Reserve Bank of India

22 kb
Date : 17 Jul 1999
Chapter - 4 : Outsourcing of Technology and Services
4.1 Introduction : 4.1.1. The Committee on Banking Sector Reforms (Narasimham Committee – II ) had outlined the need for the preparation of guidelines for actively pursuing outsourcing many of the activities of banks and that an expert Committee / task force be set up for this purpose. 4.1.2 With a view to providing an overview of the requirements for outsourcing technology and to providing banks with guidelines in this regard, a feedback on outsourcing was obtained from banks. Such data, coupled with the literature available on this subject and the discussions held with experts from banks, technical and other professionals, the Committee identified the following areas for focussed attention: Types of services that could be outsourced Technical specifications of services required to be outsourced Minimum essential qualifications of firms / organisations that provide the solutions Criteria to be followed in the selection of service providers 4.1.3 The Committee recognised the heterogeneous levels of technology adoption at various banks in the country. Many of the latest entrants to banking have adopted modern technology. In most of the cases – whether among the existing banks or among the new entrants – technology upgradation has been mostly outsourced, with the levels of outsourcing varying from bank to bank. 4.2 Outsourcing Considerations 4.2.1 Outsourcing technology has two main components – hardware and software. Hardware outsourcing, including acquisition and upgradation of hardware components has been the practice at all the banks. Software outsourcing has been resorted to by most of the banks; in a few cases, however, some banks have developed application software in-house. 4.2.2 Historically, most of the banks in the country have been outsourcing their software requirements and then resorting to customisation of the software in-house. Many banks have procured customised software from vendors directly. 4.2.3 Software technology, by its very nature would be subject to very frequent changes consummerate with developments in Information Technology. Most of the banks may not have technically qualified personnel who would have acquired the skills for continued upgradation at levels on par with the IT industry. For availing the fruits of latest developments in the IT industry to be available to the banks, outsourcing software technology would be the best option. The software thus outsourced could be customised to meet the specific requirements of the bank concerned. The customisation could either be outsourced or performed in-house depending on the availability of core IT competencies at the individual banks. 4.2.4 Yet another aspect that requires to be addressed is the regular maintenance and upgradation of software that has been outsourced. Two options are available for this activity – the bank could either maintain the software in-house (this would be the logical corollary if the bank had opted for customisation to be performed in-house) or could outsource the maintenance as well. 4.2.5 One of the ways to solve the problems arising out of the above position is to form Information Technology subsidiaries by a bank or a group of banks. This has been tried in the recent past with mixed results. Given the nature of the IT industry with its capacity to attract the best talent at very competitive terms, the employee turnover in such organisations has been very high. Further, the scale of operations of such subsidiaries to be of help to banks throughout the country would have to be as large as the ones set up by some of the internationally renowned IT firms. It would, in fact, be necessary for such subsidiaries to be closely connected with technology solution providers in the IT industry – perhaps in the form of joint collaboration with them, but such solutions, if strongly pursued, may become effective only over the medium term. 4.2.6 The best option, therefore, would be to outsource software technology except when in-house competency suggests otherwise. 4.3 Guidelines for Outsourcing 4.3.1 It would not be easy to draw exhaustive and all-encompassing guidelines for outsourcing. The level of technical competence at banks has reached a stage where banks have been able to lay their own guidelines for hardware specifications for various applications, as also for system software. A number of banks also have the capability to lay down guidelines for outsourcing software. The Committee, nevertheless, thought it prudent to list out the essential features that have to be borne in mind while outsourcing technology. 4.3.2 The first relates to the strategy of the bank in adopting the type of outsourcing. The major consideration for this would be the competitive edge that the bank seeks through outsourcing. The litmus test of such a strategy lies in the extent of the retention of the various groups of clientele presently being serviced and in the ability to attract newer customer groups. 4.3.2 Once the strategy is in place, the next requirement would be to select the appropriate vendor. The software industry is characterised by the presence of a heterogeneous mix of solution providers – from expert professional organisations of international repute to organisations that have a small-time existence related to a particular technology. The latter often provide solutions that are highly cost-effective but the threat of longevity of life of such software and the recurring cost to be incurred thereupon are the negative factors. At times, small-time software vendors disappear. 4.3.3 The general factors to be reckoned with in the selection of vendors include the following: The standing of the organisation in the Information Technology industry especially in respect of India The image of the organisation in respect of the services offered within the country A successful track record and continued good financial results The existence of support services at locations most advantageous to the bank concerned The availability of competent technically qualified and experienced personnel to provide support in a banking environment The capacity to integrate the benefits of growth in technology and latest trends into various banking related applications The capability to offer service support to ensure continuity of operations at the bank / branch level The strategic alliances with leading international technology service providers, if any 4.3.4 The selection of the vendor should also be related to the past experience of the bank with the vendor; the existing range of applications of the bank; the integration of existing platform / applications with the new solution/s and the general trend in the industry as a whole. 4.3.5 Banks may outsource their application software from more than one vendor wherever possible, but they should ensure seamless interface between software. For this, there would have to be clearly defined roles of the different solution providers especially in applications that are inter-related to avoid hitches later on during implementation / operation. 