RBI issues directive on data related to Payments

The Reserve Bank of India has announced that all data related to payments must be stored only in India and data processed abroad will have to be brought back to the country within 24 hours.

The RBI has said it in its FAQs on certain implementation issues raised by the Payment System Operators (PSOs). The FAQs has also said that there is no bar on processing of payment transactions outside India if so desired by the PSOs.

However, the data shall be stored only in India after the processing. The complete end-to-end transaction details should be part of the data, according the RBI.

If the processing is done abroad, the data should be deleted from the systems abroad and brought back to India not later than one business day or 24 hours from payment processing.

Several eCommerce firms during their meetings with Commerce and Industry Minister, Piyush Goyal had raised the issue of data localisation last week.

In April 2018, the RBI had issued a directive on 'Storage of Payment System Data'. It had advised all system providers to ensure that within a period of six months, payment data relating to Indian users should be stored in a system only in India. During that time, the scrutiny was concentrated on US payment players who have reached out to the Ministry of Finance and the Ministry of Electronics & Information Technology (MeitY) at multiple occasions and have been lobbying to seek dilution of the RBI directive.

In October, electronic payment companies operating in India had to comply, and submit a report to the RBI on its directive to store payments data pertaining to Indian users within the country. These companies were also requested to get their systems audited by an external auditor and submit a compliance report by December this year.