In a move that would cheer most foreign payment firms operating in India, the country’s finance ministry has proposed to ease the Reserve Bank of India’s (RBI) guidelines on storage of payment system data, a report by Reuters said.
The Central bank, in April, has mandated all payments system operators working in India to ensure that data related to payment systems operated by them is stored in the country. “In order to have unfettered access to all payment data for supervisory purposes, it has been decided that all payment system operators will ensure that data related to payment systems operated by them are stored only inside the country within a period of six months,” the RBI said in a report during its Monetary Policy meeting in April. The move would have come into effect from October 15 this year, according to a report by the Economic Times.
However, the intense lobbying carried out by most of these major payment firms, especially the American ones, seems to have paid off. According to the report by Reuters, India’s finance ministry, in a meeting held in June with RBI officials and executives from payment firms, said that a possible solution could be that companies would be allowed to store data offshore, as long as a copy was kept in India.
At the meeting, finance ministry officials asked the central bank to clarify about the kind of data that needed to be stored and the time given to implement the directive, according to a copy of the minutes of the meeting reviewed by Reuters. RBI executive director S Ganesh Kumar, who was also present at the meeting said the central bank had been approached about the companies’ concerns and was in the process of issuing a circular to clarify the rules, according to Reuters.
The meeting was chaired by the government’s Economic Affairs Secretary Subhash Chandra Garg and attended by other ministry and RBI officials, as well as executives from companies including MasterCard, Visa and American Express, Reuters said.
Industry’s concerns over RBI’s norms
Easing the proposal would be a relief for major foreign firms, including MasterCard, Visa and American Express, which fear that the central bank’s move could not only cost them million of dollars but also set a precedent for other countries to implement similar rules at a time when there is heightened scrutiny of how companies globally handle their customers’ data.
Media reports earlier in the year also pointed out that multiple international payment service providers wrote to the RBI, asking the central bank to reconsider its guidelines. Furthermore, The Payments Council of India (PCI), which has around 100 payments firms as its members, has sought a meeting with the RBI to suggest “alternative solutions which can meet the RBI requirements of unfettered access”, according to a report by Money Control.
The central bank had initially resisted all efforts by payment companies, with sources with direct knowledge of the matter telling Reuters in May that the RBI asked these firms to comply, not complain. The RBI in April said the payment ecosystem in India had “expanded considerably”, making it necessary to ensure “the safety and security” of data.
However, industry representatives cited that storing the data only in India would be a security risk, as in the event of a natural disaster, no one would have access to it if it was all stored in one place. Further, industry lobbyists during the June meeting claimed that there was little clarity on the type of data that needed to be stored and therefore, on the time needed to implement the said rules. It also has to be noted that this news comes days after Mastercard has called for the central bank to relax its payment data storage guidelines, as allowing companies to store user data outside India will also help contain international fraud.