The Reserve Bank of India (RBI) has authorised multinational banks operating in India to keep a limited range of data in overseas computers, putting an end to a contentious problem.
Foreign banks can keep some fields of static information such as a client’s name and address, some know-your-customer (KYC) details, and transaction details such as date and amount, beneficiary’s name, and reference number. According to an industry source, the regulator informed the Indian Banks’ Association (IBA) about this a week ago.
“This gives international banks a small amount of leeway. There are over 40 data fields, with about 30 of them being critical. Following multiple discussions and representations, the RBI has now granted banks permission to store a limited amount of data outside of the country. This puts an end to a dispute that has raged for more than three years. Further concessions are doubtful, and banks should put this in place as soon as possible,” remarked a banker.
‘Unrestricted Supervisory Access’ is required
Foreign banks, on the other hand, have been denied permission by the RBI to retain information such as smartphone numbers and ‘purpose of remittance’ on servers in other countries. Based on the most recent communication, the IBA may contact the RBI to determine a timeline for implementing the regulation.
On April 6, 2018, the Reserve Bank of India (RBI) informed bank CEOs that all system providers must ensure that any data connected to payment systems run by them is held in a system located only in India. Full end-to-end transaction details, information collected, carried, and processed as part of the message or payment instruction are examples of such data. Data on the foreign leg of a cross-border transaction, on the other hand, was authorised to be stored abroad for cross-border transactions.
The central bank had stated at the time that “unrestricted supervisory access to data stored with these system providers as well as with their service providers and other entities in the payment ecosystem” was necessary to achieve data security and better monitoring.
Further Key Takeaways
Any transaction generates a slew of data: bank account numbers, beneficiary and remitter IDs, merchant information, transaction ID, text notifications, and so on. Banks were advised that even if payment data flowed internationally, it was to be destroyed from offshore systems within 24 hours, with backups kept onshore.
Leading foreign banks had petitioned the RBI a few months ago to allow them to keep some transaction data overseas for the purpose of detecting money laundering and sanctions screening. “They had requested a lot of information, but RBI has only granted 6 to 7 fields,” another source added.
Anti-money laundering software engines that generate suspicious transaction warnings are housed in offshore locations by foreign banks that largely operate through branch offices in India. Sanctions screening is a term used in banking to describe the verification of names on sanction lists that are involved in financial transactions.
Since transaction flows are completed and communications are checked in real-time, multiple sanction lists are compared. Money-flow trails could be lost if the information is fragmented, according to various multinational banks, who told the regulator that having a worldwide set of data for tracing money-laundering information was critical.
Frequently Asked Questions (FAQs)
Q1. In India, what are foreign banks?
Foreign banks are described as banks based in another country that have branches in India. The Reserve Bank of India (RBI) has established rules and guidelines for foreign banks to establish and operate in India.
Q2. What is the importance of data privacy?
It’s critical to keep private data and sensitive information secure. Individuals may be vulnerable to fraud and identity theft due to a lack of access control over personal information. Furthermore, a data leak at the federal level might jeopardise the security of entire countries.