The Reserve Bank of India (RBI) has issued a framework for payment and settlement related activities by payment system operators (PSOs). The framework seeks to put in place minimum standards to manage risks in outsourcing of payment and/or settlement-related activities. This includes incidental activities such as the onboarding of customers, IT based services, etc. Unless it a group company owned by the PSO, the service provider to whom the work is being outsourced to cannot be owned or controlled by any director or officer of the PSO or their relatives. PSOs shall exercise due diligence, put in place risk management practices for effective oversight, and manage risks arising from such outsourcing.
Core management functions such as risk management, internal audit, compliance and decision-making functions such as determining compliance with KYC norms cannot be outsourced. For internal audit, auditors may be appointed from the PSO's employees or from the outside on contract. PSOs will not have to seek prior approval from the RBI for outsourcing. Outsourcing activities shall not reduce the obligations of the PSO and its board and senior management. The PSO shall be liable for the actions of its service providers and shall retain ultimate control over the outsourced activity. Operators have been asked to ensure compliance by March 31, 2022.