Introduction
The financial technology (FinTech) sector in Nepal has experienced steady growth over the past decade. The increasing use of digital payment systems, mobile banking, internet banking, QR code payments, electronic wallets, and online financial services has changed the way individuals and businesses conduct financial transactions. Financial institutions, payment service providers, payment system operators, lending platforms, remittance companies, insurance technology companies, and investment technology firms have increasingly adopted digital platforms to improve financial accessibility and efficiency.
Although Nepal does not have a single law titled the FinTech Act, FinTech businesses operate under a comprehensive legal and regulatory framework consisting of several statutes, regulations, directives, bylaws, and circulars issued by the Government of Nepal and Nepal Rastra Bank (NRB). Depending upon the nature of the financial technology services, a FinTech business may require prior approval or licensing from Nepal Rastra Bank, the Office of the Company Registrar (OCR), the Department of Industry (DOI), the Investment Board Nepal (IBN), or other sector-specific regulatory authorities.
A business intending to provide payment services, digital wallets, payment gateways, electronic fund transfer services, merchant acquiring services, digital remittance services, or other regulated financial services cannot commence operations merely after company registration. Regulatory approval from Nepal Rastra Bank is generally required before commencing business activities that fall within regulated financial services.
The fintech license approval in Nepal process varies depending on the business model. For example, a Payment System Operator (PSO) requires a different approval process from a Payment Service Provider (PSP). Similarly, businesses providing lending, remittance, securities, insurance, or investment services may require approvals from separate regulatory authorities established under their respective governing laws.
Businesses planning to establish a fintech company in Nepal should therefore understand the applicable legal framework, licensing requirements, regulatory obligations, compliance standards, and reporting duties before beginning commercial operations.
This article explains the fintech license approval in Nepal, applicable laws, regulatory authorities, eligibility requirements, licensing process, documentation, compliance obligations, penalties, renewal procedures, and other legal considerations governing financial technology businesses in Nepal.
What is a FinTech Business?
Financial Technology, commonly referred to as FinTech, means the application of technology to deliver financial products and financial services electronically. Instead of relying entirely on traditional banking channels, FinTech businesses use software, internet-based platforms, mobile applications, cloud computing, artificial intelligence, blockchain technology, data analytics, and digital communication systems to provide financial services more efficiently.
A FinTech company may operate independently or may collaborate with licensed banks, financial institutions, payment operators, insurance companies, or securities market participants.
Common examples of FinTech businesses include:
- Digital Wallet Services
- Mobile Payment Applications
- QR Payment Platforms
- Online Payment Gateways
- Payment Aggregators
- Electronic Fund Transfer Platforms
- Merchant Payment Services
- Peer-to-Peer Payment Platforms
- Digital Lending Platforms
- Crowdfunding Platforms
- Wealth Management Applications
- Robo-Advisory Services
- InsurTech Platforms
- RegTech Solutions
- Financial Data Analytics Platforms
- Cross-border Payment Solutions
- Digital Banking Technology Providers
Not every technology company providing financial software requires a regulatory license. Licensing requirements depend upon whether the business directly provides regulated financial services to customers or merely supplies technology solutions to licensed financial institutions.
FinTech Industry in Nepal
Nepal’s digital financial ecosystem has expanded rapidly following the adoption of mobile banking, internet banking, QR code payments, electronic wallets, and digital government payment initiatives. Increased smartphone penetration, affordable internet services, and government policies promoting digital payments have contributed significantly to this growth.
Several licensed payment service providers and payment system operators currently facilitate millions of electronic transactions each month. Banks and financial institutions increasingly integrate with licensed payment platforms to enable real-time fund transfers, utility payments, merchant payments, and government service payments.
The COVID-19 pandemic further accelerated the adoption of digital payment systems by encouraging contactless financial transactions across the country.
Nepal Rastra Bank has also introduced several policy measures encouraging innovation while maintaining financial stability, consumer protection, cybersecurity, and anti-money laundering compliance.
As a result, the demand for fintech company registration in Nepal and fintech license approval in Nepal has steadily increased among domestic entrepreneurs as well as foreign investors.
Legal Framework Governing FinTech License Approval in Nepal
Nepal does not regulate FinTech through one comprehensive statute. Instead, several laws collectively govern financial technology businesses according to the services they provide.
The primary legal framework includes:
Constitution of Nepal, 2015
The Constitution provides the legal basis for regulating banking, financial institutions, electronic commerce, taxation, investment, and commercial activities. Parliament has enacted sector-specific legislation pursuant to constitutional authority.
Payment and Settlement Act, 2075 (2018)
The Payment and Settlement Act is the principal legislation governing payment systems and payment service providers in Nepal.
The Act regulates:
- Payment System Operators
- Payment Service Providers
- Electronic Payment Systems
- Digital Payment Infrastructure
- Settlement Systems
- Payment Instruments
- Licensing Requirements
- Regulatory Supervision
- Inspection Powers
- Penalties
Any person operating a payment system without obtaining the prescribed approval from Nepal Rastra Bank may face legal action under this Act.
Nepal Rastra Bank Act, 2058 (2002)
The Nepal Rastra Bank Act establishes Nepal Rastra Bank as the central bank of Nepal and grants regulatory authority over payment systems, monetary policy, banking supervision, and financial stability.
