| RBI/2008-09/449 |
| Ref. DBS.CO.PPD.BC. 5 /11.01.005/2008-09 |
April 22, 2009 |
| |
The Chairman/Managing Director/Chief Executive Officer
All Commercial Banks (Excluding RRBs) |
| |
| Madam / Dear Sir, |
| |
Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by Banks – Compliance Certificate |
| |
Please refer to Para 5.9.3 and 5.9.4 of the guidelines issued as Annex to circular DBOD.No.BP.40/21.04.158/2006-07 dated November 3, 2006 on the captioned subject wherein banks have been advised as under:
-
Regular audits by either the internal auditors or external auditors of the bank should assess the adequacy of the risk management practices adopted in overseeing and managing the outsourcing arrangement, the bank's compliance with its risk management framework and the requirements of these guidelines.
- Banks should at least on an annual basis, review the financial and operational condition of the service provider to assess its ability to continue to meet its outsourcing obligations. Such due diligence reviews, which can be based on all available information about the service provider should highlight any deterioration or breach in performance standards, confidentiality and security, and in business continuity preparedness.
2. Banks are now further advised to submit an Annual Compliance Certificate giving the particulars of outsourcing contracts, the prescribed periodicity of audit by internal / external auditor, major findings of the audit and action taken through Board, to the Chief General Manager-in-Charge, Department of Banking Supervision, Central Office, Reserve Bank of India, Mumbai.
3. Please acknowledge receipt. |
| |
| |
| Yours faithfully, |
| |
| |
(S. Karuppasamy)
Chief General Manager-in-Charge |
|