Your settlement just stopped. The dashboard shows a hold, finance is asking why payroll cannot be cleared, and no one has explained which legal section was invoked. In 2026, this scenario is increasingly common. The NCRP-CFCFRMS SOP issued in January 2026 is now judicially enforced, LEAs are issuing transaction-linked hold notices at scale, and merchants need a clear operational playbook. This guide walks both tracks: what payment gateways must do when an LEA notice lands, and what merchants should do to protect cash flow. For context, see how payment gateways work.
Key Takeaways
- Between April 2021 and November 2025, CFCFRMS helped place approximately Rs 7,647 crore of suspected cybercrime proceeds on hold against Rs 52,969 crore reported, but only Rs 167 crore (about 2.18%) had been restored to victims, per the NCRP-CFCFRMS SOP.
- The Supreme Court’s order dated 09-02-2026 in Suo Motu W.P. (Crl.) No. 3/2025 makes SOP compliance judicially enforced.
- Section 168 read with Section 94 BNSS enables transaction-level holds; Section 106 BNSS enables account seizure (requiring an FIR); Section 12AA PMLA triggers EDD on repeat-flagged merchants.
- Courts have struck down blanket account freezes exceeding disputed amounts (Mohammed Saifullah v. RBI, Madras HC 2024).
- SOP Para 9.1(iii) protects nodal, pool, and escrow accounts from blanket seizure.
- The 90-day grievance rule under Para 10.1 entitles merchants to hold removal if no lawful continuation direction is received.
Table of Contents
Why LEA Hold Requests on Payment Gateways Are Surging in 2026
India processed roughly Rs 265 trillion in digital payments in FY24, and that scale has expanded the surface area for cyber-enabled fraud. CFCFRMS has scaled the response. According to the NCRP-CFCFRMS SOP, approximately Rs 52,969 crore in suspected cybercrime proceeds were reported and Rs 7,647 crore blocked between April 2021 and November 2025. Following the I4C alert of October 2024, MHA has tightened the operational pipeline between cybercrime cells, banks, and payment aggregators, leading to a sharp rise in transaction-level hold notices reaching merchant settlements.
The Supreme Court’s February 2026 Mandate
In Suo Motu W.P. (Crl.) No. 3/2025, the Supreme Court’s order dated 09-02-2026 directed MHA to formally adopt and implement the CFCFRMS SOP nationwide and required all High Courts to ensure compliance. SOP language on proportionality, nodal account protection, and grievance timelines is no longer administrative guidance, it is judicially monitored.
Did You Know: In February 2026, the Supreme Court directed MHA to formally adopt and implement the CFCFRMS SOP nationwide and ordered all High Courts to ensure adjudicating authorities comply.
The Legal Architecture Behind LEA Hold Requests in India (2026)
Three legal instruments drive most LEA holds. Understanding which one was invoked determines the resolution path. The NCRP-CFCFRMS SOP (Para 9.5) names banks, payment aggregators, payment gateways, TPAPs, VASPs, NBFCs, e-commerce platforms, and Business Correspondents as Participating Entities. For more on the RBI framework, see our guide on payment gateway compliance.
| Legal basis | What it enables | Practical impact on merchant |
|---|---|---|
| Section 168 read with Section 94 BNSS | Transaction-level “put on hold” of suspected proceeds | Specific UTR or transaction amount is locked in the PA’s nodal account |
| Section 106 BNSS | Account-level seizure or debit freeze, typically requires an FIR | Merchant’s own bank account, wallet, or VPA may be frozen |
| Section 12AA PMLA | Enhanced Due Diligence and ongoing monitoring | Repeat-flagged merchants face deeper risk checks and reporting |
What Is CFCFRMS and How It Connects LEAs to Payment Gateways
CFCFRMS is the operational backbone of NCRP and the 1930 helpline. The flow: a victim files a complaint, state cyber police validate it, a CFCFRMS notice (with UTR or transaction ID) reaches the nodal officer at the bank or payment aggregator, the entity applies the hold, and resolution status is updated.
Pro-Tip: When you receive a CFCFRMS hold notice referencing a UTR, match it to the exact transaction in your ledger rather than freezing the merchant’s entire balance. Courts have struck down blanket holds (Dr. Sajeer v. RBI, Kerala HC 2023).
How Razorpay’s Payment Gateway and Compliance Infrastructure Supports Merchants During LEA Hold Situations
Gateway infrastructure design determines how cleanly an LEA hold can be handled. A gateway built on regulated accounts, transaction-level ledgers, and proactive fraud screening gives compliance teams and merchants the visibility needed to respond to CFCFRMS notices without paralysing legitimate business.