NRB derives authority under this Act to issue:
- Directives
- Circulars
- Licensing Standards
- Prudential Regulations
- Payment System Regulations
Many FinTech businesses fall within the supervisory jurisdiction of Nepal Rastra Bank because they directly affect payment systems and financial transactions.
Banks and Financial Institutions Act, 2073 (2017)
The Banks and Financial Institutions Act regulates licensed banks and financial institutions.
Although many FinTech companies are not themselves licensed banks, partnerships with banks often require compliance with this Act, particularly where banking services are integrated into FinTech platforms.
Electronic Transactions Act, 2063 (2008)
The Electronic Transactions Act legally recognizes:
- Electronic Records
- Electronic Contracts
- Digital Signatures
- Electronic Communications
The Act also provides penalties for unauthorized access, computer fraud, data interference, and cyber offences.
FinTech businesses operating online platforms should ensure compliance with electronic transaction requirements.
Asset (Money) Laundering Prevention Act, 2064 (2008)
Every regulated financial institution must implement anti-money laundering measures under this Act.
FinTech businesses licensed by Nepal Rastra Bank are generally required to establish systems relating to:
- Customer Identification
- Customer Due Diligence
- Know Your Customer (KYC)
- Record Maintenance
- Transaction Monitoring
- Suspicious Transaction Reporting
Failure to maintain AML compliance may result in regulatory sanctions.
Foreign Investment and Technology Transfer Act, 2075 (2019)
Foreign investors intending to establish FinTech businesses in Nepal must comply with FITTA.
Depending upon investment size and business structure, approvals may be required from:
- Department of Industry
- Investment Board Nepal
- Nepal Rastra Bank
Foreign investment approval does not replace regulatory licensing requirements applicable to financial services.
Companies Act, 2063 (2006)
Every FinTech company operating in Nepal must first be incorporated under the Companies Act unless another legal structure is specifically permitted.
Company incorporation alone does not authorize regulated financial activities.
Separate sectoral approvals remain mandatory.
Regulatory Authorities
Different regulators supervise different categories of FinTech businesses.
Nepal Rastra Bank (NRB)
Nepal Rastra Bank is the primary regulator for payment systems and payment service providers.
Its responsibilities include:
- Granting licenses
- Regulatory inspections
- Compliance monitoring
- Issuing directives
- Risk supervision
- Consumer protection oversight
- Payment system regulation
Most businesses seeking fintech license approval in Nepal interact primarily with Nepal Rastra Bank.
Office of the Company Registrar (OCR)
Every company must first complete incorporation with the Office of the Company Registrar.
OCR handles:
- Company incorporation
- Share structure
- Director appointments
- Annual filings
- Company amendments
OCR registration is generally the first legal step before applying for sector-specific licenses.
Department of Industry (DOI)
Where foreign investment is involved, approval from the Department of Industry may be required before investment is injected into the company.
DOI supervises foreign investment approvals under FITTA.
Investment Board Nepal (IBN)
Large-scale investments exceeding statutory thresholds may fall under the jurisdiction of Investment Board Nepal.
Financial Information Unit (FIU)
The Financial Information Unit receives suspicious transaction reports and monitors compliance with anti-money laundering obligations.
Licensed FinTech companies must cooperate with FIU reporting requirements where applicable.
Types of FinTech Businesses Requiring Regulatory Approval
Not every technology company falls within regulated financial services.
Examples of businesses commonly requiring regulatory approval include:
- Digital Wallet Operators
- Payment Gateway Operators
- Merchant Acquiring Platforms
- QR Payment Operators
- Electronic Money Issuers
- Payment Aggregators
- Payment Service Providers
- Payment System Operators
- Domestic Money Transfer Platforms
- Electronic Fund Transfer Operators
Depending on the services provided, additional approvals may also be required for:
- Digital Lending Platforms
- Securities Technology Platforms
- Investment Technology Companies
- Insurance Technology Companies
- Cross-border Payment Operators
The regulatory classification depends upon the actual services provided rather than the business name or branding.
Eligibility Criteria for FinTech License Approval in Nepal
An applicant seeking fintech license approval in Nepal must satisfy the eligibility standards prescribed by Nepal Rastra Bank and other applicable regulators.
Although specific criteria vary according to the type of license sought, applicants are generally expected to demonstrate:
- Valid company incorporation in Nepal.
- A clear business model describing the proposed financial technology services.
- Adequate paid-up capital as prescribed by the relevant regulatory framework.
- A transparent shareholding structure with disclosure of beneficial ownership.
- Directors, promoters, and key management personnel who satisfy fit and proper requirements.
- Sound corporate governance arrangements.
- Appropriate internal control systems.
- Information technology infrastructure capable of delivering secure and reliable services.
- Cybersecurity policies and risk management mechanisms.
- Business continuity and disaster recovery plans.
- Customer grievance handling procedures.
- Anti-money laundering and counter-terrorist financing compliance systems.
- Data protection and information security measures.
- Financial capacity to sustain operations.
- Compliance with all applicable laws, directives, and regulatory standards.
Nepal Rastra Bank evaluates each application based on regulatory compliance, financial soundness, operational readiness, governance standards, and the overall impact of the proposed services on Nepal’s payment system and financial sector.
