Dependency on third parties can create vendor lock-in situations, where reliance on a single vendor for critical services or lack of vendor diversification can increase dependency risks and limit the entities’ flexibility to adapt to changing market conditions or technological advancements.
Anshika Kayastha
Published22 Jul 2024, 06:40 PM IST
Reserve Bank of India deputy governor M Rajeshwar Rao. (PTI)
Mumbai: Reserve Bank of India deputy governor M. Rajeshwar Rao on Monday flagged the risks around cybersecurity and growing dependency of financial services companies on outsourcing arrangements, days after a global Microsoft Windows outage disrupted the operations of industries worldwide, including airlines, banks, and hospitals.
“The first issue I would like to discuss is the issue of third-party dependence and outsourcing arrangements in regulated entities (REs), because last Friday essentially reflects the kind of risks I am talking about,” Rao said at the BFSI summit organised by CareEdge Ratings, referring to the Microsoft outage on 19 July.
Rao acknowledged that third-party dependencies and digital outsourcing have become integral to the operations of financial services entities to enhance efficiency, reduce costs, and improve customer experience, but warned that the arrangements pose several concerns such as selection of the outsourcing partner or lending service providers (LSPs) and their reliability, security, and regulatory compliance.
Play
Unmute
Loaded: 4.84%
Fullscreen
“For example, while digital lending guidelines mandate that REs should ensure that LSPs engaged by them have suitable grievance redressal mechanism on their website or apps, a recent study undertaken by us found that not all LSPs or apps have the kind of mechanisms we thought they would,” he said, adding that poorly managed third-party relationships can lead to not only customer dissatisfaction and reputational damage, but may also invite regulatory and supervisory actions.
Also Read | Mint explainer: Why cyber insurance plans may need to include buggy software updates
Rao flagged cybersecurity as another critical area for financial institutions, including the ability to assess and ensure the preparedness of third-party service providers to protect their digital assets and customer information.