News: Recently, the Reserve Bank of India (RBI)has barred three foreign card payment network firms – Mastercard, American Express and Diners Club — from taking new customers on board over the issue of storing data in India. As many as five private sector banks, including Axis Bank, Yes Bank, and IndusInd Bank, are to be impacted by the RBI’s decision. The Personal Data Protection Bill also has provisions pertaining to ‘data localisation’.
- All system providers were directed to ensure that within six months the entire data(full end-to-end transaction details, information collected or carried or processed as part of the message or payment instruction) relating to payment systems operated by them is stored in a system only in India.
- They were alsorequired to report compliance to the RBI and submit a board-approved system audit report conducted by a Computer Emergency Response Team – India (CERT-IN) empanelled auditor within the timelines specified.
Reason of Non- Compliance:
- Payment firms like Visa and Mastercard, which currently store and process Indian transactions outside the country, have said their systems are centralised and expressed the fear that transferring the data storage to India will cost them millions of dollars.
- Once it happens in India, there could be similar demands from other countries, upsetting their plans.
- While theFinance Ministry had suggested some easing of norms in transferring the data, the RBI has refused to change, stating that the payment systems need closer monitoring in the wake of the rising use of digital transactions.
Significance of RBI’s Move:
- The RBI’s decision to restrict entities from onboarding new customers is a crucial development in their endeavour to ensure that all payment system operators store or localise their end-to-end transaction dataonly in India. The motivation behind such a move is to carry out effective law enforcement requirements as data access for law enforcement purposes has been a challenge.
Regulation of Payment Firms:
- Firms such as Mastercard, Visa and National Payment Corporation of India (NPCI)are Payment System Operators authorised to operate a card network in India under the Payment and Settlement Systems (PSS) Act, 2007.
- Under the Act, the RBI is the authority for the regulation and supervision of payment systems in India.The RBI’s payment system enables payments to be effected between a payer and a beneficiary and involves the process of clearing, payment or settlement, or all of them.
- It includes both, paper-based such as cheque, demand draft and digital such as National Electronic Fund Transfer (NEFT), BHIM app, settlement systems.
- The RBI has decided to allow non-bank entities — Prepaid Payment Instrument (PPI) issuers, card networks, White Label ATMoperators, Trade Receivables Discounting System (TReDS) platforms – to become members of the centralised payment system and effect fund transfer through Real Time Gross Settlement (RTGS) and NEFT.