RBI punishes American Express for violating Data Localisation Guidelines
RBI has restricted American Express and Diners club from onboarding new customers. With these restriction from the RBI, American Express and Diners Club can no more enroll new domestic credit card customers from May 1, 2021. Existing customers will not be affected by the Central Bank’s order.
According to a statement released by the central bank, the two companies were found guilty of violating the rules on ‘Storage of Payment System Data.’
The RBI slapped the entities with this supervisory action after the companies failed to comply with the RBI’s data storage guidelines. These guidelines state that the data of transactions, purchases, orders, and customer information collected by a company is to be stored in a system ‘within India’.
American Express and Diners Club are Payment System Operators licensed to operate card networks in the country under the Payment and Settlement Systems Act, 2007. The RBI has taken this action under Section 17 of the PSS Act.
The Guidelines
As per the RBI’s April 6, 2018 circular on ‘Storage of Payments Systems Data ‘, all payment system providers were required to ensure that within six months, all data related to their daily operations was stored in a system only in India.
Companies are also expected to notify RBI of their compliance and send a Board-approved System Audit Report (SAR) performed by a CERT-In empaneled auditor within the guidelines’ deadlines.
Do subscribe to our Telegram channel for more resources and discussions on technology law and news. To receive weekly updates, and a massive monthly roundup, don’t forget to subscribe to our Newsletter.
You can also follow us on Instagram, Facebook, LinkedIn, and Twitter for frequent updates and news flashes about #technologylaw.