The Reserve Bank of India (RBI) has directed lenders to establish a monitoring mechanism for the end use of funds for business credit cards. The RBI has also prohibited banks from sharing customers' data with outsourcing partners. This move comes as the RBI has tightened the regulation on unregulated co-branded partners who work with banks and access customer transaction data for their own business purposes.
The revised provision clarifies that late payment charges and other related charges will only be levied on the outstanding amount after the due date, not on the total amount due. The RBI directive is part of the master circular on credit cards and debit cards, and it is to be implemented immediately.
The directive also states that "card-issuers" are responsible for the storage and ownership of card data when it is shared with outsourcing partners. It also mandates that card transaction-related data should be "drawn directly from the card issuer's system in an encrypted form and displayed in the co-branding partner (CBP) platform with robust security."
The revised circular adds that "The information displayed through the CBP's platform shall be visible only to the cardholder and shall neither be accessed nor stored by the CBP." The provision shortens the timeframe for updating the default status with Credit Information Companies (CICs) from "within 30 days" to "within 30 days from the date of settlement."