The fintech law in Nepal has evolved into a comprehensive regulatory framework that governs every aspect of digital financial services. From digital wallets to peer-to-peer lending platforms, Nepal Rastra Bank (NRB) has established clear legal boundaries that fintech companies must navigate carefully.
Nepal's fintech ecosystem has grown rapidly, with over 20 million people now using mobile banking or wallet services. This expansion has been accompanied by stricter regulatory oversight to ensure financial stability, consumer protection, and systemic risk mitigation.
The fintech law in Nepal serves as the backbone of the country's digital financial transformation. Nepal Rastra Bank, as the primary regulator, has issued multiple directives and guidelines that shape how fintech companies operate, innovate, and scale.
The regulatory approach balances innovation with financial stability. A regulatory sandbox framework was introduced in August 2025 to allow controlled testing of new financial products. Additionally, the Central Bank Digital Currency (CBDC) pilot is expected by 2026, signaling Nepal's commitment to modernizing its financial infrastructure.
Key developments in Nepal's fintech legal landscape include:
The fintech law in Nepal operates under a multi-layered legislative structure. Multiple statutes and regulatory directives must be understood for full compliance.
| Law | Year | Key Provisions |
|---|---|---|
| Payment and Settlement Act 2075 | 2019 | Core payment system regulation, licensing authority |
| Nepal Rastra Bank Act 2058 | 2002 | Central bank powers, monetary policy |
| Banks and Financial Institutions Act 2073 | 2017 | Banking regulation, BFI supervision |
| Electronic Transactions Act 2063 | 2008 | Digital signatures, e-contracts, cybercrime |
| Money Laundering Prevention Act 2064 | 2008 | AML/CFT obligations, suspicious reporting |
| Consumer Protection Act 2075 | 2018 | Consumer rights, grievance redressal |
| Companies Act 2063 | 2006 | Company incorporation, governance |
| Foreign Investment and Technology Transfer Act 2075 | 2019 | Foreign ownership, technology transfer |
| Foreign Exchange (Regulation) Act 2019 | 1962 | Currency control, cross-border transactions |
| Directive | Issued By | Scope |
|---|---|---|
| Payment System Operator and PSP Directive 2078 | NRB | Licensing, capital, operations |
| Cyber Resilience Guidelines 2023 | NRB | Security standards, incident reporting |
| IT Guidelines for BFIs | NRB | Data residency, audit logs, encryption |
| Unified Directives for Banks and Financial Institutions | NRB | Comprehensive BFI compliance |
| Licensing Policy for Payment-related Institutions | NRB | PSO/PSP categorization |
| Interoperability Directive | NRB | Cross-platform payment standards |
| Authority | Jurisdiction | Enforcement Power |
|---|---|---|
| Nepal Rastra Bank (NRB) | Payment systems, banks, foreign exchange | License issuance, suspension, fines |
| Securities Board of Nepal (SEBON) | Capital markets, securities | Market regulation, investor protection |
| Beema Samiti | Insurance sector | Insurance licensing, compliance |
| Department of Money Laundering Investigation (DMLI) | AML/CFT enforcement | Investigation, prosecution referral |
| Inland Revenue Department (IRD) | Taxation | Tax assessment, penalties |
| Nepal Telecommunications Authority (NTA) | Telecom infrastructure | Spectrum, licensing |
The fintech law in Nepal mandates specific licenses based on the type of financial service offered. Operating without proper licensing attracts severe penalties.
