Foreign banks in India are planning to write to the Reserve Bank of India (RBI) regarding the issue of local data storage, as they are finding it difficult to implement the regulator’s directive retrospectively.
In April 2018, the regulator issued a circular stating that foreign banks need to store payment data locally. After a few extensions, the deadline to comply with the norms is January 1, 2025.
“RBI had advised all system providers to ensure that the entire data relating to payment systems operated by them is stored in a system only in India,” said a source familiar with the development.
The regulator further stated that in cases where processing is done abroad, the data should be deleted from the systems abroad and brought back to India no later than one business day or 24 hours from payment processing, whichever is earlier. The same data should then be stored only in India.
Sources said that some of the foreign banks have changed their systems so that the overseas payment data can be stored locally. This has been implemented in the last 6–8 months.
However, according to the regulator, the data that has been stored in the home jurisdiction of foreign banks since the April 2018 circular also needs to be stored locally.
Sources indicated that foreign banks are finding it difficult to move that data locally.
The matter was discussed at an Indian Banks’ Association (IBA) meeting, where it was decided that the bank body would take up the issue with the regulator.
“The IBA would inform the regulator that foreign banks are storing the payment data locally, progressively. It will also be communicated that it may not be possible to import the past data,” the source added.
The regulator has been keen on ensuring compliance with its norms on data storage by the regulated entities.
In 2021, RBI barred MasterCard from acquiring new debit and credit customers for not complying with data localisation requirements. Diners and American Express also faced a similar ban from the regulator for not complying with local data storage norms.
Later, the ban was lifted once these entities complied with the data storage norms.
First Published: Aug 21 2024 | 8:30 PM IST