RBI Data Localization Audit (SAR)

The Reserve Bank of India, the apex financial institution of the country is the central banking institution that requires unrestricted data of all transactions that take place in India. In an effort to promote "Data Localization" on the 8th of April 2018, Data Localization is the act of storing citizens’ data within the country’s geographical boundaries to avoid any foreign accessibility. The RBI issued a notice to all transaction providers and facilitators to ensure all the data is stored in systems within India.

The RBI directed the system providers to submit the System Audit Report within 6 months from the date of notice. The Auditor has to verify multiple facets of the system based on the guidelines issued by the RBI before certifying it :

• Payment Data Elements

• Transaction / Data Flow

• Application Architecture

• Network Diagram / Architecture

• Data Storage

• Transaction Processing

• Activities subsequent to Payment Processing

• Cross Border Transactions

• Database Storage and Maintenance

• Data Backup & Restoration

• Data Security

• Access Management

The Auditor or the auditing firm meticulously verifies and categorizes elements of the system according to the guidelines. In case of any gaps in terms of compliance, the Auditor informs the company regarding the non-compliance and offers solutions to ensure that everything is in line. Once all the required verification is carried out, the Auditor then gives the report the stamp of approval which showcases the reliability of the system provided by the company.

As SAR audit may be a necessity, we approach our work in a practical proactive manner adding value to the process through our expert opinion and experience.