The Reserve Bank of India (RBI) relaxed the limitations placed on Mastercard Asia/Pacific Pte Ltd on onboarding new domestic clients. For non-compliance with RBI standards for data storage in India, Mastercard has been barred from onboarding new domestic users (debit, credit, or prepaid) onto its card network as of July 22, 2021. The RBI had given Mastercard almost three years to comply with the regulatory directives, but it was unable to do so.
About the Terms and Conditions imposed by the RBI:
- All system providers were directed to ensure that the entire data (full end-to-end transaction details, information collected, carried, or processed as part of the message or payment instruction) relating to payment systems operated by them is stored in a system only in India by the RBI circular on Storage of Payment System Data dated April 6, 2018.
- They were also expected to notify the RBI of their compliance and submit a board-approved system audit report done by a CERT-In empanelled auditor within the prescribed time frames.
- However, multinational credit and card companies have resisted the move, citing costs, security concerns, a lack of transparency, a tight schedule, and the prospect of data localization demands from other nations as reasons.
- The Reserve Bank of India had mandated that data be stored only in India, with no copies — or mirroring — stored in other countries.
- Payment companies that used to store and process Indian transactions outside of India claimed that their systems were centralised and that moving the data storage to India would cost them millions of dollars.
- The Reserve Bank of India has decided to allow non-bank entities such as Prepaid Payment Instrument (PPI) issuers, card networks, White Label ATM (WLA) operators, and Trade Receivables Discounting System (TReDS) platforms to join the centralised payment system (CPS) and conduct RTGS and NEFT transactions.
Impact of the RBI Norms on the International Market:
- This irritated foreign participants because domestic payment companies, especially e-commerce firms, were exerting pressure on the government to store data within India.
- Under the Payment and Settlement Systems (PSS) Act, 2007, Payment System Operators such as Mastercard, Visa, and the National Payment Corporation of India (NPCI) are authorised to operate a card network in India.
- The RBI is responsible for the regulation and supervision of payment systems in India under the Act.
- The RBI’s payment system enables payments to be made between a payer and a beneficiary and includes the clearing, payment, and settlement processes, or any combination of them.
Debit and credit card funds are handled through systems such as Mastercard, Visa, and the National Payments Corporation of India (NPCI).