Direct Tax Services
Select Your Location
Given the current trend in data storage technology, data is typically kept in several places to provide data centres with a backup. The RBI’s order requiring all payment operators in India, both local and international, to keep all end-to-end transaction data “only within the country” has caused a stir in the present global payment ecosystem. According to RBI, quick and unrestricted access to data maintained in the payment ecosystem is necessary for better monitoring and surveillance of transactional data.
In a recent move, the Reserve Bank of India prohibited onboarding new customers for American Express Banking Corp. and Diners Club International Ltd due to non-compliance with its regulation and guidelines on the storage of payment system data.
Table of Contents
The amount of data communicated or transferred through these digital transactions have significantly increased with the development of technology and the sharp rise in digital payments. To protect the access to and storage of such data, authorities should be in charge of oversight. The RBI released guidelines for unrestricted supervisory access to the data of such global players.
Data Localisation: Data localisation is the process of storing data on any device that is located physically inside the borders of the country where the data was generated. Before, most of the data are stored on a cloud outside India. As a condition of localisation, businesses must store and manage sensitive consumer data within national boundaries.
The Reserve Bank of India issued a directive on “Storage of Payment System Data” on 2018 April 06, advising through the guidelines to all system providers to make sure that, within six months of the guidelines, all data relating to payment systems they operate should be stored in a system only in India.
Payment System Operators (PSOs) occasionally ask the Reserve Bank for clarification on specific implementation concerns. To facilitate and guarantee prompt compliance by all PSOs, the RBI issued guidelines for the storage of payment data.
Except in the situations described here, all payment information must be stored on systems that are only accessible from India.
Archiving information on international business transactions: If necessary, a copy of the domestic component of cross-border transaction data that consists of a foreign component and a domestic component may also be stored abroad.
The following are the guidelines for processing payment transactions:
Regulation for data processed abroad and sharing payment system data with overseas regulators
The payment information transmitted overseas for processing shall, as stated above, be destroyed abroad within the allotted time frame and stored exclusively in India. For the purpose of resolving customer disputes as needed, the data maintained in India might be accessed or requested. Depending on the nature or origin of the transaction, the data may be disclosed to the foreign regulator with the proper RBI authorisation.
Clarification about businesses that were previously allowed to retain banking information abroad – Banks, particularly foreign banks, who were previously specifically allowed to store banking data abroad may continue to do so; however, with regard to domestic payment transactions, the data shall only be stored in India, whereas the data may also be stored abroad as previously indicated with regard to cross-border payment transactions.
Following the Reserve Bank of India’s imposition of the first fines relating to the localisation of payments data, American Express and Diners Club International Ltd were forbidden from accepting new customers for six months. It forbade bringing on new domestic clients for an indeterminate period. The RBI’s ban, however, won’t apply to its current consumers. These restrictions may be seen as being disproportionate given that the RBI rarely imposes such hefty fines and normally use its regulatory authority with restraint.
Due to non-compliance with the instructions on the storage of payment system data, the RBI has issued the order. The Payment and Settlement Systems Act of 2007 has licensed the American Express and Diners Club as payment system operators. The order issued by RBI is the initial set of penalties applied for non-compliance.
Also, on July 2021, it barred Mastercard Asia/Pacific Pte. Ltd from onboarding new domestic customers. Given that Mastercard controls about a third of India’s entire card network market, the ban is likely to have a significant effect. Given that the RBI acts as a regulator in a generally constrained manner and rarely imposes such broad fines, these limits may be perceived as excessive.
The restrictions on accepting new domestic clients have been lifted as a result of Mastercard’s satisfactory compliance with its storage of payment system data on June 2022. These bans, which were enforced for disobeying payment data localisation instructions, represent a change in regulatory strategy. They were put in place in accordance with the regulation which was adopted in 2018.
The rule would significantly implement safeguards for user data, which is now a major concern worldwide. Additionally, this will ensure that investigations, which were previously difficult, will be made easier with the proper monitoring and surveillance. Most importantly, concerns regarding the security of users’ financial information will be allayed. The Reserve Bank of India’s decision to prohibit companies from onboarding new customers due to non-compliance is a good regulatory move. It suggests every payment service provider act right away to ensure compliance and store all customer and payment-related data only in India.
Read our Article:10 Major Digital Payment Methods available in India
I am a driven and meticulous professional who completed B.Com BL (Hons) from Tamil Nadu Dr. Ambedkar Law University and completed Master of Laws in specialization (Criminal Law with Cyber Crimes). I have extensive experience in Criminal Litigation and want to utilise my legal knowledge in writing also I have proficiency in writing legitimate content with comprehensive research. My core areas of interest are Business Law, Intellectual Property Rights, and Cyber crimes.
Many investors use fixed deposits as their primary investment vehicle. Investors with a high-ri...
The main idea of CDS, which was initially to give banks a way to transfer credit exposure, has...
Black money has been the subject of heated political debate in India for a long time. Successiv...
The Apex Court pronounced a judgement in the case titled Tata Motors Vs The Brihan Mumbai Elect...
Since economies are moving towards digitalisation and making it feasible to conduct transaction...
The Alternative Investment Funds (AIFs) Pro-rata and Pari-Passu Rights Proposal Consultation Pa...
The Financial Action Task Force, i.e. FATF (the Force), is the global money laundering and terr...
Advance tax refers to the payment of the tax liability before the end of the relevant financia...
On 11.12.15, the Hon’ble Delhi High Court (HC) pronounced a landmark judgement in the case ti...
Money laundering can be defined as the process of illegal concealment of the origin of money ob...
Are you human?: 8 + 6 =
Easy Payment Options Available No Spam. No Sharing. 100% Confidentiality
In this era of digitalization, Digital lending has been growing like never before, and considering the times we are...
27 Jun, 2020
Digitalization and technological activities in the banking system have led to the creation of new financial technol...
09 Jun, 2020
Red Herring Top 100 Asia enlists outstanding entrepreneurs and promising companies. It selects the award winners from approximately 2000 privately financed companies each year in the Asia. Since 1996, Red Herring has kept tabs on these up-and-comers. Red Herring editors were among the first to recognize that companies such as Google, Facebook, Kakao, Alibaba, Twitter, Rakuten, Salesforce.com, Xiaomi and YouTube would change the way we live and work.
Researchers have found out that organization using new technologies in their accounting and tax have better productivity as compared to those using the traditional methods. Complying with the recent technological trends in the accounting industry, Enterslice was formed to focus on the emerging start up companies and bring innovation in their traditional Chartered Accountants & Legal profession services, disrupt traditional Chartered Accountants practice mechanism & Lawyers.
Stay updated with all the latest legal updates. Just enter your email address and subscribe for free!
Chat on Whatsapp
Hey I'm Suman. Let's Talk!