4.3.6 The terms and conditions governing the outsourcing activity would have to be clearly specified and should be in general consonance with the prevalent practices within the bank in particular and in the banking / IT industry in general. Factors such as security / safety for day to day operations of banks and their data/ records, liability for third party software, confidentiality obligations of the vendors, rights of the bank personnel for access to the vendor’s sites, penalty clauses for delays, error correction / bug rectification etc. should also be integral part of agreements with vendors. 4.3.7 Perhaps one of the most important requirements in outsourcing is the need for obtaining full sets of all documentation from the vendor. Documentation could be of two types – System and User documentation. It is essential that the System documentation detailing all the procedural intricacies of the software, its logic of operations, flow charts, the various parameters/tables etc., is invariably made available, alongwith the user documentation which is generally provided alongwith the software. 4.3.8 Closely related to all the above is the need to get the entire source code for the software that is outsourced. An ESCROW arrangement for the software outsourced may prove to be an ideal solution. 4.3.9 A detailed list of guidelines for a healthy Outsourcing Strategy with impetus on version control is given in Annexure 14. 4.4 Other Issues 4.4.1 Currently, most of the decision making in the technology area is centralised at the Computer Planning and Policy Departments (CPPD) of banks. There is a need for expanding the base especially with a view to making the functionaries at the bottom line of usage – the branches play a vital role in technology upgradation. Branch Managers of computerised branches offer themselves as ideal stakeholders in the Information Technology (IT) policies of banks. 4.4.2 In addition, there is a need for harmonious working relationship with the Inspection / Audit departments of the bank, the controlling offices, the policy framing departments, systems specialists and even major customers. 4.4.3 Another issue that requires attention is the need for computer audit at banks. It would be ideal to develop in-house capability to do management audit of CPPD / IT department. Audit of fully computerised branches and the various computer applications may be outsourced. While it is essential that every new application is subject to pre and post installation audit, a regular audit of say, once in two years would be desirable. The Committee considers it necessary that each bank needs to devise a computer audit manual and appropriate methodologies / systems for conducting computer audit. 4.4.4 Apart from the above, the capability of the CPPD / IT department for selection of applications for outsourcing, choice of vendors, negotiation, managing the contract and the post-installation period for the software, managing future computerised solutions etc., have also to be reviewed on an on-going basis or at least once in three years. 4.4.5 The personnel policies of the bank – not only for computerised operations but also maintenance of outsourced software has to be an area of importance. Human Resource Development (HRD) policies would have to provide for development of skills in house for this activity – both for the development of such skills and to ensure their continued availability for the bank. 4.5 Recommendations 4.5.1 Outsourcing software technology would be the best option for banks to resort to in the context of rapid changes taking place in the IT industry so that the fruits of latest developments are available to our banks. 4.5.2 Software thus outsourced could be customised – either in-house (depending on the availability of core IT competencies at individual banks) or could be outsourced. 4.5.3 It is essential that software that has been outsourced is maintained regularly – either by outsourcing maintenance or by in-house maintenance. 4.5.4 Banks could also form Information Technology subsidiaries – either singly or by a group of banks. Such subsidiaries should be closely connected with technology solution providers. 4.5.5 While outsourcing, banks have to consider the competitive edge acquired by them in relation to the capacity of the software outsourced to retain the existing clientele and the ability to attract newer customer groups. 4.5.6 Based on the above consideration, banks have to select the appropriate vendor. Factors such as their standing in the Indian IT industry, their image in respect of services offered within the country, their successful track record and continued good financial results, location of support services at advantageous locations, availability of competent technically qualified and experienced personnel, their capacity to integrate the benefits of growth in technology and latest trends into various banking related applications, and their strategic alliances with leading international IT service providers have all to be considered while selecting the vendor. 4.5.7 Outsourcing application software from more than one vendor could be resorted to by banks. Seamless interface between different software should, however, be provided for on the basis of clearly defined roles of the different solution providers. 4.5.8 Specific terms and conditions governing the outsourcing activity have to be clearly spelt. Factors such as security, safety for day-to-day operations, integrity of data, liability for third party software, confidentiality obligations, rights of bank personnel to access vendor sites, and penalty clauses for delays should be integral part of agreement with vendors. 4.5.9 Obtaining full sets of documentation – both user and system is essential. 4.5.10 The entire source code should be obtained – if need be under ESCROW arrangement. 4.5.11 There is a need for expanding the current centralised decision making at the CPPD of banks. Branches play a vital role in technology upgradation; they should be ideal stakeholders in the IT policies of banks. 4.5.12 There is a need for harmonious working relationship with the Inspection / Audit departments of banks, controlling offices, the policy framing departments, system specialists and even major customers. 4.5.13 It would be ideal to develop in-house capability to perform management audit of CPPD / IT department. Audit of fully computerised branches and various computer applications may be outsourced. The Committee considers it necessary that each bank needs to devise a computer audit manual and appropriate methodologies / systems for conducting computer audit. 4.5.14 All new applications should be subject to pre-installation and post-installation audit in addition to periodical audit. 4.5.15 The capability of the CPPD / IT department for selection of applications for outsourcing, choice of vendors, negotiation, managing the contract and post-installation of the software, managing future computerised solutions etc., have to be reviewed on an on-going basis or at least once in three years. 4.5.16 The personnel policies of banks should provide for not only computerised operations and maintenance of outsourced software but also to ensure the continued availability of such skills for the banks.