Documents Required for FinTech License Approval in Nepal
The documents required for fintech license approval in Nepal depend on the type of financial technology service the applicant intends to provide. Nepal Rastra Bank examines the legal, financial, technical, and operational capacity of every applicant before granting approval. The applicant must submit complete and accurate documents demonstrating compliance with the Payment and Settlement Act, 2075 (2018), the Payment and Settlement Bylaws, applicable Nepal Rastra Bank Directives, and other relevant laws. Submission of incomplete documents may delay the approval process or result in rejection of the application. Supporting documents should be current, properly certified where required, and consistent with the information contained in the application form.
The commonly required documents include:
- Application addressed to Nepal Rastra Bank
- Prescribed application form
- Certificate of Company Incorporation
- Memorandum of Association (MOA)
- Articles of Association (AOA)
- PAN Registration Certificate
- Tax Registration Documents
- Company Registration Number
- Shareholder Register
- Share Certificate Details
- List of Promoters
- List of Directors
- Citizenship Certificates or Passports of Promoters
- Biodata of Directors and Key Management Personnel
- Organizational Structure
- Business Plan
- Financial Projections
- Detailed Description of Proposed FinTech Services
- Technology Architecture Document
- System Flow Diagram
- Information Security Policy
- Cybersecurity Framework
- Risk Management Policy
- Internal Control Policy
- Corporate Governance Policy
- Anti-Money Laundering (AML) Policy
- Know Your Customer (KYC) Policy
- Customer Due Diligence Procedures
- Consumer Protection Policy
- Complaint Handling Procedure
- Data Privacy Policy
- Disaster Recovery Plan
- Business Continuity Plan
- Internal Audit Framework
- External Auditor Details
- Capital Verification Documents
- Bank Statements
- Source of Investment Documents
- Office Lease Agreement or Ownership Documents
- Office Photographs
- Employee Details
- Service Agreements with Technology Vendors, if applicable
- Agreements with Banks or Financial Institutions, if applicable
- Software License Details
- IT Infrastructure Details
- Network Security Documents
- Compliance Declaration
- Board Resolution Authorizing the License Application
- Other documents requested by Nepal Rastra Bank during the review process.
Step-by-Step FinTech License Approval Process in Nepal
The fintech approval process in Nepal follows a structured regulatory procedure. Nepal Rastra Bank examines each application to determine whether the proposed business satisfies the legal, technical, financial, and operational standards required for carrying out regulated financial activities. Applicants should prepare all supporting documents before filing the application because additional requests for clarification may extend the overall approval period. Although the exact process differs according to the type of FinTech business, the general licensing procedure follows a similar sequence.
The process generally includes the following steps:
Step 1: Determine the Nature of the FinTech Business
The first step is identifying whether the proposed business falls within a regulated financial activity. Businesses intending to operate payment systems, payment services, digital wallets, electronic payment platforms, payment gateways, or other regulated financial services generally require approval from Nepal Rastra Bank. Businesses providing only software development or technology support without directly offering regulated financial services may not require such approval.
Step 2: Incorporate the Company
The applicant must register a company under the Companies Act, 2063 (2006) through the Office of the Company Registrar. During incorporation, the company should include appropriate objectives authorizing it to carry out financial technology services. Any inconsistency between the proposed activities and the company’s constitutional documents may require amendments before proceeding with the licensing process.
Step 3: Obtain Other Preliminary Approvals
Where foreign investment is involved, the investor should first obtain approval under the Foreign Investment and Technology Transfer Act, 2075 (2019). Depending on the investment amount and business structure, approval may be required from the Department of Industry or the Investment Board Nepal. Nepal Rastra Bank approval for foreign investment inflow may also be required before capital can be injected into the company.
Step 4: Prepare the Business Plan
A comprehensive business plan should explain the proposed financial services, target customers, projected transaction volume, revenue model, governance structure, risk management system, operational strategy, and financial projections. Nepal Rastra Bank evaluates whether the proposed business model is financially sustainable and capable of operating in compliance with applicable laws.
Step 5: Establish Technical Infrastructure
Before applying for a license, the applicant should establish adequate technical infrastructure. The technology platform should include secure servers, encryption systems, cybersecurity controls, disaster recovery mechanisms, transaction monitoring tools, backup facilities, user authentication systems, and appropriate data protection measures. Nepal Rastra Bank may assess the readiness of the technical infrastructure during the licensing process.
Step 6: Prepare Compliance Policies
The applicant should prepare internal policies relating to anti-money laundering, customer identification, information security, operational risk management, complaint handling, corporate governance, internal control, business continuity, and regulatory reporting. These policies demonstrate the applicant’s preparedness to operate a regulated financial service.
Step 7: Submit the License Application
The completed application together with all supporting documents should be submitted to Nepal Rastra Bank in the prescribed format. The application should include every document required under the relevant laws, directives, bylaws, and circulars. Missing documents frequently result in requests for additional information.
Step 8: Preliminary Review by Nepal Rastra Bank
After receiving the application, Nepal Rastra Bank conducts an initial examination to determine whether all required documents have been submitted. If deficiencies are identified, the applicant is generally requested to submit additional documents or clarify inconsistencies before substantive review begins.
