- API means Application Program Interface which is a set of routines, protocols, and tools for building software applications.
- API Banking Services means the Services (including associated APIs), Content, RBL Bank marks, and any other product or service provided by RBL Bank under these Terms and Conditions. Service do not include Third-Party Content including those transactional/ non-transactional/ regulatory and/or governance related APIs made available by RBL Bank under this Terms and Conditions and as more particularly described in Set up Form and schedules attached hereto.
- API Data means any data or other content that may be made available by RBL Bank.
- API Key means the unique API key that RBL Bank issues to the Client to enable the Client’s App to access an API made available by RBL Bank.
- App means any software application that Client has developed, or intend to develop, through the use of an API.
- Authorized Personnel means the list of authorized signatory as more particularly described in board resolution submitted along with the Set Up Form submitted by the Client hereto for the said Services and who shall be entitled on behalf of the Client to provide instructions/ approvals to RBL Bank in relation to the API Banking Services availed.
- Bank or RBL Bank or RBL means RBL Bank Limited.
- Content means Content, RBL or any of its affiliates, service providers and sub-contractors, make available in connection with the Services to allow access to and use of the Services, including APIs,, Documentation, sample code, software libraries, command line tools, proof of concepts, templates, and other related technology (including any of the foregoing that are provided by RBL Bank’s personnel). RBL Bank Content does not include Third-Party Content.
- Client any legal person that is utilizing the API services extended by the Bank.
- Data Set means any data set forming part of the API Data.
- Documentation means the user guides and admin guides (in each case exclusive of content referenced via hyperlink) for the Services through RBL Bank Developer Portal (and any successor or related locations designated by RBL Bank ), as such user guides and admin guides may be updated by RBL Bank from time to time.
- End User means any individual or entity that directly or indirectly through another user: (a) accesses or uses Client Content; or (b) otherwise accesses or uses the Service under this Terms and Conditions.
- RBL Bank Developer Portal refers to the online portal which RBL Bank may make available from time to time to enable access to APIs for application development relating to publicly available data.
- Service means each of the services made available by RBL Bank and/or RBL Bank affiliates such as sub-contractors, suppliers, service providers etc., including those web services under these API Banking Services Terms and Conditions.
- Suggestions means all suggested improvements or changes to the Service that the Client provide to us.
- Third-Party Content means Content made available to the Client at the request of the Client by any third party through Bank’s Service Offering or in conjunction with the Services.
- Client Content means Content that the Client or any Client End User transfers to RBL for processing or storage in connection with the API Banking Services and any computational results that Client or any Client End User derive from the foregoing through Clients use of the Services.
- Electronic Clearing System refers to the electronic clearing systems that are prevailing in India and operated by RBI and/or National Payments Corporation of India in India.
In these Terms and Conditions, unless the context otherwise requires:
- References to a Clause or schedules or attachments are references to a clause of or schedule to these Terms and Conditions.
- Headings are inserted for ease of reference only and do not affect the interpretation of these Terms and Conditions.
- The singular shall include the plural and vice versa; and references to one gender include all genders.
- Any phrase introduced by the terms "including", "include", "in particular", or any similar expression, shall be construed asPle illustrative and shall not limit the sense of the words preceding those terms.
- The terms "hereof", "herein", "hereto", "hereunder" or similar expressions used in these Terms and Conditions mean and refer to these Terms and Conditions and not to any particular Clause of these Terms and Conditions.
- The words "other", "or otherwise" and "whatsoever" shall not be construed ejusdem generis or as any limitation upon the generality of any preceding words or matters specifically referred to.
- References to 'writing' shall include any methods of reproducing words in a legible and non-transitory form.
- All references to agreements, documents or other instruments include a reference to that agreement, document or instrument as amended, supplemented, substituted, novated or assigned from time to time.
- All references to approval, consent, permission, authorization, concurrence, satisfaction, waiver etc. of the RBL Bank shall be valid only if given in writing and before any action or omission that is stipulated to have it.
- Any reference to any enactment, guideline, notification, direction or statutory provision is a reference to it as it may have been, or may from time to time be, amended, modified, consolidated or re-enacted.
- The arrangement of clauses in these Terms and Conditions shall have no bearing on their interpretation.
3. CLIENT’S OBLIGATIONS
- Client is responsible for all transactions processed through the Bank API that API Banking Services offered to the Client, regardless of whether the activities are authorized by the Client or undertaken by the Client, Client’s employees and personnel or a third party (including Client’s contractors, agents or End Users), RBL and RBL affiliates, sub-contractors, service providers and agents disclaims any liability for any unauthorized access to the Services.
- Client will ensure that Client Content and Client End Users’ use of Client Content or the Service will not violate any of the policies and terms prescribed by the Bank or any Applicable Law. Client is solely responsible for the development, content, operation, maintenance, and use of Client Content.
- Client is responsible for properly configuring and use of the Service. The Client shall take appropriate action to secure, protect and back up Client Content in a manner that will provide appropriate security and protection. This may include the use of encryption to protect Client Content from unauthorized access and routinely archiving Client Content.
