The Reserve Bank of India (RBI) has lifted curbs on global card network American Express on onboarding new domestic customers, after about 15 months of restrictions. The central bank in April 2021 had imposed the restriction on the company for not complying with a 2018 circular on storing payment system data.
“In view of the satisfactory compliance demonstrated by American Express Banking Corp. with the Reserve Bank of India (RBI) circular dated April 6, 2018 on Storage of Payment System Data, the restrictions imposed, vide order dated April 23, 2021, on on-boarding of new domestic customers have been lifted with immediate effect,” the RBI said in a notification on Wednesday (August 24).
The central bank had on April 23, 2021, imposed restrictions on American Express Banking Corp from onboarding new domestic customers onto its card network from May 1, 2021, for non-compliance with the RBI circular dated April 6, 2018 on Storage of Payment System Data.
The 2018 circular made it mandatory for all payment system providers to ensure that the entire data related to payment systems operated by them is stored in a system only in India, within a period of six months.
They were also required to report compliance to the RBI and submit a board-approved System Audit Report (SAR) conducted by a CERT-In empanelled auditor within a specified time.
In June, the RBI also lifted business restrictions imposed on the global card player Mastercard. “In view of the satisfactory compliance demonstrated by Mastercard Asia / Pacific Pte Ltd with the Reserve Bank of India (RBI) circular dated April 6, 2018 on Storage of Payment System Data, the restrictions imposed, vide order dated July 14, 2021, on on-boarding of new domestic customers have been lifted with immediate effect,” the RBI had said.
The RBI’s Storage of Payment System Data Rules
According to the RBI’s April 2018 circular, “all system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details / information collected / carried / processed as part of the message / payment instruction. For the foreign leg of the transaction, if any, the data can also be stored in the foreign country, if required.”
System providers shall ensure compliance of (i) above within a period of six months and report compliance of the same to the Reserve Bank latest by October 15, 2018, it added.
“System providers shall submit the System Audit Report (SAR) on completion of the requirement at (i) above. The audit should be conducted by CERT-IN empaneled auditors certifying completion of activity at (i) above. The SAR duly approved by the Board of the system providers should be submitted to the Reserve Bank not later than December 31, 2018,” the central bank said.
Read all the Latest Business News and Breaking News here