
Consider the following statements: The Reserve Bank of India’s recent directives relating to ‘Storage of Payment System Data, popularly known as data diktat, command the payment system providers that
- they shall ensure that entire data relating to payment systems operated by them are stored in a system only in India.
- they shall ensure that the systems are owned and operated by public sector enterprises.
- they shall submit the consolidated system audit report to the Comptroller and Auditor General of India by the end of the calendar year.
Which of the statements given above is/are correct?
- 1 only
- 1 and 2 only
- 3 only
- 1, 2 and 3
Explanation
Statement 1 is correct
- In April 2018, the Reserve Bank of India issued a directive through a circular regarding the ‘Storage of Payment System Data.’ It advised all system providers to ensure that, within six months, all data related to payment systems they operate is stored exclusively on servers located in India. According to the notification, all payment data must be stored within India, except in specific cases outlined in the directive.
Statements 2 and 3 are correct
- The directives do not require that the systems be owned and operated by public sector enterprises. Additionally, there is no mention of submitting a consolidated system audit report to the Comptroller and Auditor General of India by the end of the calendar year, making statement 3 incorrect as well. The directives require the submission of the System Audit Report (SAR) to the Reserve Bank, not to the Comptroller and Auditor General of India. The audit should be conducted by CERT-IN empanelled auditors certifying completion of activity