- Credentials ('Account Keys') including log-in credentials and private keys generated by the Services are for Client’s internal use only and Client shall not sell, transfer or sub-license the said consumption of Services to any other entity or person, except disclosures to Client authorised agents and subcontractors on Clients behalf. Client will be responsible for the acts and omissions of Client agents and sub-contractors.
- Client is responsible for End Users’ use of Client Content and the Services. Client will ensure that all End Users comply with Client obligations set out under these Terms and Conditions and that the terms of the Client agreement with each End User shall be consistent with the terms and conditions of these Terms and Conditions. If Client becomes aware of any violation of the obligations under these Terms and Conditions, the Client will immediately suspend access to Client Content and the Service Offerings.
- The Client acknowledges that for availing Bank extended payment facilities through API's, the Client will be required to designate an account held with the Bank from which such payments shall be made to the beneficiaries. The Client shall be solely liable for ensuring that sufficient funds are maintained in the account to enable the Bank to extend such payment facilities through the API. The Client will also ensure compliance with the terms and conditions of agreements with the Bank for utilization of payment services through API’s. Notwithstanding anything contained in these Terms and Conditions, as amended from time to time, the Client shall be responsible for all and any consequences which may arise as a result usage of API Banking Services by the Client.
- The Client agrees to accept the prescribed authentication technologies and security measures required for providing /receipt of the request/instruction to/from the Bank through the channels and undertake to take all reasonable steps to ensure that the accuracy, completeness, authenticity and security of the details provided is not tampered or violated.
- The Client agree and undertakes to confirm and ratify without any delay or demur, if so required by the Bank, all its instructions / requests given pursuant to these Terms and Conditions and all actions taken / not taken by the Bank pursuant to these Terms and Conditions.
- The Client consents are agrees that any information provided by the Bank by virtue of the Services mentioned in these Terms and Conditions shall not be transferred outside the territorial jurisdiction of India.
- Client has perused the requirements under the Security Conformance Requirement as attached by the Bank to these terms and conditions and confirms that the Client shall comply with all the requirements contained therein as amended from time to time.
- The Client agrees to adhere to the payment structure signed-off in the "Commercial Offer Letter" and provisions of these Terms and Conditions .
4. RIGHTS AND OBLIGATIONS
- The Client agrees and acknowledges that the said Service has been extended by RBL Bank to the Client on a revocable, non-transferable, non-exclusive basis for its internal business and own use by the Client for legitimate transactions being effected through RBL Bank’s interface only and for no other purpose. The Client acknowledges and confirms that the Client shall not expose this interface or the Services to any other third party.
- The API Services shall be an interface /channel available to the Client to make requests and issue instructions to the Bank for the purposes agreed between the Parties.
- The type of Public Key Infrastructure (PKI) System to be used in relation to the API Services and/or the API Banking Services shall be as set out and approved by Client basis as per the subscription of API Services within the API portal provided by RBL Bank with reference to the Services under these Terms and Conditions.
- The Client must conform to RBL Bank’s requirements in respect of the technical specifications mentioned in the API portal, as the case may be.
- Notwithstanding that the PKI System is chosen by the Client, Client agrees that each Party to these Terms and Conditions is solely responsible for generating its private key and public key and ensuring the due delivery of the Public Key (in the manner agreed to between the Client and the Bank as set out in the relevant Set-Up Form and relevant schedules.
- The API Services and/or the RBL Bank’s digital banking services shall be activated only upon each Party confirming in writing to the other Party that the public key generated for the relevant Service has been correctly accessed.
- Without prejudice to other provisions of these Terms and Conditions any change or substitution of either Party’s public Key will only be effective after the delivery, exchange and validation of the new keys on a date to be notified by the Bank to the Client. However it is clarified that under these Terms and Conditions, only RBL Bank shall hold by the public key.
- Client agrees that it shall not be entitled to rely on, any information sent by RBL Bank in response to any instruction or response where such information may be accessed freely by the Client without using the Bank’s Public Key. RBL Bank shall not be liable for any losses arising from such reliance.
- Where it has been agreed between the Client and RBL Bank that any information or instruction (including any information or payment instruction relating to any) shall not be encrypted by either or both the Parties, RBL Bank disclaims any liability that may arise in connection with any interception of or interference with such information or instruction.
- The Parties consent and acknowledge that the Bank shall be entitled to sub contract any obligations as is permitted under Applicable laws to facilitate the development, maintenance and servicing of the API Banking Services.
- The Client shall ensure accuracy of the data and information uploaded on the platform. RBL Bank shall merely process the files uploaded for effecting payments. RBL Bank shall in no manner be responsible for any error or discrepancy for payments made on account of any error or omission or incorrect data uploaded on the part of the Client.
- The Client agrees
a) To take all reasonable and necessary measures to detect and prevent any unauthorized entry or use of Client’s local network.
b) To immediately inform RBL Bank in the event that the Parties has (or ought to have) reason to believe that there is or has been unauthorized access or use within Clients local network.
c) To inform RBL Bank as soon as possible if the Parties becomes aware that any Public Key or Private Key has been corrupted or is unable to perform validly and/or accurately its function.
