RBI produces out norms for outsourced of IT services

RBI produces out norms for outsourced of IT services

The Reserve Bank of India published master directions on the outsourcing of IT services by banks and non-banks that ensure that regulated organizations ring-fence themselves from any reputational risks arising from such arrangements. The final guidelines that come into effect from October 1, also ensure that any IT outsourcing arrangements do not undermine the responsibilities and obligations banks and non-banks have to customers.

The underlying principle of the directions is to ensure that outsourcing arrangements do not diminish the obligation of a regulated entity or impede effective supervision by the central bank. The RBI has directed all regulated entities to ensure that the service provider employs the same high standard of care in performing the services as would have been employed by regulated entities if the same activity was not outsourced.

According to the central bank, regulated entities should not engage an IT service provider that would result in their reputation being compromised or weakened. Banks and non-banks have also been told to evaluate the need for outsourcing IT services based on a comprehensive assessment of attendant benefits and risks.

The RBI released these guidelines after it felt that entities regulated by it have been extensively leveraging IT and IT-enabled services (ITeS) to support their business models and the products and services they offer their customers.

In February last year, the central bank proposed the issuance of suitable regulatory guidelines on the outsourcing of IT services with the aim of ensuring effective management of attendant risks. The draft norms were issued later.