Reserve Bank of India
March 11, 2015
All Scheduled Commercial Banks
Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by Banks
Please refer to our circular DBOD.No.BP.40/21.04.158/2014-15 dated November 3, 2006 forwarding the final guidelines on managing risks as applicable in outsourcing of financial services.
2. In view of concerns raised that these instructions are not being adhered to, we reiterate that outsourcing of any activity by the bank does not diminish its obligations, and those of its Board and senior management, who have the ultimate responsibility for the outsourced activity. Banks have been advised to take steps to ensure that the service provider employs the same high standard of care in performing the services as would be employed by the banks, if the activities were conducted within the banks and not outsourced. Further, banks should not engage in outsourcing that would result in their internal control, business conduct or reputation being compromised or weakened.
3. Instances of non adherence with the aforementioned guidelines have been observed with regard to subcontracting by the primary outsourced vendors and the engagement of subcontractors by the outsourced service providers without the prior consent of the bank. It is clarified that the Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by Banks apply mutatis mutandis to subcontracted activities, as well. Attention is invited to paragraph 5.5.1 of the guidelines, wherein banks have inter-alia been advised that the outsourcing contract should provide for prior approval/ consent by the bank of the use of subcontractors by the service provider for all or part of an outsourced activity. Before giving their consent, banks should review the subcontracting arrangements and ensure that these arrangements are compliant with the extant guidelines on outsourcing.
4. Certain cases, like outsourcing of cash management, might involve reconciliation of transactions between the bank, the service provider and its sub-contractors. In such cases, banks should ensure that reconciliation of transactions between the bank and the service provider (and/ or its subcontractor), are carried out in a timely manner. An ageing analysis of entries pending reconciliation with outsourced vendors should be placed before the Audit Committee of the Board (ACB) and banks should make efforts to reduce the old outstanding items therein at the earliest.
5. A robust system of internal audit of all outsourced activities should also be put in place and monitored by the ACB of the bank.
Chief General Manager – in- Charge