RBI data localisation: Why bank credit card users shouldn't worry

Amid speculations that the ongoing tussle with fintech companies like Mastercard and Visa with the Reserve Bank of India (RBI) over data localisation issue may hit users, reports suggest otherwise. The credit and debit card users of companies like American Express, HDFC, SBI, ICICI, Kotak Mahindra, Axis Bank etc. will not be affected as the RBI is likely to give more time to companies who have not yet complied with its data localisation norms. 

In the April monetary policy review, India's central bank had said announced measures to ensure better monitoring of payment service operators. RBI had said that it was important to have "unfettered supervisory access to data stored with these system providers as also with their service providers/ intermediaries/third party vendors and other entities in the payment ecosystem". 

"All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India," the review said. It further said that the data should include the full end-to-end transaction details, information collected, carried, processed as part of the message, payment instruction. 

However, a large number of fintech firms objected to the RBI decision, citing loss of business concerns. 

American objection

Even, the United States got involved in the matter, saying it wanted to prohibit data localisation to ensure free flow of information across borders. "We want to have prohibitions on data localisation to ensure free flow of information, free flow of data across borders, disciplines around countries requiring companies to give up their source code, permanent ban on taxation or duties on digital transmissions," PTI quoted Dennis Shea, Deputy US Trade Representative and US Ambassador to the WTO, as saying in Washington.

Two US Senators - John Cornyn and Mark Warner - had asked Prime Minister Modi to adopt a softer stance on data localisation. They had claimed that the tough stance will have "negative impact" on the business of the companies, and may "undermine" India's economic goals and "will likely not improve the security of Indian citizens' data. 

RBI Firm

The global fintech companies had reportedly sought an extension of the October 15 deadline but the RBI refused. PTI repoerted on Moday that as many as 80 per cent players in the payment industry, including Amazon, Paytm and WhatsApp, have complied with the norms for local storage of data. 

However, some debit/credit companies have failed to comply to the norms. The Central bank isn't ready to review its April decision, according to sources. 

What RBI will do

A source told the news agency, "The RBI will look at things on a case-to-case basis from tomorrow while handling the subject." That means, if these debit/credit card companies fail to adhere to the RBI norms, they may face huge penalty, maybe a stop work order. 

According to a report by The Economic Times, the RBI may not penalise companies that have failed to meet the deadline. Instead, these companies may be asked to submit a shedule for adhering to the norms. 

A senior banking official allayed fears of any disruption in the functioning of debit and credit cards using foreign-based payment companies like Visa and MasterCard"There will be no change or disruption in the usage of these cards. Life will go on as usual," the official was quoted as saying in an IANS report. It further quoted people in the know of things as saying that of the 78 companies that need to follow the RBI`s data localisation rule, 60-62 companies have already confirmed their compliance and the rest are in various stages of compliance. 

(With Agency Inputs)