Driven by excellence, focused on strategies for the longer term.

This is the crux of who we are. It is an articulation of precision in purpose, from the Firm’s beginnings to where we are today. Our collective eye is unerringly trained on tomorrow.

Deep sectoral expertise across services and industries.

Our insistence on strategic advisory exacts an in-depth understanding of and involvement with our clients’ businesses and industries. We engage not just individual businesses, but also contribute to the country’s legal and regulatory frameworks.

Personal commitment supported by experience and grit.

We commit early. We pull together internally for greater support. Every effort is sincere, every individual deeply dedicated to their task, their role, to the Firm.

Our undertakings for long-term impact are an organic extension of our purpose.

They are to employ our deep knowledge of the law beyond the business, the transaction, the deal. To use the opportunities and skills we possess, to reflect on the culture we’re creating. Individually and collectively, these are our efforts to help shape the thinking of our future generations, and arm them with strategies for true, sustainable growth.

Knowledge-sharing is intrinsic to equity and inclusivity.

This is a repository of thought leadership, deep insights and strong viewpoints, legal and other news and events and how they impact the industry and our clients.

Relevance is critical to growth. It necessitates a firm that is dynamic and responsive.

Amplifying intrinsic talent, sharpening skills, expanding knowledge, is vital to leading. It defines every aspect of how our firm functions and transacts. This is how we create new benchmarks and set industry standards.

  • Connect
Jun 27, 2019

RBI Clarification on the circular on storage of payment system data

BACKGROUND

›The Reserve Bank of India ("RBI") issued a circular (DPSS.CO.OD No. 2785/06.08.005/2017-2018) dated April 6, 2018 on Storage of Payment System Data ("Circular") advising all payment system providers ("PSPs") to ensure that data, relating to payment systems operated by them ("Payments Data"), is stored only in India for RBI's unfettered supervisory access.

› Faced with implementation issues, the PSPs sought certain clarifications from the RBI in connection with the Circular.

› On June 26, 2019, the RBI published certain FAQs (at https://www.rbi.org.in/scripts/FAQView.aspx?Id=130) in relation to the Circular and reiterated its position that Payments Data can be stored only in India.

KEY CLARIFICATIONS       

Applicability. The RBI has clarified that the Circular is applicable to: -

• all banks operating in India;

•  PSPs authorised by the RBI to operate payment systems in India in accordance with the Payment and Settlement Systems Act, 2007; and

• all other entities in the payments ecosystem, engaged by the PSPs, who provide payment services (including but not limited to intermediaries, service providers, payment gateways etc.).

What data is covered. The Payments Data that needs to be stored only in India includes: –

• Customer data - such as name, mobile number, email address, Aadhar number, PAN etc.;

• Bank account details - viz. customer and beneficiary account details;

• Payment credentials - such as OTP, PIN, password etc.; and

• Transaction data – such as transaction reference, timestamp, underlying amount, originating & designation system information etc.

Cross-border processing & storage. 

• Payment transactions may be processed outside India. However, the data pertaining to such transactions can only be stored in India.

• Such data should be deleted from the systems abroad and brought back into India for local storage within 1 business day or 24 hours from payment processing, whichever is earlier.

• Data pertaining to activities undertaken subsequent to payment processing (such as settlement processing) should also be stored only in India.

• For cross-border transaction that has both domestic as well as foreign components, a copy of the data pertaining to the domestic component may also be stored overseas, if required.

Sharing data with overseas regulators. RBI approval is required to share Payments Data with an overseas regulator.

KEY TAKEAWAYS

› While the RBI has maintained its earlier stance that Payments Data can be stored by PSPs only in India, it has now expressly recognized that: -

• There is no bar on processing of payment transactions outside India; and

• The Payments Data processed overseas must be deleted from the overseas systems and brought back into India within the prescribed timeline.

Authors:

Rohan Bagai, Partner Aman Gera, Senior Associate

TAGS

    SHARE

    Subscribe

    DISCLAIMER

    These are the views and opinions of the author(s) and do not necessarily reflect the views of the Firm. This article is intended for general information only and does not constitute legal or other advice and you acknowledge that there is no relationship (implied, legal or fiduciary) between you and the author/AZB. AZB does not claim that the article's content or information is accurate, correct or complete, and disclaims all liability for any loss or damage caused through error or omission.

    RELATED READING

    Client alert

    Introduction of Principal Purpose Test in India – Mauritius Tax Treaty

    May 03, 2024 | Tax
    Client alert

    MFN Clause in India-Spain DTAA invoked !!

    May 03, 2024 | Tax
    Client alert

    Indian Aviation Roundup

    May 02, 2024 | Aviation