Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by Banks

RBI/2014–15/497 DBR.No.BP.BC.76/21.04.158/2014–15

March 11, 2015

Guide­lines on Man­ag­ing Risks and Code of Con­duct in Out­sourc­ing of Finan­cial Ser­vices by Banks

Please refer to our cir­cu­lar DBOD.No.BP.40/21.04.158/2014–15 dat­ed Novem­ber 3, 2006 for­ward­ing the final guide­lines on man­ag­ing risks as applic­a­ble in out­sourc­ing of finan­cial services.

2. In view of con­cerns raised that these instruc­tions are not being adhered to, we reit­er­ate that out­sourc­ing of any activ­i­ty by the bank does not dimin­ish its oblig­a­tions, and those of its Board and senior man­age­ment, who have the ulti­mate respon­si­bil­i­ty for the out­sourced activ­i­ty. Banks have been advised to take steps to ensure that the ser­vice provider employs the same high stan­dard of care in per­form­ing the ser­vices as would be employed by the banks, if the activ­i­ties were con­duct­ed with­in the banks and not out­sourced. Fur­ther, banks should not engage in out­sourc­ing that would result in their inter­nal con­trol, busi­ness con­duct or rep­u­ta­tion being com­pro­mised or weakened.

3. Instances of non adher­ence with the afore­men­tioned guide­lines have been observed with regard to sub­con­tract­ing by the pri­ma­ry out­sourced ven­dors and the engage­ment of sub­con­trac­tors by the out­sourced ser­vice providers with­out the pri­or con­sent of the bank. It is clar­i­fied that the Guide­lines on Man­ag­ing Risks and Code of Con­duct in Out­sourc­ing of Finan­cial Ser­vices by Banks apply mutatis mutan­dis to sub­con­tract­ed activ­i­ties, as well. Atten­tion is invit­ed to para­graph 5.5.1 of the guide­lines, where­in banks have inter-alia been advised that the out­sourc­ing con­tract should pro­vide for pri­or approval/ con­sent by the bank of the use of sub­con­trac­tors by the ser­vice provider for all or part of an out­sourced activ­i­ty. Before giv­ing their con­sent, banks should review the sub­con­tract­ing arrange­ments and ensure that these arrange­ments are com­pli­ant with the extant guide­lines on outsourcing.

4. Cer­tain cas­es, like out­sourc­ing of cash man­age­ment, might involve rec­on­cil­i­a­tion of trans­ac­tions between the bank, the ser­vice provider and its sub-con­trac­tors. In such cas­es, banks should ensure that rec­on­cil­i­a­tion of trans­ac­tions between the bank and the ser­vice provider (and/ or its sub­con­trac­tor), are car­ried out in a time­ly man­ner. An age­ing analy­sis of entries pend­ing rec­on­cil­i­a­tion with out­sourced ven­dors should be placed before the Audit Com­mit­tee of the Board (ACB) and banks should make efforts to reduce the old out­stand­ing items there­in at the earliest.

5. A robust sys­tem of inter­nal audit of all out­sourced activ­i­ties should also be put in place and mon­i­tored by the ACB of the bank.