The Reserve Bank of India (RBI) has warned the nation’s finance sector that outsourcing information technology jobs could “expose them to significant financial, operational and reputational risks.”
The RBI offered that opinion last week in a Statement on Developmental and Regulatory Policies that, after considering issues such as emergency lending for healthcare infrastructure and reform of default credit swaps, wends its way to a “Master Direction on IT Outsourcing and Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices.”
That section opens with the observation: “The financial system is seeing extensive leveraging and outsourcing of critical IT services by Regulated Entities to get easier access to newer technologies through financial technology players to improve efficiencies.”
So far, so good. But then the section ramps up, as follows.
A quick reminder: since the late 1990s, India has championed outsourcing IT services and profited mightily as a result. The National Association of Software and Service Companies (NASSCOM), the industry’s lobby group, claims the sector is worth $194 billion a year to India, or eight per cent of gross domestic product, despite the 4.47 million professionals it employs representing less than one per cent of India’s workforce. Representing such a rich sector means NASSCOM’s influence is vast: prime minister Narendra Modi regularly speaks at the Association’s events and lauds its contribution to Indian life.
Now the RBI thinks that the country’s financial services sector needs guidance, so outsourcing doesn’t get it into trouble.
“Aspects such as risk management framework for IT outsourcing, managing concentration risk, periodic risk assessment and outsourcing to foreign service providers require suitable regulatory guidelines,” the Statement urges. It doesn’t specify whether the guidance is needed because India’s financial service sector lacks the skill to conduct proper oversight of outsourcers, or if outsourcers’ practices mean they warrant scrutiny.
Whatever the reason, the RBI will therefore soon issue a document titled Reserve Bank of India (IT Outsourcing) Directions, 2022.
India’s finance sector will also have Reserve Bank of India (Information Technology Governance, Risk, Controls and Assurance Practices) Directions, 2022 to ponder, as the RBI also feels the time has come to update and consolidate its guidance for “Information Security Governance and Controls, Business Continuity Management and Information Systems Audit.”
The Statement does not mention when either document will be published.
During that session, Das likened cryptocurrencies to Tulip Mania – the frenzied trade in flower bulbs that cratered the Dutch economy in the 17th century. He also said that unregulated cryptocurrency threatens to reduce the RBI’s ability to ensure financial stability, hence the nation’s decision to create its own digital currency and tax crypto profits and transactions. ®