Allows mirror copy of cross-border payments to be stored in India; all storage to be within the country for domestic transactions.
Major international firms like American Express, Visa, Mastercard, Amazon, Paypal, Western Union, etc, may heave a sigh of relief as the Reserve Bank of India (RBI) on Wednesday relaxed its April 2018 circular mandating that all payments data generated in India be stored within the country.
In some sort of relief, the central bank has now allowed such international firms to store data abroad in cases where the transaction originates in the country but gets completed overseas, with a proviso that a mirror copy of such transactions are stored in India. However, for end-to-end domestic transactions, all storage still needs to be done within the country.
Earlier, the central bank had not made a clear cut distinction between transactions which are completed within the country and transactions which originates here and gets completed overseas. Industry analysts said with regard to transactions which had a domestic as well as overseas component there was ambiguity whether such data can be stored overseas or not.
In fact, last week at a meeting convened by commerce and industry minister Piyush Goyal on data storage policies, foreign payments firms like Mastercard and American Express had raised their concerns on the mandatory data storage within the country. Deputy RBI governor BP Kanungo had then assured them that the central bank will look into the matter.
In the clarification put out in its website on Wednesday, the central bank said, “For cross-border transaction data, consisting of a foreign component and a domestic component, a copy of the domestic component may also be stored abroad, if required.” This clears the ambiguity which existed in the earlier circular.
The April 6, 2018, notification read: “All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India.”
“This data should include the full end-to-end transaction details/information collected/carried/processed as part of the message/payment instruction. For the foreign leg of the transaction, if any, the data can also be stored in the foreign country, if required,” the RBI had said in its notification dated April 6, 2018.
In Wednesday’s clarification, the RBI also said that the payment data sent abroad for processing should be deleted abroad within the prescribed time line and stored only in India. The data stored in India can be accessed or fetched for handling customer disputes whenever required.
Banks, especially foreign banks, earlier specifically permitted to store the banking data abroad may continue to do so; however, in respect of domestic payments transactions, the data shall be stored only in India, the central bank said.
There is no bar on processing of payment transactions outside India if so desired by the payment system operators (PSOs). However, the data shall be stored only in India after the processing. The complete end-to-end transaction details should be part of the data.
In case the processing is done abroad, the data should be deleted from the systems abroad and brought back to India not later than one business day or 24 hours from payment processing, whichever is earlier. The same should be stored only in India.
However, any subsequent activity such as settlement processing after payment processing, if done outside India, shall also be undertaken or performed on a near real-time basis. The data should be stored only in India.
In case of any other related processing activity, such as chargeback, the data can be accessed, at any time, from India where it is stored.