News and developments
New RBI IT Outsourcing Directions and Key Takeaways for Fintech Agreements
IT services or any other outsourced services contracts entered into by banks and non-banking finance companies (“NBFCs”) were previously governed by the Directions on Managing Risks and Code of Conduct in Outsourcing of Financial Services (“General Outsourcing Guidelines”). With these guidelines in place, all IT services, fintech agreements and digital lending agreements shall have to be compliant with not just the General Outsourcing Guidelines but also the new IT Outsourcing Directions.
Authored by- Anuroop Omkar & Kritika Krishnamurthy Founding Partners AK & Partners New Delhi- India
[1] RBI circular
Key Takeaways
-
Not Applicable on Base Layer NBFCs
- Applicable only to Material Outsourcing of IT Services
- Appendix III provides a list of services which are not considered Outsourcing of IT services
- Corporate Internet banking services are obtained by the REs as corporate customers/sub-members of another regulated RE.
- SMS gateways.
- Any maintenance service provided for IT infra by the Original Equipment Manufacturer.
- Applications are provided by financial sector regulators or institutions like National Stock Exchange, and the Bombay Stock Exchange.
- Any other services subscribed by the RE like anti-virus software, email solutions etc.
- A list of vendors/entities which are not considered third-party service providers, which includes:
- Payment System Operators authorised by the RBI under the Payment and Settlement System Act, 2007 for setting up and operating Payment Systems in India.
- Partnership bases Fintech firms such as those providing co-branded applications, services, and products. These will be considered as outsourcing of financial services.
- A non-exhaustive list of services provided by the fintech firms for data retrieval, data validation, and verification is provided, which includes bank statement analysis, GST returns analysis, fetching of vehicle information, digital document execution, data entry and call centre services.
- Inventory of Outsourced Services
- Data Storage in India
- Audit Rights & Sub-Contractors
- Business Recovery Plan (BRP) and Disaster Recovery Plan (DRP)
- Cross-Border Outsourcing
Authored by- Anuroop Omkar & Kritika Krishnamurthy Founding Partners AK & Partners New Delhi- India
[1] RBI circular