On August 3, 2021, the Reserve Bank of India (RBI) issued the framework to non-bank Payment System Operators’ (PSOs) Outsourcing of Payment and Settlement-related Activities (including onboarding customers, IT-based services, etc) to service providers.
- RBI has set a deadline of March 31, 2022, for PSOs to comply with the framework. The frameworks are applicable to a service provider, located in India or abroad.
Who are PSOs?
They are the Pre-Paid Payment Instruments (PPIs), card schemes, cross-border in-bound money transfers, Automated Teller Machine (ATM) networks and centralised clearing arrangements, who are authorised by RBI under Payment and Settlement Systems Act, 2007 for Setting up and Operating Payment System in India (eg. Paytm, PhonePe, Mastercard, Visa, etc).
What is Outsourcing?
It is the use of a third party (i.e. service provider/ outsourced agency) by PSO for a limited period to perform the activities that have to be undertaken by PSO (now/ future).
RBI’s Framework over Outsourcing:
i.RBI has restricted the PSO’s from outsourcing Core management functions such as risk management, information technology & information security management, internal audit, and determining compliance with KYC (Know Your Customer) norms.
ii.The PSO’s are directed to evaluate the need for outsourcing its critical processes and activities, and the selection of service providers based on comprehensive risk assessment.
iii.PSO’s Supervisory Requirement:
- Even after outsourcing, the PSO’s should hold the ultimate control of the outsourced activity and they will be responsible for it. They will also be liable for the actions of the service providers.
- Outsourcing should not affect the rights of a customer or participant of a payment system against the PSO.
- PSO’s should take the responsibility of addressing the grievances of their customers related to the services provided by the service provider.
- If a PSO has outsourced its customer grievance redressal function, it should provide the option of direct access to its nodal officials for raising complaints.
iv.PSOs need to maintain the customer information confidentially (under service provider also) and should notify RBI in case of any breach of security and leakage.
Note – RBI’s prior approval is not required for outsourcing by PSOs. The frameworks are issued under Section 10 (2) read with Section 18 of Payment and Settlement Systems Act, 2007 (Act 51 of 2007).
About Service Provider:
i.Service provider: It includes – vendors, payment gateways, agents, consultants that are engaged in the activity of payment and settlement systems.
ii.Secondary service providers: The service providers may also further outsource the whole/part of the activity, which is outsourced to them by the PSO. They are considered as the secondary service providers (i.e., sub-contractors).
iii.The service provider will not be owned/controlled by any director of the PSO/ their relatives (Unless it is a group company of the PSO).
-RBI Imposed Rs 6 lakh Penalty on Hewlett-Packard Financial Services
i.RBI has imposed a monetary penalty of Rs 6 lakh on Hewlett-Packard Financial Services (India) Private Ltd, Bengaluru, Karnataka, for non-compliance with the statutory directions issued by RBI on submission of credit information to Central Repository of Information on Large Credits and submission of credit data to Credit Information Companies.
ii.The penalty was issued under the provisions of the RBI Act, 1934 and the Credit Information Companies (Regulation) Act, 2005.
Recent Related News:
On April 7, 2021, the RBI extended the membership of Centralised Payment Systems (CPSs) facilities such as National Electronic Funds Transfer (NEFT) and Real-Time Gross Settlement (RTGS) to non-bank payment system operators.
About Reserve Bank of India (RBI):
Establishment – 1st April 1935
Headquarters – Mumbai, Maharashtra
Governor – Shaktikanta Das
Deputy Governors – Mahesh Kumar Jain, Michael Debabrata Patra, and M Rajeshwar Rao, T. Rabi Sankar