Skip to main content

Draft Directions on Outsourcing of Financial Services

Reserve Bank of India (RBI) had issued draft directions on managing risks and code of conduct in outsourcing of financial services.

What is the objective of the directions?

The purpose of the directions on 'managing risks and code of conduct in outsourcing of financial services' is to ensure that outsourcing arrangements neither diminish the ability of the regulated entity (RE) to fulfil its obligations to customers nor impede effective supervision by the supervisory authority. 

What is outsourcing?

“Outsourcing” refers to an RE’s use of a third party (either an affiliated entity within a group or an external entity) to perform activities that would normally be undertaken by the RE itself on a continuing basis, now or in the future.

‘Continuing basis’ would include agreements for a limited period. This means REs shall not enter into perpetual agreements.

What is material outsourcing?

“Material outsourcing arrangement” means an outsourcing arrangement which –

  • In the event of failure of service or breach of security, has the potential to either materially impact an RE’s –
    • business operations, reputation, strategies, or profitability; or
    • ability to manage risk and comply with applicable laws and regulations, or
  • In the event of any unauthorised access or disclosure, loss or theft of customer information, may have a material impact on the RE’s customers.

To whom will the directions be applicable?

The directions will be applicable to the following entities –

  • Commercial Banks [including Local Area Banks (LABs), Regional Rural Banks (RRBs), Payments Banks (PBs), and Small Finance Banks (SFBs)]
  • All-India Financial Institutions (AIFIs) [viz. Exim Bank, National Bank for Agriculture and Rural Development (NABARD), National Housing Bank (NHB), Small Industries Development Bank of India (SIDBI), and National Bank for Financing Infrastructure and Development (NaBFID)]
  • Non-Banking Financial Companies (NBFCs) including Housing Finance Companies (HFCs)
  • Urban Co-operative Banks (UCBs), State Co-operative Banks (StCBs), and Central Co-operative Banks (CCBs)
  • Credit Information Companies (CICs)

Which are the supervisory authorities?

Supervisory authorities include –

  • RBI in case of Commercial Banks (including LABs, PBs, SFBs, and UCBs), NBFCs, CICs, and AIFIs.
  • NABARD in case of StCBs, CCBs, and RRBs
  • NHB in case of HFCs

What are the major directions?

