Understanding SEBI’s Guidelines on Outsourcing for Intermediaries

Introduction

The Securities and Exchange Board of India (SEBI) provides guidelines for outsourcing of activities by intermediaries. These guidelines are designed to ensure that intermediaries maintain high standards of service and diligence, even when outsourcing certain activities. This blog post will summarize the key highlights and principles of these guidelines, who they apply to, and the implications for intermediaries.

Who Does It Apply To?

These guidelines apply to all intermediaries registered with SEBI, including:

• Merchant Bankers

• Registrars to an Issue and Share Transfer Agents

• Debenture Trustees

• Bankers to an Issue

• Underwriters

• Credit Rating Agencies

• Mutual Funds

• Portfolio Managers

• Venture Capital Funds

• Collective Investment Schemes

• Custodians

• Stock Exchanges (for stock brokers)

• NSDL/CDSL (for Depository Participants)

Chapter Highlights:

1. Introduction and Context: SEBI emphasizes the need for intermediaries to maintain high service standards and exercise due diligence. Outsourcing is often used to reduce costs or for strategic reasons but carries various risks, including operational, reputational, and legal risks.

2. Principles for Outsourcing: Intermediaries should have a comprehensive outsourcing policy covering:

• Evaluation of risks

• Approval authorities for outsourcing

• Selection criteria for third parties

• Regular policy reviews

3. Activities That Shall Not Be Outsourced: Core business activities and compliance functions, such as:

• Execution of orders and client trading monitoring for stock brokers

• Dematerialization of securities for depository participants

• Investment-related activities for Mutual Funds and Portfolio Managers

4. Other Obligations: Intermediaries must:

• Report suspicious transactions to the Financial Intelligence Unit (FIU)

• Conduct self-assessments of existing outsourcing arrangements within six months to ensure compliance with the guidelines

5. Comprehensive Outsourcing Policy: A detailed policy should guide:

• What can be outsourced

• Who approves outsourcing

• Selection of third-party providers

6. Risk Management Programme: Intermediaries must:

• Assess outsourcing risks based on the scope and materiality of the activity

• Ensure arm’s length distance from third parties to avoid conflicts of interest

• Keep comprehensive records of all outsourced activities

7. Accountability and Regulatory Compliance: Intermediaries remain fully accountable for outsourced activities and must ensure:

• Outsourcing does not affect their obligations to customers and regulators

• Regulatory authorities have access to outsourced premises and data

8. Due Diligence and Monitoring: Proper due diligence must be conducted, assessing:

• Financial soundness and capability of third parties

• Compatibility with the intermediary’s objectives

• Market reputation and past performance of third parties

9. Written Contracts: Outsourcing relationships must be governed by clear, legally binding contracts detailing:

• Service levels

• Responsibilities and obligations

• Confidentiality and data protection clauses

• Termination procedures

10. Contingency Plans: Both intermediaries and third parties should have:

• Disaster recovery plans

• Periodic testing of backup facilities

• Robust IT security measures

11. Confidentiality Protection: Intermediaries must ensure third parties protect:

• Proprietary and customer information from unauthorized disclosure

• Implement strict access controls and data security measures

12. Managing Concentration Risks: Intermediaries must ensure that outsourcing to a limited number of third parties does not lead to co-mingling of information or concentration risks.

Conclusion:

SEBI’s guidelines on outsourcing are crucial for intermediaries to manage risks and maintain compliance. By following these principles, intermediaries can ensure that outsourcing does not compromise their service standards or regulatory obligations. These guidelines emphasize the importance of comprehensive policies, risk management, due diligence, and robust contractual agreements to safeguard the interests of investors and maintain market integrity.

For more details, you can access the full circular on SEBI’s website under the categories “Legal Framework” and “Circulars”.

Reference:

https://www.sebi.gov.in/legal/circulars/dec-2011/guidelines-on-outsourcing-of-activities-by-intermediaries_21752.html