- RBL Bank may at its sole discretion, without being subject to any liability, penalty or compensation, will be entitled to:
a) Modify or discontinue any or all of the Services. RBL Bank will notify the Client of material changes or discontinuation of the Service.
b) Modify or discontinue any APIs extended under the said Services.
- For any discontinuation of or material change to an API for a Service, the Bank will use commercially reasonable efforts to continue supporting the previous version of such APIs after the change or discontinuation except if doing so
Would pose a security or intellectual property issue.
Is economically or technically burdensome.
Would result in violation of any Applicable laws or directions from statutory, judicial or regulatory authorities.
Subject to the terms and conditions of these Terms and Conditions, RBL Bank shall be entitled to Charges ("Service Fees") as provided in the Set up Form, Commercial Offer Letter and other documents.
RBL Bank reserves the rights to revise the Service Fees from time to time. Such revised Service Fees shall be effective upon RBL Bank giving the Client 15 (fifteen) days’ of notice in writing.
The Service Fees shall be paid within 30 days from date of Invoice issued by the Bank to the Client. All fees are exclusive of all taxes.
In case of delay in payments, the Bank shall have a right to impose penalty at the rate of 18% per annum for such unpaid amounts till the date the entire outstanding amount is duly paid in full to the satisfaction of RBL Bank. Further, all and any amount payable to RBL Bank shall be subject to deduction of applicable taxes.
6. REPRESENTATIONS AND WARRANTIES
The Client hereby represents and warrants that:
- It has full power and all necessary authority to execute and perform its obligations under these Terms and Conditions and such execution and representation is legal, valid, binding and enforceable. It shall comply with all Applicable Laws and regulations as maybe applicable from time to time.
- That all of its employees, contractors and agents are aware of, and shall comply with the terms of these Terms and Conditions.
- All consents, licenses, approvals and/or authorizations required to make these Terms and Conditions legal, valid and/or enforceable have been obtained or made and are in full force and effect, there are no actions, governmental investigations, orders, judgments or decrees of any nature made, legal, quasi legal, administrative, arbitration, mediation, conciliation, suits or proceedings pending before any court or administrative body or arbitral tribunal which might adversely affect the ability of the Client to perform its obligations under these Terms and Conditions; that it has the right to use, reproduce, transmit, copy, display and distribute Clients Content and to grant RBL Bank the license to use and copy Clients Content pursuant to these Terms and Conditions that the use of the App by its users, will not violate or infringe rights (including but not limited to intellectual property rights) of any third party.
- It shall be the responsibility of the Client to check the report(s) generated from time to time by the Client end . It is the Clients obligation to verify instruction and/or transaction data that has been transmitted to the Bank.
- The Client acknowledges that the Bank has entered into these Terms and Conditions on the basis of, and in full reliance upon, representations made by the Client under these Terms and Conditions.
- The Client agrees that electronic fund transfer to the accounts of the beneficiary shall become irrevocable once Clients instructions for such transfer have been submitted by the Client.
- Client agrees not to give any instructions to the Bank for crediting non-resident rupee accounts of the beneficiaries through the modes of electronic fund transfer specified here under.
- Client shall only upload directions of electronic fund transfers for legitimate and permitted purposes under Applicable Laws.
7. INTELLECTUAL PROPERTY
RBL Bank or RBL suppliers, service providers and sub-contractors own all rights, title and interest (including any intellectual property rights) in and to the RBL Bank API Portal (including any content on it, other than Clients Content), the APIs ,API Data, Data Sets and all other software and systems used by RBL Bank in connection with the Service. Client shall not hold itself out to be a representative of RBL Bank in any manner or capacity. Client must not use any trademarks, logos or brands of RBL Bank without express written approval of the Bank. Client shall comply with any and all guidelines issued by the Bank regarding use of the Bank’s trademarks, logos or brands. The Bank may, at any point of time, without cause, revoke any approval provided for use of the Bank’s trademarks, logos or brands
Nothing in these Terms and Conditions grants or transfers to the Client any intellectual property rights or other interest in any of the Bank’s trademarks, logos or brands or in any other form of intellectual property of the Bank.
Client represents and warrants that the Bank has the right to use, reproduce, transmit, copy, display and distribute Client’s Content. The Client grants RBL Bank the license to use and copy Client’s content and that such use will not violate or infringe the rights (including intellectual property rights) of any third party.
Client agrees and confirms that subject to the terms of these Terms and Conditions, RBL has granted the Client a limited, revocable, non-exclusive, non-sub licensable, non-transferrable license to do the following: (a) access and use the Services solely in accordance with these Terms and Conditions for its own internal consumption.
Except as provided in this provision Client obtains no other rights under these Terms and Conditions to the Service, including but not limited to any related intellectual property rights.
Neither the Client nor any End User will use the Service Offerings in any manner or for any purpose other than as expressly permitted by these Terms and Conditions. Neither the Client nor any End User will, or will attempt to (a) modify, distribute, alter, tamper with, repair, or otherwise create derivative works of any Content included in the Service Offerings, (b) reverse engineer, disassemble, or decompile the Service Offerings or apply any other process or procedure to derive the source code of any software included in the Service Offerings, (c) access or use the Service Offerings in a way intended to avoid incurring fees or exceeding usage limits or quotas, or (d) resell or sublicense the Service Offerings.
