RBI takes stock of payment companies’ preparedness

9 June 2018: The Reserve Bank of India has inscribed to payment companies inquiring details of their preparation to comply with its charge to store all user data in servers located within India. 
The letter sent on June 1, which was examined, also tasks companies with contributing fortnightly updates on preparedness to the central bank. In an order issued in April, the banking regulator had asked all-digital payment providers to set up data storage conveniences inside India by October this year. 
 
“You are hereby apprised to notify the status of securing acquiescence with the above requirements. The same shall be suggested by June 8, 2018, followed by an update on progress at fortnightly intervals thereafter,” addressed P Vasudevan, chief general manager, RBI. 
The central bank has asked payment companies to ensure that all transaction details relating to payment systems are stored in servers only in India within a period of six months. Analysts are of the view that the latest missive by the central bank reflects the stringent view it is taking on the issue of local data storage. 
In recent weeks concern over privacy and security of data have risen sharply, following widespread allegations of data leakage from social network Facebook. 
 
“To me, it signifies that RBI is serious about the storage of data locally and in the followup, if they don’t see movement, they can ask questions,” said Vivek Belgavi, fintech leader at PwC. 
“The order will help RBI in conducting physical audits and checking how data is being run and control it from being leaked,” he said. 
Welcoming the banking regulator’s mandate, home-grown digital payment companies such as Paytm and Flipkart-owned PhonePe have said they are fully compliant as all user data generated is already stored in India. 
Deadline May be Lengthened 
Global technology firms, meanwhile, have voiced strong reservations over the order and made multiple representations through organizations such as US-India Business Council (USIBC), US-India Strategic Partnership Forum (USISPF) and Nasscom. 
 
These companies claim they were not consulted before the arrangements were announced. The clause where the regulator has asked for user data to be stored “only” in India is regarded as the biggest challenge. Industry groupings have asked RBI to withdraw this condition or permit data mirroring, which allows for data to pass through global networks while a copy can reside in India as well. 
 
USISPF president Mukesh Aghi told that they are not running away from the RBI request and one has to learn to recognize the local law of the land. “We have to find a stability with the companies as well so it doesn’t become onerous; it’s technically feasible and more importantly they just don’t get off the worldwide grid especially on fraud.” A deadline extension is also not ruled out,” said one person, while some others are of the view that RBI is unlikely to budge from its stand