| License Type | Minimum Capital (NPR) | Functions | Examples |
|---|---|---|---|
| Payment System Operator (PSO) | 100 million | Operate payment infrastructure, ACH, switches | Fonepay, NCHL |
| Payment Service Provider (PSP) — Class A | 500 million | Full banking integration, unlimited transactions | eSewa, Khalti |
| Payment Service Provider (PSP) — Class B | 100 million | Digital wallets, limited transactions | IME Pay, PrabhuPay |
| Payment Gateway Provider | 50 million | Merchant payment processing | Various gateways |
| Remittance Service Provider | 10 million | International money transfers | Remittance companies |
| Payment Aggregator | 25 million | Merchant aggregation services | Aggregator platforms |
| QR Code Payment Provider | 50 million | Retail QR payment solutions | QR providers |
| E-Money Issuer | 100 million | Electronic money issuance | Licensed wallets |
| P2P Lending Platform | 100 million | Peer-to-peer lending facilitation | Emerging platforms |
| Category | Count |
|---|---|
| Payment Service Providers (PSP) | 26 |
| Payment System Operators (PSO) | 9 |
| Commercial Banks as PSP | 20 |
| Development Banks as PSP | 17 |
| Finance Companies as PSP | 15 |
| Microfinance Institutions as PSP | 11 |
| Total Licensed Payment Institutions | 35 |
The fintech law in Nepal requires a structured licensing procedure. Each step must be completed sequentially.
A legal entity must be registered with the Office of Company Registrar under the Companies Act 2063. The entity can be a private limited company, public limited company, or partnership firm.
Required Documents:
| Document | Description |
|---|---|
| Memorandum of Association | Company objectives, shareholding structure |
| Articles of Association | Internal governance rules |
| Shareholder details | Beneficial ownership disclosure |
| Company registration certificate | Legal entity proof |
| PAN registration | Tax identification |
Timeline: 3-5 days
The application is submitted to NRB's Payment Systems Department with comprehensive documentation.
Application Components:
| Component | Details |
|---|---|
| Business plan | Financial projections, market analysis |
| Technical infrastructure | System architecture, security protocols |
| Capital proof | Bank guarantee, paid-up capital verification |
| Compliance policies | AML/CFT, KYC, consumer protection |
| Governance structure | Board composition, key personnel |
| Risk management framework | Operational, technical, financial risks |
Timeline: 12-24 months (from application to full license)
NRB conducts an initial review of the application. Additional information or clarifications may be requested. A detailed evaluation assesses financial capacity, technology infrastructure, and risk management capabilities.
If the evaluation is positive, NRB grants "Approval in Principle," allowing the company to set up operations, hire staff, and deploy infrastructure.
Once operations are set up, NRB conducts a final inspection. If all requirements are met, the operating license is issued.
The fintech law in Nepal mandates robust anti-money laundering and combating financing of terrorism measures. Non-compliance attracts severe penalties.
| Requirement | Standard | Penalty for Non-Compliance |
|---|---|---|
| Customer Due Diligence (CDD) | Verified ID, address, source of funds | License suspension, fines |
| Ongoing transaction monitoring | Suspicious pattern detection | Reporting to DMLI |
| Suspicious Transaction Report (STR) | Filing with FIU-Nepal | Criminal prosecution |
| Sanctions screening | UN/OFAC designated persons lists | Regulatory action |
| Record retention | 5 years minimum | Fines, license review |
| Staff training | Regular AML training programs | Operational restrictions |
| Customer Type | Required Documents | Verification Method |
|---|---|---|
| Individual | Citizenship/passport, address proof, photograph | In-person, e-KYC, biometric |
| Business | OCR registration, PAN/VAT, beneficial ownership | Document verification |
| High-risk (PEPs, cross-border) | Enhanced due diligence, source of funds | Enhanced verification |
| Low-risk | Simplified due diligence | Basic verification |
The fintech law in Nepal requires stringent data protection and cybersecurity measures for all licensed institutions.
| Requirement | Standard | Compliance Evidence |
|---|---|---|
| Data residency | Customer data processed in Nepal or NRB-approved jurisdictions | Data flow documentation |
| Encryption | At rest and in transit | Security audit reports |
| Access controls | Role-based, multi-factor authentication | Access logs |
| Audit logs | Retained for 7+ years | Log retention policy |
| Vulnerability assessment | Annual VA/PT by approved auditors | Audit certificates |
| Business continuity | Documented and tested BCP/DR plan | Test reports |
| Board IT-risk committee | Oversight of technology risk | Meeting minutes |
| Incident reporting | Report to NRB within stipulated timeframes | Incident logs |
The fintech law in Nepal emphasizes consumer protection through multiple mechanisms.
