New Delhi: The Reserve Bank of India (RBI) relaxed the business limitations imposed on American Express Banking Corp on August 24, citing the entity’s good compliance with RBI rules.
According to the RBI, the firm has complied with the RBI circular of April 6, 2018 on Storage of Payment System Data, and the limitations placed on the onboarding of new domestic clients based on an order dated April 23, 2021 have been immediately withdrawn.
By the aforementioned order, the RBI has prohibited American Express from accepting any new domestic cardholders on its network as of May 1, 2021 due to the company’s failure to adhere to the RBI circular on the storage of payment system data.
The Payment and Settlement Systems Act of 2007 grants American Express Banking Corp. authorization to manage card networks in the nation as a Payment System Operator (PSS Act).
In accordance with the RBI’s circular on the storage of payment system data, all service providers of payment systems were required to make sure that, within a six-month window, all data (complete end-to-end transaction details and information gathered, carried, and processed as part of the message or payment instruction) pertaining to payment systems they operate is saved in a system exclusively in India.
Additionally, according to the RBI, they had to submit a System Audit Report (SAR) prepared by a CERT-In empanelled auditor and have the Board accept it within the time frames outlined in it.
The RBI took action against American Express Banking Corp. after the corporation disobeyed directives from the central bank.
In a similar move, the RBI eased the limits placed on Mastercard on June 16 of this year, citing improved compliance. For failing to comply with the RBI’s 2018 circular on the storage of payment system data, the regulator had again restricted Mastercard Asia/Pacific Pte. Ltd. from onboarding new domestic consumers (debit, credit, or prepaid) onto its card network as of July 22, 2021.
The RBI noted on April 6, 2018, that not all system providers stored payment data in India. It claimed that the nation’s payment ecosystem had experienced significant expansion. According to the RBI, such systems were also heavily reliant on technology, necessitating the ongoing deployment of best-in-class safety and security measures.
According to the central bank, system providers must make sure that any data pertaining to payment systems they administer is stored in a system that is only available in India.
Complete end-to-end transaction details including information gathered, transported, and processed as part of the message and payment instructions should be included in this data. The RBI also said that the data for any international legs of transactions could be stored in the foreign country if necessary.