RBI's local data storage norms kick in today; foreign firms seek more time
Mail Today Bureau October 15, 2018
The RBI's deadline for global financial technology (fintech) companies to comply with its data localisation norms kicks in on Monday. Senior officials said the deadline will not be deferred despite requests from foreign companies as they have already been given six months to prepare their systems for local storage of data. Mastercard, Visa, PayPal, Google, Amazon and Facebook are reported to have met Finance Minister Arun Jaitley earlier this month to secure an extension of the deadline for local storage of payments data. Foreign payment companies were caught off guard in April by RBI's one-page directive that said all payments data should, within six months, be stored only in the country for "unfettered supervisory access".
The RBI had made it clear that global payment companies will have to store transaction data of Indian customers within India. The US government is backing its tech giants on the issue. "We want to have prohibitions on data localisation to ensure free flow of information, free flow of data across borders,'' Dennis Shea, deputy US trade representative said in Washington on Friday.
According to sources, global fintech companies reportedly sought an extension of the October 15 deadline but it seems that the RBI is not inclined to relax the norms. WhatsApp has already fallen in line with the RBI directive. The California-based firm said on Tuesday that it has now built a system to store payment-related data in India. The Facebookowned messenger has high stakes involved as it looks to deepen its offerings in its biggest market by users.
WhatsApp has a user base of more than 200 million in India, has been trying to break into the country's payments space. Its move to comply with storage norms could potentially threaten entrenched players such as SoftBank and Alibababacked Paytm. Data localisation requires data about residents be collected, processed, and stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws.
Although domestic companies have welcomed the guidelines, global companies fear increase in their expenses for creation of local servers. To avoid this rise in cost, global companies in recent meeting with the RBI proposed to provide mirror data instead of original data to which the central bank did not agree, the sources said.
Last week, Finance Minister Arun Jaitley met RBI Deputy Governor B P Kanungo to discuss RBI's data localisation norms. The RBI in April said in order to ensure better monitoring of payment service operators it is important to have unfettered supervisory access to data stored with these system providers as also with their service providers, intermediaries as well third party vendors and other entities in the payment ecosystem.
The RBI further said data should include the full end-to end transaction details, information collected or processed as part of the payment instruction. But a formal roll out has been delayed amid false messages circulating on the platform that have led to mob lynchings and more government scrutiny, according to local media.
A lack of clarity about local data storage norms has also delayed a formal launch of WhatsApp's inter-bank money transfer service. Its compliance with data storage comes at a time when, according to sources, several other global payments firms are seeking extensions on the Oct. 15 data localization deadline. Some are asking for data mirroring that would allow data storage overseas along with a copy in India, as this would be easier to comply with.