Suggestions: If Client provides any Suggestions to RBL or RBL affiliates, service providers, suppliers or sub-contractors, RBL Bank will be entitled to use the Suggestions without restriction. The Client hereby irrevocably assigns to RBL all right, title, and interest in and to the Suggestions and agree to provide RBL any assistance RBL requires to document, register, and maintain RBL Banks rights in the Suggestions.
The Client shall ensure that any software or API or interation from Client end with RBL is free of any back door, drop dead device, time bomb, trojan horse, virus, worm, spyware or adware (as such terms are commonly understood in the I.T. industry) or any other code designed or intended to have, or capable of performing or facilitating, any type of disruption, disablement, harm, impede in any manner the operation of, or providing unauthorized access to, a computer system or network or other device on which such code is stored or installed. Client shall implement measures designed to prevent the introduction of any malicious code into RBL systems, including firewall protections and regular virus scans.
8. SUSPENSION OF API BANKING SERVICES
The Bank shall in its sole discretion have a right to terminate Client’s access to the RBL Bank API Portal, the APIs and any API Data with 15 days’ notice to the Client except if would pose a security or intellectual property issue,is economically or technically burdensome, or would result in violation of any Applicable laws or directions from statutory, judicial or regulatory authorities. The Bank may further require the API to be temporarily or partially suspended from time to time for maintenance, which will be duly notified to the Clients, except in cases of unforeseen circumstances or circumstances beyond the control of the Bank.
The Bank shall have the right to immediately suspend or terminate Client’s access to the RBL Bank API Portal, the APIs and any API Data (or any element of them) if the Client breaches, or if the Bank believes (at RBL sole discretion) that the Client may have breached, the terms of these Terms and Conditions and accompanied terms and conditions (if any).
The Bank may suspend Client or any End User’s right to access or use any portion or all of the Service Offerings immediately upon notice to the Client if RBL determines that
- The Client or an End User’s use of the Service Offerings.
- Poses a security risk to the Service or any third party.
- Could adversely impact RBL Bank systems, the Services or the systems or Content of any other RBL Bank customer.
- Could subject RBL, or any third party to any liability.
- Could be fraudulent.
- Client is, or any End User is, in breach of these Terms and Conditions.
- Client is in breach of Client payment obligations under Section _5_ and the Commercial Offer Letter as maybe applicable.
- Client has ceased to operate in the ordinary course, made an assignment for the benefit of creditors or similar disposition of Client assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution or similar proceeding.
- That ongoing provision of Services will be in violation of applicable laws and regulations.
Without prejudice to anything contained in these Terms and Conditions the Client agrees that the Bank shall be entitled to delete from the RBL Bank API Portal all or relevant elements of Clients Content in the event of such termination.
Effect of Suspension: If RBL Bank suspends Client rights of access or use any portion or all of the Services, the Client will remain responsible for all fees and charges during the period of suspension.
To the maximum extent permitted under the applicable laws, the Bank:
Gives no warranties about RBL Bank API Portal, the APIs, the API Data, or the availability of the APIs or API Data. In particular, the Client acknowledges that the Bank does not warrant or represent that the APIs will operate without interruption or be error free and the accuracy, completeness, suitability or fitness for purpose or any merchantability and will not have any liability to Client in connection with any temporary or permanent unavailability of the RBL Bank Developer Portal, the APIs or the API Data or Client’s use of any API Data.
The Bank have no responsibility to act upon and shall have no liability in relation to any instructions received from the Client except for receipt from the dedicated API assigned to the Client and /or using RBL Bank’s corporate net banking platform as the case may be.
The Bank disclaims any and all liability to the Client or any other person for any loss, damage, cost or expense suffered or incurred by the Client or them arising directly or indirectly from Client’s use of, or access to, the RBL Bank API Portal, the APIs or API Data or otherwise arising in connection with these Terms and Conditions, regardless of whether such liability arises in contract, tort (including negligence), equity, statute or otherwise.
The Services are provided on an “as is” basis. RBL Bank and its suppliers, service providers, vendors and licensors (a) make no representations or warranties of any kind, whether express, implied, statutory or otherwise regarding the Services or any Third-Party Content, and (b) disclaim all warranties, including any implied or express warranties (i) of merchantability, satisfactory quality, fitness for a particular purpose, non-infringement, (ii) arising out of any course of dealing or usage of trade, (iii) that the Services or Third-Party Content will be uninterrupted, error free or free of harmful components, and (iv) that any Content will be secure or not otherwise lost or altered.
All remedies available at law or in equity.
10. INDEMNITY AND LIMITATIONS OF LIABILITY
1. Client hereby irrevocably and unconditionally undertakes to indemnify and keep the RBL Bank (including but not limited to its directors, employee, staffs and agents) indemnified against all or any loss, damage, cost, expenses, penalties and charges that may be incurred by and/ or caused to RBL Bank arising out of and/or.
- In respect of the said arrangement for API Integration for payment disbursement.
- In respect of communications and customer information which have been furnished by Client or appears to have been furnished by or on behalf of Client.
