Sebi plans new outsourcing policy for exchanges, key entities
To safeguard capital markets from outside risks, regulator Sebi will soon issue a new set of guidelines to govern outsourcing by stock exchanges and other key entities in the marketplace.
The new guidelines will ensure that exchanges, clearing corporations and depositories do not outsource their core and critical activities to third-parties, while they would need to put in place a robust system to monitor outsourced activities on a real-time basis.
The outsourcing policy for stock exchanges and clearing corporations has been discussed by Sebi's Technical Advisory Committee (TAC), while its Depository System Review Committee has also given its recommendations on the need to regulate outsourcing by the depositories, a senior official said.
Consequently, Sebi has decided to issue a consolidated circular on outsourcing for stock exchanges, depositories and clearing corporations, he added.
Major exchanges in the country include BSE and NSE, both of which have their own clearing corporation arms. The two depositories registered with Sebi (Securities and Exchange Board of India) are NSDL and CDSL.
It has been felt that there is a need for further focus and strengthening of guidelines in the area of outsourcing by depositories.
In its recommendations, the Depository System Review Committee said that caution should be exercised while outsourcing and wherever possible depositories should put in place various controls to ensure that there is check on the activities of outsourced entity, especially to monitor that outsourced activities are not further outsourced downstream.
Besides, core and critical activities of depositories should not be outsourced, while similar recommendations have been made for the exchanges and the clearing corporations.
It has also been suggested that the core IT support infrastructure and functions for running core activities of these market infrastructure institutions should not be outsourced to the extent possible.
Wherever outsourcing is allowed, the key market entities will need to ensure that risk impact analysis is undertaken, only reputed entity with proven high delivery standards are selected and appropriate back-up and restoration systems are put in place.
Besides, they would need to monitor and have checks and overall controls over the outsourced entity on a real-time basis.
The depositories and other key market entities would also need to ensure proper audit of the implementation of risk assessment and mitigation measures listed in the outsourcing policy document, the outsourcing agreement and the service- level agreements pertaining to IT systems, among other measures.