RBI Issues Guidelines For IT Outsourcing By Banks, NBFCs: No Permission Needed From RBI
The Reserve Bank of India has made proposals for outsourcing IT services to ring-fence banks and other regulated entities (REs) from risks of financial, operational and reputational nature.
A regulated entity means a bank or any NBFC (Non Banking Financial Company) as specified by the central bank RBI.
RBI’s Norms on Outsourcing IT Services by Banks and REs
RBI has stated that from now on NBFCs, banks or any specified entity recognised by its will not be required to take prior approval from the central bank for the outsourcing of IT and IT-enabled services (ITeS).
The central bank’s Master Direction on Outsourcing of Information Technology (IT) Services draft read, “The underlying principle of these Directions is that the RE should ensure that outsourcing arrangements neither diminish its ability to fulfill its obligations to customers nor impede effective supervision by the supervising authority.”
RBI has invited comments from stakeholders on this proposal by July 22, 2022.
It added that outsourcing of any activity of the regulated entity shall not diminish its obligations as also of its Board and senior management, who shall be ultimately responsible for the outsourced activity, quotes PTI sources.
The draft further added, “RE shall take steps to ensure that the service provider employs the same high standard of care in performing the services as would have been employed by the RE if the same activity was not outsourced.”
Provisions Applicable to These Entities
- Local Area Banks
- SFBs or Small Finance Banks
- Scheduled Commercial Banks, except Regional Rural Banks
- Payments Banks
- NBFCs in Top, Upper and Middle Layers
- Credit Information Companies
- Urban/Primary Co-operative Banks with an asset size of at least Rs 1,000 crore
- All Domestic Financial Institutions, like NABARD, NHB, EXIM Bank, NaBFID, SIDBI.
According to the draft, a risk management framework entailing the outsourcing of IT services should be able to deal (in detail) with with the processes and responsibilities of all the risks associated with outsourcing.