The Reserve Bank of India on Monday came out with detailed norms for outsourcing of IT services by banks, NBFCs and regulated financial sector entities to ensure that such arrangements do not undermine their responsibilities and obligations to customers.
In its ‘Master Direction on Outsourcing of Information Technology Services’, the RBI said that Regulated Entities (REs) have been extensively leveraging IT and IT-enabled Services (ITeS) to support their business models, products and services offered to their customers.
In February last year, the central bank proposed the issuance of suitable regulatory guidelines on outsourcing of IT services with an aim to ensure effective management of attendant risks. Later, draft norms were issued. According to the RBI, the underlying principle of the directions is to ensure that outsourcing arrangements neither diminish REs’ ability to fulfil its obligations to customers nor impede effective supervision by the central bank.
With a view to provide REs adequate time to comply with the requirements, the norms will come into effect from October 1, 2023.
An RE shall take steps to ensure that the service provider employs the same high standard of care in performing the services as would have been employed by the RE, if the same activity was not outsourced, the central bank said.