  • REs desirous of outsourcing of financial services shall not require prior approval from RBI. However, such arrangements shall be subject to on-site / off- site monitoring and inspection / scrutiny by the supervisory authority.
  • REs shall not outsource core management functions including policy formulation, decision-making functions like determining compliance with KYC norms, according sanction for loans (i.e. decision to lend shall be solely taken by the RE and the role of the service provider shall only be that of a facilitator), management of investment portfolio, compliance function, and internal audit function.
  • REs shall be responsible not only for the actions of their service provider but also of their sub-agents engaged in the context of outsourced activity. 
  • REs shall also be responsible for the confidentiality of customer information available with the service provider.
  • Access to customer information by staff of the service provider shall be on ‘need to know’ basis, i.e., limited to those areas where the information is required in order to perform the outsourced function.
  • The responsibility for redressal of customers’ grievances related to outsourced services shall rest with the RE. If a complainant does not get any reply from the RE within 30 days after the RE received the complaint or is not satisfied with the reply of the RE, he / she will have the following options for redressal of his / her grievances.
    • RBI’s Ombudsman in case of REs to which RBI’s Integrated Ombudsman Scheme, 2021 applies, or
    • Consumer Education and Protection Cell (CEPC) of respective Regional Office of RBI in case of RBI supervised REs to which RBI’s Integrated Ombudsman Scheme, 2021 does not apply, or
    • Grievance Redressal mechanism of the respective supervisory authority in case of REs supervised by an authority other than RBI.
  • REs shall ensure that the service provider shall neither impede / interfere with the ability of the RE to effectively oversee and manage its activities nor impede the supervisory authority in carrying out the supervisory functions and objectives.
  • In considering or renewing an outsourcing arrangement, REs shall undertake appropriate due diligence to assess the capability of the service provider to comply with obligations in the outsourcing agreement. 
  • The event of termination of any outsourcing agreement, on account of the below-mentioned reasons (indicative in nature), where the service provider deals with customers, shall be publicised by publishing in the leading local newspaper with sufficient circulation in the locality, displaying at a prominent place in the branches, and posting it on the RE’s website so as to ensure that the customers do not continue to deal with the service provider.
    • Fraud committed by the service provider
    • Leakage of information / data
    • Breach of confidentiality or code of conduct by the service provider
    • Blacklisting of the service provider by GoI, RBI, SEBI, or any other regulator / supervisory authority
  • If a service provider’s contract is terminated prematurely prior to the completion of the contracted period of service, on account of the reasons mentioned below (indicative in nature), Indian Banks' Association (IBA) / respective RBI-recognised Self-Regulatory Organizations (SROs) would have to be informed of the reasons for termination. IBA / respective RBI-recognised SROs would be maintaining a caution list of such service providers for sharing among themselves and the respective member REs.
    • Fraud committed by the service provider
    • Leakage of information / data
    • Breach of confidentiality or code of conduct by the service provider
    • Blacklisting of the service provider by GoI, RBI, SEBI, or any other regulator / supervisory authority
  • Some of the key risks in outsourcing that need to be evaluated by the REs are - Compliance Risk, Concentration and Systemic Risk, Contractual Risk, Counterparty Risk, Country Risk, Exit Strategy Risk, Legal Risk, Operational Risk, Reputation Risk, Strategic Risk.
What are the reporting requirements for REs?
  • REs shall immediately notify the supervisory authority in the event of any significant problems that have the potential to materially affect the outsourcing arrangement and, as a consequence, materially affect the business operations, profitability, reputation or strategies of the RE.
  • REs shall report all material financial outsourcing arrangements (including arrangements involving extensive data sharing across geographic locations as part of process outsourcing and when data pertaining to Indian operations are processed abroad) to the supervisory authority on a quarterly basis.
  • REs shall submit an Annual Compliance Certificate giving the particulars of outsourcing contracts, the prescribed periodicity of audit by internal / external auditor, major findings of the audit and action taken through the Board, to their respective supervisory authorities.

References

Reserve Bank of India. (2023, October 26). 'Draft Master Direction on Managing Risks and Code of Conduct in Outsourcing of Financial Services'. Retrieved from https://www.rbi.org.in/scripts/bs_viewcontent.aspx?Id=4334

Reserve Bank of India. (2023, October 26). 'RBI invites comments on draft Master Direction on Managing Risks and Code of Conduct in Outsourcing of Financial Services'. Retrieved from https://rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=56630


Follow at - Telegram   Instagram   LinkedIn   X   Facebook

Labels:

Comments

Post a Comment

Popular Posts

Reserve Bank - Integrated Ombudsman Scheme, 2026 (RB-IOS, 2026)

Reserve Bank of India (RBI) has issued Reserve Bank - Integrated Ombudsman Scheme, 2026. Who is RBI Ombudsman and RBI Deputy Ombudsman? RBI may appoint one or more of its officers as RBI Ombudsman and RBI Deputy Ombudsman, to carry out the functions entrusted to them under the Reserve Bank - Integrated Ombudsman Scheme (RB-IOS).  The appointment of RBI Ombudsman or RBI Deputy Ombudsman shall be for up to 3 years at a time. RBI Ombudsman shall have the power to examine and close all complaints.   RBI Deputy Ombudsman shall have the power to close those complaints falling under clause 10 of the RB-IOS (i.e. non-maintainable complaints) and complaints resolved as per the provisions of the clause 14(8)(a) to 14(8)(c) of the RB-IOS (i.e. complaint resolved / withdrawn). Which entities are covered under the RB-IOS? RB-IOS shall be applicable to the following Regulated Entities (REs) – Commercial Banks Regional Rural Banks  State Co-operative Banks Central Co-operative Bank...
Post a Comment
Read more

