Outsourcing of Financial Services Policy

Summary of the Policy

Policy Name
Outsourcing of Financial Services Policy
Issue and Effective Date
25/04/2024
Date of next review
26/04/2025
Periodicity of review
Annually
Owner / Contact
Compliance Department
Approved
Board of Directors

Index

1.
Preamble
2.
Objective
3.
Definitions
4.
Role of the Company, Regulatory and Supervisory Requirements
5.
Role of the Board and Senior Management
6.
Indicative List of Activities that can be Outsourced
7.
Activities not to be Outsourced
8.
Assessment and Due Diligence of the Service Providers – Selection, Verification and Renewal
9.
Service Level Agreement / Outsourcing Agreement (SLA)
10.
Comprehensive Risk Management Program to address the outsourced activities
11.
Confidentiality and Security
12.
Business Continuity and Management of Disaster Recovery Plan
13.
Monitoring and Control of Outsourced Activities
14.
Reporting of transactions to FIU or other Competent Authorities
15.
Outsourcing within a Group/ Conglomerate
16.
Maintenance of Records
17.
Review of Policy

1. Preamble

This Policy shall be termed as Outsourcing Policy of Moneygear Fintech Private Limited (“The Company” or “MoneyGear”). The terms in this policy shall be considered as defined by the Reserve Bank of India in its Directions onManaging Risks and Code of Conduct in Outsourcing of Financial Services byNBFCs and other various directions, guidelines as issued and may be issued from time to time and, or as defined herein below.

Outsourcing involves transferring financial activities to the third party (either an affiliated entity within a corporate group or an entity that is external to the corporate group) to activities on a continuing basis that would normally be undertaken by the NBFC itself, now or in the future. Perform significantly.

The outsourcing of activities falls within the purview of guidelines of the ReserveBank of India (“RBI”) Master Direction on NBFC-Scale Based Regulation,2023 (DoR.FIN.REC.No.45/03.10.119/2023-24 dated Oct 19, 2023which requires the non-banking financial companies to formulate an outsourcing policy. In compliance with these RBI guidelines, this outsourcing policy (“Policy”) has been framed by the Company duly approved by its Board of Directors.

Outsourcing always involves a considerable degree of two-way information exchange, coordination and trust. Outsourced financial services include applications processing (loan origination), document processing, marketing and research, supervision of loans, data processing and back office related activities etc. Outsourcing business is often characterized by expertise not inherent to the core of the client organization.

The outsourcing of financial activities with in regulatory preview with an objective to:

  • Protect the interest of the customers of NBFCs, and
  • To ensure that the NBFC concerned and the Reserve Bank of India have access to all relevant books, records and information available with service provider

2. Objective

MoneyGear has aim to serve credit facilities to untapped peoples of society in fair, transparent, and speedy manner in keeping its mission“to set up an all-inclusive credit hub for small businesses and entrepreneurs, in order to help them get quality financial solutions in a time-efficient, inclusive and affordable manner.”, to achieve our mission and to maintain lean operations, several business-critical processes are required to be outsourced to external service providers (“the ServiceProvider”). Needless to say, the Company’s service delivery may get significantly hampered if these Service Providers do not deliver their services as per agreed norms.

The main objectives of this Policy are to provide guiding principles for:

  • To provide credit facilities in a fair transparent and speedy manner to customers.
  • To provide cutting-edge high standard technical facilities to the customers.
  • Assessment and due diligence of the Service Providers - selection, verification, and renewal.
  • Negotiating terms & conditions of the Service Level Agreement (SLA).
  • Negotiating financial terms of the engagement.
  • Comprehensive risk management program to address the outsourced activities.
  • Half-yearly and annual rating of the Service Providers.
  • Speedy Redressal of Grievance.
  • Confidentiality and security.
  • Responsibilities of Direct Sales Agent/ Direct Marketing Agents/ Recovery Agents/ Lending service provider.
  • Business continuity and management of disaster recovery plan.
  • Monitoring and control of the outsourced activities.
  • Reporting of certain transactions to Financial Intelligence Unit (FIU) or other competent authorities.
  • Outsourcing within group companies.
  • Maintenance of records
  • Offshore outsourcing of the financial services

This Policy is concerned with managing risks in outsourcing of financial services and is not applicable to technology-related issues and activities not related to financial services, such as usage of couriers, catering of staff, housekeeping and janitorial services, security of the premises, movement and archiving of records, etc.

