Electronic payments have made a huge impact on the lives of millions of Indians in the last few years with various options to make and receive payments in a timely manner.
With that in mind, RBI has recently regulated for all Payment System providers, that any payments made on Indian entities for domestic payments transactions has to be stored only in India. For payments processing done outside of India, the data has to be
deleted from those systems abroad and stored in India not later that 1 business day or 24 hours from payment processing, whichever is earlier. For cross border transactions, the domestic component of payments data can be stored outside if required.
The growth in electronic payments systems has advanced and with that there is a need to put in relevant regulations also to protect the interests of users, primarily their data and safeguard the integrity of the payments systems. In light of the recent data
breaches, this also provides the required safety and security of payments systems data and the continuous supervision access, monitoring and surveillance.
This has posed some urgency within the banks and financial institutions to meet this regulation and adhere to it. Some even have missed it and perhaps have got some extensions to it. However, it is a mandatory requirement and all parties have been working
towards achieving this since the regulating authorities believe this is a step in the right direction, in the growth of the financial systems in India and user data privacy.
Banks and financial institutions can rely on their own solutions to achieve this. The regulation doesn’t mandates any particular solutions to achieve this, the guidelines are there to be followed to achieve the end result.
India already have Level 4 data centers and major cloud providers and payments technology vendors/providers have a local Indian presence which can make it slightly less challenging to move payments data in India. Other solutions like keeping the outside
systems for processing and then moving that data in India can also be utilized with the right architecture.
The regulation will greatly put in the measures to safeguard the users data which is becoming a big concern across the globe now. This will also ensure that right monitoring and surveillance will ease out in the investigations which was not straightforward
earlier. Most importantly, the concerns about the safety of the users payments data will be a big win once this is achieved.
Reference - https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11244&Mode=0