On June 26, 2019, The Reserve Bank of India (RBI) in its frequently asked questions (FAQ) section stated that the data related to payment transactions must be stored in systems of the country and if any information is processed abroad, it should be deleted from their systems and brought back to India not later than one business day or 24 hours from the payment processing, whichever is earlier. The clarification was sought by the Payment System Operators (PSOs) on the issue of data localization.Key Points:
- Applicability: It is applicable to all Payment System providers authorized / approved by the RBI to set up and operate a payment system in India under the Payment and Settlement Systems Act, 2007.
- Details of the data: The data should include end-to-end transaction details and information pertaining to payment or settlement transaction that is gathered / transmitted / processed as part of a payment message / instruction.
- Cross border transaction data: A copy of the domestic component may be stored abroad, if required, for the data consisting of a foreign component and a domestic component.
- SAR: The System Audit Report (SAR), from a CERT (Computer Emergency Response Team) -In empanelled Auditor, should inter-alia include Data Storage, Maintenance of Database, Data Backup Restoration, Data Security, etc.
- Limit: There is no limit on processing of payment transactions outside India if so desired by the PSOs.
- Background: In April 2018, RBI had issued a directive on ‘Storage of Payment System Data‘. It had advised all system providers to ensure that within a 6 months period, entire data relating to payment systems operated by them is stored in a system only in India.
About Reserve Bank Of India:
♦ Headquarters: Mumbai
♦ Founded: 1 April 1935, Kolkata
♦ Governor: Shaktikanta Das