RBI DATA LOCALIZATION AUDIT (SAR)
AUDIT OF RBI DATA LOCALIZATION
In order to reduce the risks associated with the storage of payment system data in the present payment ecosystem, the Reserve Bank of India and NPCI have published new guidelines for payment operators.
Data Localization (SAR) & Storage of Payment System Audit Report for the RBI System In order to maintain proper security precautions and data localization controls for storage of payment-related data, RBI has established data as a compliance obligation.
The central banking authority that demands unfettered data of all transactions that take place in India is the Reserve Bank of India, the main financial institution of the nation. Data localization is the practise of keeping citizens' data inside the nation's physical bounds to prevent any foreign accessibility, and it is being promoted on April 8th, 2018. All transaction providers and facilitators received a warning from the RBI requesting that all data be kept on systems located in India.
The System Providers were given a deadline of six months from the date of notification by the RBI to produce the System Audit Report. Prior to certification, the Auditor must confirm a number of aspects of the system in accordance with the RBI's guidelines:
- Payment Data Elements
- Transaction / Data Flow
- Application Architecture
- Network Diagram / Architecture
- Data Storage
- Transaction Processing
- Activities subsequent to Payment Processing
- Cross Border Transactions
- Database Storage and Maintenance
- Data Backup & Restoration
- Data Security
- Access Management
What is RBI System Audit Report (SAR) Data Localization Audit?
On April 8, 2018, the Reserve Bank of India (RBI) published a notice requiring the preservation of all end-to-end transaction data inside India. This requirement was created because the RBI, the body in charge of monetary policy in India, needs unlimited supervisory access to all payment data. A government strategy known as "Data Localization" calls for keeping user information amassed under its purview on servers based domestically
Data is often kept in a separate place for fast accessible data backup for data centres in today's Data Storage Technology trend. It has been rumoured in the current payment environment throughout the globe that the Reserve Bank of India has granted permission to all local and international transaction operators in India to retain all end-to-end payment data "inside the country." Every entity that handles payment data has to get permission, from fintech companies that conduct peer- to-peer transactions to gateway operators that are accessible internationally for universal funds transfers.
The following are the major items in the circular for payment operators:
- All system providers must make sure that all information pertaining to the payment systems
they administer is kept on a system that is exclusively located in India. The whole end-to-end
transaction details and information that were gathered, carried, and processed as part of the
message or payment instruction should be included in this data.
- System providers must assure compliance with the aforementioned within six months and
notify compliance to the Reserve Bank by October 15, 2018, at the latest.
- When the requirement is met, system providers must submit the System Audit Report (SAR).
The audit should be carried out by CERT-IN Empanelled Auditors who can attest to the
activity's completion. The Reserve Bank should receive the SAR that has been properly
authorised by the Board of the system providers.
Important Considerations for a System Audit Report on Data Localization (SAR)
The following important criteria need to be addressed as part of this audit.
- Data Elements Related to Payments - The auditor should examine all data elements and determine whether they are related to payments or not. Data about customers, transactions, sensitive payments, and payment credentials should all be included. Each component has to be classified according to the applicable jurisdictions and whether or not the information has been returned to India.
- A full flowchart of the transaction and data must be included in the report for all transaction types, including cross-border transactions. The flow of a transaction across the various parts of the programme should be shown in the figure.
- Application Architecture - To demonstrate the components and modules of the application, a thorough diagram of the application architecture must be included in the report.
- Network Diagram - A thorough depiction of the network architecture must include the necessary hardware for both main and backup sites, as well as CBS, if applicable.
- Transaction processing: The auditor should determine if certain components of a transaction are processed in India and elsewhere. The auditor must also determine if the cleansing procedure and policy are clear and adhere to RBI regulations.
- Actions after Payment Processing - The auditor must identify activities such as settlements that occur after payment processing and determine whether they take place within or outside of India.
- Cross-border Dealings Database Storage and Maintenance - The auditor must confirm the existence of cross-border transactions in the application, whether they are supported or taking place.
- Data Backup and Restoration - The auditor must confirm that the stated payment data backup and restoration complies with the rules.
- Data security - To make sure transaction data is protected, security procedures must be examined. This comprises common data security measures including database access monitoring, data leakage prevention, encryption, and masking.