- In respect of any transaction decline due to any incomplete/incorrect data of customer provided.
- In respect of any debit to the current account of Client maintained with RBL Bank for the purpose of payments to customers/ vendors/ employee of Client based on the instructions sent by the Client or its authorised service providers or sub-contractors.
- In respect of compromise, theft, modification or breach of confidentiality of customer data, transaction data and security features.
- In respect of breach of security measures/ standards/ regulations/ requirements/ guidelines which would be applicable for API Banking Services.
- Any wrongful, incorrect, dishonest, criminal, fraudulent or negligent work, default, failure, misrepresentation, misfeasance, bad faith, and/or misconduct (including perpetration of, or aiding and abetting fraud), any act or omission of or by Client.
- Any noncompliance of the Security Conformance Requirement as attached to these API Terms and Conditions.
- Any legal actions brought against RBL Bank arising out of or directly attributable to Client.
- Third party claims on delay in performance of processing of requests.
- Any action taken by the Bank basis instructions received from the authorised representative or sub-contractor of the Client as mentioned in the Set Uo Form and relevant schedules.
In addition to the above, the RBL Bank shall also be entitled to obtain injunctive relief to protect itself in addition to monetary damages and any and all remedies available at law or in equity.
2. RBL, RBL service providers, vendors, sub- contractors and licensors will not be liable to the Client for any direct, indirect, incidental, special, consequential or exemplary damages (including damages for loss of profits, revenues, customers, opportunities, goodwill, use, or data), even if RBL has been advised of the possibility of such damages.
Further, neither RBL nor RBL service providers, vendors, sub- contractors or licensors will be responsible for any compensation, reimbursement, or damages arising in connection with:
A) Client inability to use the Services, including as a result of any
- Termination or suspension of these Terms and Conditions or Client use of or access to the service offerings.
- Discontinuation of any or all of the Service offerings.
- Without limiting any obligations under the service level agreements, any unanticipated or unscheduled downtime of all or a portion of the services for any reason.
B) The cost of procurement of substitute goods or services.
C) Any investments, expenditures, or commitments by the Client in connection with these Terms and Conditions or Client use of or access to the service offerings.
D) Any unauthorized access to, alteration of, or the deletion, destruction, damage, loss or failure to store any of Client Content or other data.
11. TERM AND TERMINATION
The term of these Terms and Conditions will be valid from date on which API Banking Services are live ('Effective Date').
The Bank shall have the right to terminate these Terms and Conditions forthwith, by notice in writing to the Client upon the occurrence of any of the following events:
- If the Client commits any breach of any of the terms and conditions of these Terms and Conditions and in case such breach is capable of being cured, Client has failed to cure it within a period of 15 (fifteen) days from the date of notice.
- If the Client: (i) voluntarily becomes the subject of a bankruptcy, insolvency or similar proceeding, or (ii) makes a composition with its creditors generally, or (iii) if a receiver or administrator or trustee is appointed to take possession of the business or properties or undertaking of Client, or (iv) if such Client ceases to carry on its business for a period of 60 (sixty) days as presently conducted.
- Client is dissolved or ceases to function as going concern.
- If there occurs any change in the control of a Client without prior written approval of the Bank.
- Client does any fraudulent act or there is a suspicion of fraud against the Bank.
- Client is involved in any criminal or illegal activity.
Either Party shall be entitled to terminate these Terms and Conditions with or without cause at any time by serving a 30 (thirty) days’ notice in writing to the other Party. Such termination will take effect on the expiry of the said 30 (thirty) day period.
- RBL Bank shall have the right to terminate these Terms and Conditions forthwith, by notice in writing to the Client if the Client assigns or delegates or attempts to assign or delegate these Terms and Conditions or part thereof.
12. EFFECT OF TERMINATION
Upon the Termination:
- All Client rights under these Terms and Conditions immediately terminate.
- Client shall remain responsible for all fees and charges Client has incurred through the Termination Date and are responsible for any fees and charges Client incurs during the post-termination period if any.
- Client will immediately return or, if instructed by RBL, destroy all RBL Bank Content in Client possession.
- Sections on Consideration, Intellectual Property Rights, Indemnity, Disclaimer, Limitation of Liability, Miscellaneous will continue to apply in accordance with their terms and shall survive termination.
For any use of the Services after the Termination Date, the terms of these Terms and Conditions will apply and Client will pay the applicable fees at the rates under the Commercial Offer Letter and provisions contained in these Terms and Conditions..
13. CONFIDENTIALITY AND PUBLICITY
During the course of these Terms and Conditions, the Client may have access to confidential or proprietary information regarding RBL and related business entities (the "Information"). Client acknowledges the proprietary and sensitive nature of the Information, and the importance of maintaining the secrecy and confidentiality of such Information. Client shall ensure that Information shall be segregated from other information in possession of the Client. Such confidential information shall not leave the jurisdiction of India.
