The RBI’s ban on Mastercard issuing new cards was termed as “draconian” in private emails by a senior U.S. trade official, according to a Reuters report. The move may cause panic in the markets, revealed the U.S. government emails accessed by Reuters.
Brendan A. Lynch, the deputy assistant U.S. trade representative for South and Central Asia at the Office of the United States Trade Representative (USTR), wrote these emails on July 16, two days after the RBI’s ban. The US federal agency is responsible for developing and promoting American trade policy.
Lynch urged USTR officials in India to get to the root of what is unfolding at the RBI. The emails referred to the ban imposed by RBI on American Express, Diners Club, and Mastercard due to the failure of these companies to comply with local data storage norms. Lynch’s emails also revealed that Mastercard had embarked on an all-out effort to lobby officials in Washington to call on the Indian government, the report added.
This is the first instance of concerns expressed, over the RBI’s ban on foreign companies, by the United States government which is a crucial trade partner of India. It is an indication that the RBI’s ban has become another sore point between India-US trade relations which have been frosty over disagreements on tariffs, foreign investment limitations, and agricultural trade.
The RBI’s data localisation guidelines
In 2018, the RBI had issued the following directions after it observed that not all payments companies were storing data in India:
- Entire data relating to payment systems must be stored in a system only in India
- Ensure compliance within a period of six months and report it to the RBI by October 15, 2018
- Furnish the System Audit Report (SAR) by CERT-IN empaneled auditors by December 31, 2018
However, in June 2019 following concerns raised by the industry, RBI went on to clarify the guidelines:
- The central bank elaborated on data that had to be stored in India mandatorily:
- Customer data: Name, mobile number, email, Aadhaar number, PAN number, etc.
- Payment sensitive data: Customer and beneficiary account details
- Payment credentials: OTP, PIN, passwords, etc.
- Transaction data: Origin and destination system information, transaction reference, timestamp, amount, etc.
- The norms were applicable to transactions made through system participants, service providers, intermediaries, payment gateways, third-party vendors, and other entities in the payments ecosystem apart from all the payment system providers authorised by the RBI.
- The central bank clarified that there is no ban on overseas processing of strictly domestic transactions but the data should be brought back to India within one business day or 24 hours of payment processing and be stored locally here.
Timeline of decisions taken by RBI and Mastercard
April 2018: RBI conveyed to all payments system operators in India in 2018 to ensure the storage of payments-related data within the country in six months.
October 2018: As most players rushed to comply with the order, Mastercard started storing data at a facility in Pune to comply with the guidelines but it continued to process a part of each Indian transaction through data centres abroad.
April 2021: RBI found Mastercard’s compliance with the rules unsatisfactory, and urged it to adhere to the norms without any delay.
May 2021: American Express and Diners Club were the first card network companies to be banned from issuing new cards for violating the 2018 guidelines.
July 2021: Mastercard’s ban came into force on July 22 after the central bank permitted multiple extensions to comply with the rules. The ban was imposed when Mastercard requested another extension after the one till July 9 expired. It had put Mastercard’s partner banks in a fix as they scurried to sign deals with new networks to ensure their income does not take a hit.
August 2021: Mastercard informed MediaNama that it has complied with the norms. The payments company added that it filed a new audit report on July 20 to notify the central bank of its compliance.
Also read:
- How are RBL Bank and Yes Bank impacted by RBI’s Mastercard freeze?
- RBI bars Mastercard from adding new customers in India; flags non-compliance with data localisation guidelines
- Mastercard looks to reverse RBI ban on issuing new cards in India with its latest audit report
- Mastercard bets on bank partnerships for Indian expansion
- Mastercard to support multiple crypto-currencies on its network
Have something to add? Post your comment and gift someone a MediaNama subscription.
