Reserve Bank’s norms on outsourcing IT services aimed at improving corporate governance: Experts
Contents News/Article Date: 16th April 2023
Relating to which Act: The Contract Labour (Regulation & Abolition) Act 1970;
Applicable to which State: All the states where the act is applicable along with contract labour rules of the respective States
Type: Millennium Post news report
Pertains to: All third parties either as suppliers, vendors or contractors or contractor employees deputed on the premises of the principal employer
Relevance of this news: Karma Global is in the business of HR Services, Payroll, Outsourcing and Regulatory Compliances right from its inception in 2004 and since then, has brought in a lot of efficiencies and technological upgradations with experts on its roll, to ease the hassles of Payroll Processing, Temp Staffing, On-boarding, Employee Life Cycle, Statutory, Regulatory and Payroll compliances by providing customized solutions to all its elite clients.
Now Karma Global is also fully into labour compliances for nearly 18 years and is helping both establishments and workers for fulfilment of obligations as per the laws of the land. It has over 200 staff, both direct and indirect on its rolls and operates on pan India basis. Recently, it has diversified into foreign shores as well, into countries like US, UK, UAE, Canada, Philippines, and Asia for handling payroll, outsourcing, recruitment and governance.
And in this instance New Delhi: Reserve Bank’s regulation on outsourcing of IT services by banking sector entities is aimed at improving corporate governance and will protect the interest of consumers, say industry experts. The Reserve Bank of India (RBI) has recently come out with detailed norms for the outsourcing of IT services by banks, NBFCs and other regulated financial sector entities to ensure that such arrangements do not undermine their responsibilities and obligations to customers. These norms came in the backdrop of the current practice of regulated entities (REs) of extensively leveraging IT and IT-enabled services (ITeS) to support their business models and also the products and services being offered to customers.
And in the previous instance: To ensure that such arrangements do not undercut their duties and commitments to customers, the Reserve Bank of India released extensive guidelines for the outsourcing of IT services by banks, NBFCs, and other regulated financial sector organisations.
The RBI stated that Regulated Entities (REs) have been heavily utilising IT and IT-enabled Services (ITeS) to support their business models, goods, and services given to their consumers. This was stated in its “Master Guidance on Outsourcing of Information Technology Services.”
In an effort to promote efficient risk management, the central bank requested in February of last year that appropriate regulatory rules be issued regarding the outsourcing of IT services. Draft standards were released later. The guiding concept of the directives, according to RBI, is to make sure that outsourcing arrangements don’t make it harder for REs to fulfil their duties to customers or prevent the central bank from effectively supervising them.
The rules will take effect on October 1, 2023, giving REs enough time to comply with the standards.
Reserve Bank’s norms on outsourcing IT services aimed at improving corporate governance:
Source: Millennium Post new report
Reserve Bank’s regulation on outsourcing of IT services by banking sector entities is aimed at improving corporate governance and will protect the interest of consumers, say industry experts.
The Reserve Bank of India (RBI) has recently come out with detailed norms for the outsourcing of IT services by banks, NBFCs and other regulated financial sector entities to ensure that such arrangements do not undermine their responsibilities and obligations to customers.
These norms came in the backdrop of the current practice of regulated entities (REs) of extensively leveraging IT and IT-enabled services (ITeS) to support their business models and also the products and services being offered to customers.
Commenting on the Master Direction issued by the RBI on ‘Outsourcing of Information Technology Services’, Managing Partner, MGC Global Risk Advisory LLP, said, “Strong corporate governance practices and comprehensive risk management frameworks are aspects that are imperative to enhance the resilience of the BFSI sector in India. This is a significant development that is in the best interests of the consumers…”. He further said the directions have brought under purview those IT & ITeS tasks that have the potential to significantly impact the business operations of regulated entities in the event of a disruption or compromise and those that can have material impact on the customers of the regulated entities in the event of any unauthorised access, loss or theft of customer information.
The Master Direction on ‘Outsourcing of Information Technology Services’ will come into effect from October 1, 2023.
The RBI said the underlying principle of the Master Direction is to ensure that outsourcing arrangements neither diminish REs’ ability to fulfil its obligations to customers nor impede effective supervision by the RBI.
Partner of Deloitte India, said the RBI’s directives provide key foundational broad strokes to regulated entities for managing technology outsourcing relationships across the continuum: Evaluation Onboarding Service Experience/Management Performance Management Ongoing Risk/Compliance Management Overall Relationship Management.
This framework, will bring in a lot more rigour as to how REs manage these business critical relationships and is expected to mature RE operating models, processes, systems and streamline/formalise some intuitively followed practices around technology outsourcing.
“With less than 180 days for the directives to become effective, we certainly see this topic being an important part of Board agenda this season. Key RE committees/ groups such as Risk Management Group, Information Security group, amongst others are likely to oversee implementation,”
As per the RBI, REs have put in place a risk management framework that “shall comprehensively deal” with the processes and responsibilities for identification, measurement, mitigation, management, and reporting of risks associated with outsourcing of IT services arrangements.
Shreya Suri, Partner, Indus Law, opined that the master directions were an anticipated development, given the proactive approach of RBI in relation to developments and innovations in the digital and technology space.