| Measure | Requirement | Legal Basis |
|---|---|---|
| Transparent fee disclosure | All charges clearly communicated | Consumer Protection Act 2075 |
| Grievance redressal | Formal complaint handling procedures | NRB directives |
| Refund guidelines | Clear procedures for failed transactions | Payment Systems Act |
| 24/7 dispute resolution | Mandatory customer support availability | NRB directives |
| Transaction notifications | Mandatory alerts for every transaction | Payment Systems Act |
| Fraud monitoring | Real-time detection and prevention | Cyber Resilience Guidelines |
| Terms of service clarity | Plain language, no hidden clauses | Consumer Protection Act |
The fintech law in Nepal mandates interoperability between payment service providers. This ensures seamless cross-platform transactions and prevents market concentration.
| Aspect | Requirement |
|---|---|
| QR code standards | NEPALPAY QR, standardized protocols |
| Retail Payment Switch (RPS) | Connection mandatory for domestic transactions |
| National Payment Switch (NPS) | Integration for all licensed operators |
| Cross-wallet transactions | Seamless fund transfers between wallets |
| Bank integration | Settlement through licensed banking partners |
| API-based architecture | Open banking principles encouraged |
| Phase | Status | Description |
|---|---|---|
| Phase 1: Retail Payment Switch | Operational | Real-time non-card transaction routing |
| Phase 2: NEPALPAY Card | Under development | National card for domestic transactions |
| Phase 3: Full NPS | Planned | All domestic electronic transactions routed through NPS |
The fintech law in Nepal specifies transaction limits based on license category and customer verification level.
| Transaction Type | Limit (NPR) | Applicable To |
|---|---|---|
| Per transaction (basic KYC) | 5,000 | Unverified/minimal KYC accounts |
| Per transaction (full KYC) | 100,000 | Fully verified accounts |
| Daily limit (basic KYC) | 25,000 | Unverified accounts |
| Daily limit (full KYC) | 500,000 | Fully verified accounts |
| Monthly limit (full KYC) | 5,000,000 | High-tier verified accounts |
| Transaction | Daily Limit | Total Limit |
|---|---|---|
| Customer deposit | NPR 25,000 | NPR 100,000 |
| Customer withdrawal | NPR 5,000 | NPR 25,000 (on demand) |
| Aspect | Rule |
|---|---|
| Cash payment limit | Up to NPR 100,000 |
| Above NPR 100,000 | Direct bank account deposit mandatory |
| Verification required | Customer ID, name, address, amount, contact |
| Record keeping | At all offices, accessible to NRB |
| Suspicious transactions | Immediate reporting to FIU-Nepal |
The fintech law in Nepal establishes a tiered penalty structure for violations. Enforcement actions are taken routinely by NRB.
| Violation | Penalty | Authority |
|---|---|---|
| Operating without license | License suspension, monetary fines, criminal prosecution | NRB, courts |
| Security compliance failures | Fines up to NPR 1 million, operational restrictions | NRB |
| KYC/AML violations | License suspension, fines, DMLI referral | NRB, DMLI |
| Exceeding transaction limits | Fines, account restrictions | NRB |
| Consumer protection violations | Fines, operational restrictions, license review | NRB |
| Failure to report suspicious transactions | Fines, criminal prosecution under AML laws | NRB, DMLI |
| Unauthorized foreign currency transactions | Fines, license suspension, prosecution | NRB, courts |
| Data residency violations | Operational restrictions, fines | NRB |
| Interoperability non-compliance | Mandatory compliance orders, fines | NRB |
In fiscal year 2077/78, NRB imposed fines totaling NPR 8.78 million on six commercial banks for policy violations. Laxmi Bank was fined NPR 2 million for AML violations, while Standard Chartered Bank faced NPR 5.78 million in penalties for priority sector credit shortfalls. These actions demonstrate NRB's commitment to strict enforcement.