Step 9: Detailed Regulatory Assessment
During the detailed review stage, Nepal Rastra Bank evaluates:
- Financial capacity
- Capital adequacy
- Shareholding structure
- Corporate governance
- Technical infrastructure
- Cybersecurity measures
- AML compliance
- KYC procedures
- Internal control systems
- Operational readiness
- Risk management
- Consumer protection arrangements
- Business continuity planning
The regulator may request meetings with promoters or management during this stage.
Step 10: Inspection and Technical Evaluation
Depending on the nature of the proposed services, Nepal Rastra Bank may inspect the applicant’s office, review technical infrastructure, verify operational readiness, examine security arrangements, and evaluate compliance systems before granting approval.
Step 11: Grant of License
If Nepal Rastra Bank determines that the applicant satisfies all legal and regulatory requirements, it issues the relevant approval or license authorizing the company to commence regulated operations. The scope of activities permitted under the license depends upon the specific authorization granted by the regulator.
Step 12: Commencement of Operations
After receiving the license, the company may begin commercial operations subject to continuous compliance with all applicable laws, directives, reporting obligations, inspection requirements, and regulatory standards. The license does not exempt the company from future supervisory oversight.
Regulatory Review Process
The review process for fintech license approval in Nepal is comprehensive because financial technology businesses directly affect payment systems, financial stability, and consumer interests. Nepal Rastra Bank evaluates each application individually based on the services proposed by the applicant. The regulator focuses on whether the applicant possesses sufficient financial resources, reliable technology infrastructure, qualified management, and appropriate governance mechanisms. The review process also seeks to ensure that the proposed business will not create undue risks for customers, financial institutions, or the national payment system. During the examination, Nepal Rastra Bank may request clarifications, additional documents, technical demonstrations, or modifications to internal policies before reaching a final decision.
The review commonly includes assessment of:
- Legal compliance
- Corporate structure
- Shareholding transparency
- Beneficial ownership
- Paid-up capital
- Business viability
- Financial projections
- Technical infrastructure
- Software security
- Cybersecurity controls
- Data storage arrangements
- Operational risk management
- Internal audit framework
- Corporate governance
- Customer grievance mechanism
- AML compliance
- KYC procedures
- Disaster recovery arrangements
- Business continuity planning
- Consumer protection measures
The regulator may also seek information from other government agencies where necessary before issuing the final approval.
Time Required for FinTech License Approval in Nepal
There is no single statutory timeline applicable to every category of fintech license approval in Nepal. The processing period depends upon the complexity of the proposed business model, completeness of the submitted documents, technical evaluation requirements, and the time taken by the applicant to respond to requests for additional information.
Applications supported by complete documentation and well-developed compliance systems are generally processed more efficiently than applications requiring repeated revisions. Where foreign investment approvals, technology audits, or additional regulatory consultations are involved, the approval process may require additional time.
Applicants should also account for the time required to incorporate the company, obtain foreign investment approvals where applicable, prepare internal policies, establish technology infrastructure, and complete cybersecurity arrangements before filing the licensing application.
Government Fees
Government fees applicable to fintech license approval in Nepal vary according to the type of license sought. Nepal Rastra Bank may prescribe separate fees for different categories of payment service providers, payment system operators, or other regulated financial services through notifications, directives, or applicable regulatory instruments.
In addition to regulatory licensing fees, applicants should also consider expenses relating to:
- Company incorporation
- Legal documentation
- Professional advisory services
- Foreign investment approvals, where applicable
- Information technology infrastructure
- Software development
- Cybersecurity implementation
- External audits
- Capital contribution
- Office establishment
- Compliance systems
- Insurance, where required
- Employee recruitment and training
Applicants should verify the latest fee schedule with Nepal Rastra Bank before submitting the application because regulatory charges may be revised from time to time.
Capital Requirements
Capital requirements vary according to the category of FinTech license. Nepal Rastra Bank may prescribe minimum paid-up capital for Payment System Operators, Payment Service Providers, or other regulated entities through directives, licensing conditions, or subsequent amendments.
The regulator considers capital adequacy as an indicator of the applicant’s financial capacity to establish secure technology infrastructure, maintain operational continuity, manage business risks, and protect customer interests. Applicants should ensure that the required capital has been fully subscribed and paid before applying for a license, together with documentary evidence demonstrating the lawful source of funds. Where foreign investment is involved, the capital contribution must also comply with the Foreign Investment and Technology Transfer Act, 2075 (2019) and the applicable foreign exchange regulations administered by Nepal Rastra Bank.
Compliance Requirements Before Commencement of Business
Receiving a license does not immediately relieve the applicant from further regulatory obligations. Before commencing commercial operations, the licensed entity should ensure that all internal systems are fully operational and compliant with the applicable legal framework. Nepal Rastra Bank expects licensed FinTech companies to maintain robust governance, operational controls, and customer protection measures from the first day of business.
Before launching services, a licensed entity should generally have in place:
- Operational technology systems
- Secure payment infrastructure
- Customer onboarding procedures
- KYC verification mechanisms
- AML transaction monitoring systems
- Cybersecurity controls
- Complaint handling mechanism
- Internal audit arrangements
- Risk management framework
- Disaster recovery facilities
- Business continuity arrangements
- Data backup systems
- Regulatory reporting procedures
- Staff training programs
- Information security policies
- Consumer disclosure documents
- Terms and conditions for users
Failure to establish these systems may expose the license holder to supervisory action, regulatory directions, or other measures under the applicable laws and directives.
Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) Compliance
Anti-money laundering and counter-terrorist financing compliance forms a significant part of the regulatory framework governing fintech license approval in Nepal. Financial technology companies handling customer funds, payment services, electronic money, or financial transactions must establish effective systems to prevent the misuse of financial services for money laundering, terrorist financing, fraud, tax evasion, and other financial crimes. Nepal Rastra Bank regularly supervises regulated entities to ensure compliance with statutory obligations and internationally accepted AML/CFT standards. Failure to comply with these obligations may result in regulatory sanctions, monetary penalties, suspension of operations, or cancellation of the license.
The principal legal framework includes:
- Asset (Money) Laundering Prevention Act, 2064 (2008)
- Asset (Money) Laundering Prevention Rules
- Nepal Rastra Bank Directives
- Payment and Settlement Act, 2075 (2018)
- Circulars and Guidelines issued by Nepal Rastra Bank
Licensed FinTech companies should establish comprehensive AML/CFT systems before commencing business operations.
These measures generally include:
- Customer Identification Procedures
- Know Your Customer (KYC) Framework
- Customer Due Diligence (CDD)
- Enhanced Due Diligence (EDD)
- Beneficial Ownership Verification
- Risk-Based Customer Classification
- Ongoing Transaction Monitoring
- Record Maintenance
- Employee Training
- Internal Compliance Officer Appointment
- Suspicious Transaction Reporting (STR)
- Threshold Transaction Reporting where applicable
- Internal Audit of AML Systems
The Financial Information Unit (FIU), established under Nepal Rastra Bank, receives suspicious transaction reports and coordinates with reporting entities for AML/CFT compliance.
Know Your Customer (KYC) Requirements
Every licensed FinTech company providing regulated financial services must verify the identity of its customers before establishing a business relationship. KYC obligations reduce the risk of identity theft, financial fraud, anonymous transactions, and misuse of digital payment platforms. Nepal Rastra Bank expects licensed entities to adopt customer identification systems proportionate to the nature and risk level of the services provided. Electronic KYC systems may be used where permitted by applicable regulatory requirements, provided that adequate verification mechanisms are maintained.
A typical KYC framework includes:
- Verification of Citizenship Certificate or Passport
- Photograph Verification
- Permanent Address Verification
- Contact Number Verification
- Email Verification
- Source of Funds Assessment where necessary
- Beneficial Ownership Verification
- Customer Risk Classification
- Periodic Updating of Customer Information
- Ongoing Monitoring of Customer Transactions
Higher-risk customers may require enhanced due diligence before services are provided.
Cybersecurity Requirements
Cybersecurity is an essential regulatory expectation for every licensed FinTech business. Since FinTech companies rely on digital platforms, cloud infrastructure, mobile applications, payment gateways, and online transaction systems, they remain exposed to cybersecurity risks such as hacking, phishing, malware attacks, ransomware, unauthorized system access, identity theft, and data breaches. Nepal Rastra Bank requires regulated entities to implement appropriate information security measures to protect financial systems and customer information. Cybersecurity arrangements should be reviewed periodically and updated in response to evolving technological risks.
Cybersecurity measures generally include:
- Multi-factor Authentication
- Encryption of Customer Data
- Secure Network Architecture
- Firewalls
- Intrusion Detection Systems
- Access Control Policies
- Password Management Policies
- Security Incident Response Plan
- Regular Vulnerability Assessment
- Penetration Testing
- Security Monitoring
- Data Backup Systems
- Disaster Recovery Systems
- Security Awareness Training
Technology infrastructure should be regularly updated to maintain resilience against cyber threats.
Data Privacy and Information Security
FinTech businesses routinely collect sensitive customer information, including identification documents, banking information, transaction histories, contact details, financial records, and authentication credentials. Proper handling of personal information helps maintain consumer confidence and supports compliance with applicable legal obligations. Companies should adopt internal policies governing the collection, storage, processing, sharing, retention, and disposal of customer data. Access to personal information should be limited to authorized personnel, and security measures should be proportionate to the nature of the information being processed.
Information security policies should address:
- Data Collection Procedures
- Data Storage Standards
- Access Control
- User Authentication
- Data Encryption
- Backup Procedures
- Data Retention Periods
- Data Disposal Procedures
- Third-Party Data Sharing
- Security Incident Reporting
- Customer Consent Mechanisms
FinTech companies should regularly review their information security framework and maintain records demonstrating compliance with internal policies and regulatory expectations.
Risk Management Framework
Nepal Rastra Bank expects licensed FinTech companies to establish an effective risk management framework that identifies, measures, monitors, and controls operational and financial risks. A structured framework enables management to respond to technology failures, fraud, liquidity constraints, legal disputes, cyber incidents, and operational disruptions. Risk management should be integrated into day-to-day decision-making and supported by documented policies approved by the board of directors.
