Securities and Exchange Board of India
September 13, 2017
All Stock Exchanges
All Clearing Corporations
Dear Sir / Madam,
Subject: Outsourcing of activities by Stock Exchanges and Clearing Corporations
1. SEBI has vide circular CIR/MIRSD/24/2011 dated December 15, 2011 prescribed Guidelines on Outsourcing of Activities by Intermediaries. Through these guidelines certain principles for outsourcing to be followed by all the intermediaries registered with SEBI were laid down. Further, based on the recommendations of the Depository System Review Committee (DSRC), vide circular dated December 09, 2015, guidelines were also laid down for governing the outsourcing of activities by the Depositories.
2. It is also observed that the stock exchanges and clearing corporations avail the services of third party service providers / outsourced agencies to perform certain processes, services or activities.
3. In this regard stock exchanges and clearing corporations are advised to formulate and document an outsourcing policy duly approved by their Board based on the guidelines placed at Annexure I.
4. Stock Exchanges and clearing corporations are also directed to take necessary steps to put in place systems for implementation of the circular, including necessary amendments to the relevant bye-laws, rules, etc., if any, within six months from the date of the circular. Stock exchanges and clearing corporations are also advised to disseminate the provisions of this circular on their website.
5. This circular is being issued in exercise of powers conferred under Section 11 (1) of the Securities and Exchange Board of India Act, 1992 and to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.
Susanta Kumar Das
Deputy General Manager
Outsourcing is an arrangement whereby an entity engages a third party (the service provider / outsourced agency) to provide a service that may already or may conceivably be performed by the entity itself.
2. Material Outsourcing
The stock exchanges and clearing corporations shall develop a process for determining the materiality of outsourcing arrangements with emphasis on the potential impact on the market, including where the service provider / outsourced agency fails to perform.
3. Core and Critical activities of Stock Exchanges and Clearing Corporations
3.1. The Core and critical activities of stock exchanges and clearing corporations shall not be outsourced. However, stock exchanges and clearing corporations may outsource activities to associate or group companies / entities of the exchange, provided there is a clear demarcation of activities with clear arms-length relationship.
3.2. Further, services rendered by any intermediary registered with SEBI (for eg. custodians, depositories, etc.) shall not be covered under these guidelines.
3.3. The core and Critical activities of the stock exchanges shall include but may not be limited to the following:
(a) Provision and daily operation of trading facilities;
(b) Management of the market functioning, including market surveillance and monitoring like online surveillance, investigation, inspection, price band relaxation, etc.;
(c) Enforcement of exchange rules/self-regulation;
(d) Trading information disclosure excluding data feed distribution to third party vendors;
(e) Core IT support infrastructure / activities for running the core activities of exchanges;
(f) Admission of trading member to exchange;
(g) Admission to securities to trading on the exchange;
(h) Monitoring and redressal of investor grievances;
(i) Maintenance and safe keeping of trade related data;
(j) Inspection of the members of the exchange;
(k) Compliance functions.
3.4. The core and critical activities of the clearing corporations shall include but may not be limited to the following:
(a) Post trade activities and services such as clearing and settlement and risk management inter-alia including pay-in and pay-out of funds and securities, margin blocking, margin reporting, collateral management (including addition, release, maintenance), capital adequacy, stress testing;
(b) Enforcement of clearing corporation rules/self-regulation;
(c) Admission of clearing members;
(d) Monitoring and redressal of grievances;
(e) Maintenance and safe keeping of trade related data pertaining to clearing and settlement;
(f) Inspection of the members of the clearing corporation;
(g) Compliance functions;
(h) Core and Critical IT support infrastructure / activities for running the core activities of clearing corporations (however, where the infrastructure is being shared with the group / associate company / entity, the same shall be allowed with the pre-condition of having a clear demarcation of infrastructure between the parties involved. Access control and responsibility would need to remain with the Clearing Corporations)
3.5. Certain Core activities may be outsourced to specialist vendors who are experts in their field (eg. IT services / Network services / IT Security etc.). However, in all such cases, the responsibility and control shall wholly vests with the exchanges and clearing corporations. Further, in case the Trading and / or Clearing software is purchased from a vendor, then there must be an arrangement to keep the source code in escrow, such that in case of any issue with the vendor, the software can be taken out of escrow and used to continue the business.