- RBI-authorised Payment Aggregator status: Razorpay’s payment gateway operates on regulated nodal and escrow account structures that produce the transaction-level audit trails LEAs require.
- Merchant dashboard and settlement ledger: Merchants get visibility into hold status and per-transaction data, exactly what is needed to compile a grievance response with UTR, order ID, invoice, and delivery proof.
- Razorpay Thirdwatch fraud prevention suite: Helps merchants flag high-risk orders before they are processed, reducing the volume of transactions that may later attract LEA scrutiny.
How Payment Gateways Receive and Authenticate LEA Hold Notices
A payment gateway’s nodal officer is the formal point of contact for CFCFRMS notices. When a notice arrives, the compliance team logs it, validates the source and legal basis, matches the UTR to the settlement ledger, and applies a transaction-linked hold. Under Para 6.1(k), participating entities must provide KYC and transaction trail updates through CFCFRMS within one week. As an RBI-authorised Payment Aggregator, Razorpay maintains regulated nodal accounts that create the audit trail LEAs require. For context, see what a merchant payment gateway does.
Nodal vs Pool vs Escrow Accounts: Why Account Type Matters
Para 9.1(iii) of the SOP instructs LEAs to refrain from blanket seizure of nodal, pool, or escrow accounts and to use transaction-linked holds instead. These accounts pool funds across many merchants, and a blanket freeze would disrupt unrelated businesses.
Did You Know: The national SOP (Para 9.1(iii)) explicitly instructs LEAs to refrain from blanket seizure of nodal, pool, or escrow accounts.
Validating the Notice Before Acting
Compliance teams should check: is it from CFCFRMS, a cyber police unit, or a court? Is the officer identifiable? Is the legal section cited? Are the UTR, transaction ID, complaint ID, and hold amount specified? Is the hold scoped to the disputed transaction only?
What Happens to Your Merchant Settlement During an LEA Hold
For a merchant, the symptom is the same: settlements slow down or stop. The cause varies, and so does the resolution path. Read more on the settlement process and use Razorpay’s merchant dashboard to identify which specific transactions are under hold.
Scenario A: Transaction-Level Hold in the Gateway’s Nodal Account
Only the amount linked to the disputed UTR is locked in the PA’s nodal account. Other settlements continue if the ledger supports transaction-level separation. Merchants should download the ledger, locate the held entry, and prepare evidence.
Scenario B: Merchant’s Own Bank Account Seized Under Section 106 BNSS
Here, the gateway may have already settled funds, but the merchant’s bank account is frozen at the bank level. Resolution involves the bank, the Investigating Officer, and potentially a writ petition.
The Proportionality Principle: Your Strongest Legal Protection
Did You Know: The Madras HC ruled in Mohammed Saifullah v. RBI that freezing Rs 9.7 lakh when only Rs 2.48 lakh was disputed violated the right to livelihood, as cited in SOP Annexure III.
The Step-by-Step Resolution Process: For Merchants and Gateways
Resolution works best when both sides operate in parallel. Para 10.1 of the SOP requires Investigating Officer responses within 15 days and provides for hold removal after 90 days if no lawful continuation direction is received. Understand the payment settlement flow before mapping the tracks below.
Track 1: Payment gateway internal steps
- Receive and log the notice via the nodal officer.
- Validate officer identity, jurisdiction, legal basis, and identifiers.
- Match UTR or transaction ID to the settlement ledger.
- Apply a transaction-level hold; avoid blanket freezes.
- Update CFCFRMS with KYC and transaction trail within one week.
- Notify the merchant where legally permissible.
- Trigger EDD if the merchant is repeat-flagged.
Track 2: Merchant response steps
- Download the settlement ledger and identify the held transaction.
- Compile evidence: invoice, delivery proof, customer communications, KYC, IP logs.
- Submit a written grievance to the gateway and through the CFCFRMS Grievance Redressal Module.
- Track the 15-day IO response window and send a Day 75 reminder.
- Escalate to RBI Ombudsman or a writ court if the freeze remains disproportionate.
Pro-Tip: The 90-day clock under Para 10.1 is your strongest lever. Track from the day you submit your written grievance and send a reminder at day 75.
The Five Restoration Processes Under the 2026 SOP
The SOP outlines: single-victim restoration under Section 106(3), multiple-victim pro-rata restoration, court-disposal restoration, Section 107 attachment-linked restoration, and jurisdictional court direction. The correct path depends on victim count and case stage.
