RBI has released its FAQs on June 26, 2019 clarifying the scope and extent of its circular dated April 6, 2018 (‘PSA Circular’) under the Payment and Settlement Systems Act 2007 (‘PSA’) which: (i) requires system providers to store all data relating to payments systems operated by them only in India; and (ii) directs compliance within a period of six months. RBI has clarified that the PSA Circular is applicable to all authorised payment system providers under the PSA (‘PSOs’), all banks operating in India and all services providers in the payments ecosystem who are engaged by PSOs (though the responsibility to ensure compliance will remain with the PSOs). RBI has clarified that there is no restriction on processing of payment transactions outside India, provided that the related data is stored only in India after such processing. Data that is processed abroad must be deleted from systems abroad and brought back to India within one business day or 24 hours from payment processing (whichever is earlier).
Foreign banks (and banks which have been specifically permitted to store banking data abroad) have been permitted to continue storing such data abroad, provided that: (i) in respect of domestic payment transactions, the data should be stored only in India, and (ii) in case of cross border transactions, a copy of the data relating to the domestic component of the data may also be stored abroad.