Data Localisation: RBI Bars AmEx, Diners Club From Taking New Customers
In a first such action, the Reserve Bank of India barred American Express Banking Corp. and Diners Club International from on-boarding new credit card customers in India from May 1 citing non-compliance with norms that require storing transaction data locally.
“These entities have been found non-compliant with the directions on Storage of Payment System Data," the regulator said in a statement published on its website on Friday. "This order will not impact existing customers.”
The RBI introduced the data localisation norms in April 2018 and these were to come into effect from October that year. The norms require entities to store domestic customer transaction data in servers located in India and certify compliance through a system audit report submitted to the RBI. Multiple international payments firms such as Mastercard and Visa have, however, have sought extensions.
American Express and Diners Club conduct credit card business in India under the Payment and Settlement Systems Act. The RBI is empowered to take supervisory action against them.
“We have been in regular dialogue with the Reserve Bank of India about data localization requirements and have demonstrated our progress towards complying with the regulation," American Express said in a statement. "While we’re disappointed that the RBI has taken this course of action, we are working with them to resolve their concerns as quickly as possible," it said, reiterating that there will no impact on services to existing customers.
As of February, American Express had 15.59 lakh cards in circulation in India, according to data available with the RBI. Its monthly spends were at Rs 2,324 crore at point-of-sale terminals. Diners Club operates in India through a tie-up with HDFC Bank Ltd. since 2011. Both AmEx and Diners Club offer credit card services to an affluent and high-net-worth clientele.
In December, the RBI had also barred HDFC Bank from on-boarding new credit card customers after the bank reported multiple system outages. The regulator has ordered a third-party audit of HDFC Bank’s IT infrastructure and would review its order only after it is satisfied that adequate efforts have been made to prevent system failures.