What changed
RBI formalized risk management guidelines for outsourcing by co-operative banks, defining outsourcing and listing non-outsourceable activities. Banks are given six months to align existing arrangements. Prior RBI/NABARD approval is not needed, but arrangements are subject to monitoring.
What it means for you
Co-operative banks must strengthen oversight of third-party service providers to ensure they meet the same standards as in-house operations. Non-compliance with the ban on outsourcing core functions could invite regulatory scrutiny. Banks need to review contracts and due diligence processes urgently.
What you must do
- Conduct a self-assessment of all existing outsourcing arrangements within six months.
- Ensure core functions like policy formulation, internal audit, KYC compliance, and credit sanction are not outsourced.
- Update board-approved outsourcing policy to align with these guidelines.
- Review service provider contracts to include clauses for RBI/NABARD inspection and data security.
- Document risk management measures for material outsourcing arrangements.
Who it affects
All co-operative banks in India, Board of Directors and Audit Committees of co-operative banks, Internal audit and compliance teams, Third-party service providers to co-operative banks
Do co-operative banks need RBI approval before outsourcing any financial service?
No, prior approval from RBI or NABARD is not required. However, all outsourcing arrangements are subject to on-site/off-site monitoring and inspection by these regulators.
Which activities cannot be outsourced under these guidelines?
Core management functions such as policy formulation, internal audit, compliance with KYC norms, credit sanction, and management of investment portfolio cannot be outsourced.
What is the timeline for compliance with these guidelines?
Co-operative banks must complete a self-assessment of existing outsourcing arrangements and bring them in line with the guidelines within six months from the date of the circular (June 28, 2021).