Excerpt from Business Standard Article, Published on Oct 27, 2023

The Reserve Bank of India (RBI) is contemplating a significant move to restrict banks and regulated entities from outsourcing the validation of know-your-customer (KYC) compliance. The RBI has published a draft circular on “Managing Risks and Code of Conduct in Outsourcing Financial Services,” outlining this proposed measure.

Basically, the draft says that regulated entities (REs) cannot hire outside help to do their core management tasks. These tasks include making policies, making decisions about KYC compliance, managing investment portfolios, performing compliance tasks, and conducting internal audits. This implies that regardless of service provider involvement, REs must make the final decision to extend credit to a particular customer.

The RBI also underscores the need for REs to establish a board-approved code of conduct for their direct selling agents, direct marketing agents, and recovery agents, ensuring their commitment to adhere to these guidelines.

Additionally, the draft restricts REs and their recovery agents from contacting borrowers or guarantors before 8 a.m. and after 7 p.m. during loan recovery attempts.

To make responsible behavior even better, the RBI requires that DSAs, DMAs, and recovery agents get the right training. This training covers things like how to ask for customers’ permission, when to talk to them, how to protect their data, and how to give correct information about products.

Importantly, the RBI firmly prohibits any form of intimidation or harassment by REs or recovery agents, including verbal or physical acts, false messaging, threatening calls, and misleading representations.

If REs choose to use a template structure for loan approval through a service provider, they must demonstrate that the RE is still in charge of making the lending decisions and the service provider is merely assisting them.

Also, REs that want to outsource their financial tasks need to make a full outsourcing policy that is approved by the board. This policy should include rules for choosing service providers, defining what kind of outsourcing is needed, delegating authority, and setting up systems for monitoring and reviewing.

The Reserve Bank of India says that the board and senior management should be in charge of overseeing the risks that come with outsourcing agreements and judging them using a set of rules. Key risks include compliance, concentration, systemic, contractual, and counterparty risks.

This development reflects the RBI’s commitment to bolstering governance and risk management within the outsourcing landscape.

To delve deeper into this topic, please read the full article on Business Standard