The Reserve Bank of India (RBI) has released a Master Direction project establishing a risk management framework for outsourcing IT services.
The Directorate includes regulations on the management of related concentration risk, periodic risk assessments and the outsourcing of IT services to foreign service providers.
The new regulations come as regulators around the world focus on strengthening the operational resilience of the financial sector. Among these is the Bank of England, which in April shared a series of proposals focused on outsourcing and managing third-party risk within financial market infrastructure (MFI) firms.
In response to the RBI consultation, NCC Group was pleased to offer our insights to strengthen the Master Direction project, particularly around the importance of continuing to recognize software escrow solutions as part of a plan complete business continuity. Our recommendations include:
- Work with other regulators globally to do more to promote and educate financial companies on the benefits of cloud, software and technology escrow solutions as a practical way to manage third party risk.
- This includes standardizing the promotion of cloud, software and technology escrow solutions, aligning senior management with other core guidelines overseen by the RBI and fellow financial regulators.
- Ensure that requirements for the development and regular testing of business continuity and exit plans are part of licensing or contractual agreements between regulated entities and their third-party vendors.
- Greater information sharing to improve shared and contextualized understanding of concentration and cyber risk.
Leading NCC Group’s response to the Bank’s proposals, Wayne Scott, Head of Regulatory Compliance Solutions at NCC Group, said:
“The risks facing financial services are constantly changing, requiring sound risk management to ensure business continuity. The RBI has been at the forefront of operational resilience, promoting escrow solutions as one of the solutions to ensure the continued delivery of important business services.
As RBI finalizes its primary direction, it will be critical to ensure this “resilience by design” approach is reflected in guidance for financial services firms. »