The Securities and Exchange Board of India (Sebi) has directed market intermediaries not to outsource core business activities and compliance functions. The direction comes in the wake of instances wherein intermediaries resorted to outsourcing, to reduce costs and at times, for strategic reasons.
The regulator wants all market intermediaries to “have in place a comprehensive policy to guide the assessment of whether and how those activities can be appropriately outsourced”. The board or the partners of the entity will be responsible for framing the outsourcing policy and related overall responsibility for activities undertaken under that policy.
For instance, an activity cannot be outsourced if it would impair the supervisory authority’s right to assess or its ability to supervise the business of the intermediary. The intermediary will also need to establish a comprehensive outsourcing risk management programme to address the outsourced activities and the relationship with the third party.
Further, one will have to ensure that the outsourcing arrangements neither diminish its ability to fulfill its obligations to customers and regulators, nor impede effective supervision by the regulators. The intermediary will also have to conduct appropriate due diligence in selecting the third party and in monitoring its performance.
According to a circular issued by Sebi, all outsourcing relationships will have to be governed by written contracts that clearly describe all material aspects of the outsourcing arrangement, including the rights, responsibilities and expectations of the parties to the contract, client confidentiality issues, termination procedures, etc.
The intermediary and its third parties will have to establish and maintain contingency plans, including a plan for disaster recovery and periodic testing of backup facilities.
The intermediary will also have to take appropriate steps to require that third parties protect confidential information of both the intermediary and its customers from intentional or inadvertent disclosure to unauthorised persons.
