RBI issues detailed norms for outsourcing of IT services by banks, NBFCs
PTI, Apr 10, 2023, 8:22 PM IST
Image credit: ANI / FIle
Mumbai: Reserve Bank of India on Monday came out with detailed norms for outsourcing of IT services by banks, NBFCs and regulated financial sector entities to ensure that such arrangements do not undermine their responsibilities and obligations to customers.
In its ‘Master Direction on Outsourcing of Information Technology Services’, RBI said that Regulated Entities (REs) have been extensively leveraging IT and IT-enabled Services (ITeS) to support their business models, products and services offered to their customers.
In February last year, the central bank proposed the issuance of suitable regulatory guidelines on outsourcing of IT services with an aim to ensure effective management of attendant risks. Later, draft norms were issued.
According to RBI, the underlying principle of the directions is to ensure that outsourcing arrangements neither diminish REs’ ability to fulfil its obligations to customers nor impede effective supervision by the central bank.
With a view to provide REs adequate time to comply with the requirements, the norms will come into effect from October 1, 2023.
A RE shall take steps to ensure that the service provider employs the same high standard of care in performing the services as would have been employed by the RE, if the same activity was not outsourced, the central bank said.
According to the central bank, a RE should not engage an IT service provider that would result in reputation of RE being compromised or weakened.
Notwithstanding whether the service provider is located in India or abroad, REs should ensure that outsourcing should neither impede nor interfere with the ability of the RE to effectively oversee and manage its activities, as per RBI.
Further, REs have been told to evaluate the need for outsourcing of IT services based on comprehensive assessment of attendant benefits, risks and availability of commensurate processes to manage those risks.
On governance framework, RBI said a RE intending to outsource any of its IT activities should have a comprehensive board-approved IT outsourcing policy.
Financial institutions should also put in place a risk management framework for outsourcing that should comprehensively deal with the processes and responsibilities for identification, measurement, mitigation, management, and reporting of risks associated with outsourcing of IT services arrangements.
Also, REs should ask their service providers to develop and establish a robust framework for documenting, maintaining and testing business continuity plan and disaster recovery plan.
A RE can also outsource any IT activity/ IT-enabled service within its business group/ conglomerate, subject to conditions specified to the conditions specified in the Master Direction.
Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.
Top News
Related Articles More
Congress to discuss candidates for Amethi, Raebareli seats on Saturday
Cache of arms including foreign-made revolvers seized by CBI in Sandeshkhali raids
24 Indian Fishermen Released from Sri Lankan Detention, Repatriated to India
SC verdict on EVM tight slap to Congress-led opposition: PM Modi in Bihar rallies
Board exams twice a year from 2025: MoE asks CBSE to work out logistics, no plan for semesters
MUST WATCH
Latest Additions
Patanjali Foods to evaluate proposal to buy Patanjali Ayurved’s non-food business
Congress to discuss candidates for Amethi, Raebareli seats on Saturday
BJP’s CT Ravi Booked for Promoting Hatred and Enmity Through Social Media Post
Elections held in 14 LS segments in Karnataka, voter turnout nearly 64 per cent till 5 pm
‘PM is scared, may even shed tears on stage’: Rahul Gandhi’s fresh salvo at Modi