The Information includes but is not limited to (i) proprietary and confidential matters concerning RBL's security arrangements, financial information, technical data and any information relating to the pricing, methods, processes, lists, research, development or related information to which the Client has gained access, compiled, procured, generated in connection with these Terms and Conditions; (ii) information from time to time in the possession or custody of RBL belonging to its customers or other users of services from time to time provided by RBL, including, without limitation, the names of customers and the nature of their accounts; and (iii) information from time to time in the possession or custody of RBL belonging to its vendors or other suppliers of services from time to time provided to RBL. Client agrees that it shall not, without the prior written consent of RBL, disclose any such Information to any third party, either orally or in writing, unless such disclosure is mandated by applicable law.
Without limiting the generality of the foregoing, Client hereby agrees and undertakes that it will not, and will covenant all of its employees, servants, agents and contractors not to do anything which will cause RBL or any of its customers or affiliates to violate any terms of these Terms and Conditions. Client agrees to implement security measures that are designed to safeguard information of RBL.
All documents and things submitted, including, without limitation, financial statements, shall belong to RBL absolutely and Client shall, while the same is in its possession, hold the same in trust for RBL and shall deliver the same forthwith upon request. Client’s obligations under this Section shall continue after the termination of these Terms and Conditions.
Client (i) shall not, without RBL's prior written consent, disclose the Information in any manner except as expressly authorized in the permitted purpose under these Terms and Conditions, (ii) shall treat Information with at least the same degree of care that it treats its own confidential information, but in no event with less than a reasonable degree of care, (iii) shall prevent disclosure of Information to unauthorized parties, and (iv) shall maintain adequate security measures to safeguard the information from unauthorized disclosure, access, use and misappropriation. Client shall notify RBL immediately of any loss or unauthorized disclosure or use of Information that comes to its attention. Upon demand, or upon the termination of these Terms and Conditions, the Parties shall comply with each other's instructions regarding the disposition or return of the Information in its possession or control.
The Parties agree that any unauthorized use or disclosure of Information by the Client may cause immediate and irreparable harm to RBL for which money damages may not constitute an adequate remedy. In such event, the Parties agree that RBL may seek injunctive relief as appropriate.
If Client is directed by court order or other legal, quasi-legal or regulatory agency's request or similar process to disclose any Information, Client shall notify RBL in writing, with a copy of such document attached, in sufficient detail immediately upon receipt of such court order, legal, quasi-legal or regulatory agency's request or similar process, in order to permit application by RBL for an appropriate protective order.
Client agrees not to make any public disclosure, except as may be required by applicable law, relating to RBL or relating to or arising under these Terms and Conditions, without obtaining the prior written consent of RBL. Any unauthorized publication may result in termination of these Terms and Conditions for default hereof.
Client shall not use and shall keep its employees, agents and subcontractors from using the name, trademark or logo of RBL in any sale, marketing publication, advertisement, or other publication and shall not make, or let its employees, agents or subcontractors make, any public statement relating to RBL without prior written consent of RBL.
This Clause shall survive termination of these Terms and Conditions.
14. AUDIT AND INSPECTION
On receipt of a reasonable notice from RBL, the Client shall provide access to and make available to any of RBL’s officers / employees/ management or internal / external auditors/regulators of RBL, the necessary records for inspection / examination / audit, and co-operate to the fullest extent so as to clarify on any activities and to assure a prompt and accurate audit related to the scope of Services.The Client shall keep complete and accurate records of all operations in connection with the Services. All said records shall be kept on file by the Client for a period as required under applicable laws, and in any event, shall not be excised without first having duly and adequately and timely informed RBL.
15. DATA PROTECTION OBLIGATION
The Client shall comply with all Data Protection Legislation and such compliance shall include, but not be limited to, maintaining a valid and up to date registration or notification (where applicable) under the Data Protection Legislation as maybe required under applicable laws.
For the purpose of these Terms and Conditions
"Data Protection Legislation" means the legislation and regulations relating to the protection of Personal Data and processing, storage, usage, collection and/or application of Personal Data or privacy of an individual including (without limitation):
A) The Information Technology Act, 2000 (as amended from time to time), including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("Privacy Rules") and any other applicable rules framed thereunder.
B) All other banking industry guidelines (whether statutory or non-statutory) or codes of conduct relating to the protection of Personal Data and processing, storage, usage, collection and/or application of Personal Data or privacy of an individual issued by any regulator to RBL.
C) Any other Applicable Law solely relating to the protection of Personal Data and processing, storage, usage, collection and/or application of Personal Data or privacy of an individual.
"Personal Data" shall have the same meaning as ascribed to the term ‘Sensitive Personal Data or Information’ under the Privacy Rules (as amended from time to time).
The Client shall only undertake the processing of Personal Data that is reasonably required in connection with the permitted purpose; and in accordance with the RBL written instructions. The Client shall comply with all reasonable procedures and processes notified by RBL from time to time. The Client shall not process or transfer any Personal Data outside India without the prior written consent of RBL.
The Client shall at all times have appropriate technical and organizational measures in place acceptable to RBL:-
- To prevent unauthorized or unlawful processing of any Personal Data.
- To protect any Personal Data against accidental loss, destruction or damage.
- To ensure the reliability of its employees/contractor having access to the Personal Data.
On RBLs reasonable request, the Client will provide a detailed, written description of the measures undertaken by the Client and the Clients compliance with those measures and allow RBL to access to the Clients premises to inspect its procedures for the processing of Personal Data.
