As per RBI guidelines, SSL / TLS is only designed to encrypt data in transit at the network transport layer. It does not provide end-to-end encryption security at the application layer.
If an application is compromised, the entire system should not become at risk. Hence, to reduce attack vectors one should encrypt data at application layer.
It is recommended to implement Application layer encryption for minimization of risk for future possibilities of TLS exploits.