
This is the ONLY foreign card issuer following RBI's data rules

Summary
Mastercard, Amex, Diners Club yet to comply with regulator’s directionsMUMBAI : Visa Worldwide is the only foreign card network to have complied with Reserve Bank of India’s data localization rules that has led to business restrictions on three rival networks, according to RBI’s response to a Right to Information query (RTI) filed by Mint.
The card network’s compliance with the RBI mandate to keep all local payments data within the country means that Visa will be the only overseas card network to be able to expand in India.
RBI restricted rival Mastercard from signing up new customers from 22 July for failing to comply with the norms. In April, it placed similar curbs on American Express Banking Corp. and Diners Club International Ltd. Responding to the RTI query in a letter dated 13 August, RBI said these three entities are yet to meet its directions.
_1629224130466.jpg)
In 2018, the regulator mandated payments service providers in India to store all transaction data in local servers and barred them from sending it outside the country with some exceptions. While many firms opposed the idea initially, citing operational difficulties and an additional investment burden, most eventually complied or are in the process of doing so. The guidelines are applicable to all payment service providers authorized by RBI to set up and operate a payment system in India. According to the guidelines, in transactions comprising a foreign component, a copy of the domestic component may be stored abroad if required.
Experts said the rules emanate on account of the regulator and the government considering data, especially financial data, as an important asset that would drive future economic growth and be crucial in achieving the objective of becoming self-reliant.
“Consequently, policymakers believe monitoring and exclusive control over data would confer a great degree of leverage and is extremely vital. In fact, given the way how government is viewing data and our policy is shaping, it is also likely that the data localization requirements may be introduced in other sectors," said Vaibhav Kakkar, partner at law firm Saraf and Partners.
Emails sent to American Express remained unanswered till press time. Visa declined to comment.
A spokesperson for Mastercard said in an emailed statement that when RBI required it to provide additional clarifications about the data localization framework in April, it retained government-empanelled Deloitte to perform a supplemental audit to help demonstrate compliance.
“We have been in a continued dialogue with RBI from April through the report’s submission on 20 July 2021. We are hopeful that this latest filing provides the assurances required to address their concerns. We are committed to putting in whatever resources are required to meet any additional requirements raised by RBI and bring this matter to a close expeditiously," the spokesperson said.
Asked if Mastercard complied with the rules, RBI governor Shaktikanta Das said on 6 August he “would not like to reply on individual entity-related questions". However, Das said whenever there are deviations or violations of regulatory guidelines, as a regulator, it is RBI’s job and responsibility to ensure compliance.
“So, all of our actions are basically an outcome of our keenness and our responsibility to ensure that the regulatory guidelines are complied with," he said.
A US-based spokesperson for Diners Club said, "Discover, which owns Diners Club International, is aware of the situation and has been working closely with both our local partners and the Reserve Bank of India. While we are surprised that the RBI has taken this course of action, we will continue to have an open dialogue and work cooperatively so we can resolve this issue as quickly as possible."