The framework should generally address:
- Operational Risk
- Information Technology Risk
- Cybersecurity Risk
- Fraud Risk
- Compliance Risk
- Legal Risk
- Reputational Risk
- Outsourcing Risk
- Business Continuity Risk
- Third-Party Vendor Risk
Senior management should periodically review the effectiveness of these controls and implement corrective measures where necessary.
Foreign Investment in FinTech Companies
Foreign investors may establish or invest in FinTech companies in Nepal subject to compliance with Nepal’s foreign investment laws and sector-specific regulatory requirements. Foreign investment approval does not automatically authorize the company to provide regulated financial services. Where the proposed activities fall under the jurisdiction of Nepal Rastra Bank, the company must also obtain the relevant regulatory license before commencing operations.
The primary legal framework includes:
- Foreign Investment and Technology Transfer Act, 2075 (2019)
- Foreign Investment and Technology Transfer Rules
- Companies Act, 2063 (2006)
- Nepal Rastra Bank Act, 2058 (2002)
- Payment and Settlement Act, 2075 (2018)
- Applicable Foreign Exchange Regulations
Foreign investors should evaluate whether the proposed FinTech activity is open to foreign investment under prevailing government policies and whether additional approvals are required from the Department of Industry, Investment Board Nepal, or Nepal Rastra Bank.
Foreign Exchange Compliance
Where foreign investment is approved, all capital inflows and repatriation of dividends, technology transfer fees, royalties, or loan repayments must comply with Nepal Rastra Bank’s foreign exchange regulations. Documentary evidence relating to investment approval, inward remittance, and capital contribution should be maintained for regulatory purposes. Companies should also ensure that cross-border transactions are conducted only through legally authorized channels and in accordance with applicable foreign exchange laws.
Nepal Rastra Bank Regulatory Sandbox
Nepal Rastra Bank has introduced policy initiatives encouraging innovation within the financial sector while maintaining regulatory oversight. One such initiative is the concept of a regulatory sandbox, which permits selected financial technology solutions to be tested within a controlled environment before wider commercial deployment. The objective is to encourage technological innovation while allowing regulators to assess potential risks relating to financial stability, consumer protection, cybersecurity, and compliance.
Businesses participating in such initiatives may be required to:
- Demonstrate technological innovation
- Define testing objectives
- Establish consumer safeguards
- Implement risk mitigation measures
- Submit periodic reports
- Comply with testing conditions imposed by Nepal Rastra Bank
Participation in a sandbox does not replace the requirement to obtain a full regulatory license where the proposed activities constitute regulated financial services.
Payment System Operator (PSO) License
A Payment System Operator (PSO) operates the infrastructure that facilitates payment transactions between financial institutions, payment service providers, merchants, and customers. The operator manages the payment network rather than providing payment accounts directly to end users. Under the Payment and Settlement Act, 2075 (2018), a PSO must obtain approval from Nepal Rastra Bank before commencing operations.
Examples of PSO activities may include:
- Payment Switching
- Clearing Services
- Settlement Infrastructure
- Payment Network Operations
- Merchant Network Management
- QR Network Management
- Card Network Switching
- Interbank Payment Processing
Applicants seeking a PSO license should demonstrate technical capability, financial resources, governance arrangements, operational resilience, and cybersecurity preparedness in accordance with the requirements prescribed by Nepal Rastra Bank.
Payment Service Provider (PSP) License
A Payment Service Provider (PSP) provides payment services directly to customers and merchants. Unlike a PSO, a PSP interacts with end users by offering digital payment facilities. Activities commonly undertaken by PSPs include electronic wallets, mobile payment applications, merchant payment services, utility bill payments, and online payment solutions. A PSP must obtain prior approval from Nepal Rastra Bank before providing regulated payment services in Nepal.
Typical PSP services include:
- Digital Wallet Services
- Mobile Payment Applications
- QR Code Payments
- Utility Bill Payments
- Merchant Payments
- Electronic Fund Transfers
- Mobile Recharge Services
- Government Fee Collection
- Ticket Booking Payments
- E-commerce Payment Services
The applicant must comply with the licensing conditions, capital requirements, governance standards, and ongoing supervisory obligations prescribed by Nepal Rastra Bank.
Digital Wallet Services
Digital wallets have become one of the most widely used FinTech services in Nepal. A digital wallet enables users to store funds electronically and conduct transactions through mobile applications or online platforms. Customers may use digital wallets for merchant payments, utility payments, peer-to-peer transfers, mobile top-ups, and other electronic transactions. Businesses intending to issue or operate digital wallet services generally require approval from Nepal Rastra Bank under the Payment and Settlement Act, 2075 (2018).
Licensed digital wallet operators are expected to maintain:
- Secure customer authentication
- Transaction monitoring systems
- Customer support mechanisms
- AML and KYC compliance
- Information security controls
- Periodic regulatory reporting
- Complaint resolution procedures
- Business continuity arrangements
Payment Gateway Services
Payment gateways facilitate electronic payments between customers, merchants, banks, and payment service providers. They securely transmit payment instructions, authenticate transactions, and assist in processing online payments. Businesses providing payment gateway services may fall within the regulatory framework administered by Nepal Rastra Bank and may require the appropriate license depending on the nature of the services offered.