Upon expiry or termination of these Terms and Conditions for any reason the Client shall immediately return, or at RBLs option, destroy any Personal Data held by it or its sub contractors. Personnel or subcontractors of the Client and issue a confirmation of compliance in this regard to RBL.
16. FORCE MAJEURE
The API Banking Services shall not be available if prevented due to Force Majeure events such as factors including but not limited to civil commotion, sabotage, lockout, strike or other labour disturbances of any kind interfering with or affecting the normal functioning of Bank or of the Platform , accidents, fires, flood, explosion, epidemic, quarantine restrictions, damage to Bank’s and/or the Bank’s vendors’ facilities, absence of the usual means of communication or transportation, or factors leading to the unavailability of the Internet for the Bank and/or the Client, or computer hacking, unauthorized access to computer data and storage devices, computer crashes, or any other cause, whether of same or a different nature, unavoidable or beyond the control of the Bank.
The waiver or modification by either Party of any term or condition of these Terms and Conditions shall not void, waive, or modify any other term or condition of these Terms and Conditions. The failure of either Party to insist, in any one or more instances, upon the performance of any term of these Terms and Conditions shall not be construed as a waiver or relinquishment of such Party’s right to such performance or to future performance of such item. A waiver granted on one occasion shall not constitute a waiver of any future occasion.
These Terms and Conditions may be executed in several counterparts, all of which taken together shall constitute one single Terms and Conditions between the parties. Applicable Stamp duty of these Terms and Conditions shall be borne equally by both the Parties.
C. INDEPENDENT CONTRACTOR AND NON-EXCLUSIVE RIGHTS
Relationship between the Parties is of Principal to Principal basis. Nothing herein shall be construed to create an employer-employee or Principle – Agent relationship between the Bank and the Client. Neither party, nor any of their respective affiliates, is an agent of the other for any purpose or has the authority to bind the other. Both parties reserve the right (a) to develop or have developed for it products, services, concepts, systems, or techniques that are similar to or compete with the products, services, concepts, systems, or techniques developed or contemplated by the other party, and (b) to assist third party APIs or systems integrators who may offer products or services which compete with the other party’s products or services. This is not an exclusive arrangement.
Client shall not, directly or indirectly, assign these Terms and Conditions or any of its rights or obligations under these Terms and Conditions without the prior written consent of the Bank. Any attempted assignment in contravention of the preceding sentence shall be void and shall have no effect. It is hereby agreed that the Bank is hereby authorised to assign its rights, benefits, duties & obligations under these Terms and Conditions without prior consent of the Client.
If any portion of these Terms and Conditions is held to be invalid or unenforceable, the remaining portions of these Terms and Conditions will remain in full force and effect. Any invalid or unenforceable portions will be interpreted to effect and intent of the original portion. If such construction is not possible, the invalid or unenforceable portion will be severed from these Terms and Conditions but the rest of the Terms and Conditions will remain in full force and effect.
F. NO THIRD-PARTY BENEFICIARIES
These Terms and Conditions does not create any third-party beneficiary rights in any individual or entity that is not a party to these Terms and Conditions.
G. ANTI-CORRUPTION AND BRIBERY
Neither the Client nor any of its related parties, associate companies (as defined in the Companies Act, 2013 amended from time to time) or Client affiliates shall or has ,in relation to the transactions the subject of these Terms and Conditions or otherwise made, offered or authorized or will make, offer or authorize any payment, gift, promise or other advantage, whether directly or through any other person or entity, to or for the use or benefit of any government official or any entity or other person where such payment, gift, promise or other advantage would (i) comprise a facilitation payment; or (ii) violate the anti-bribery, anti-corruption and money-laundering laws and obligations or any other applicable Law as maybe enacted from time to time. Failure to comply with this obligation by the Client may result in immediate termination of the Services.
H. ENTIRE AGREEMENT
These Terms and Conditions, together with all annexures / schedules, constitutes the full and complete understanding of the parties with respect to the subject matter of these Terms and Conditions and constitutes a full statement of the terms of these Terms and Conditions. These Terms and Conditions supersedes all prior written agreements and contemporaneous oral agreements between the parties with respect to the subject matter of these Terms and Conditions, neither party has relied upon any representation of the other not set forth herein as an inducement to enter into these Terms and Conditions.
SECURITY CONFORMANCE REQUIREMENTS
|SR No||Control Section||Control Statements & Guidelines|
|1||All Users only have access to the credentials on a need-to-have basis.|
|2||The passwords should are not shared amongst users. Users individually have their own unique credentials.|
|3||The passwords/Secret Key and the API Password are used judiciously and cautiously so that unauthorized users/systems do not have access to these credentials under any circumstances.|
|4||The systems have an authentication mechanisms including but not limited to an unique username/password combination for login for each user.|
|5||Identity Management||Password security is enforced with the minimum of the below listed parameters:
Minimum Password length of 8 characters.
Lower and Upper cases compulsory.
Complexity with alpha-numeric & one special character & one capital character.
Password expiry – 30 days.
Password history – 5.
Minimum age of password – 1.
User should be able to change the password.
Old password should be asked while changing the password.
