New Delhi/ Mumbai: The Reserve Bank of India (RBI) has attracted several multinational banks operating in the nation for not supplying a board-approved system audit document certifying compliance with its own data-localisation criteria.
At a recent communication, the RBI stated that a vast majority of banks are to publish an application audit reports certifying compliance with information storage standards after three years because the issuance of this round.
In addition, it stated that many overseas banks have stated the audit standards didn’t apply for them and that wasn’t acceptable.
The central bank had requested banks to publish their compliance together with a strategy of actions before or on May 15, 2021.
Sources said that lately the banking agent had a conversation with a few of the overseas banks in which it made its displeasure known.
According to sources, many foreign banks are not able to issue an audit report saying that all private and non-personal trade information that was shipped abroad for processing was permanently deleted.
Last month, the central bank resisted American Express Bank and Diners Club from on-boarding new clients citing breach of information storage standards.
The issue regarding information localisation is like the one which Google and also WhatsApp had confronted.
Why is it hard for banks would be that RBI’s”on land” data storage standards.
All these have a state that payments information need to be kept”just” from India without a backup should exist beyond the nation.
Many banks had reacted to the RBI’s directive and stated that a lot of the processing had been centralised and it wasn’t possible to redefine global operations and make another hub in India.
The RBI then explained that while information could be saved just locally, it may be routed intraday for processing however, needs to be deleted from overseas servers in one day.
Banks need to present a system audit document certifying compliance with all the RBI rules.
The audit needs to be run by auditors empanelled from the Indian Computer Emergency Response Team (CERT-In, at the ministry of electronic equipment and information engineering ).
The auditors examine the IT infrastructure of their organisation and then identify all of the storage areas.
The auditors also need to determine info has been deleted from servers that are overseas.