No Signs Of A Thaw Between RBI And Payment Firms On Data Storage Rules

The Reserve Bank of India’s new rules asking payment firms to store data only in India kick in next Monday. A week ahead of the deadline, RBI representatives have given no indication that they will either extend the deadline or dilute the rules to allow for mirroring of data.

Over the course of the week, RBI officials met with government officials and some representatives of the payments industry. Across these conversations, the regulator held on to its view that data related to Indian payments must be stored only in India, said three people familiar with the discussions. RBI officials have questioned why some firms feel the new rules are too onerous, while others are already compliant, said these people.

Reuters first reported that on Thursday afternoon that the RBI intends to stick to its local data storage rules.

The RBI first drew attention to the issue of local storage of payments data in April when it noted that only a few firms are storing such data in India. Local storage and access to such data, the RBI said, was essential for supervisory purposes. It went on to say: “All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India.”

A six-month period was given to firms to comply with this directive and a deadline of Oct. 15 was set.

An email was sent to the RBI on Thursday evening seeking clarification on its stance. A response is awaited.

Impact On Card Companies

The need to store data locally will impact all payment firms but the focus will be on MasterCard, Visa and American Express, which have a wide network of credit and debit cards in India.

In terms of the number of payment firms, the RBI might think that more than 90 percent are compliant but a large chunk of the volume of transactions lie with the card companies, said one of the two people quoted above. This person added that for card companies to comply with these rules will mean a shift in their business model, since they centralise a number of their processes.

Unless the RBI extends the deadline, the card companies will not be compliant with the new rules, said the person quoted earlier, while adding that the RBI is unlikely to disrupt card payment services even if the firms can’t comply with the deadline.

As of July 2018, India had 32 million credit card and over 800 million debit cards, shows RBI data.

Emails were sent to MasterCard, Visa and American Express on Thursday evening. A response is awaited.

Local vs Global

The debate over local data storage has become polarised between local and global payment firms.

Large domestic firms like Paytm have maintained that they store data locally and are in support of the RBI’s rules. PhonePe, another large domestic payments service provider, too, has come out in support of these rules.

In contrast, some global firms, supported by lobby groups like the U.S.-India Business Council, have argued against the regulator’s move and sought a relaxation in the RBI’s proposals. These firms have felt that data mirroring is adequate for the supervisory purposes cited by the RBI.

Earlier this week, WhatsApp in a statement said that it has built a system that stores data locally in India. Should WhatsApp’s new system comply with the requirements, it would be able to expand its beta payment services and proceed with a full-fledged launch. Google, which operates GooglePay, asked for more time to comply with the rules at a meeting between its Chief Executive Officer Sundar Pichai and Union Minister Ravi Shankar Prasad, according to an Economic Times report.