Topics In Demand
Notification
New

No notification found.

Call for inputs: Draft Master Direction on Outsourcing of IT Services by Reserve Bank of India
Call for inputs: Draft Master Direction on Outsourcing of IT Services by Reserve Bank of India

June 24, 2022

275

0

The Reserve Bank of India (RBI) in its statement on Developmental and Regulatory Policies had sated that the “financial system is seeing extensive leveraging and outsourcing of critical IT services by regulated entities” and that “aspects such as risk management framework for IT outsourcing, managing concentration risk, periodic risk assessment and outsourcing to foreign service providers require suitable regulatory guidelines.” To this effect, the RBI has released draft Master Direction on Outsourcing of IT Services (draft Master Directions) for stakeholder consultation.

Key features of the draft Master Directions include:

  • The draft Master Directions shall be applicable on material outsourcing services i.e., services which if disrupted will have the potential to significantly impact the regulated entities (REs); business operations, reputation, strategic plans or profitability; ability to manage risk and comply with applicable laws and regulations. They will also include services which in the event of any unauthorised access, loss or theft of customer information may have material impact on the RE’s customers.
  • The draft Master Directions requires REs to evaluate their outsourcing needs based on comprehensive assessment of attendant benefits, risks and availability of measures to manage such risks.
  • REs are required to establish an inventory of services provided by service providers, map their dependency on third parties and evaluate the information received from the service providers.
  • The draft Master Directions mandate that the responsibility for redressal of customer grievance has to rest with the REs.
  • REs will be required to put in place a comprehensive board approved IT outsourcing policy outlining responsibilities of the board, board committee, senior management, IT function, business function etc. The Policy has to outline the criteria for selection of service providers, parameters for defining material outsourcing, disaster recovery and business continuity plan etc.
  • REs will be required to undertake due diligence before selecting service providers. This will have to account for financial, legal and reputational factors of service providers.
  • The storage of data, in terms of condition with service providers, shall have to be India as per extant regulatory requirements. This is as per applicable on the concerned REs.
  • The REs will also be required to adopt the storage, computing and movement of data in cloud environment requirements.

You can read more about the Master Directions here.

Should you have any comments on the draft Master Directions, kindly write to apurva@nasscom.in by July 10th.

 

 

 

 

                                                                   


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


images
Apurva Singh
Senior Policy Associate

Write to me for all things related to FinTech, Drones, Data and Gaming

© Copyright nasscom. All Rights Reserved.