The Reserve Bank of India (RBI) recently released the Reserve Bank of India (Outsourcing of Information Technology Services) Directions, 2023 with detailed norms for outsourcing of IT services by banks, NBFCs and regulated financial sector entities to ensure that such arrangements do not undermine their responsibilities and obligations to customers. The underlying principle of the directions is to ensure that outsourcing arrangements neither diminish REs' ability to fulfil its obligations to customers nor impede effective supervision by the central bank. A Regulated Entity (RE) shall take steps to ensure that the service provider employs the same high standard of care in performing the services as would have been employed by the RE, if the same activity was not outsourced and should not engage an IT service provider that would result in reputation of RE being compromised or weakened. 

On governance framework, RBI said a RE intending to outsource any of its IT activities should have a comprehensive board-approved IT outsourcing policy. Further, REs have been told to evaluate the need for outsourcing of IT services based on comprehensive assessment of attendant benefits, risks and availability of commensurate processes to manage those risks.

With a view to provide Regulated Entities adequate time to comply with the requirements, the norms will come into effect from October 1, 2023.

Click the icon to access the RBI Master Directions-