Certain fields of static information such as name and address of client, some know-your-customer details along with select transaction particulars like date and amount, name of beneficiary, and reference number can be stored abroad by foreign banks. This was communicated a week ago by the regulator to the Indian Banks’ Association (IBA), an industry source told ET.
“This is giving foreign banks a small leeway. There are close to 40 data fields, out of which around 30 are important. After several meetings and representations, RBI has now permitted the banks to keep a handful of data overseas.. I guess this brings an end to the matter which has been debated for more than three years now. Further concessions are unlikely, and banks should implement this ASAP,” said a banker.
Need for ‘Unfettered Supervisory Access’
RBI, however, has turned down requests from foreign banks to let them store information such as mobile numbers and ‘purpose of remittance’ in servers abroad. IBA may go back to RBI to figure out the deadline for implementing the regulation based on the latest communication.
The RBI spokesman did not comment on the matter.
On April 6, 2018, RBI told bank CEOs that all system providers have to ensure that the entire data relating to payment systems operated by them are stored in a system only in India. Such data include full end-to-end transaction details, information collected, carried, processed as part of the message or payment instruction. However, for cross-border transactions, data on the foreign leg of the transaction was allowed to be stored abroad.
The central bank had spelt out then that to achieve data security and better monitoring, it was important to “have unfettered supervisory access to data stored with these system providers as also with their service providers / intermediaries/ third party vendors and other entities in the payment ecosystem.”
Any transaction throws up multiple data – bank details, identifiers for the beneficiary and remitter, merchant details, transaction ID, text alerts, etc. Banks were told that even if payment data flow abroad, the information was to be deleted from overseas servers within 24 hours, with copies of them being stored onshore. A few months ago, leading foreign banks had appealed to RBI to allow them to store certain transaction data overseas for spotting money-laundering deals and sanctions screening. “They had asked for a whole lot of data, but RBI has finally allowed only 6 to 7 fields,” said another person.
Foreign banks, which primarily function through branch offices in India, house their anti-money laundering software engines generating suspicious transaction alerts in offshore locations. Sanctions screening, in banking parlance, refers to verification of names (or, alias of those), on Sanction lists involved in financial transactions. Multiple sanction lists are compared as payment flows are processed and messages are screened in real time. These MNC banks had told the regulator that it was important to have a global pool of information for tracking money-laundering transactions as money-flow trails could be lost by fragmenting information.