Securities and Exchange Board of India
CIR/MRD/DP/19/2015 December 09, 2015
Dear Sir / Madam,
Subject: Outsourcing by Depositories
1. SEBI has vide circular CIR/MIRSD/24/2011 dated December 15, 2011 prescribed Guidelines on Outsourcing of Activities by Intermediaries. These guidelines list out certain principles for outsourcing to be followed by all the intermediaries registered with SEBI.
2. The Depository System Review Committee (DSRC) examined the outsourcing practice followed by the Depositories on various parameters. Based on recommendations by DSRC, the depositories are advised to ensure the following
: i. Depositories shall formulate and document an outsourcing policy duly approved by their Board based on the guidelines given below and the principles outlined in the SEBI circular CIR/MIRSD/24/2011 dated December 15, 2011.
Core activities of Depositories
ii. Core and critical activities of depositories shall not be outsourced. The core activities of the depositories shall include but not limited to the following:
a. Processing of the applications for admission of Depository Participants (DPs), Issuers and Registrar & Transfer Agents (RTAs).
b. Facilitating Issuers/RTAs to execute Corporate Actions.
c. Allotting ISINs for securities. d. Maintenance and safekeeping of Beneficial Owner’s data.
e. Execution of settlement and other incidental activities for pay-in/ payout of securities.
f. Execution of transfer of securities and other transactions like pledge, freeze, etc.
g. Provision of internet based facilities for access to demat accounts and submitting delivery instructions.
h. Ensuring continuous connectivity to DPs, RTAs, Clearing Corporations and other Depository.
i. Monitoring and redressal of investor grievances.
j. Inspection of DPs and RTAs.
k. Surveillance Functions.
l. Compliance Functions
iii. Core IT (Information Technology) support infrastructure / activities for running the core activities of depositories shall not be outsourced to the extent possible.
iv. The depositories shall conduct appropriate due diligence in selecting the third party to whom activity is proposed to be outsourced and ensure that only reputed entities having proven high delivery standards are selected.
Risk Management & Monitoring
v. Depositories shall ensure that outsourced activities are further outsourced downstream only with the prior consent of the depository and with appropriate safeguards including proper legal documentation/ agreement.
vi. Depositories shall ensure that risk impact analysis is undertaken before outsourcing any activity and appropriate risk mitigation measures like back up/ restoration system are in place.
vii. An effective monitoring of the entities selected for outsourcing shall be done to ensure that there is check on the activities of outsourced entity. Depositories shall strive to automate their processes and workflows to the extent possible which shall enable real time monitoring of outsourced activities.
viii. The outsourcing policy document shall act as a reference for audit of the outsourced activities. Audit of implementation of risk assessment and mitigation measures listed in the outsourcing policy document and outsourcing agreement/ service level agreements pertaining to IT systems shall be part of System Audit of Depositories.
3. The Depositories shall implement the provisions of this circular within three months from the date of this circular. The Depositories are advised to:-
i. make amendments to the relevant Bye-Laws, Business Rules / Operating Instructions for the implementation of the above decision, as may be applicable/necessary;
ii. disseminate the provisions of this circular on their website
4. This circular is being issued in exercise of powers conferred under Section 11(1) of the Securities and Exchange Board of India Act, 1992 read with Section 19 of the Depositories Act, 1996 in the interests of investors in securities and to promote the development of, and to regulate the securities market.
Susanta Kumar Das Deputy