Compliance

Last Updated: February 17, 2026

BloomXpe Services Pvt Ltd ("BloomXpe") is committed to maintaining the highest standards of regulatory compliance. As a payment orchestration platform operating in India, we adhere to all applicable laws, regulations, and industry standards governing financial services and data protection.

1. Regulatory Framework

BloomXpe operates in compliance with the following regulatory bodies and their guidelines:

1.1 Reserve Bank of India (RBI)

  • Compliance with RBI guidelines for Payment Aggregators and Payment Gateways (PA/PG)
  • Adherence to RBI's Master Direction on Digital Payment Security Controls
  • Compliance with KYC norms as prescribed by RBI for customer onboarding
  • Implementation of RBI's guidelines on data storage and localisation requirements
  • Compliance with settlement and escrow account regulations

1.2 National Payments Corporation of India (NPCI)

  • Compliance with UPI transaction guidelines and limits
  • Adherence to NPCI's dispute resolution framework
  • Implementation of transaction monitoring as per NPCI requirements

1.3 Ministry of Electronics and Information Technology (MeitY)

  • Compliance with the Information Technology Act, 2000 and its amendments
  • Adherence to the Digital Personal Data Protection Act, 2023
  • Implementation of reasonable security practices as defined under IT Rules

2. Industry Certifications

2.1 PCI DSS Level 1

BloomXpe maintains Payment Card Industry Data Security Standard (PCI DSS) Level 1 certification, the highest level of compliance. This certification is validated annually through comprehensive audits by a Qualified Security Assessor (QSA) and covers:

  • Secure network architecture and system configuration
  • Protection of cardholder data
  • Vulnerability management programmes
  • Strong access control measures
  • Regular monitoring and testing of networks
  • Information security policy maintenance

2.2 ISO 27001:2022

Our Information Security Management System (ISMS) is certified to ISO 27001:2022, demonstrating our systematic approach to managing sensitive company and customer information through:

  • Risk assessment and treatment processes
  • Security controls implementation and monitoring
  • Continuous improvement of security posture
  • Regular internal and external audits

3. Anti-Money Laundering (AML)

BloomXpe maintains a robust Anti-Money Laundering programme that includes:

  • Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures
  • Transaction monitoring systems for detecting suspicious patterns
  • Suspicious Transaction Reporting (STR) to the Financial Intelligence Unit (FIU-IND)
  • Regular AML training for all relevant staff
  • Record keeping in compliance with Prevention of Money Laundering Act (PMLA), 2002
  • Screening against sanctions lists and PEP databases

4. Know Your Customer (KYC)

Our KYC procedures ensure compliance with RBI norms:

  • Identity verification using government-issued documents (Aadhaar, PAN, GST)
  • Business verification including company registration, directors' details, and bank account validation
  • Ongoing monitoring and periodic KYC refresh
  • Risk-based approach to customer categorisation
  • Video KYC capability for remote onboarding

5. Data Localisation

In compliance with RBI's data localisation mandate:

  • All payment transaction data is stored exclusively within India
  • Our primary and disaster recovery data centres are located in India
  • Cross-border data transfer, where necessary, complies with applicable regulations
  • Regular audits verify adherence to data localisation requirements

6. Fraud Prevention

BloomXpe employs a multi-layered fraud prevention framework:

  • Real-time transaction risk scoring and analysis
  • Velocity checks and pattern-based fraud detection
  • Device fingerprinting and IP intelligence
  • Integration with industry fraud databases and blacklists
  • Merchant risk categorisation and monitoring
  • Chargeback management and dispute resolution processes

7. Goods and Services Tax (GST)

BloomXpe is GST-registered and complies with all GST regulations applicable to payment intermediary services, including proper invoicing, tax collection, and timely filing of returns.

8. Grievance Redressal

In compliance with RBI's customer protection framework, BloomXpe maintains a structured grievance redressal mechanism:

  • Level 1: Customer support team (response within 24 hours)
  • Level 2: Nodal Officer (escalation within 48 hours)
  • Level 3: RBI Ombudsman (if unresolved within 30 days)

9. Audit and Reporting

  • Annual statutory audits by qualified chartered accountants
  • Quarterly compliance reviews and reporting
  • Annual PCI DSS and ISO 27001 certification audits
  • Regular internal compliance audits
  • Timely submission of regulatory reports to RBI and other authorities

10. Contact

For compliance-related inquiries:

Compliance Officer
BloomXpe Services Pvt Ltd
INDIA
Email: bloomxpe@gmail.com
WhatsApp: Chat on WhatsApp ยท Telegram: @bloomxpe