Payment gateway operators should maintain reliable transaction processing systems, strong encryption standards, fraud detection mechanisms, and secure integration with participating financial institutions.
Consumer Protection
Consumer protection remains a key objective of Nepal’s financial regulatory framework. Licensed FinTech companies should provide clear information regarding fees, transaction limits, terms of service, dispute resolution procedures, and customer rights. Users should have access to effective complaint-handling mechanisms, and customer funds and personal information should be managed responsibly.
Consumer protection measures generally include:
- Transparent Terms and Conditions
- Disclosure of Charges
- Complaint Resolution Mechanism
- Transaction Notifications
- Data Protection Measures
- Secure Authentication
- Customer Support Services
- Fraud Prevention Controls
- Timely Error Resolution
- Record Maintenance
Failure to maintain fair business practices may attract regulatory action under applicable laws and directives.
Taxation of FinTech Companies in Nepal
Every FinTech company operating in Nepal is subject to the country’s tax laws irrespective of whether it provides payment services, software solutions, digital wallets, payment gateways, or other technology-enabled financial services. Registration with Nepal Rastra Bank does not exempt a licensed entity from tax obligations. FinTech companies must obtain a Permanent Account Number (PAN), maintain proper books of account, file periodic tax returns, and comply with the applicable provisions of the Income Tax Act, 2058 (2002), the Value Added Tax Act, 2052 (1996) where applicable, and the annual Finance Act. Companies are also expected to maintain supporting records for revenue, expenses, and transactions in accordance with applicable accounting standards.
Typical tax compliance obligations include:
- PAN registration
- Corporate income tax compliance
- Advance tax payments where applicable
- Value Added Tax (VAT) registration, if the statutory threshold is met
- Tax Deducted at Source (TDS) compliance
- Annual income tax return filing
- Maintenance of accounting records
- Audit requirements where applicable
- Compliance with Inland Revenue Department notices and assessments
Tax liabilities depend on the nature of the services provided, the company’s turnover, and prevailing tax legislation.
Ongoing Compliance After Obtaining a FinTech License
Obtaining fintech license approval in Nepal marks the beginning of continuous regulatory compliance rather than the end of the licensing process. Nepal Rastra Bank supervises licensed Payment Service Providers (PSPs) and Payment System Operators (PSOs) through inspections, regulatory reporting, and compliance monitoring. The Payment and Settlement Act, 2075 (2018) authorizes Nepal Rastra Bank to regulate, supervise, inspect, and oversee licensed institutions.
Licensed entities should continuously maintain:
- Minimum capital requirements prescribed by Nepal Rastra Bank
- Corporate governance standards
- Internal audit systems
- Risk management framework
- Information security controls
- Cybersecurity measures
- Customer grievance handling mechanisms
- AML/CFT compliance
- KYC procedures
- Transaction monitoring systems
- Regulatory reporting
- Proper accounting records
- Secure technology infrastructure
- Business continuity arrangements
- Disaster recovery capability
Failure to comply with these obligations may result in supervisory directions or enforcement action by Nepal Rastra Bank.
Inspection and Regulatory Supervision
Nepal Rastra Bank has statutory authority to inspect and supervise licensed payment institutions. Regulatory inspections help determine whether a license holder continues to satisfy the legal and operational standards prescribed under the Payment and Settlement Act, 2075 (2018) and related bylaws. The Payment Systems Department of Nepal Rastra Bank is responsible for licensing, supervision, inspection, and oversight of PSOs and PSPs.
During an inspection, Nepal Rastra Bank may review:
- Financial statements
- Customer transaction records
- Internal policies
- Risk management procedures
- Cybersecurity controls
- Technology infrastructure
- Governance practices
- Internal audit reports
- AML compliance
- KYC documentation
- Complaint records
- Business continuity arrangements
A licensed entity is expected to cooperate with inspections and provide all requested information within the prescribed period.
Renewal of FinTech License in Nepal
A FinTech license is subject to renewal in accordance with the applicable legal framework and licensing conditions prescribed by Nepal Rastra Bank. The Payment and Settlement Bylaw includes provisions relating to renewal documentation, and the licensing framework issued by Nepal Rastra Bank specifies requirements concerning renewal applications.
An application for renewal should generally be submitted before the expiry of the existing license together with the documents required by Nepal Rastra Bank.
Documents commonly required during renewal may include:
- Renewal application
- Existing license
- Updated company information
- Latest audited financial statements
- Compliance declaration
- Details of directors and shareholders
- Capital verification documents
- Regulatory reporting records
- Updated policies, where applicable
- Any additional documents requested by Nepal Rastra Bank
Failure to renew a license within the prescribed period may affect the company’s authority to continue regulated operations.
Suspension and Cancellation of License
Nepal Rastra Bank possesses statutory authority to suspend or revoke the license of a regulated payment institution where the license holder fails to comply with the applicable laws, bylaws, directives, or licensing conditions. The Payment and Settlement Act, 2075 (2018) empowers the regulator to refuse, suspend, or revoke licenses in circumstances provided by law.
Grounds that may result in suspension or cancellation include:
- Violation of licensing conditions
- Submission of false or misleading information
- Failure to maintain prescribed capital
- Serious cybersecurity deficiencies
- Non-compliance with AML/CFT obligations
- Repeated regulatory violations
- Failure to comply with supervisory directions
- Unsafe or unsound operational practices
- Activities outside the scope of the licensed authorization
Before taking enforcement action, Nepal Rastra Bank generally follows the procedure prescribed under the applicable legislation and regulatory framework.