22 kb

Date : 17 Jul 1999

Chapter - 4 : Outsourcing of Technology and Services

4.1 Introduction :

4.1.1. The Committee on Banking Sector Reforms (Narasimham Committee – II ) had outlined the need for the preparation of guidelines for actively pursuing outsourcing many of the activities of banks and that an expert Committee / task force be set up for this purpose.

4.1.2 With a view to providing an overview of the requirements for outsourcing technology and to providing banks with guidelines in this regard, a feedback on outsourcing was obtained from banks. Such data, coupled with the literature available on this subject and the discussions held with experts from banks, technical and other professionals, the Committee identified the following areas for focussed attention:

Types of services that could be outsourced

Technical specifications of services required to be outsourced

Minimum essential qualifications of firms / organisations that provide the solutions

Criteria to be followed in the selection of service providers

4.1.3 The Committee recognised the heterogeneous levels of technology adoption at various banks in the country. Many of the latest entrants to banking have adopted modern technology. In most of the cases – whether among the existing banks or among the new entrants – technology upgradation has been mostly outsourced, with the levels of outsourcing varying from bank to bank.

4.2 Outsourcing Considerations

4.2.1 Outsourcing technology has two main components – hardware and software. Hardware outsourcing, including acquisition and upgradation of hardware components has been the practice at all the banks. Software outsourcing has been resorted to by most of the banks; in a few cases, however, some banks have developed application software in-house.

4.2.2 Historically, most of the banks in the country have been outsourcing their software requirements and then resorting to customisation of the software in-house. Many banks have procured customised software from vendors directly.

4.2.3 Software technology, by its very nature would be subject to very frequent changes consummerate with developments in Information Technology. Most of the banks may not have technically qualified personnel who would have acquired the skills for continued upgradation at levels on par with the IT industry. For availing the fruits of latest developments in the IT industry to be available to the banks, outsourcing software technology would be the best option. The software thus outsourced could be customised to meet the specific requirements of the bank concerned. The customisation could either be outsourced or performed in-house depending on the availability of core IT competencies at the individual banks.

