowing space for smaller players to come in and compete. In Singapore, MAS offers a Major Payment Institution license and a Standard Payment Institution license, so even small players can operate under regulation without the full compliance burden. And SPI & MPI is differentiated basis the scale they have: volumes: SPI ≤ S$3M/month (single service) or ≤ S$6M (aggregate); above this = MPI. SPI’s & MPIs can conduct the same activities

But what is interesting to me, is that against this regulatory backdrop, and the way these payment licenses are structured, there are some archetypes that are coming up in payments.

I’ve come up with five strategic clusters: I’d actually say there are 4, with a sub-segment of the cross border strategy, which is the “online only strategy.” But more on that in the coming sections.

1️⃣ The “license as a shield” strategy

This group holds PA‑O and perhaps PA‑P: driven by necessity rather than growth play. These companies use the licence primarily to service domestic payments and hedge regulatory risk. They typically do not prioritise or pursue cross‑border flows in terms of mone movement, but rather are adjacent to the core flow. But since there is no ‘infra only’ license unlike other regions discussed above, we could see players get in here. Some examples of players here:

• Decentro: A fintech providing API solutions for KYC, payments, and lending. Does not handle the money flow, but is payment adjacent. In EU for example, the PISP license (Payment Initiation Service Provider) would suffice. In India, it has the PA‑O, PA‑P (Its PA-CB application was returned)

• Digio: Provides identity, e-sign, and payment APIs. It just has a PA‑O license. Again, no direct involvement in the fund flow.

• Khatabook: A business app for kiranas. Helps for payout and payment enablement as well, but again, no fund flow. PA‑O only

• Navi: This is another example I spotted, and an update from September ‘25, when I last did a deep dive in this space. It is a UPI App and and has a NBFC license. It’s PA license is in progress.

My view: While it is possible for these players to go into a fully blown “money movement” strategy, chances are that they will not, purely because the market is already crowded, with few players owning distribution and how (Razorpay, Pinelabs Paytm, come to mind).

And hence, the license appears to anchor them as an RBI licensed payments entity, despite not being involved in actual fund movement, helping preempt regulatory questions later. I expect other API first payment businesses, and even UPI Apps (such as a Navi) to get in here, purely so that they are a ‘RBI regulated entity,’ and RBI doesn’t panic at the thought of a non regulated entity processing billions in payments.

2️⃣ Full‑Stack Payments Businesses: All four licences

This is the strategic payments elite - those who have secured PA‑O, PA‑P, PA‑CB I and PA‑CB O, and in some cases a UPI App. They can serve domestic and international flows end to end. This covers everything, from customer distribution (Razorpay - Pop, Pine - Fave, Paytm etc), to merchant distribution, both online and offline, and both the inward and outward crossborder remittance licenses.

As of Jan ’26 the following sit here:

1. Razorpay

2. PayU Payments

3. Pine Labs

4. Paytm Payments

5. Cashfree Payments

6. Easebuzz

7. Airpay Payment Services

8. First Data (Fiserv India)

9. Lyra Network

10. Toucan Payments

11. Nomisma (ftcash)

12. MMAD Communications (Mpay)

This group defines payments as a fully‑fledged business: not a compliance checkbox. Here, cross‑border becomes product strategy, not just regulatory box‑checking. There are some interesting names here: Airpay, Lyra, Toucan, etc, which aren’t really what I’d call “market leaders” in payments, but could be setting up for either entry, or acquisition by bigger players just for the license.

3️⃣ India First Payments Plays: PA‑O / PA‑P Only, but no cross border

These players have built strong domestic franchises but have not (yet) pursued cross‑border licences. Examples:

1. PhonePe: Just PA‑O, and PA‑P, which is surprising to me, I expected PhonePe to get into cross border. My view is that it is probably a matter of time. Right now the focus is on the mega IPO to happen in 2026, and post that this will come into play.

2. Zoho Payment Technologies - PA‑O, PA‑P

3. CCAvenue (Infibeam): PA‑O, PA‑P

For some, cross‑border may remain a later strategic play. For others, the domestic margins and product ecosystems are ample in themselves, but with margin compression happening in domestic payments, it is only a matter of time before they expand (looking at CCAvenue here). Other players, like in the case of Zoho have a core business, such as CRM, which is the main revenue generator. I’m assuming the payments products launch in 2025, is some strategic play, which in its initial days will be funded by the $1B in revenues that it generates from its core CRM product.

