Connect with us

Business News

RBI charts out plan for outsourcing of IT services by banks



RBI drafts rules for outsourcing of IT services by banks and NBFCs

New Delhi:

In order to ensure effective management of risks in outsourcing of IT activities by banks, NBFCs and other regulated entities, the Reserve Bank of India (RBI) issued a draft ‘Master Direction on Outsourcing of IT Services’.

Regulated entities are widely leveraging IT and IT-enabled services to support their business models and the products and services offered to their customers, and they outsource a large portion of their IT activities to third parties. which exposes organizations to significant risks. the central bank said.

The draft has been released for comments of stakeholders and members of the public. The last date for comments and feedback is July 22, 2022.

The underlying principle is that regulated entities should ensure that outsourcing arrangements neither reduce their ability to meet their obligations to customers nor impede effective supervision by the supervising authority, the draft said. .

Regulated entities desirous of outsourcing IT and IT-enabled services will not require prior approval from the RBI, the draft said, adding that such arrangements would, however, be subject to inspection and scrutiny by on-site or off-site monitoring and supervision. . authority.

In addition, the draft states that regulated entities will evaluate the need for outsourcing IT services based on a comprehensive assessment of the attendant benefits, risks and availability of tailored processes to manage those risks.

In the process, they will consider important aspects, such as determining the need for outsourcing based on the severity of the outsourcing activity, determining expectations or outcomes from outsourcing, determining success factors and cost-benefit analysis, and models for outsourcing. set. ,

On the Grievance Redressal Mechanism, the draft states that the regulated entities will be responsible for redressal of customer grievances related to outsourced services.

The RBI has expressed concerns about the risks associated with cross-border outsourcing, saying that the engagement of a service provider located in a different jurisdiction exposes the risk.

“To manage such risk, the regulated entity will closely monitor the service provider’s country government policies and its political, social, economic and legal situations on an ongoing basis, and put in place concrete procedures to mitigate the country’s risk.” It shall establish, inter alia, appropriate contingency and exit strategies. Further, it shall be ensured that the availability of records to the regulated entity and the supervising authority will not be affected even in case of liquidation of the service provider,” the draft said. has gone.

Lastly, the draft states that the outsourcing of IT services policy shall include a clear exit strategy with respect to outsourced IT activities or IT-enabled services, while ensuring business continuity during and after the exit.


Click to comment

Leave a Reply

Your email address will not be published.