Financial Literacy Week (FLW) 2026

Reserve Bank of India (RBI) has observed financial literacy week from February 09 to 13, 2026. Financial Literacy and Financial Education Organization for Economic Co-operation & Development (OECD) defines ‘financial literacy’ as a combination of financial awareness, knowledge, skills, attitude and behaviour necessary to make sound financial decisions and ultimately achieve individual financial well-being.  OECD defines ‘financial education’ as the process by which financial consumers / investors improve their understanding of financial products, concepts and risks and through information, instruction and / or objective advice, develop the skills and confidence to become more aware of financial risks and opportunities, to make informed choices, to know where to go for help and to take other effective actions to improve their financial well-being. Financial Literacy Week (FLW) Reserve Bank of India (RBI) has been observing Financial Literacy Week (FLW) every year since 2016 to p...
Post a Comment
Read more

Internal Ombudsman for Regulated Entities (Banks, NBFCs, PPI Issuers and CICs)

Reserve Bank of India (RBI) has issued directions on Internal Ombudsman for regulated entities. To whom shall the directions on Internal Ombudsman (IO) be applicable? The directions on IO shall be applicable to the following Regulated Entities (REs) – Commercial Banks (other than Small Finance Banks, Payment Banks, and Local Area Banks) having 10 or more banking outlets in India as on March 31, 2025, whether such bank is incorporated in / outside India Small Finance Banks having 10 or more banking outlets in India as on March 31, 2025 Payments Banks having 10 or more banking outlets in India as on March 31, 2025 Non-Banking Financial Companies (NBFCs) fulfilling the following criteria as on March 31, 2025 – Deposit-taking NBFCs (NBFCs-D) with 10 or more branches Non-Deposit taking NBFCs (NBFCs-ND) with asset size of ₹5,000 crore and above and having public customer interface Non-Bank Prepaid Payment Instruments Issuers having more than 1 crore Prepaid Payment Instruments (PPIs) outstan...
Post a Comment
Read more

What is Reserve Bank of India – Digital Payments Index (RBI-DPI)? (Updated on February 12, 2026)

There have been continuous efforts by various stakeholders for digitization of payments in the country. But how to we measure the impact of these efforts?  What is Reserve Bank of India – Digital Payments Index (RBI-DPI)? Reserve Bank of India (RBI) has constructed a composite Digital Payments Index (DPI) to capture the extent of digitization of payments across the country. What are the parameters of RBI-DPI? The RBI-DPI comprises of five broad parameters that enable measurement of deepening and penetration of digital payments in the country over different time periods. These parameters along with their weights in the RBI-DPI are as follows –  Payment Enablers (25%) Payment Infrastructure – Demand-side factors (10%) Payment Infrastructure – Supply-side factors (15%) Payment Performance (45%) Consumer Centricity (5%).  Each of these parameters have sub-parameters which, in turn, consist of various measurable indicators.  What is the base year for RBI-DPI? The RBI-DPI ...
Post a Comment
Read more

Continuous Clearing and Settlement on Realisation in Cheque Truncation System (CTS) (Updated on December 24, 2025)

Reserve Bank of India (RBI) has issued direction on continuous clearing and settlement on realisation in Cheque Truncation System (CTS). What is Cheque Truncation System (CTS)? Cheque Truncation System (CTS) involves halting the physical movement of the cheque and its replacement by images of the instrument and the corresponding data contained in the MICR line.  In CTS, 3 images are taken of each cheque – front Gray Scale, front Black & White and back Black & White. MICR (Magnetic Ink Character Recognition) is a 9-digit code printed at the bottom of cheques using magnetic ink – first 3 digits indicate City Code, middle 3 digits indicate Bank Code and the last 3 digits indicate Bank Branch Code. Only CTS-2010 standards compliant instruments can be presented for clearing through CTS. The presenting banks which truncates the cheques need to preserve the physical instruments for 10 years. From when will the continuous clearing and settlement on realisation in CTS be implemented...
Post a Comment
Read more