4️⃣ Cross‑Border Only / Emerging Xborder Plays

Perhaps the most interesting frontier in 2026 is pure cross‑border payments - players targeting export/import flows without a domestic franchise anchor.

Right now, BriskPe and Skydo sits definitively here. BriskPe with PA‑CB I & O only, and Skydo with PA-CB I (as of 2026). Essentially this is a standalone cross‑border aggregator without PA‑O/PA‑P licences. From a pure export‑import stack perspective, this is a bold archetype that could become more common.Other players with PA‑CB ambitions in process include:

1. Xflow: In-Principle Authorisation Granted, 🟡 cannot operate

2. Paymate: Application under process, 🟡 cannot operate

3. Payoneer: In-Principle Authorisation Granted, 🟡 cannot operate

4. Paypal: In-Principle Authorisation Granted, ✅ can operate

5. Wise: In-Principle Authorisation Granted, ✅ can operate

6. TradePe: In-Principle Authorisation Granted, ✅ can operate

Additional cross‑border native players should emerge in 2026. This cluster represents the rise of the Year of Xborder Payments - where flows aren’t just added as a bolt‑on, but are the business centre. Expect this to accelerate as export‑oriented commerce and digital services monetise global demand. What is also interesting to me is that Skydo JUST has a PA-CB I (Inward) license, not the Outward license as well. Two things could be possible here: 1️⃣ The inward remittance market is big enough and has enough complexity to support a standalone business, or 2️⃣ Skydo is strengthening its inward remittance stack, and will eventually go for outward as well. However, I couldn’t see Skydo in the “application in progress” section on the RBI website, so I assume its the former and not the latter.

5️⃣ The Online Only archetype: have a domestic and cross border license (atleast one of PA-CB I / O)

I wouldn’t really call this a 5th archetype, but rather a subsegment of the 4th one - the cross border stack. I define this as players with payment aspirations, but more from a global payment stack. There are enough players that sit in here - which have a PA-O license, and atleast one of the PA-CB licenses, either inward or outward remittance, for it to warrant a separate section. This is what the data says:

Most PA-O players either don’t touch cross-border at all, or eventually add PA-P as they scale, signalling largely domestic ambitions, as seen with players like Zoho or Infibeam (CCAvenue). The ones that continue to remain online only tend to be more infra led and globally oriented.

1. Adyen India: Global payment player present in ~100+ countries. Has a PA-O + PA-CB- O

2. Boku Network Services: Global company, HQ’ed in London, US, and UK. It also has a PA-O and PA-CB O

3. Juspay: The big indian infra player, and looks like it will continue to stay in infra. It has already launched in multiple countries across 2024 and 2025. It has all 3 online licenses: PA-O + PA-CB I & O. The PA-CB licenses are a new update as of Jan ’26. This was not the case in the Sep ’25 licensing landscape - signalling both regulatory appetite and Juspay’s execution on international ambition.

4. Pay10, Payglocal, Unlimit India, and Worldline all have a PA-O + PA-CB I & O. Now with these players, they aren’t BIG in the domestic side, but I’m assuming this is more for optionality, the goal is to scale the global stack. The domestic PA-O license is just for regulations.

So, the themes that I’m watching in 2026 are

✅ Cross border strengthens as a standalone product stack:

2026 is shaping up as the year where PA‑CB becomes a standalone product stack, not just another licence tick. It is possible we see import and export centric API products, embeddable inflows/outs, and merchant facing foreign collection tools. For example, Skydo which has a PA-CB I, could show specialization in specific flows.

✅ Regulatory Optionality as Strategy

Choosing which licences to pursue now reflects strategy - regulatory hedging, domestic scale, global aspirations, or export first models. This segmentation will only sharpen in 2026. Every fintech worth their salt and which have some scale will have SOME license under RBI, and in the absence of infra only licenses, the PA becomes the usual suspect.

✅ Escrow and Compliance as Competitive Moat

With RBI’s unified escrow/KYC compliance norms baked in, players who build operations and risk controls around them will differentiate on reliability, and not just pricing.

But what is clear is that where a company sits on payments licenses at an aggregated level is a statement about ambition and product direction

Looking forward, the real story won’t be how many licences exist, but how they are leveraged, which products they enable, which flows they optimise, and which markets they unlock. If 2025 was the year of regulatory consolidation, 2026 looks like the year of strategic deployment. And they’ll likely probably fall in one of the above archetypes defined.