Password cannot be username or any portion of user ID.
|6||Users are temporarily locked after specified number of unsuccessful attempts and have to have their account manually reset.|
|7||Client machines are secured with anti-virus/anti-malware solutions.|
|8||Data Leakage Prevention controls are deployed to ensure information doesn't get leaked out of the environment.|
|9||Infrastructure Management||Security technologies like Firewalls/IPS/WAF/PIM/SIEM/APT are implemented to protect the infrastructure for internal and external security breaches and attacks.|
|10||Audit Trails should be enabled across the environment for security event and incident logging and monitoring.|
|11||Client has an Information security policy, which is approved by the management, published and communicated as appropriate to all employees.|
|12||The Information security policy includes a management commitment and sets out the organizational approach to managing information security.|
|13||Risk assessments are carried out on a periodic basis.|
|14||The controls are identified in risk assessment procedures.|
|15||Security Policy||There are regular onsite reviews of the outsourced operations.|
|16||The implementation of security policy is reviewed independently on regular basis.|
|17||There is continuous awareness programmes are conducted for security awareness.|
|18||There is a confidentiality clause in the terms and conditions and in the contracts with employees/staff/partners/third parties, etc.|
|19||There are Access control mechanisms deployed (e.g. card swipe systems, biometrics etc.).|
|20||Access to the computer room(s) limited to approve personnel only.|
|21||There are entry controls are in place to allow only authorized personnel into various areas within the organization.|
|22||There are entry and exit points monitored either by guards or cameras.|
|23||There are Periodic reviews of physical access permissions.|
|24||There is ongoing monitoring of computing facility.|
|25||Physical Security||The control of visitors is adequately addressed.|
|26||In case of outsourced software, all maintenance work is carried out only in the presence of / with the knowledge of appropriate staff.|
|27||The parameters to control the password format have been properly set according to security policy stipulated by the Bank.|
|28||The Information processing service is protected from natural and man-made disasters.|
|29||The delivery area and information processing area are isolated from each other to avoid any unauthorized access?|
|30||The information is only available on need to know basis.|
|31||There are security controls for third parties or for personnel working in secure area.|
|32||There are controls adopted to minimize risk from potential threats such as theft, fire, explosives, smoke, water, dust, vibration, chemical effects, electrical supply interfaces, electromagnetic radiation, flood., which could adversely affect the operation of information processing facilities.|
|33||The rooms, which have the Information processing service, are locked or have lockable cabinets or safes.|
|34||The equipment is protected from power failures.|
|35||The storage device containing sensitive information are physically destroyed or securely over Written.|
|36||The disposal of sensitive items are logged where necessary in order to maintain an audit trail.|
|37||The equipment, information or software cannot be taken offsite without appropriate authorization.|
|38||There is a documented process for immediate disabling or modification of access entitlements when an employee status changes (termination, transfer, etc.)|
|39||Information Handling||There are sufficient controls to ensure that the information is handled, processed, stored, accessed in a secured manner.|
|40||Business Recovery||There is a documented business recovery plan.|
|41||There is a secure backup procedures that have been defined and followed.|
|42||Operations Management||All programs running on production systems are subject to strict change control.|
|43||There is an Incident Management procedure exists to handle security incidents.|
|44||SLA Management||Appropriate SLAs have been defined to monitor and review the activities as per the defined agreements for timelines.|
|45||There are 24x7 alerting and monitoring process in place.|
|46||There is a segregation of duties between roles. E.g. developers do not have administration responsibilities for live services.|
|47||System Management||Roles and responsibilities clearly documented.|
|48||Audit trail for administrator access are maintained. These audit trails are subjected to independent review.|
|49||Access to audit trails is restricted.|
|50||High privileged accounts e.g. root only used under change control procedures and not for day-to-day system operation.|
|51||System Security||Security vulnerability management process in place and documented (including but not limited to Application Security Testing, Vulnerability Assessment, Penetration Testing, Hardening, etc.|
|52||Patch management procedure in place.|
|53||The Client has a ‘default deny and implicit drop stance’ that forces systems fail closed and dropping all traffic not expressly permitted.|
|54||There is a network firewall in place.|
|55||Network Management||Extra Security is in place for wireless LAN technology.|
|56||There are on-going vulnerability and penetration assessments performed on all servers on a regular basis and appropriate actions taken to remove vulnerabilities.|
|57||UAT/Development/Production environments is segregated from each other using strict access controls over the firewall.|
|58||Verification checks on permanent staff were carried out at the time of job applications.|
|59||Reference checks done for the employees.|
|60||There are enhanced screening processes for staff/managers in particularly sensitive roles.|
|61||Personnel Security||Employment contracts include:
- Confidentiality clauses
- Reference to security responsibilities
- Penalties / disciplinary proceedings for non-compliance
|62||There is an exit process for revocation of physical & logical access permissions.|
|63||All employees/staff/outsourced staff within the organization and third party users (where relevant) receive appropriate Information Security training and regular updates in organizational policies and procedures.|
|64||There is a formal disciplinary process in place for employees who have violated security policies and procedures or guidelines for users, to report security weakness in, or threats to, systems or services.|