RBI/2008-09/449
Ref. DBS.CO.PPD.BC. 5 /11.01.005/2008-09
April 22, 2009
The Chairman/Managing Director/Chief Executive Officer
All Commercial Banks (Excluding RRBs)
Madam / Dear Sir,
Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial
Services by Banks – Compliance Certificate
Please refer to Para 5.9.3 and 5.9.4 of the guidelines issued as Annex to
circular DBOD.No.BP.40/21.04.158/2006-07 dated November 3, 2006 on the captioned
subject wherein banks have been advised as under:
* Regular audits by either the internal auditors or external auditors of the
bank should assess the adequacy of the risk management practices adopted in
overseeing and managing the outsourcing arrangement, the bank's compliance with
its risk management framework and the requirements of these guidelines.
* Banks should at least on an annual basis, review the financial and operational
condition of the service provider to assess its ability to continue to meet its
outsourcing obligations. Such due diligence reviews, which can be based on all
available information about the service provider should highlight any
deterioration or breach in performance standards, confidentiality and security,
and in business continuity preparedness.
- Banks are now further advised to submit an Annual Compliance Certificate
giving the particulars of outsourcing contracts, the prescribed periodicity of
audit by internal / external auditor, major findings of the audit and action
taken through Board, to the Chief General Manager-in-Charge, Department of
Banking Supervision, Central Office, Reserve Bank of India, Mumbai.
- Please acknowledge receipt.
Yours faithfully,
(S. Karuppasamy)
Chief General Manager-in-Charge