EC No. 29 /DoS- 05 /2020
30 January 2020
Ref. No. NB. DoS/ POL/3081/J-1/2019-20
All Regional Rural Banks
The Managing Director/Chief Executive Officer
All State Cooperative Banks
All District Central Cooperative Banks
Storage of Payment System Data – Compliance by RRBs and RCBs
1. We invite your attention to DPSS, RBI Circular DPSS.CO. OD. No.2785/ 06.08.005/2017-18 dated 6th April 2018 on the above subject.
2. The aforesaid circular places the onus on the system providers to ensure that the entire data relating to the payment systems operated by them is stored only in India within a period of six months from the date of the said circular. Further, it is the responsibility of the banks to ensure that its third party service providers/ vendors are also storing data only in India and banks may be treated as non- compliant with the requirements of the said circular if any of its third party service provider/s is/are non-compliant with the directive.
3. In this connection, we advise that
i. the instructions in the aforesaid circular are applicable prospectively and the contents of the said circular shall override any instruction / direction/ approval issued earlier to banks in respect of storing payment related data.
ii. all payments related data shall have to be stored only in India and Storage of a copy of the payment data in India is not allowed. However, there is no restriction on the flow of data to Core Banking System located abroad for processing.
iii. in case of a payment transaction such as RTGS initiated by a customer logging on to the internet banking facility, environmental and co-synchronous information such as those related to establishing a session between the customer and the internet banking system, i.e. prior to initiation of the payment transaction, do not necessarily form part of payment data. However, when the customer initiates a payment transaction and/or authorizes a debit transaction, the data components pertaining to this form a part of payment data, whenever such debit results in a payment transaction.
iv. Intra-bank transfers done using the bank’s own system only do not form a part of payment systems presently.
v. In case of cross-border transactions, including the one that is done using Society for Worldwide Interbank Financial Telecommunication (SWIFT) the end- to end transaction data can also be kept outside India. In case a domestic transaction is effected through SWIFT, the end-to-end transaction data has to be stored only in India. Banks carrying out cross-border transactions using SWIFT can store the payment data, both in India and abroad. The same approach is allowed in the case of cross-border money transfer.
4. In order to assess the compliance with the aforesaid guidelines, a new return named ‘Storage of Payment System Data’ has been published in ENSURE portal under the module head “Miscellaneous (Misc.)”. The current return has been published with following return parameter:
Fiscal Year 2019-20
Period 31 December 2019
Period End Date 31 December 2019
Period Due Date 15 February 2020
*: ‘Daily’ here means as on that date.
5. Further, in order to have sustained compliance from the banks, this return will be published as a half yearly return from next financial year.
6. All banks are advised to ensure submission of the returns within the due date.
7. Please acknowledge the receipt of this circular to our Regional Office concerned.
(K. S. Raghupathi)
Chief General Manager