The fintech law in Nepal intersects with tax legislation, creating specific obligations for fintech operators.
| Business Type | Tax Rate |
|---|---|
| Standard fintech services | 25% |
| Manufacturing/special industry | 20% |
| Listed companies | 20% |
| Export income | 20% |
| Startup (revenue below NPR 100M) | 0% (first 5 years) |
| Tech export services | ~6-7% effective (75% rebate) |
| Aspect | Detail |
|---|---|
| Standard rate | 13% |
| Registration threshold (goods) | NPR 5 million annual turnover |
| Registration threshold (services) | NPR 2 million annual turnover |
| Zero-rated supplies | Exports, specified services |
| Payment Type | Rate |
|---|---|
| Dividends | 5% |
| Interest | 15% |
| Royalties | 15% |
| Technical fees | 15% |
| Service fees | 15% |
The fintech law in Nepal permits foreign investment in most fintech sectors. The Foreign Investment and Technology Transfer Act 2019 provides the legal basis.
| Aspect | Rule |
|---|---|
| General fintech sectors | 100% foreign ownership permitted |
| Minimum investment | NPR 20 million (standard); zero for IT |
| Approval route | Automatic for 102 sectors |
| Technology transfer | Permitted with DOI approval |
| Capital repatriation | Allowed after tax clearance and NRB approval |
| Step | Authority | Timeline |
|---|---|---|
| Sector confirmation | DOI | Immediate (automatic route) |
| Company registration | OCR | 3-5 days |
| FDI approval | DOI | 7 days (automatic) |
| NRB license application | NRB | 12-24 months |
| Capital injection | Commercial bank | 5-10 days |
| NRB recording | NRB | 2-3 days |
The fintech law in Nepal continues to evolve. Several significant developments are expected in 2026 and beyond.
A draft regulatory sandbox framework was published in August 2025. Key features include:
| Aspect | Detail |
|---|---|
| Test period | Maximum 6 months (extendable by 6 months) |
| Eligible participants | Banks, PSPs, PSOs, remittance companies, fintech firms |
| Regulatory exemptions | Limited relief from certain requirements |
| Consumer protection | Mandatory informed consent, compensation arrangement |
| Exit pathway | License application if test successful |
| Management | Payment Systems Department, Sandbox Committee |
NRB has established a dedicated CBDC Division. The rollout plan includes:
| Phase | Activity | Timeline |
|---|---|---|
| Phase 1 | Dedicated unit and team establishment | Completed |
| Phase 2 | Comprehensive research and design | Ongoing |
| Phase 3 | Partnership and collaboration | Ongoing |
| Phase 4 | Legal arrangements, testing, piloting | 2026 |
| Phase 5 | Phased rollout | Post-2026 |
| Phase 6 | Continuous monitoring and improvement | Ongoing |
NRB is exploring regulatory frameworks for fully digital banks. A feasibility study is underway to assess prerequisites, suitable modalities, and necessary legal frameworks.
NRB has issued guidelines for digital lending to provide clarity to innovators and financial institutions. The framework addresses credit assessment, investor protection, and disclosure requirements.
The total cost of obtaining and maintaining a fintech license in Nepal varies by category.
| Item | Government Fee (NPR) | Professional Fee (NPR) |
|---|---|---|
| Company registration | 15,000 | 75,000 |
| FDI approval (if foreign) | 25,000 | 50,000 |
| NRB license application | 50,000 | 200,000 |
| Capital verification | 10,000 | 25,000 |
| Technology audit | — | 150,000 |
| Legal documentation | — | 100,000 |
| Compliance system setup | — | 200,000 |
| Initial NRB inspection | — | 50,000 |
| Total (estimated) | 100,000 | 850,000 |
| Grand Total | ~NPR 950,000 (approx. USD 7,200) |
Note: Costs vary significantly based on license type, company size, and service provider.
