Products You May Like
The Reserve Bank of India (RBI) on Friday imposed restrictions on American Express Banking Corp (Amex) and Diners Club International from on-boarding new domestic customers on to their card networks from May 1, 2021. These entities have been found non-compliant with the central bank’s directions on storage of payment system data.
In a statement on its website, RBI said the order will not impact existing customers. “The supervisory action has been taken in exercise of powers vested in RBI under Section 17 of the PSS (Payment and Settlement Systems) Act,” the regulator said.
Amex and Diners Club are payment system operators authorised to operate card networks in India under the PSS Act. The directions against the two companies constitute the first set of penalties meted out for non-compliance with an RBI circular on storage of payment system data dated April 6, 2018.
The circular directed all payment system providers to ensure that within a period of six months the entire data relating to payment systems operated by them is stored in a system only in India.
These would include full end-to-end transaction details as also information collected, carried and processed as part of the message or payment instruction. They were also required to report compliance to the central bank and submit a board-approved system audit report (SAR) conducted by a Cert-In empanelled auditor within stipulated timelines.
At the end of February 2021, Amex had 15.6 lakh credit cards outstanding, representing 2.53% of the total market. Diners Club cards are issued in India exclusively through HDFC Bank. The number of active cards issued by Diners Club was not immediately available.
The April 2018 circular had caused much heartburn among US-based payment players in India because of the six-month compliance timeframe and the absence of a clause allowing data mirroring. Eventually, in June 2019, RBI allowed offshore mirroring of payments data for cross-border transactions made in India in a clarification to the original circular. This meant that for cross-border transaction data, consisting of a foreign component and a domestic component, a copy of the domestic component may also be stored abroad, if required.