4.2.4 Yet another aspect that requires to be addressed is the regular maintenance and upgradation of software that has been outsourced. Two options are available for this activity – the bank could either maintain the software in-house (this would be the logical corollary if the bank had opted for customisation to be performed in-house) or could outsource the maintenance as well.

4.2.5 One of the ways to solve the problems arising out of the above position is to form Information Technology subsidiaries by a bank or a group of banks. This has been tried in the recent past with mixed results. Given the nature of the IT industry with its capacity to attract the best talent at very competitive terms, the employee turnover in such organisations has been very high. Further, the scale of operations of such subsidiaries to be of help to banks throughout the country would have to be as large as the ones set up by some of the internationally renowned IT firms. It would, in fact, be necessary for such subsidiaries to be closely connected with technology solution providers in the IT industry – perhaps in the form of joint collaboration with them, but such solutions, if strongly pursued, may become effective only over the medium term.

4.2.6 The best option, therefore, would be to outsource software technology except when in-house competency suggests otherwise.

4.3 Guidelines for Outsourcing

4.3.1 It would not be easy to draw exhaustive and all-encompassing guidelines for outsourcing. The level of technical competence at banks has reached a stage where banks have been able to lay their own guidelines for hardware specifications for various applications, as also for system software. A number of banks also have the capability to lay down guidelines for outsourcing software. The Committee, nevertheless, thought it prudent to list out the essential features that have to be borne in mind while outsourcing technology.

4.3.2 The first relates to the strategy of the bank in adopting the type of outsourcing. The major consideration for this would be the competitive edge that the bank seeks through outsourcing. The litmus test of such a strategy lies in the extent of the retention of the various groups of clientele presently being serviced and in the ability to attract newer customer groups.

4.3.2 Once the strategy is in place, the next requirement would be to select the appropriate vendor. The software industry is characterised by the presence of a heterogeneous mix of solution providers – from expert professional organisations of international repute to organisations that have a small-time existence related to a particular technology. The latter often provide solutions that are highly cost-effective but the threat of longevity of life of such software and the recurring cost to be incurred thereupon are the negative factors. At times, small-time software vendors disappear.

4.3.3 The general factors to be reckoned with in the selection of vendors include the following:

The standing of the organisation in the Information Technology industry especially in respect of India

The image of the organisation in respect of the services offered within the country

A successful track record and continued good financial results

The existence of support services at locations most advantageous to the bank concerned

The availability of competent technically qualified and experienced personnel to provide support in a banking environment

The capacity to integrate the benefits of growth in technology and latest trends into various banking related applications

The capability to offer service support to ensure continuity of operations at the bank / branch level

The strategic alliances with leading international technology service providers, if any

4.3.4 The selection of the vendor should also be related to the past experience of the bank with the vendor; the existing range of applications of the bank; the integration of existing platform / applications with the new solution/s and the general trend in the industry as a whole.

4.3.5 Banks may outsource their application software from more than one vendor wherever possible, but they should ensure seamless interface between software. For this, there would have to be clearly defined roles of the different solution providers especially in applications that are inter-related to avoid hitches later on during implementation / operation.

4.3.6 The terms and conditions governing the outsourcing activity would have to be clearly specified and should be in general consonance with the prevalent practices within the bank in particular and in the banking / IT industry in general. Factors such as security / safety for day to day operations of banks and their data/ records, liability for third party software, confidentiality obligations of the vendors, rights of the bank personnel for access to the vendor’s sites, penalty clauses for delays, error correction / bug rectification etc. should also be integral part of agreements with vendors.

4.3.7 Perhaps one of the most important requirements in outsourcing is the need for obtaining full sets of all documentation from the vendor. Documentation could be of two types – System and User documentation. It is essential that the System documentation detailing all the procedural intricacies of the software, its logic of operations, flow charts, the various parameters/tables etc., is invariably made available, alongwith the user documentation which is generally provided alongwith the software.

4.3.8 Closely related to all the above is the need to get the entire source code for the software that is outsourced. An ESCROW arrangement for the software outsourced may prove to be an ideal solution.

4.3.9 A detailed list of guidelines for a healthy Outsourcing Strategy with impetus on version control is given in Annexure 14.

