Loading...
Raast P2P, EFT regulations, digital banking license, forex rules & ePRC portal
| Circular No. | Department | Subject | Date | Impact | Reference |
|---|---|---|---|---|---|
| BPRD CL 01/2026 | BPRD | Teenager Bank Accounts (Ages 13-18) | Jan 2026 | 26M teens can open independent accounts | |
| BPRD CL 09/2026 | BPRD | Consolidated Customer Onboarding Framework | Feb 2026 | Streamlined KYC across banks | |
| EPD CL 05/2026 | EPD | Foreign Currency & Non-resident Accounts | Feb 2026 | Simplified RDA/fresh accounts | |
| FD CL 02/2026 | FD | SOPs for Non-Performing Classified Assets | Mar 2026 | Banking sector stability | |
| BPRD (Cyber Shield) | IT | Cyber Shield — Banking System Protection | Mar 19, 2026 | Launched with 5G rollout | |
| EPD (Liquidity) | EPD | Rs.13.68T Liquidity Injection | Apr 4, 2026 | Conventional + Shariah repo |
| Indicator | Value | As of | Trend | Reference |
|---|---|---|---|---|
| Policy Rate | 10.50% | Mar 9, 2026 | Unchanged | |
| KIBOR 12-Month | 11.51% | Mar 2026 | Stable | |
| PIB 5-Year | 12.50% | Mar 2026 | — | |
| PKR/USD | ~279.10 | Mar 2026 | Depreciating | |
| Inflation (CPI) | 7.3% | Mar 2026 | 17-month high | |
| SBP Foreign Reserves | $16.38B | Mar 2026 | +$5.4B banks = $21.79B | |
| PSX KSE-100 | ~150,000 | Q1 2026 | -14.5% YTD | |
| ICT Exports (H1 FY25) | $1.86B | Dec 2025 | +28% YoY |
State Bank of Pakistan regulations for digital payments, licensing, and remittance — essential for IT companies handling money.
Last updated: April 2026 | P@SHA Cloud & Digital Committee
SBP regulates all payment systems in Pakistan. Any IT company building payment solutions, fintech products, or processing money needs SBP compliance.
| Department | Abbreviation | Role |
|---|---|---|
| Banking Policy & Regulations | BPRD | Policy framework, licensing |
| Electronic Payment & Settlement | EPD | Payment systems, RTGS, RAAST |
| Financial Inclusion | FI | Mobile banking, branchless banking |
| Foreign Exchange | FE | Remittance, forex regulations |
| Banking Supervision | BS | Audit, compliance, enforcement |
| Anti-Money Laundering | AML | AML/CFT compliance |
A Payment System Operator is any entity that operates a payment system — including payment gateways, digital wallets, P2P transfer platforms, and e-commerce payment processors.
| Category | License | Description | Minimum Capital |
|---|---|---|---|
| PSO-1 | Payment System Operator | Full payment system (e.g., payment gateway, wallet) | PKR 500M+ |
| PSO-2 | Payment Service Provider | Limited services (agent, merchant) | PKR 200M+ |
| ELM | E-Money Issuer | Digital wallet, stored value | PKR 500M+ |
| PG | Payment Gateway | Online payment processing | PKR 200M+ |
RAAST is SBP's instant payment system launched in 2022. Built on modern infrastructure for real-time payments.
Registered accounts
Banks & financial institutions
Real-time availability
| Circular | Topic | Key Points |
|---|---|---|
| BPRD Circular 09 | Internet Merchant Accounts | Banks must offer e-commerce merchant accounts;✓ no discrimination based on business size |
| EPD CL 05/2024 | Payment Aggregator Framework | Rules for payment aggregators (Stripe, Checkout equivalent) |
| EPD CL 17/2023 | RAAST Framework | RAAST participation and API access rules |
| BPRD Circular 01/2021 | Branchless Banking | Mobile banking, agent banking, digital onboarding |
| FE Circular 07/2025 | Foreign Remittance | IT export remittance requirements, ePRC |
| EPD CL 09/2025 | Emerging Payment Methods | Crypto, stablecoins, digital assets → prohibited for payment |
If your IT company processes payments, you must comply with SBP's AML/CFT guidelines:
SBP-designated authority for receiving STRs and CTRs. All suspicious transactions must be reported.