Penalties Under the Payment and Settlement Act
The Payment and Settlement Act, 2075 (2018) contains provisions relating to punishment, fines, and penalties for violations of the Act, bylaws, and regulatory directions. The Act authorizes Nepal Rastra Bank to take enforcement action against regulated institutions that fail to comply with legal or regulatory obligations.
Depending on the nature and seriousness of the violation, regulatory action may include:
- Written warnings
- Regulatory directions
- Monetary penalties
- Suspension of specific services
- Restriction on business activities
- Suspension of the license
- Revocation of the license
- Other enforcement measures authorized by law
The nature of the sanction depends on the facts of each case and the applicable statutory provisions.
Common Reasons for Rejection of a FinTech License Application
Nepal Rastra Bank evaluates every application carefully before granting approval. Applications may be rejected where the applicant fails to demonstrate compliance with the legal, financial, technical, or governance requirements prescribed under the applicable regulatory framework.
Common reasons include:
- Incomplete application
- Insufficient paid-up capital
- Weak business plan
- Inadequate technology infrastructure
- Poor cybersecurity arrangements
- Deficient AML/CFT framework
- Unsatisfactory KYC procedures
- Lack of operational readiness
- Inadequate corporate governance
- Failure to disclose beneficial ownership
- Inconsistent constitutional documents
- Failure to satisfy licensing criteria prescribed by Nepal Rastra Bank
Preparing a complete application supported by accurate documentation significantly improves the likelihood of regulatory approval.
Role of Legal and Regulatory Advisors
The establishment of a regulated FinTech business involves compliance with company law, payment system regulation, foreign investment rules where applicable, taxation requirements, anti-money laundering obligations, information security standards, and ongoing regulatory reporting. Legal advisors assist businesses by reviewing the proposed business model, identifying the applicable licensing category, preparing corporate documentation, advising on regulatory compliance, coordinating with government authorities, and responding to regulatory queries. Professional advice also assists businesses in maintaining continuing compliance after the license has been granted.
Conclusion
The FinTech sector has become an integral part of Nepal’s financial services industry by expanding access to digital payments, electronic transactions, and technology-driven financial solutions. Businesses intending to provide regulated financial services must understand that company incorporation alone does not authorize payment-related activities. Depending on the services offered, approval from Nepal Rastra Bank may be required under the Payment and Settlement Act, 2075 (2018) together with compliance with the Nepal Rastra Bank Act, 2058 (2002), the Companies Act, 2063 (2006), the Asset (Money) Laundering Prevention Act, 2064 (2008), and other applicable legislation. Nepal Rastra Bank continues to supervise licensed PSOs and PSPs through licensing, inspection, oversight, and unified directives, making ongoing compliance an essential part of operating a FinTech business in Nepal.
Frequently Asked Questions (FAQs)
1. Is a FinTech license mandatory in Nepal?
A FinTech license is required where the proposed business carries out regulated payment or settlement activities under the Payment and Settlement Act, 2075 (2018). The exact licensing requirement depends on the nature of the services provided, and Nepal Rastra Bank determines whether prior approval is necessary.
2. Which authority issues a FinTech license in Nepal?
Nepal Rastra Bank is the principal regulator responsible for licensing Payment Service Providers and Payment System Operators. The Payment Systems Department administers licensing, supervision, inspection, and oversight of regulated payment institutions.
3. Can a company operate after registration without an NRB license?
No. Company registration under the Companies Act does not authorize regulated payment activities. Where the business falls within the scope of the Payment and Settlement Act, prior approval from Nepal Rastra Bank is generally required before commercial operations begin.
4. What laws regulate FinTech businesses in Nepal?
The principal laws include the Payment and Settlement Act, 2075 (2018), Nepal Rastra Bank Act, 2058 (2002), Companies Act, 2063 (2006), Asset (Money) Laundering Prevention Act, 2064 (2008), Foreign Investment and Technology Transfer Act, 2075 (2019), and the applicable NRB directives and bylaws.
5. Does every technology company require a FinTech license?
No. Technology companies providing software development or technical support without offering regulated financial services generally do not require a payment system license. The licensing requirement depends on the actual business activities rather than the company’s name.
6. Does Nepal Rastra Bank inspect licensed FinTech companies?
Yes. Nepal Rastra Bank has statutory authority to supervise, inspect, and oversee licensed PSOs and PSPs to ensure compliance with applicable laws, bylaws, directives, and licensing conditions.
7. Is AML compliance mandatory for licensed FinTech companies?
Yes. Licensed payment institutions are required to comply with anti-money laundering and counter-terrorist financing obligations, including customer due diligence, transaction monitoring, and suspicious transaction reporting under the applicable AML/CFT framework.
8. Can foreign investors establish a FinTech company in Nepal?
Foreign investment may be permitted subject to compliance with the Foreign Investment and Technology Transfer Act, sectoral regulations, and approvals from the competent authorities. Additional licensing from Nepal Rastra Bank remains necessary where regulated financial services are involved.
