The Reserve Bank of India has given payments systems providers six months to ensure that all data they collect is stored only in India.
“It is observed that not all system providers store the payments data in India. In order to ensure better monitoring, it is important to have unfettered supervisory access to data stored with these system providers as also with their service providers / intermediaries/ third party vendors and other entities in the payment ecosystem,” RBI said in a notification today.
The direction, which follows a notification during the central bank’s monetary policy announcement, stated that all payment systems providers should ensure that data should include full end-to-end transaction details, information collected and payment instructions.
The banking regulator said that any data collected during the foreign leg of a transaction could be stored on a foreign server, if required. The systems providers would have to submit a report citing their compliance with the RBI’s guidelines by Oct. 15.
RBI also asked payment systems providers to conduct a system audit report, conducted by auditors empaneled with CERT-IN, after they have ensure that all data is in India. The report must be approved by the boards of these companies and submitted to the regulator by Dec. 31.