RBI dy guv flags risks in digital outsourcing for financial companies

'Inadequate management' of such relationships can expose regulated entities to reputational damage, says M Rajeshwar Rao

Financial companies using digital outsourcing and their “third-party dependencies” have benefits but involve risks, said Reserve Bank of India (RBI) Deputy Governor M Rajeshwar Rao on Monday.

“Poorly managed third-party relationships can expose regulated entities to not only customer dissatisfaction and reputational damage but may also invite regulatory and supervisory actions,” he said while speaking at CareEdge Conversations BFSI — Navigating Growth and Risk.

He further observed that regulated entities must verify the reliability and security of third parties and ensure they meet required standards. The concern pertains to the selection of outsourcing agencies or digital lending service providers (LSPs).

“Regulated entities are increasingly relying on third-party agencies and outsourcing their operations to enhance efficiency, reduce costs, and improve customer experience. However, while third-party dependencies offer several benefits, they also pose certain risks and challenges. One of the primary concerns is the selection of the outsourcing partner or, in the case of digital lending operations, the LSPs,” he explained.

He highlighted that while digital lending guidelines mandate that regulated entities ensure their LSPs have suitable grievance redress mechanisms on their websites or applications (apps), a recent RBI study found that not all LSPs or apps comply with this requirement.

Rao also pointed out that cybersecurity is a critical area where regulated entities must assess the preparedness of third-party service providers to protect their digital assets and customer information.

With the increasing frequency and sophistication of cyberattacks, entities must ensure that service providers deploy robust cybersecurity measures to safeguard against threats. Dependency on third parties can lead to vendor lock-in situations, where entities become reliant on a single vendor for critical services.

This lack of vendor diversification increases dependency risks and limits the flexibility of entities to adapt to changing market conditions or technological advancements, he added.

“Dependency on third parties can also create vendor lock-in situations, where regulated entities become reliant on a single vendor for critical services. This lack of vendor diversification can increase dependency risks and limit the flexibility of entities to adapt to changing market conditions or technological advancements,” reiterated Rao.