Data related to payments to be stored only in India: RBI

New Delhi: The Reserve Bank of India has clarified an earlier directive and stated that foreign payment firms such as Mastercard and Visa can process transactions made in India outside the country but will have to store the related data locally within 24 hours.

In case the processing is done abroad, “the data should be deleted from the systems abroad and brought back to India not later than the one business day or 24 hours from payment processing, whichever is earlier”, the clarification states.

The RBI had issued the original directive last April and it mandated that foreign firms should store their payments data “only in India” for “unfettered supervisory access”. It had advised all system providers to ensure that within six months, the entire data relating to payment systems operated by them is stored in a system only in India. “The entire payment data shall be stored in systems located only in India…,” the RBI said in its FAQs on certain implementation issues raised by the Payment System Operators (PSOs). The FAQs further said there is no bar on processing of payment transactions outside India if so desired by the PSOs.

The RBI rules led to aggressive lobbying by the US government and American companies who said the directive would increase infrastructure costs and hurt investment plans of firms. A request to dilute the rules was declined last year.

Wednesday, the RBI stuck to its position but clarified that payment transactions can be processed outside the country if the companies so wished. The previous RBI directive was silent on whether data can be processed abroad or should only be done locally.

Still, even in cases where the transactions are processed abroad, the RBI said such data must be “deleted from the systems abroad and brought back to India” within 24 hours of payment processing.

“The clarity on processing, and the ability to do so overseas, is a welcome development. Although the clarifications do not ease the local-only storage requirement,” said Kriti Trehan, a partner specializing in technology law at the Law Offices of Panag & Babu.

Mastercard and Visa did not immediately respond to a request for comment.

The RBI clarification comes days after India’s commerce ministry, following a meeting with technology and payment companies, said the central bank would “look into” concerns raised by the industry.

The differences between American companies and India have further fuelled trade tensions between New Delhi and Washington. Wednesday, the US Secretary of State Mike Pompeo sought to reduce these tensions, promising a renewed focus on negotiating better ties, but gave few specifics during a visit to New Delhi.

India is looking for more stringent data storage rules so that it can better access data and conduct investigations when the need arises.

Other than RBI’s directive for payment companies, India has also drafted an overarching law on data storage which calls for all personal data determined to be critical to be processed locally.

Exit mobile version