What are the Implications of the New Outsourcing Framework for Non-Bank PSOs?
In the year 2020, the RBI or Reserve Bank of India had released some guidelines regarding the regulation of Payment Aggregators and Payment Gateways. According to the present framework, NBFCs and banks are required to follow various rules for outsourcing financial services, which comprise performing Due Diligence of service providers, estimating the threat and ability of service providers & supervising outsourced activities. Scroll down to check more information regarding the new outsourcing framework for Non-Bank PSOs.
In 2021 the RBI brought forth an outsourcing framework to control outsourcing of settlement & payments related activities by Non-Bank PSOs (Payment System Operators), comprising card networks and PPI (Prepaid Payment Instrument) companies in India. The Non-bank PSOs must obey the new framework by March 31 next year.
Meaning of Payment System & Payment System Operators
- Payment System Operators: Through the services they expand and the model types on which they function, outsource their payment & settlement concerning activities to different companies, and it has been permitted an authorisation for the payment system operation.
- Payment Systems: It mentions a system that is utilised to do financial transactions via financial value transfer and includes various mechanisms that aid in the Transfer of Funds. In India, the Board for Supervision & Regulation of Payment & Settlement Systems is the uppermost policy-making body on payment systems.
What is the Pertinence of the New Outsourcing Framework for Non-Bank PSOs?
The new structure or framework shall apply to all Non-bank PSOs outsourcing payments & settlements concerning activities to service providers and 3rd party operators. Further, this framework will also apply to service providers to Non-bank Payment System Operators operating outside India.
Different Provisions of the New Framework
Following are some vital provisions of the new framework for Non-Bank PSOs:
- Monitoring and Control: The Non-Bank Payment System Operators shall be vital to use full control over the outsourced activities, and they will be accountable for any non-compliance concerning the outsourced activities undertaken by the service providers. Further, they will be important to use in progress diligence on service providers and ensure that service providers are obeying laws applicable.
- Activities Prohibited: Non-Bank Payment System Operators shall be forbidden to outsource core management functions, including risk management, decision-making, or internal audits such as KYC rules compliance to 3rd party service providers. Further, those Non-Bank Payment System Operators who outsourced their client complaint redressal function shall offer their clients direct access to the particular nodal officers, which will permit clients to raise complaints or grievances to nodal officers if required. This clear separation between prohibited & permissible outsourcing activities will offer improved clarity to Non-Bank Payment System Operators on how to function in India.
- Responsibilities of Board & Management: Non-Bank Payment System Operators board and their senior management will be required to review the outsourcing policies periodically & also estimate threats. It will also confirm that sufficient measures are taken by the service providers while obeying the new outsourcing structure.
- Outsourcing Agreement & Policy: Non-Bank Payment System Operators will need board consent for outsourcing policy, and there should be a well-informed outsourcing agreement in place. The new structure also furnishes specific clauses that should be comprised in the outsourcing agreement, inter alia.
- Continuity of business & risk management plans;
- Privacy of customer and protection Non-Bank Payment System Operators should ensure that they keep the client’s confidential information, and they should supervise the security practices of the service providers. The Non-Bank Payment System Operators should make sure or confirm that localisation of data necessities is followed by the service providers.
Non-Bank Payment System Operators (PSOs) should make sure that service providers have framework and contingency plans for continuity of data recovery & business.
- Outsourcing within Group Companies & Off-shore Outsourcing restrictions:
Non-bank PSOs should make sure that group companies obey the new outsourcing framework. Moreover, they are required to tell clients about any activities executed by the group companies. Those Non-Bank Payment System Operators (PSOs) who outsource Payment & Settlement activities to the off-shore company have to carefully assess the threat and make sure that the privacy of client data.
Implications of the New Framework for Non-Bank PSOs
The extra necessities, which is to be followed as per the new outsourcing framework within the group and to off-shore companies, is planned to make sure the group and off-shore companies will offer data security of clients and all related compliances. But, this improvement can impact the existing payment companies operation & could also hinder the technological improvements in the industry. The new outsourcing framework can help regulate Non-Bank PSOs in India, also decreasing the risk increasing from outsourcing of core activities by Non-Bank Payment System Operators. On the other side, it can considerably increase compliances for such companies, which can serve as trouble.
This is a measure that can aid in safeguarding the clients’ interest; however, if we want to observe more new players, then the regulatory approach towards Fintech entities should be more balanced. It will aid in satisfying the present Non-Bank Payment System Operators growth in India.
The Non-Bank PSOs must obey the new outsourcing framework by March 31 next year. It shall apply to Non-Bank Payment System Operators outsourcing Payments & Settlement related works to service providers & 3rd party operators.
Read our article:Process of NBFC Merger as per Companies Act 2013