4. Selection of Service Providers / Outsourced agencies and Due Diligence
4.1. The service provider / Outsourcing agency shall be subjected to appropriate due diligence to assess its capability to employ a high standard of care in performing the service and comply with its obligations under the outsourcing agreement. The due diligence should take into consideration qualitative and quantitative, financial, operational and reputation factors of the service provider / Outsourcing agency.
4.2. The exchanges and clearing corporations shall ensure that entities having proven high delivery standards or expertise in the field, are selected after a proper due-diligence process which may include parameters like track record, delivery standard, unique selling proposition, service standards.
4.3. Due diligence undertaken during the selection process should be documented and re-performed periodically as part of the monitoring and control processes of outsourcing.
5. Legal Accountability
5.1. Stock Exchange and clearing corporations shall ensure that there is a legally binding written contract with the service provider / Outsourcing agency
5.2. Stock Exchange and clearing corporation shall ensure that the outsourcing arrangement does not in any way diminish its obligations and those of its board and senior management, to comply with relevant laws and regulations, guidelines and other directions.
5.3. The board and senior management of the stock exchange and clearing corporation shall retain ultimate responsibility for the effective management of risks arising from outsourcing.
6.1. Stock exchanges and clearing corporations shall ensure that outsourced activities are further outsourced downstream only with the prior consent of the exchange and clearing corporation and with appropriate safeguards including proper legal documentation/ agreement.
6.2. Stock exchange and clearing corporations shall also consider the ability of the sub-contractor to perform the services as a part of the due diligence process.
7. Contract with Service Provider / Outsourcing agency
7.1. Contractual terms and conditions governing relationships, functions, obligations and responsibilities of the contracting parties, potential conflict of interests should be carefully and properly defined in written agreements.
7.2. Every outsourcing agreement should address the risks and risk mitigation strategies identified at the risk evaluation and due diligence stages. Each agreement should allow for renegotiation and renewal to enable the exchange to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet its legal and regulatory obligations.
7.3. The agreement should provide for a dispute resolution mechanism, inter-alia specifying the resolution process, events of default, and the indemnities, remedies and recourse of the respective parties in the agreements.
8. Monitoring of Service Provider’s / Outsourcing agency’s Performance
8.1. Stock exchanges and clearing corporations shall maintain the capability and appropriate level of monitoring and control over outsourcing agencies, in order to be able to maintain continuity of business, even in the event of disruption or unexpected termination of the service.
8.2. Stock exchange and clearing corporation should evaluate its aggregate exposure to a particular service provider / outsourced agency in cases where the institution outsources various functions to the same service provider / outsourced agency.
8.3. Stock exchange and clearing corporation shall undertake periodic reviews of its outsourcing arrangements to identify new material outsourcing risks as they arise and analyze the impact of the arrangement on its overall risk profile and whether there are adequate internal expertise and resources to mitigate the risks identified.
9. Business Continuity at the Service Provider
9.1. Stock exchanges and clearing corporations should take appropriate measures to determine that its service providers / Outsourcing agencies establish and maintain emergency procedures and a plan for business continuity / disaster recovery, with periodic testing of backup facilities.
10. Security and Confidentiality of Information
10.1. Stock exchanges and clearing corporations should have adequate procedures in place that require the service provider / Outsourcing agency to protect exchange’s proprietary, member-related and potentially market sensitive information and software from unauthorized usage.
11. Termination Procedures
11.1. Stock exchanges and clearing corporations should include contractual provisions relating to the termination of the contract and appropriate exit strategies inter-alia specifying events that may trigger termination of the service contract, what will occur on termination and strategies for managing the transfer of the activity back to the stock exchange and clearing corporation or to another party.
12. Access to Information and other records
12.1. The outsourcing arrangement should provide for the access by the regulatory authority of the records of service providers / Outsourcing agencies and other information relating to the activities that are relevant to regulatory oversight.
13.1. The outsourcing policy document shall act as a reference for audit of the outsourced activities. Audit of implementation of risk assessment and mitigation measures listed in the outsourcing policy document and outsourcing agreement/ service level agreements pertaining to IT systems shall be part of System Audit of Stock Exchanges and Clearing Corporations.