RBI resists lobbying by US payment firms to ease local data storage rules

New Delhi, May 30: India’s central bank is standing firm on a directive to compel global payment firms to store customer data in India, resisting calls from U.S. companies to dilute an order they say would cost them millions of dollars, people familiar with the matter said. The payment companies are worried India’s data onshoring move could set a precedent and nudge other major governments to implement similar rules at a time when there is heightened scrutiny on how companies globally handle their customers’ data.
The industry’s tussle with the Reserve Bank of India (RBI) also comes as Prime Minister Narendra Modi aggressively pushes digital and cashless modes of payment that leave an electronic trail as part of a campaign to crack down on the black economy. While Modi’s administration is working on a separate data protection law, foreign companies were caught off guard in April by the RBI’s one-page directive that said all payments data should within six months be stored only in the country for “unfettered supervisory access”. The RBI said storing data locally would help “ensure better monitoring”.
A joint lobbying effort by American Express Co, Mastercard Inc, and Visa Inc to dilute or reverse the directive has failed to shift the central bank’s position, with the RBI telling the firms in a meeting this month to comply, not complain, sources with direct knowledge told Reuters. The RBI declined to comment, but a government source with direct knowledge confirmed the central bank was “unlikely to back down on its plans”.
Investment plans
The card companies are nervous that the move will disrupt their investment plans, as millions of dollars are diverted from other projects in a scramble to open local data centres within six months. “There is a feeling of helplessness and we will have to comply,” said a source with direct knowledge of the meetings. The RBI’s insistence that payments data be stored “only in India” would hamper global fraud detection and the companies should be allowed to keep a back-up, the sources said.
The government source disagreed. “The suggestion that you need a disaster management back-up centre overseas just does not cut it,” said the source, who declined to be identified. “This is not a small island nation that would get entirely crippled by a single natural disaster.”
Mastercard said it was working with the industry to engage the RBI “to understand their need for access to domestic data and work towards a solution that meets the regulatory requirements” in line with global norms.