Contact menu close close Careers Instructors Pricing connect with us We’re Here for You Support@assanpay.com Features Home Contact About Business Dashboard – AssanPay Payment Gateway Pakistan assanpay payment gateway dashboard Careers at AssanPay – Join a team that innovates in digital payments

State Bank of Pakistan, The Backbone of Pakistan’s Digital Payments Ecosystem

State Bank of Pakistan digital payments ecosystem

The State Bank of Pakistan (SBP) is the central bank and primary regulator of Pakistan’s financial system, with a special mandate to nurture a secure, efficient, and comprehensive digital payments ecosystem. SBP actively controls the operational, economic, and technological standards for digital payments, as well as maintains standard responsibilities in monetary policy and banking supervision. This ensures that innovations like payment gateways are subject to strict regulatory review. Circulars, guidelines, and participation requirements governing the processing, settlement, and protection of electronic transactions nationwide are issued by the SBP through its Payment Systems Policy & Oversight Department (PSD). As the base for compliance in Pakistan’s digital economy, these standards are essential for fintechs, banks, Electronic Money Institutions (EMIs), Payment System Operators (PSOs), and Payment Service Providers (PSPs).

Understanding SBP’s Regulatory Framework for Payment Gateways

At the core of Pakistan’s regulated payments framework are rules and standards that define the legal and operational standards for payment gateways. These standards help ensure that payment transactions are secure, interoperable, and reliably executed.

SBP Rules for Payment System Operators and Payment Service Providers

Payment gateways are categorised as regulated organisations that offer online services for the clearing, processing, routing, or switching of online transactions in SBP’s Rules for Payment System Operators (PSOs) and Payment Service Providers (PSPs). These regulations specify precise authorisation phases and governance standards for payment gateways. Providing the fundamental underpinning for licensing and compliance.

Under these rules, a payment gateway must:

  • Register and establish your business in Pakistan.
  • Obtain SBP’s phased authorisation, starting with in-principle approval, moving on to pilot operation approval, and concluding with full commercial stage approval.
  • Maintain the SBP-mandated capital requirements, which are currently PKR 200 million plus extra money for each new company venture.
  • Operate under stringent guidelines, such as refraining from handling customer funds or doing out-of-banking tasks.

These regulations ensure that a payment gateway has the financial capacity, governance strength, and operational readiness to manage payment flows securely and reliably in the national ecosystem.

Technology Risk Management Framework (2025)

In October 2025, SBP issued a significant regulatory change to the Technology Risk Management Framework for Payment Institutions. PSOs, PSPs, EMIs, and other businesses or companies permitted by the Payment Systems & Online Fund Transfers Act of 2007 are covered by this framework. Its goal is to ensure that payment institutions have robust cybersecurity and governance procedures equivalent with their operational risk exposure. By March 31, 2026, entities have to prove preparation in areas like cyber risk controls, technology governance, business continuity, and incident reporting procedures.

Raast Participation Criteria and Integration Requirements

The essential functional and technical requirements needed for businesses to join Raast, Pakistan’s real-time instant payment system, are outlined in SBP’s Raast Participation Criteria. These requirements, introduced in early 2025, apply to banks, EMIs, PSOs, and PSPs seeking to participate directly in Raast and encompass fundamental skills such as transaction initiation, real-time settlement, and operational resilience.

Payment gateways are increasingly reliant on Raast integration. All regulated organisations have been instructed by SBP to make sure that their merchants have access to Raast Person-to-Merchant (P2M) payment acceptance services, such as IBAN processing, QR codes, Raast Alias payment, and Request To Pay (RTP) features. The onboarding criteria for new merchants are linked to the first account activation, while the deadline for current merchants is March 31, 2025.

Anti-Money Laundering and Customer Due Diligence Obligations

The State Bank of Pakistan (SBP) requires payment gateways to implement strong AML/CFT (Anti-Money Laundering / Counter-Terrorist Financing) controls. While SBP’s circulars primarily outline payment system standards, AML and customer due diligence requirements flow from SBP’s broader regulatory framework and related Circulars on customer onboarding and risk assessment (e.g., Consolidated Customer Onboarding Framework). These protections ensure that gateways perform responsible merchant onboarding and continuous monitoring to prevent misuse of payment channels for illicit transactions. 

Consumer Protection, Settlement Transparency, and Interoperability

User protection is central to SBP’s approach. Payment gateways must provide transparent fee disclosures, clear reconciliation procedures, and accessible dispute resolution mechanisms. SBP also emphasises interoperability, requiring gateways to operate seamlessly with Raast and other payment networks, ensuring fast, secure settlement for merchants and users.

How SBP Regulations Impact Payment Gateways

For payment gateways, this regulatory framework establishes a clear compliance roadmap:

  • Structured Licensing and Supervision: Before engaging in any activities, entities must obtain and maintain SBP permission.
  • Technology and Risk Standards: The payment infrastructure must meet the 2025 Technology Risk Management Framework’s requirements.
  • Mandatory Raast Adoption: Gateways must provide merchants with Raast P2M services.
  • Customer Protection: SBP’s circulars enforce settlement safety and transparency.

These interlocking standards keep payment gateways secure, compatible, and aligned with national financial inclusion goals.

Assanpay,  A Payment Gateway Built on SBP Compliance and Trust

Assanpay executes regulatory compliance at the heart of our core operations. We recognise that trust and authenticity are fundamental to merchant confidence and customer protection in the digital economy.

Assanpay aligns with SBP’s regulatory frameworks in the following ways:

  • We make sure that our payment routing, collections, disbursement, switching, and settlement services satisfy SBP’s authorisation and governance requirements by operating in accordance with the Rules for Payment System Operators and Payment Service Providers.
  • Our operational and infrastructural policies adhere to SBP’s Technology Risk Management Framework through frequent audit readiness, business continuity planning, and documented cybersecurity procedures
  • As required by SBP’s circulars, we enable businesses to collect digital payments across interoperable rails by supporting Raast integration and P2M payment acceptance.
  • Assanpay complies with SBP requirements and associated compliance frameworks in its onboarding, AML/CFT, and risk monitoring procedures.

Assanpay embeds regulatory best practices into our design, delivering a technologically advanced payment gateway that complies fully with SBP regulations.

Why SBP Compliance Matters for Merchants and Users

For merchants, choosing a gateway like Assanpay that obeys  SBP regulations means transparent settlements, predictable reconciliation, and reduced compliance risk. For users, it means secure transactions and protected personal data under a framework designed to uphold financial integrity and consumer rights.

Building a Secure and Trusted Digital Payments Future

The State Bank of Pakistan’s regulations from PSO/PSP licensing to technology risk frameworks and Raast mandates provide a comprehensive legal and operational compass for payment gateways in Pakistan. These standards protect the financial system, promote innovation, and ensure that fintech services deliver secure and seamless experiences.

Assanpay’s commitment to full regulatory compliance with SBP’s latest frameworks positions it as a trusted, transparent, and secure payment gateway for merchants in Pakistan’s growing digital economy.

Citation Summary

Share the Post:

Related Posts

ecommerce payments in Pakistan

How Ecommerce Payments Work in Pakistan: A Simple Guide for Store Owners

QR payments for local shops

How Local Shops Can Go Digital With QR & Wallet Payments