RBI removes ban on American Express with regard to acquiring of new customers

The Reserve Bank of India removed the ban on American Express on Wednesday, more than a year after it was imposed.

In April of last year, the central bank barred Amex from accepting new clients because it failed to fulfill data localization standards.

Last year, the RBI prohibited three US-based card networks — MasterCard, American Express, and Diners Club International — from issuing new cards in India because they were deemed to be in violation of local data storage regulations.

MasterCard’s embargo was abolished in June of this year, while Diners Club’s limitations were eased in November of last year.

According to RBI regulations, all international payment operators holding card and customer data must do so on servers physically located in India. The RBI implemented this regulation via a circular released in April 2018.

The guidelines allow international payment processors to move card storage data abroad to streamline the flow, as long as the data is erased within 24 hours.

From FY22, all card issuers were required to provide comprehensive “compliance certifications” to the central bank twice a year, verifying adherence to all RBI requirements regarding payment data protection and preservation.

These criteria go above and beyond what the central bank ordered in its 2018 circular, which required these enterprises to submit a board-approved annual System Audit Report (SAR) by CERT-empanelled auditors.

These organizations were also required to provide a one-time compliance report with data localization regulations, which required payment data in India to be kept in a server physically available in the country by December 2018.

For feedback and suggestions, write to us at editorial@iifl.com