New Delhi: Global financial companies, especially ones partnering with Indian commercial banks in making credit and debit cards, have written to the Reserve Bank of India (RBI) asking for extension in deadline for data localisation.
With the RBI not relenting on extending the October 15 deadline for data localisation, as many as 80 percent of industry players, including Amazon, Alibaba and WhatsApp, had complied with the data storage norms, the remaining 20 percent consists of these financial companies.
Around 15 of the 78 payment companies in India are yet to comply with these norms, according to a report in Business Line. These include: Visa, Mastercard, and Amex. In April, the central bank had given six months to global payment companies to store transaction data of Indian customers within India.
"The RBI will look at things on a case-to-case basis from tomorrow while handling the subject," one of the sources said, without mentioning if the central bank would take action or impose penalties for non-compliance.
In its April monetary policy review, the RBI had said that in order to ensure better monitoring of payment service operators it was important to have "unfettered supervisory access to data stored with these system providers as also with their service providers/ intermediaries/third party vendors and other entities in the payment ecosystem".
"All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India," it had said.
The RBI had further said that data should include the full end-to-end transaction details, information collected, carried, processed as part of the message, payment instruction.
According to an official aware of the development, RBI may not immediately penalise payment companies for not meeting its data localisation deadline of October 15.
Payments Council of India (PCI), in a statement, had said that it had received a divided response on the notification from its members.
“The responses received from members can be grouped into 3 classes being — fully in favour, partially in favour with certain relaxations and not in favour,” PCI said.
According to PCI, some of its members think that storage of data only in India will not be in the best interests of the payment ecosystem. They claim that this would give way to a lot of issues as payment systems nowadays are fully connected globally to achieve greater operational efficiency and safeguard transactions against frauds, systemic risks or a single point of failure.
Industry leader Paytm, however, stated that when data is processed and stored in multiple geographies, there is a lack of clarity as to which country's data laws will be applicable to it. It added that India has enough technology and manpower resources to support this migration.
Similarly, Flipkart-owned payments company PhonePe said that processing any data outside the country leaves behind an imprint of the same on the servers through which it is processed.
The RBI's move came at a time when digital transactions are gaining pace in India. Transactions through the Unified Payments Interface (UPI) in February alone stood at 171.2 million, accounting for Rs 19,126 crore in value of transactions. Of these, Paytm accounted for 40 percent of the transactions while the rest were done on apps such as PhonePe (16 percent) and BHIM (5.8 percent).
In January 2018, Rs 2.96 lakh crore were transacted through debit cards and Rs 41,778 crore was transacted through credit cards, RBI data showed. The data also revealed that the number of debit cards in the country stood at to 846.7 million, while a total of 36.24 million credit cards were in operation.
The growing number of digital channels for finance are posing a challenge to countries in detecting money laundering and tax evasion. The recent scandal at Denmark's Danske Bank is a case in point. Nearly USD 230 billion flowed through the bank's tiny branch in Estonia, leaving the country's banking regulator in the dark for the better part of a decade.
In the draft bill on data protection, framed by a working committee headed by former Supreme Court Judge BN Srikrishna, the committee proposed that one copy of all personal data be stored on servers located in India.
Comments
0 comment