RBI issues rules for outsourcing of payment, settlement activity by PSOs

The compliance to the new security standards has to be assured by March 31, 2022.

In order to outsource payment and settlement related activities, the PSOs must have board approved policies.

In a circular issued on Tuesday, the RBI said, "The PSOs shall not outsource core management functions, including risk management and internal audit; compliance and decision-making functions such as determining compliance with KYC norms”.

Further the RBI said while considering or renewing an outsourcing arrangement,the PSOs should form get into an agreement that gives them the right to conduct an audit of the service provider and the agreement should also include clauses that it allows RBI to call for inspection of the service provider's accounts.

The agreement should vest in a PSO the authority to access all books, records and information related to the outsourced activity available with the service provider.

“Outsourcing arrangements shall not affect the rights of a customer of a payment system against the PSO, as well as those of a payment system participant against the PSO, including her/his ability to avail grievance redressal as applicable under the relevant laws”, the RBI said.

The RBI has said outsourcing an activity does not relieve the PSO of its responsibilities.

The PSOs should inform the RBI about any breach of security and confidentiality of customer information.

"In such eventualities the PS would be liable to its customers for any damage the," RBI has said.

“Where the service provider acts as an outsourcing agent for multiple PSOs, there should be strong safeguards (including encryption of customer data) to avoid co-mingling of information, documents, records, and assets of different PSOs,” the RBI said.