After obtaining a fintech license, ongoing compliance is mandatory.
| Requirement | Deadline | Authority |
|---|---|---|
| Audited financial statements | Within 6 months of fiscal year-end | NRB, OCR |
| Annual return filing | Within 6 months of fiscal year-end | OCR |
| License renewal | As per NRB schedule | NRB |
| AML/CFT risk assessment | Annual | Internal/DMLI |
| Technology and security audit | Annual | Approved auditors |
| Capital adequacy reporting | Quarterly | NRB |
| Periodic operational reports | Monthly/Quarterly | NRB |
Q1: What is fintech law in Nepal?
Fintech law in Nepal refers to the comprehensive regulatory framework established by Nepal Rastra Bank and other authorities to govern digital financial services. It encompasses licensing requirements, operational standards, consumer protection measures, AML/CFT obligations, and cybersecurity standards for fintech companies.
Q2: What licenses are required to operate a fintech company in Nepal?
The required license depends on the service type. Payment System Operator (PSO) licenses are needed for payment infrastructure, while Payment Service Provider (PSP) licenses cover wallets and cards. Remittance providers need separate remittance licenses. All licenses are issued by NRB's Payment Systems Department.
Q3: How long does the fintech licensing process take in Nepal?
The complete process typically takes 12 to 24 months from initial application to full license issuance. This includes company registration, application submission, NRB evaluation, approval in principle, infrastructure setup, and final inspection.
Q4: What is the minimum capital requirement for fintech licenses?
Capital requirements vary by license type: PSO requires NPR 100 million, PSP Class A requires NPR 500 million, PSP Class B requires NPR 100 million, remittance providers require NPR 10 million, and payment aggregators require NPR 25 million.
Q5: Can foreign investors own 100% of a fintech company in Nepal?
Yes, 100% foreign ownership is permitted in most fintech sectors under the Foreign Investment and Technology Transfer Act 2019. The automatic route covers 102 sectors, and IT-related fintech may qualify for zero minimum investment.
Q6: What are the main AML/CFT requirements for fintech companies?
Fintech companies must implement customer due diligence, ongoing transaction monitoring, suspicious transaction reporting, sanctions screening, 5-year record retention, and regular staff training. A compliance officer must be appointed for AML oversight.
Q7: What penalties apply for fintech law violations in Nepal?
Penalties range from fines up to NPR 1 million for security compliance failures to license suspension and criminal prosecution for operating without a license. KYC/AML violations can result in DMLI referral and criminal charges.
Q8: What is the regulatory sandbox in Nepal?
The regulatory sandbox, announced in August 2025, allows fintech innovators to test new products and services in a controlled environment under NRB supervision. Testing periods last up to 6 months with possible 6-month extensions. Successful tests can lead to full licensing.
Q9: What cybersecurity standards must fintech companies meet?
Licensed institutions must comply with NRB's Cyber Resilience Guidelines 2023, including data residency requirements, encryption at rest and in transit, 7+ year audit log retention, annual vulnerability assessments, business continuity planning, and incident reporting to NRB.
Q10: How does interoperability work under fintech law in Nepal?
NRB mandates interoperability between payment service providers. All licensed PSOs and PSPs must connect to the Retail Payment Switch and comply with standardized QR code protocols. This ensures seamless transactions across different platforms and prevents closed-loop systems.
Navigating the fintech law in Nepal requires specialized expertise. Attorney Nepal Pvt. Ltd. provides comprehensive fintech legal services including:
Contact Attorney Nepal Pvt. Ltd. today for expert guidance on your fintech licensing and compliance journey in Nepal.
Disclaimer: This blog is provided for informational and educational purposes only. It does not constitute legal, tax, or financial advice. Laws and regulations in Nepal are subject to frequent changes. Specific circumstances vary significantly, and professional consultation is strongly recommended before making investment or licensing decisions. Attorney Nepal Pvt. Ltd. assumes no liability for actions taken based on the information contained herein. Always verify current requirements with official government authorities.
June 14, 2026 - BY Admin