- Access Management - If data is accessed outside of India for purposes such as data analytics, chargebacks, customer service, or dispute resolution, the authorization levels and access levels allowed should follow the established procedures and regulations.
Our Blog
PSARA LICENSE – Estabizz Fintech
By admin_estabizz
/ December 1, 2021
PSARA License Today Security is the Big issue. Every Body in India who is having name and fame needs security...
Read More
GST DUES ( VOID PROPERTY TRANSFER ) -Estabizz Fintech
By admin_estabizz
/ October 26, 2021
As we have discussed in our previous article, GST authorities can seize properties belonging to the defaulter to recover any...
Read More
GST ( INSTALLMENT & RECOVERY ) – Estabizz Fintech
By admin_estabizz
/ October 26, 2021
If the taxpayer cannot pay all the GST dues (tax/interest/penalty) in a lump sum or within the stipulated date, then...
Read More
SEBI ( Surveillance of Transaction Alerts) – Estabizz Fintech
By admin_estabizz
/ October 26, 2021
Leading Stock Exchanges Bombay Stock Exchange Limited (“BSE”) and National Stock Exchange of India Limited (“NSE”) have put in place...
Read More
RESERVE BANK OF INDIA (Rules for payment companies outsourcing core activities) -Estabizz Fintech
By admin_estabizz
/ October 26, 2021
The Reserve Bank of India has formalised the framework for payment companies outsourcing payment and settlement related activities to third...
Read More
RESERVE BANK OF INDIA( Guidelines for Appointment of Statutory Auditors of Banks, NBFCs) -Estabizz Fintech
By admin_estabizz
/ October 26, 2021
The Reserve Bank of India has tightened norms for appointing auditors and has capped the numbers based on the asset...
Read More
RESERVE BANK OF INDIA ( Deadline for Current Account Notification) – Estabizz Fintech
By admin_estabizz
/ October 26, 2021
Reserve Bank of India (RBI) has extended the deadline for implementation of its guidelines on current account opening by banks...
Read More
RESERVE BANK OF INDIA ( Treatment of Inactive Trading account) -Estabizz Fintech
By admin_estabizz
/ October 26, 2021
This has reference to Exchange circular NSE/INSP/43488 dated February 10, 2020 with respect to Treatment of Inactive trading account. Based...
Read More
SEBI revises financial info filing formats for entities having listed non-convertible securities
By admin_estabizz
/ October 26, 2021
New Delhi: Markets regulator Sebi on Tuesday came out with revised formats for filing financial information by entities that have...
Read More
SEBI notifies certification requirements for distributors, staff of portfolio management services
By admin_estabizz
/ October 26, 2021
Capital markets regulator Sebi has put in place certification requirements for associated persons engaged by portfolio managers as distributors or...
Read More
SEBI extends relaxations for compliance with rights issues.
By admin_estabizz
/ October 26, 2021
Markets regulator SEBI on Friday extended relaxations for companies with regard to compliance with procedural norms on rights issues opening...
Read More
SEBI extends relaxations for compliance with rights issues
By admin_estabizz
/ October 26, 2021
Markets regulator Sebi on Friday extended relaxations for companies with regard to compliance with procedural norms on rights issues opening...
Read More
SEBI extends deadline for investment advisers to conduct annual compliance audit
By admin_estabizz
/ October 26, 2021
Markets regulator Sebi on Thursday extended the deadline for investment advisers to conduct the annual compliance audit for the financial...
Read More
SEBI board okays steps to make M&As easier
By admin_estabizz
/ October 26, 2021
The board of the Securities and Exchange Board of India (Sebi) Tuesday approved measures to make mergers and acquisitions of...
Read More
SEBI proposes to revise settlement rules
By admin_estabizz
/ October 26, 2021
The Securities and Exchange Board of India (Sebi) has proposed to revise the settlement rules to align them with the...
Read More
SEBI approves framework for creating Social Stock Exchange
By admin_estabizz
/ October 26, 2021
The Securities and Exchange Board of India approved the creation of a Social Stock Exchange and its framework in a...
Read More
Scope of ED’s power to freeze bank accounts under Prevention of Money Laundering Act, 2002
By admin_estabizz
/ October 26, 2021
Supreme Court: The 3-judge bench of SA Bobde, CJ and AS Bopanna* and V. Ramasubramanian, JJ has held that under the Prevention...