Building Your Internal LEA-Hold SOP: A Checklist for Payment Gateways and Businesses
A compliant SOP combines governance, technology, process calendar, and documentation. Merchants using Razorpay’s Thirdwatch fraud prevention suite can flag high-risk orders before processing. For broader operational design, review payment operations.
- Governance: Appoint a nodal officer, a grievance officer (central and state-level, per Para 10), and an escalation lead.
- Technology: Build a ledger that tags each entry with UTR, order ID, complaint ID, hold amount, and status. Add Day 0, 7, 15, 75, and 90 review alerts.
- Process calendar: Day 0 intake, Day 1-2 hold and CFCFRMS update, Day 7 internal review, Day 15 IO response check, Day 75 reminder, Day 90 review for removal.
- Risk scoring: Apply Section 12AA PMLA EDD logic to repeat-flagged merchants.
- Documentation: Retain notices, ledger entries, and grievance correspondence for audit readiness.
Pro-Tip: Design your settlement ledger to support surgical holds: locking specific transaction amounts by UTR without freezing the merchant’s entire balance, per Dr. Sajeer v. RBI (2023).
How Razorpay Supports Compliant, Merchant-First Payment Operations
Razorpay is India’s first full-stack financial solutions company and an RBI-authorised Payment Aggregator built for India’s evolving compliance landscape. Its infrastructure gives merchants and compliance teams the visibility and audit trails needed to handle LEA hold situations cleanly.
| Razorpay capability | How it supports LEA-hold readiness |
|---|---|
| RBI-Authorised Payment Aggregator status | Regulated nodal account structures and auditable transaction trails |
| Merchant Dashboard and Settlement Ledger | Transaction-level visibility for hold identification and grievance documentation |
| Thirdwatch Fraud Prevention | Proactive risk flagging on high-risk orders before processing |
| Smart Collect Virtual Accounts | Precise reconciliation and mapping of incoming payments |
| PCI DSS Level 1 Compliance | Secure handling of sensitive payment data |
| Developer APIs | Custom reconciliation, risk, and compliance workflows |
Explore Razorpay Payment Gateway to see how it fits your compliance stack.
Conclusion
The 2026 landscape rewards preparation. With the CFCFRMS SOP now judicially monitored, both merchants and gateways are expected to operate with documented processes, transaction-level discipline, and proportional responses. The merchants who recover fastest have clean settlement ledgers, organised evidence, and a grievance calendar tied to the 15-day and 90-day timelines. The gateways that build trust design surgical hold architecture and treat merchant communication as a compliance asset. Treat LEA-hold readiness as a capability, not a fire drill, and compliance complexity becomes a competitive advantage.
FAQs
What is an LEA hold request on a payment gateway?
An LEA hold request is a direction from a law enforcement agency, typically routed through CFCFRMS, asking a payment gateway to lock specific transaction amounts suspected to be cybercrime proceeds. It is governed by Section 168 read with Section 94 BNSS and the 2026 NCRP-CFCFRMS SOP, and is meant to be transaction-linked, not a blanket balance freeze.
Can a payment gateway freeze my entire merchant settlement balance?
No. SOP Para 9.1(iii) discourages blanket seizure of nodal, pool, or escrow accounts, and courts (Mohammed Saifullah v. RBI, 2024; Dr. Sajeer v. RBI, 2023) have ruled that freezing amounts beyond the disputed sum violates proportionality. Holds should be limited to the specific UTR or transaction ID flagged.
How long can a payment gateway hold my settlement under an LEA order?
Under Para 10.1 of the SOP, Investigating Officers must respond within 15 days, and holds should be removed after 90 days if no lawful continuation direction is received. Track the 90-day clock from the date you file a written grievance and follow up at Day 75.
What should I do if my payment gateway settlement is held due to an LEA notice?
Download your ledger, identify the held transaction by UTR, compile invoice, delivery proof, KYC, and customer communications, and submit a written grievance to both the gateway and the CFCFRMS Grievance Redressal Module. Escalate to RBI Ombudsman or a writ court if disproportionate.
Does an LEA hold on a payment gateway’s nodal account affect all merchants on that gateway?
It should not. The SOP instructs LEAs to use transaction-linked holds rather than blanket nodal account seizures, and gateways with surgical hold architecture can lock specific amounts without affecting other merchants’ settlements on the same pooled account.