This Policy shall be assessed/reviewed by the board of the Company on annual basis considering the inputs (if any) of the respective Head of Departments and shall be modified as per the applicable directions / guidelines of the RBI

3. Definitions

In this Policy, unless expressly defined otherwise in this Policy, the capitalized terms shall have the following meanings:

  • "Arrangement" means an agreement with a service provider wherein such service provider agrees/promises to provide necessary services using its own staff and equipment, and usually at its own facilities.
  • Board of Directors” or "Board" in relation to the Company, means the collective body of the Directors of the Company.
  • Business-Critical Processes” means the processes essential for carrying out operations of the Company which does not include its core management functions.
  • Code of Conduct” means a set of rules outlining the rules and responsibilities of the Board, SeniorManagement, Direct Sales Agents (DSA), Direct Marketing Agents (DMA) and/orRecovery Agents, Lending service provider.
  • Material Outsourcing” means such arrangements which, if disrupted, have the potential to significantly impact the business operations, reputation, profitability or customer service, and the materiality of outsourcing would be determined based on:
    • The level of importance of the activity being outsourced, and significance of the risk posed by the same, to the Company
    • The potential impact of the outsourcing on the Company on various parameters such as earnings, solvency, liquidity, funding capital and risk profile.
    • The likely impact on the Company’s reputation and brand value, and ability to achieve its business objectives, strategy and plans, should the ServiceProvider fail to perform the service.
    • The cost of the outsourcing as a proportion of total operating costs of the Company.
    • The aggregate exposure to that particular Service Provider, in cases where the Company outsources various functions to the same Service Provider and
    • The significance of activities outsourced in context of customer service and protection.
  • "Outsourcing” means the Company’s use of a third party (either an affiliated entity within aCompany group or an entity that is external to the Company group) to perform activities on a continuing basis that would normally be undertaken by theCompany itself, now or in the future.
  • Senior Management” comprises of the Key Managerial Personnel of the Company, Business/Unit Heads and such other employees as authorized by the Company from time to time.
  • Service Level Agreement” or “Outsourcing Agreement” means a contract between a service provider (either internal or external) and the Company that defines the level, terms & conditions of service expected from the Service Provider.
  • Service Provider”means any third party (either an affiliated entity within MoneyGear group or an entity that is external to MoneyGear group) that performs business-critical services on the continuing basis (includes arrangements for a limited period) that would normally be undertaken by the Company itself, now orin the future. The services provided must be necessary for continuity of business processes and include, inter alia, the following:
    • Services that aid in credit appraisal such as tele-verification, providing credit reports, field investigation, title search, etc.
    • Services that aid in customer file verification, storage and in-warding and resolution of customer queries.
    • Services that aid in the collection of payments from the customers, legal services, repossession services, etc.
    • IT services including both software (owned and as a service) and hardware, and
    • Such other services which are essential to business continuity as per the Company from time to time, unless otherwise specified in this Policy

4. Role of the Company, Regulatory and Supervisory Requirements

The Company, through the Senior Management or the respective Head of Departments, Business /Unit heads shall ensure that:

  • Outsourcing arrangement of any activity by the Company does not diminish its obligations and/or ability to fulfill its obligations to customers and RBI, and those of its Board and Senior Management who have the ultimate responsibility for the outsourced activity.
  • Outsourcing arrangement does not impede effective supervision of the RBI over such activities.
  • Outsourcing arrangement shall not affect the rights of a customer against the Company, including the ability of the customer to obtain redressal of his/her grievance as per the provisions of this Policy or the applicable laws.
  • Ultimate control of the outsourced activity remains with the Company as it is responsible for the confidentiality of the customers’ information available with its Service Providers and it may also be held responsible for the actions of its Service Providers including Direct Sales Agents, Direct MarketingAgents, Recovery Agents, and Lending Service provider.
  • Applicable provisions of the relevant laws, regulations, guidelines, and conditions of approval, licensing, and registration are considered while doing the due diligence of the Service Provider in relation to outsourcing.
  • TheService Provider including its location, whether in India or abroad, shall not impede or interfere with the ability of the Company to effectively oversee and manage its activities and shall also not impede the RBI in carrying out its supervisory functions and objectives.
  • Clause shall be incorporated in the product literature/ brochures, etc., stating that the Company may use the services of agents in sales and marketing, etc. of the products, and if possible, the role of such agents may be indicated in broad terms.
  • The Service Provider (other than Group Company) is not owned or controlled by any director of the Company or their relatives (as defined in the Companies Act, 2013).

5. Role of the Board and Senior Management

Role of Board: The Board of Directors of the Company shall prepare / review / approve an outsourcing policy, in accordance with the applicable laws and the RBI guidelines.

Role of the Board, the Board shall be responsible for: 

  • Approval of framework for evaluation of the risks and materiality of all existing and prospective outsourcing and the policies that apply to such arrangements.
  • Approval of authority matrix and administrative framework for the Senior Management in respect of outsourcing depending on risks and materiality.
  • Regular review of outsourcing strategies and arrangements for their continued relevance, safety and soundness.
  • Approving material business activities to be outsourced and such arrangements.

Role of Senior Management, the Senior Management of the Company shall be responsible for:

  • Preparation and implementation of sound and prudent outsourcing policies and procedures commensurate with the nature, scope and complexity of the outsourcing, in accordance with the applicable laws and the guidelines prescribed by RBI.
  • Preparation of framework for evaluation of the risks associated with outsourcing of the business-related activities.
  • Evaluation of the risks and materiality of all existing and prospective outsourcing, based on the policy and the evaluation framework approved by the Committee.
  • Periodic review of effectiveness of the policies and procedures.
  • Communicating information pertaining to the Material Outsourcing risks to the Board in a timely manner.
  • Ensuring that contingency plans, based on realistic and probable disruptive scenarios, are in place and tested.
  • Ensuring that there is independent review and audit for compliance with set policies.
  • Undertaking periodic review of outsourcing arrangements to identify new Material Outsourcing risks as they arise.

