India's payments data rules invite a White House response

India’s government has been aggressively (and, at times, dramatically) pro-digital commerce — but not necessarily when it involves foreign companies.

U.S. companies such as PayPal, Mastercard and Visa this week became subject to local data storage rules for payments made by Indian residents, as the Indian central bank’s local storage requirement went into effect.

India has stated data localization is necessary to improve the monitoring of transactions. India's move puts the U.S. in the odd position of pushing a foreign nation to be more open as the White House embraces isolationism — The New York Times reports the Trump administration and a bipartisan group of lawmakers are pushing India to loosen its data storage rules.

The Reserve Bank of India (RBI) headquarter building in Mumbai, India.
A man drinks tea as he walks past the Reserve Bank of India (RBI) headquarter building in Mumbai, India, on Friday, Jan. 27, 2017. While economists urge more investment in roads, ports and railways when the Indian government presents its budget Feb. 1, and maybe even direct cash transfers to boost consumption, a splurge carries the risk of a rating downgrade. Photographer: Dhiraj Singh/Bloomberg
Dhiraj Singh/Bloomberg

"Mastercard, Visa, Amex and PayPal, none of which have complied, may be hoping that the U.S. government can persuade India to relent," said Eric Grover, a principal at Intrepid Ventures. "[The U.S.] has a much better relationship with India than China. India has two decidedly unfriendly neighbors in China and Pakistan. The U.S. is more important with respect to curbing both of them, particularly China."

Data localization this is a common protectionist tactic governments use to set hurdles for foreign companies. The governments usually contend they are protecting privacy, combating money laundering, or promoting security, but often the move is at the behest of a locally headquartered enterprise that sees large foreign companies as a competitive threat.

“It’s not uncommon for international payments networks and other companies to feel pressure from domestic regulators, and the requirement to keep the domestic transaction data locally is often used as a mechanism to curb the influence of international institutions," said Zil Bareisis, a senior analyst at Celent. "Sometimes, it is motivated by a genuine desire to protect the data of local citizens, while in other instances, it is driven by politics.”

India's rule is a sudden blast of cold water for a market that had been much more open and competitive than other countries in the region. Mastercard, Visa and other American companies now face rough negotiations with a foreign power that’s already moving the goalposts, with the potential for fines and/or a large investment to comply with the regulations.

“The R.B.I.(India Central Bank) mandating payments data in-country raises the barriers to entry, is disheartening, and hurts India by making it more difficult for foreign competitors,” Grover said.

The Indian Central Bank did not return a request for comment. Visa, Mastercard, PayPal, and One97 (the owner of Paytm) also did not return requests for comment. None of these companies has said much publically about the data storage issue, which has swung back and forth. After the initial rules were announced in April, lobbying followed on both sides. The Indian government suggested it may ease the requirements in July, but more recently took the harder line toward affirming the local data storage requirement.

Visa and Mastercard already face regulatory challenges in China, where the government has promised more openness to outside financial institutions but has stuck to regulations that require a substantial investment by outside companies. Russia has used strict regulations to support its own local payment system, created partly in response to western sanctions.

A huge opportunity is at stake, as India has a gigantic consumer e-commerce market. PayPal has invested in India, as have Mastercard and Visa. Warren Buffett and Amazon have also invested in e-commerce in India. Walmart recently acquired Flipkart, extending its rivalry with Amazon and setting the stage for Walmart to offer financial services in India.

“For the international firms, not only [does] this represent an additional cost to comply, it also makes it harder to provide value-added services which are predicated on seeing data traffic from transactions around the world,” Bareisis said.

Despite the data localization rule, India’s government has been largely favorable to e-commerce, mobile payments and other fintech. India took much of its cash out of circulation in 2016, a sudden and dramatic move the government said was based on security. But it also had the effect of boosting mobile payments.

The digital push has been accompanied by a competitive war, mostly between India’s Paytm and outside companies such as American fintechs and card brands. Paytm, which has been tied politically to the 2016 demonetization, has lobbied hard for data localization. Paytm has also squabbled with Google over privacy. India's regulations also stand to benefit Rupay, the country’s national payment scheme, which is in the midst of a digital transformation of its own.

“If Rupay were to launch in the U.S., it wouldn’t be required to keep or process payment data in country,” Grover said. “To be sure Paytm lobbied for this, to make it more burdensome for foreign competitors.”

For reprint and licensing requests for this article, click here.
Compliance Digital payments India U.S.
MORE FROM AMERICAN BANKER