4.4 Other Issues

4.4.1 Currently, most of the decision making in the technology area is centralised at the Computer Planning and Policy Departments (CPPD) of banks. There is a need for expanding the base especially with a view to making the functionaries at the bottom line of usage – the branches play a vital role in technology upgradation. Branch Managers of computerised branches offer themselves as ideal stakeholders in the Information Technology (IT) policies of banks.

4.4.2 In addition, there is a need for harmonious working relationship with the Inspection / Audit departments of the bank, the controlling offices, the policy framing departments, systems specialists and even major customers.

4.4.3 Another issue that requires attention is the need for computer audit at banks. It would be ideal to develop in-house capability to do management audit of CPPD / IT department. Audit of fully computerised branches and the various computer applications may be outsourced. While it is essential that every new application is subject to pre and post installation audit, a regular audit of say, once in two years would be desirable. The Committee considers it necessary that each bank needs to devise a computer audit manual and appropriate methodologies / systems for conducting computer audit.

4.4.4 Apart from the above, the capability of the CPPD / IT department for selection of applications for outsourcing, choice of vendors, negotiation, managing the contract and the post-installation period for the software, managing future computerised solutions etc., have also to be reviewed on an on-going basis or at least once in three years.

4.4.5 The personnel policies of the bank – not only for computerised operations but also maintenance of outsourced software has to be an area of importance. Human Resource Development (HRD) policies would have to provide for development of skills in house for this activity – both for the development of such skills and to ensure their continued availability for the bank.

4.5 Recommendations

4.5.1 Outsourcing software technology would be the best option for banks to resort to in the context of rapid changes taking place in the IT industry so that the fruits of latest developments are available to our banks.

4.5.2 Software thus outsourced could be customised – either in-house (depending on the availability of core IT competencies at individual banks) or could be outsourced.

4.5.3 It is essential that software that has been outsourced is maintained regularly – either by outsourcing maintenance or by in-house maintenance.

4.5.4 Banks could also form Information Technology subsidiaries – either singly or by a group of banks. Such subsidiaries should be closely connected with technology solution providers.

4.5.5 While outsourcing, banks have to consider the competitive edge acquired by them in relation to the capacity of the software outsourced to retain the existing clientele and the ability to attract newer customer groups.

4.5.6 Based on the above consideration, banks have to select the appropriate vendor. Factors such as their standing in the Indian IT industry, their image in respect of services offered within the country, their successful track record and continued good financial results, location of support services at advantageous locations, availability of competent technically qualified and experienced personnel, their capacity to integrate the benefits of growth in technology and latest trends into various banking related applications, and their strategic alliances with leading international IT service providers have all to be considered while selecting the vendor.

4.5.7 Outsourcing application software from more than one vendor could be resorted to by banks. Seamless interface between different software should, however, be provided for on the basis of clearly defined roles of the different solution providers.

4.5.8 Specific terms and conditions governing the outsourcing activity have to be clearly spelt. Factors such as security, safety for day-to-day operations, integrity of data, liability for third party software, confidentiality obligations, rights of bank personnel to access vendor sites, and penalty clauses for delays should be integral part of agreement with vendors.

4.5.9 Obtaining full sets of documentation – both user and system is essential.

4.5.10 The entire source code should be obtained – if need be under ESCROW arrangement.

4.5.11 There is a need for expanding the current centralised decision making at the CPPD of banks. Branches play a vital role in technology upgradation; they should be ideal stakeholders in the IT policies of banks.

4.5.12 There is a need for harmonious working relationship with the Inspection / Audit departments of banks, controlling offices, the policy framing departments, system specialists and even major customers.

4.5.13 It would be ideal to develop in-house capability to perform management audit of CPPD / IT department. Audit of fully computerised branches and various computer applications may be outsourced. The Committee considers it necessary that each bank needs to devise a computer audit manual and appropriate methodologies / systems for conducting computer audit.

4.5.14 All new applications should be subject to pre-installation and post-installation audit in addition to periodical audit.

4.5.15 The capability of the CPPD / IT department for selection of applications for outsourcing, choice of vendors, negotiation, managing the contract and post-installation of the software, managing future computerised solutions etc., have to be reviewed on an on-going basis or at least once in three years.

4.5.16 The personnel policies of banks should provide for not only computerised operations and maintenance of outsourced software but also to ensure the continued availability of such skills for the banks.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Reports