| Circular | Topic | Summary |
|---|---|---|
| FE CL 07/2025 | Remittance to IT Companies | Digital service provider remittance procedures |
| FE Circular 02 | Export of IT Services | 100% retention in FE account, ePRC automation |
| FE CL 01/2023 | Foreign Exchange Manual | Comprehensive FE rules and procedures |
| Method | Allowed | Notes |
|---|---|---|
| Wire Transfer (SWIFT) | ✓✓ Yes | Best method → bank to bank |
| Payoneer | ✓✓ Yes | Popular for freelancers/small IT companies |
| Wise (TransferWise) | ✓✓ Yes | Low-cost international transfers |
| Upwork/Escalations | ✓✓ Yes | Through platform, then to local bank |
| Stripe | ✓✓ Limited | Not fully available in PK; use Payoneer alternative |
| PayPal | ✓✓ No | Not available in Pakistan |
| Crypto | ✓✓ No | Prohibited by SBP |
| Reference | Title | Year | Relevance |
|---|---|---|---|
| CRMD CL01/2026 | Cyber Shield — Cyber Resilience Strategy 2025-2030 | 2026 | Mandatory for all SBP-regulated entities |
| BPRD C1/2026 | Teenager Account/Wallet Framework | 2026 | Digital wallet design requirements |
| DRB License | Digital Retail Bank License — Raqami Islamic Digital Bank (SBP DRB licenses, as of April 2026) | 2026 | New digital banking category |
| PSD C4/2025 | Technology Risk Management Framework for Payment Institutions | 2025 | Compliance deadline Mar 2026 |
| PSD C1/2025 | Raast Participation Criteria | 2025 | Updated participation rules |
| PSD C3/2025 | Subsidy for Raast P2M QR Payments (PKR 3.5B) | 2025 | QR merchant enablement incentive |
| BPRD C1/2025 | Consolidated Customer Onboarding Framework | 2025 | Digital KYC/CDD standards |
| BPRD CL7/2025 | VPN for SBP Hosted Portals (Service Desk/RAS) | 2025 | IT connectivity transition |
| DRB License | Digital Retail Bank License — Easypaisa Bank (SBP DRB licenses, as of April 2026) | 2025 | First DRB license issued |
| PSD C1/2024 | Customer Notifications for Digital Payments via Mobile Apps | 2024 | Push/in-app notifications replacing SMS |
| PSD CL1/2024 | Raast P2M Payment Acceptance Service | 2024 | Expanded merchant acceptance |
| PSD C4/2023 | Launch of Raast Person-to-Merchant (P2M) Service | 2023 | P2M payments operational |
| PSD C3/2023 | Regulations for Electronic Money Institutions (Update) | 2023 | Updated EMI framework |
| PSD C2/2023 | Digital Payment Services to Unauthorized Digital Lending Apps | 2023 | Fintech compliance — no services to unlicensed apps |
| PSD C1/2023 | Guidelines for Downtime of Digital Channels/Services | 2023 | Uptime SLA requirements |
| PSD CL6/2022 | Mobile Applications Security Guidelines | 2022 | App security standards for banks/EMIs |
| Reference | Title | Year |
|---|---|---|
| PSD C1/2019 | Regulations for Electronic Money Institutions (EMIs) | 2019 |
| PSD CL3/2019 | Standardization of QR Codes for Payments | 2019 |
| PSD C9/2018 | Security of Digital Payments | 2018 |
| PSD C8/2018 | Rules for Payment System Operators and PSPs | 2018 |
| PSD C3/2018 | Electronic Fund Transfers (EFT) Regulations | 2018 |
| PSD C3/2017 | Payment Systems Designation Framework | 2017 |
| PSD C5/2016 | Regulations for Payment Card Security | 2016 |
| PSD C3/2015 | Regulations for Security of Internet Banking | 2015 |
Per PSD C1/2025, Raast is built on ISO 20022 standard and defines four participant categories: (Federal (SBP))
| Category | Description | Settlement |
|---|---|---|
| Direct Settlement Participant (DSP) | Banks/MFBs with PRISM settlement account; direct clearing & settlement | Own settlement account via PRISM |
| Direct Non-Settlement Participant (DNSP) | EMIs, PSOs/PSPs sponsored by a DSP bank | Through sponsoring bank |
| Payment Initiation Service Provider (PISP) | Authorized entities offering payment initiation services on behalf of users | Through sponsor |
| Indirect Participant (IP) | Entities accessing Raast services through a DSP or DNSP | Through parent participant |
Per PSD C3/2025, SBP has allocated PKR 3.5 billion to subsidize Raast P2M QR transactions: (Federal (SBP))
| Parameter | Details |
|---|---|
