INDIA Law and Practice Contributed by: Shilpa Mankar Ahluwalia, Purva Anand and Ansh Jain, Shardul Amarchand Mangaldas & Co
Outsourcing Guidelines The RBI has introduced guidelines for outsourcing of activities by REs (the “Outsourcing Guidelines”). These guidelines require that banks, NBFCs and PSOs have a board-approved outsourcing policy and that they do not outsource “core management functions”, including internal audit, undertaking regulatory compliance, and decision-making roles such as determining compliance with KYC requirements, etc. The RBI imposes a geo - graphical limitation in connection with even the out - sourcing of non-core functions – the service provider must not, even in such permissible cases, be situated outside India. Moreover, any outsourced functions have to be duly supervised by the RE outsourcing the activi - ties. The RBI also prescribes mandatory contractual terms for such outsourcing contracts. 2.9 Gatekeeper Liability The RBI imposes all gatekeeping obligations on the entities directly regulated and supervised by it (the REs) – and in connection with whom suitable correc - tive and/or enforcement action can be undertaken by the RBI. Illustratively: • banks, NBFCs and PSOs are required to retain ultimate control over any outsourced activities and cannot pass on customer accountability to the service provider; • PAs are responsible for checking the technical and security infrastructure of the merchants onboarded by them, and for assessing compliance with regu - latory and industry security standards; and • banks and NBFCs that lend through partner digital lending platforms are required to ensure that their names are disclosed on such lending platforms, and have the primary responsibility to comply with the DL Guidelines. A standard industry practice is that the risks borne by REs as gatekeepers are contractually passed on to unregulated entities, backed by suitable indemnity and termination of access provisions. However, while the costs associated with non-compliance can be passed on contractually, the reputational risks con - tinue to rest with the RE. In some cases, the RBI even specifies the contractual safeguards that an RE must build in, to ensure the regulatory compliance of the unregulated partner or service provider.
established with a view to creating an innovative and robust payment and settlement infrastructure in India. UIDAI UIDAI is a statutory body responsible for administer - ing the Aadhaar programme – the largest identity pro - ject in India and one of the largest globally. UIDAI has been central to framing the rules governing the use of Aadhaar by fintech players as a means for customer onboarding and verification. IRDAI IRDAI is the primary regulator in the insurance sector in India and supplements the regulatory framework of the RBI applicable to fintech players, specifically for insurtech elements. SEBI SEBI is the key financial markets regulator in India charged with the function of regulating the securities market and protecting investor interest. It has jurisdic - tion over aspects of fintech related to robo-advisers, algorithmic trading and financial research platforms, although these areas are still nascent in India. 2.7 No-Action Letters Financial regulators in India have typically not issued no-action letters for the fintech sector. The RBI does not issue no-action letters, although the fintech department of the RBI holds monthly virtual meetings with fintechs – “Finteract” and “Finquiry” sessions – which provide a platform to interact with the regulator and obtain verbal non-binding guidance. SEBI, however, issues no-action letters in the form of non-binding informal guidance letters under the SEBI (Informal Guidance) Scheme, 2003. 2.8 Outsourcing of Regulated Functions The permissibility of outsourcing regulated financial and IT functions in the Indian fintech space is gov - erned largely by outsourcing guidelines issued by the RBI, which are applicable to banks and NBFCs and (separately) to PSOs. Broadly, the core regulated activities cannot be outsourced to unregulated enti - ties.
364 CHAMBERS.COM
Powered by FlippingBook