“In view of the satisfactory compliance demonstrated by Diners Club International Limited with the Reserve Bank of India (reserve Bank of India) Circular dated April 6, 2018 on Storage of Payment System Data vide Order dated April 23, 2021, the restrictions imposed on on-boarding of new domestic customers are withdrawn with immediate effect,” the regulator said in a statement. .
In FY22, India’s banking regulator barred three US-based card networks Mastercard, American Express and Diners Club International from doing new card business in India as these companies were deemed non-compliant with local data storage regulations by RBI. marked in.
While New York-headquartered American Express and Illinois-based Diners Club were banned by the central bank on April 23 from issuing new cards on their respective networks. On July 14, Mastercard – one of the world’s leading card operators – was also barred from conducting new card business in India due to similar non-compliance.
As per RBI’s data localization rules first introduced in April of 2018, payment operators in India have to store data in servers physically present in India. In addition, these entities are required to submit System Audit Reports (SARs) conducted by CERT-In empaneled auditors.
The Indian central bank had tightened the data storage norms for PSOs in India through a notice issued to CEOs of all such licensed companies in India.
As per the rules introduced in March, from FY22 onwards all PSOs were mandated to submit detailed “certificates of compliance” to the central bank twice a year, signed by the respective chief executive or managing director, around the security and storage of payments. Confirms compliance with all RBI regulations. figures.
These requirements are mandated by the central bank in April of 2018, where it asked all PSOs to submit board-approved annual system audit reports (SARs) by CERT-paneled auditors.
These companies were also asked to submit a one-time compliance report with data localization norms, mandating payment related data in India to be stored in servers physically present in the country by December 2018.
RBI had asked to submit these certificates on 30 April and 31 October every year.