The Reserve Bank of India (RBI) has advised banks to submit an annual compliance certificate underlining the risk management practices adopted in overseeing and managing outsourcing arrangement of banking services.
The new norms form part of a review of the guidelines issued to banks on managing risks and code of conduct in outsourcing financial services.
The certificate provided by the auditor should give the particulars of outsourcing contracts, prescribed periodicity of audit by internal / external auditors, major findings of the audit and action-taken by the bank boards. Thus, regular audits by either internal or external auditors of the bank should assess the adequacy of the risk management practices adopted by the banks and their outsourcing partners.
As per the guidelines issued in 2007, banks were advised to review the financial and operational condition of the service provider and to assess its ability to continue to meet its outsourcing obligations at least on an annual basis. Such due diligence reviews, which can be based on all available information about the service provider should highlight any deterioration or breach in performance standards, confidentiality and security, and in business continuity preparedness.
According to the RBI guidelines, outsourcing is entirely an independent decision wherein the bank would be required to take a view on the desirability of outsourcing related to financial services with regard to all relevant factors, including the commercial aspects. Banks would not require prior RBI approval for outsourcing of financial or other services except where the service provider is located outside India or when the outsourcing is in relation to doorstep banking. However, the banks will have to keep RBI informed of all the financial services outsourced by them.
Banks cannot outsource core management functions such as corporate planning, organisation, management and control and decision-making functions such as determining compliance with know-your-customer (KYC) norms for opening deposit accounts, according sanction for loans and management of investment portfolio.