Outsourcing carries risks of reliance on single vendor: RBI Deputy Governor Rao
banks and other regulated entities can create situations of dependence on single vendors for critical services, thus increasing risks, said Reserve Bank of India deputy governor M Rajeshwar Rao, making the observation days after a global outage of Microsoft systems.
Union Budget 2024 Live Updates
«The first issue that I would like to discuss is the issue of third-party dependence and outsourcing arrangements in regulated entities. (After) Last Friday (the day of the Microsoft outage)… I think it essentially reflects the kind of risk which I'm talking about,» Rao said at an event on Monday.
«One of the primary concerns is selection of the outsourcing partner or in case of digital lending operations, the lending service providers (LSPs),» Rao said, adding that regulated entities need to assess reliability, security and regulatory compliance of third parties to ensure that they meet required standards.
Speaking specifically about cybersecurity, Rao said that dependency on third parties could create «vendor lock-in situations» where regulated entities become reliant on a single vendor for critical services. Such a lack of vendor diversification can increase dependency risks and limit the flexibility of entities to adapt to changing market conditions or technological advancements, he said.
Pointing out gaps in adherence to the RBI's norms, Rao pointed out that a recent study undertaken by the central bank had shown that not all LSPs have suitable grievance redressal mechanisms on their websites