| Subsidy Rate | 0.5% of transaction value or PKR 100 per transaction, whichever is lower |
| Subsidy Split | Shared equally between Merchant Service Provider (MSP) and Customer Service Provider (CSP) |
| Eligibility Period | September 1, 2025 – June 30, 2026 |
| Eligible Transactions | Only successful Raast P2M QR-based transactions posted in Raast system |
| Claim Process | Quarterly claims via Raast.Itoc@sbp.org.pk within 5 working days of quarter close, verified by internal audit |
| Verification | Raast Payments Pakistan (RPP) verifies claims against Raast system data; SBP inspection teams may verify on sample basis |
SBP has issued Rules for Digital On-boarding of Merchants enabling EMIs to onboard merchants with simplified due diligence through mobile apps and web portals. Key provisions: (Federal (SBP))
Key foundational regulations that IT companies handling payment data must comply with: (Federal (SBP))
| Regulation | Key IT-Relevant Requirements |
|---|---|
| Electronic Fund Transfer Regulations (PS&EFT Act 2007) | Consumer protection for EFT; originator AFI liable for unauthorized transfers; 45-day error resolution window; mandatory transaction records; compensation policy for EFT errors |
| Regulations for Payment Card Security (PSD C5/2016) | EMV compliance roadmap; Card Security Framework with risk assessment, control implementation, fraud/dispute resolution management; data breach notification within 48 hours; customer compensation within 2 business days for data breach losses |
| Regulations for Security of Internet Banking (PSD C3/2015) | Internet Banking Security Framework (risk assessment + controls + monitoring); two-factor authentication; least privilege principle; intrusion detection/prevention systems; security breach response procedures |
| Prepaid Card Regulations | Value limits per card type; AML/CFT compliance; cross-border usage restrictions; customer due diligence; payroll card, social transfer card, Hajj card provisions |
| Payment Systems Designation Framework (PSD C3/2017) | SBP can designate systemically important payment systems; designated systems subject to comprehensive oversight; suspension/revocation powers |
| QR Code Standardization (PSD CL3/2019) | Standardized QR codes for interoperable merchant payments; branding guidelines for displayed QR codes; acquirer must display procedure + helpline at QR acceptance points |
SBP has implemented the Regulatory Approval System (RAS) — an online portal for submitting and tracking licensing applications (PSO/PSP, EMI, DRB applications). IT companies seeking payment licenses must use RAS for: (Federal (SBP))
Per the Regulations for EMIs (rev. 2023): (Federal (SBP))
| Wallet Type | Monthly Credit Limit | Max Balance | Requirements |
|---|---|---|---|
| Basic E-Money Wallet | PKR 40,000 | PKR 20,000 | CNIC-only verification |
| Enhanced E-Money Wallet | PKR 400,000 | PKR 200,000 | Biometric verification + full CDD |
| Basic Wallet for Minors (under 18) | PKR 37,000 | PKR 10,000 | Guardian CNIC + minor CNIC/B-Form |
| Enhanced Wallet for Minors (under 18) | PKR 100,000 | PKR 50,000 | Biometric of guardian + full CDD |
| Priority | Action | Deadline |
|---|---|---|
| ✓✓ High | Ensure all export payments via SBP channel | Immediately |
| ✓✓ High | Open FE retention account (if✓ not done) | This week |
| ✓✓ Medium | Subscribe to SBP circulars | This month |
| ✓✓ Medium | Review AML obligations | This month |
| ✓ Low | Explore RAAST API integration | When relevant |
| ✓ Low | Consider PSO license (if building fintech) | 12+ months |
PSD CL1/2025 — Enhancing Digitization: SBP has directed banks to achieve up to 25% growth in digital transactions by 2028, with mandatory digital onboarding channels, QR payment acceptance, real-time customer notifications, and digital fraud prevention controls. IT companies providing banking platforms must implement fraud detection, transaction monitoring, and notification APIs.
Customer Notifications via Mobile: Free real-time SMS and push alerts mandatory for all digital payment transactions, supplementing PSD C9/2018 security requirements.