Read More
PSARA LICENSE – Estabizz Fintech
By admin_estabizz
/ December 1, 2021
PSARA License Today Security is the Big issue. Every Body in India who is having name and fame needs security...
Read More
GST DUES ( VOID PROPERTY TRANSFER ) -Estabizz Fintech
By admin_estabizz
/ October 26, 2021
As we have discussed in our previous article, GST authorities can seize properties belonging to the defaulter to recover any...
Read More
GST ( INSTALLMENT & RECOVERY ) – Estabizz Fintech
By admin_estabizz
/ October 26, 2021
If the taxpayer cannot pay all the GST dues (tax/interest/penalty) in a lump sum or within the stipulated date, then...
Read More
SEBI ( Surveillance of Transaction Alerts) – Estabizz Fintech
By admin_estabizz
/ October 26, 2021
Leading Stock Exchanges Bombay Stock Exchange Limited (“BSE”) and National Stock Exchange of India Limited (“NSE”) have put in place...
Read More
RESERVE BANK OF INDIA (Rules for payment companies outsourcing core activities) -Estabizz Fintech
By admin_estabizz
/ October 26, 2021
The Reserve Bank of India has formalised the framework for payment companies outsourcing payment and settlement related activities to third...
Read More
RESERVE BANK OF INDIA( Guidelines for Appointment of Statutory Auditors of Banks, NBFCs) -Estabizz Fintech
By admin_estabizz
/ October 26, 2021
The Reserve Bank of India has tightened norms for appointing auditors and has capped the numbers based on the asset...
Read More
RESERVE BANK OF INDIA ( Deadline for Current Account Notification) – Estabizz Fintech
By admin_estabizz
/ October 26, 2021
Reserve Bank of India (RBI) has extended the deadline for implementation of its guidelines on current account opening by banks...
Read More
RESERVE BANK OF INDIA ( Treatment of Inactive Trading account) -Estabizz Fintech
By admin_estabizz
/ October 26, 2021
This has reference to Exchange circular NSE/INSP/43488 dated February 10, 2020 with respect to Treatment of Inactive trading account. Based...
Read More
SEBI revises financial info filing formats for entities having listed non-convertible securities
By admin_estabizz
/ October 26, 2021
New Delhi: Markets regulator Sebi on Tuesday came out with revised formats for filing financial information by entities that have...
Read More
SEBI notifies certification requirements for distributors, staff of portfolio management services
By admin_estabizz
/ October 26, 2021
Capital markets regulator Sebi has put in place certification requirements for associated persons engaged by portfolio managers as distributors or...
Read More
SEBI extends relaxations for compliance with rights issues.
By admin_estabizz
/ October 26, 2021
Markets regulator SEBI on Friday extended relaxations for companies with regard to compliance with procedural norms on rights issues opening...
Read More
SEBI extends relaxations for compliance with rights issues
By admin_estabizz
/ October 26, 2021
Markets regulator Sebi on Friday extended relaxations for companies with regard to compliance with procedural norms on rights issues opening...
Read More
SEBI extends deadline for investment advisers to conduct annual compliance audit
By admin_estabizz
/ October 26, 2021
Markets regulator Sebi on Thursday extended the deadline for investment advisers to conduct the annual compliance audit for the financial...
Read More
SEBI board okays steps to make M&As easier
By admin_estabizz
/ October 26, 2021
The board of the Securities and Exchange Board of India (Sebi) Tuesday approved measures to make mergers and acquisitions of...
Read More
SEBI proposes to revise settlement rules
By admin_estabizz
/ October 26, 2021
The Securities and Exchange Board of India (Sebi) has proposed to revise the settlement rules to align them with the...
Read More
SEBI approves framework for creating Social Stock Exchange
By admin_estabizz
/ October 26, 2021
The Securities and Exchange Board of India approved the creation of a Social Stock Exchange and its framework in a...
Read More
Scope of ED’s power to freeze bank accounts under Prevention of Money Laundering Act, 2002
By admin_estabizz
/ October 26, 2021
Supreme Court: The 3-judge bench of SA Bobde, CJ and AS Bopanna* and V. Ramasubramanian, JJ has held that under the Prevention...
Read More
