Impact of RBI Regulation on Storage of Payment System Data – Part 1

Governance, Risk and regulatory compliance (GRC) will continue to be a key driving factor for investment toward datacenter transformation initiatives albeit becoming a pain-point for CXOs to align their business objectives inline with these policies. In December 2017, RBI said that it has been performing focused IT examinations of the banks to evaluate their cyber risk management systems and procedures. The growth of payment system market in India and its highly unregulated ecosystem has prompted the central bank to take necessary corrective action. The recent regulation from RBI (Reserve Bank of India) mandates that payment system operators should store all their transactional and non-transactional data collected only within India.

Key points on the Regulation on Storage of Payment System Data for payment operators include:

  • All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details/information collected/ carried/processed as part of the message/payment instruction. For the foreign leg of the transaction, if any, the data can also be stored in the foreign country, if required.
  • System providers shall ensure compliance of (i) above within a period of six months and report compliance of the same to the Reserve Bank latest by October 15, 2018.

Data Localization – First Move starting with Fintech segment in India: This mandate among other initiatives from the Government of India points towards the first step for a data localization strategy, centred around protecting user data against any misuse and prevention of data leaks. As data localization is becoming a new normal with many countries having imposed such laws, consumers in India stand to gain from the added safety against frauds and reduced risk. Though arguments are being made that data localization in the face of globalization could have negative impact on business and GDP growth, the untapped market in India for its move towards digital economy is quite a huge opportunity when compared to other countries and with such compliance measures this will only enhance investments in India.

Though the market has mixed views on the implications of the regulation, the immediate impact will be felt in the expansion of datacenter market in India. In the coming months, the compliance will force payment operators to relocate their data from offshore either:

  • To a physical datacenter of their own or
  • To leverage an existing colocation provider or
  • To a cloud service provider located within India

Gowtham Kumar
 Senior Manager, ICT Research
Infoholic Research