Securities and Exchange Board of India (Sebi) issued a new set of guidelines governing outsourcing by depositories to safeguard capital markets from outside risks.
SEBI norms on outsourcing will ensure depositories do not outsource their core and critical activity to third parties as they need to put in place robust monitoring on a real-time basis.
The depositories have been directed to implement the new guidelines within three months. The two depositories registered with capital market regulator Sebi are NSDL and CDSL.
The core activity of depositories is not limited to processing of applications for admission of depository participants (DPs), issuers and registrar and transfer agents (RTAs), facilitating issuers/RTAs to execute corporate actions and monitoring and redressal of investor grievances.
The core IT support infrastructure and functions for running core activity of these market infrastructure institutions should not be outsourced to the extent possible.
According to SEBI norms on outsourcing the depositories will also have to ensure proper audit of implementation of risk assessment and mitigation measures listed in the outsourcing policy document, the outsourcing agreement and service-level agreements pertaining to IT systems, among other measures.
Also, they need to ensure risk impact analysis is undertaken and only reputed entity with proven high delivery standards are selected and appropriate back-up and restoration systems are put in place.
Besides, they need to monitor and have checks and overall controls over the outsourced entity on a real-time basis.
The Depository System Review Committee (DSRC) has examined the outsourcing practice followed by depositories on various parameters.
Based on recommendations by DSRC, the depositories have been asked to ensure they will formulate and document an outsourcing policy duly approved by their board based on the guidelines given by Sebi.