The new guidelines will ensure that exchanges, clearing corporations and depositories do not outsource their core and critical activities to third-parties, while they would need to put in place a robust system to monitor outsourced activities on a real-time basis.
The outsourcing policy for stock exchanges and clearing corporations has been discussed by Sebi's Technical Advisory Committee (TAC), while its Depository System Review Committee has also given its recommendations on the need to regulate outsourcing by the depositories, a senior official said.
Consequently, Sebi has decided to issue a consolidated circular on outsourcing for stock exchanges, depositories and clearing corporations, he added.
Major exchanges in the country the BSE and the National Stock Exchange, both of which have their own clearing corporation arms. The two depositories registered with Sebi are National Securities Depository Ltd (NSDL) and Central Depository Services Ltd.
It has been felt that there is a need for further focus and strengthening of guidelines in the area of outsourcing by depositories.
In its recommendations, the Depository System Review Committee said caution should be exercised while outsourcing and wherever possible depositories should put in place various controls to ensure that there is check on the activities of outsourced entity, especially to monitor that outsourced activities are not further outsourced downstream.
Besides, core and critical activities of depositories should not be outsourced, while similar recommendations have been made for the exchanges and the clearing corporations.
It has also been suggested that the core information technology (IT) support infrastructure and functions for running core activities of these market infrastructure institutions should not be outsourced to the extent possible. Wherever outsourcing is allowed, the key market entities will need to ensure that risk impact analysis is undertaken, only reputed entity with proven high delivery standards are selected and appropriate back-up and restoration systems are put in place.
Besides, they would need to monitor and have checks and overall controls over the outsourced entity on a real-time basis.
The depositories and other key market entities would also need to ensure proper audit of the implementation of risk assessment and mitigation measures listed in the outsourcing policy document, the outsourcing agreement and the service- level agreements pertaining to IT systems, among other measures.