6. Indicative List of Activities that can be Outsourced

An indicative list of activities that may be considered for outsourcing is as under:

  • Application processing (loan origination)
  • Document processing
  • Document quality check
  • Storage of documents
  • Basic underwriting support
  • Research and marketing
  • Supervision of loans
  • Recovery and repossession
  • Call center
  • Collection
  • Operations
  • Data processing
  • Back office related activities
  • Lead sourcing activity
  • Field investigation
  • Legal
  • Information Technology
  • Risk Control Unit

The above list is indicative only and not exhaustive. Additional activities within the definition of outsourcing can also be outsourced by the Company.

7. Activities not to be Outsourced

The respective Head of Departments and board of directors shall ensure that:

  • The Company is not entering into any outsourcing arrangement which would result in compromising or weakening of internal control, business conduct or reputation of the Company.
  • The Company is not outsourcing its core management functions including Internal Audit, Strategic and Compliance functions and decision-making functions such as determining compliance with KYC norms for opening high risk loan accounts, according sanction for loans (including retail loans,) and management of investment portfolio. However, Internal Auditor can be appointed on a contract basis.

8. Assessment and Due Diligence of the Servicer Provider - Selection, Verification and Renewal

One of the objectives of this Policy, in keeping with the values of the Company, is to recognize and enlist suitable service providers commensurate with their capabilities and to provide all service providers equitable opportunities. This ensures consistency, fair play and transparency in selection of service providers who are quality conscious.

The respective Head of Departments must exercise due care, skill and diligence in the selection of the Service Providers in order to ensure that the Service Provider has the ability and capacity to undertake the provision of the services effectively. Due diligence shall take into consideration qualitative and quantitative, financial, operational and reputational factors which are as follows:

Enquiries may be made related to

  • How long has the Service Provider been in business years in handling the outsourcing business?
  • Description of the Service Provider’s business model.
  • Scale of operations of the Service Provider.
  • Service Provider’s financial condition.
  • Service Provider's areas of expertise.
  • Service Provider’s onshore and offshore capabilities.
  • Factual proofs that the Service Provider has a background in projects similar to the Company.

Therefore, due diligence will also involve an evaluation of all the available information about the Service Provider, including but not limited to:

  • Past experience and competence to implement and support the proposed activity over the contracted period.
  • Financial soundness and ability to service commitments even under adverse conditions.
  • Business reputation and culture, compliance, complaints and outstanding or potential litigation.
  • Security and internal control, audit coverage, reporting and monitoring environment, Business continuity management.
  • Ensuring due diligence of its employees by the Service Provider.

The Service Provider, if not a MoneyGear group company, should not be owned or controlled by any director of the Company or their relatives.

In considering renewal of an outsourcing arrangement, the concerned Head of Department shall perform appropriate due diligence to assess the capability of the Service Provider to comply with obligations in the outsourcing agreement. Apart from considering the qualitative, quantitative, financial, operational and reputational factors as mentioned above, they should consider compatibility of the Service Provider’s system with the Company’s system, issues relating to undue concentration of outsourcing arrangements with a single Service Provider, reviews and market feedback on the Service Provider (if available).

9. Service Level Agreement / Outsourcing Agreement (SLA)

All Service Providers, prior to selection, must be given clarity on the level of service that the Company expects from them. The terms of the Service Level Agreement (“SLA”) shall be decided by the board and mutually agreed upon by the Service Provider. For Service Providers providing same or similar services, the terms of the SLA shall be identical to ensure equity and parity amongst the Service Providers.

Post definition of the SLA, the Service Provider must demonstrate, through documentary evidence or otherwise, that it is capable of adhering to the norms put forth in the SLA. An acceptable breach ratio must also be mutually agreed upon by the Service Provider and theCompany. The breach ratios for all services must be defined by the respectiveHead of Departments and approved by the Chief Operating Officer or Managing director or board of the Company.

Every SLA shall include the following provisions:

  • Nature of Legal relationship between the parties i.e.; whether agent, principal or otherwise
  • What activities are going to be outsourced? (including appropriate service and its performance standards).
  • Determining the ability to access all books, records and information relevant to the outsourced activity available with the Service Provider.
  • Ability for continuous monitoring and assessment of the Service Provider by the Company so that any necessary corrective measure can be taken immediately.
  • Controls to ensure customer data confidentiality and the Service Provider' liability incase of breach of security and leakage of confidential customer related information.
  • There must be contingency plans to ensure business continuity.
  • Termination clause and minimum period to execute a termination provision (Notice Period).
  • Limited access of data to the employees of the Service Provider only on a “need to know” basis and availability of adequate checks and balances at the end of the Service Provider to ensure the same.
  • Requirement of prior approval / consent from the Company for use of sub-contractors by theService Provider for all or part of an outsourced activity and includes, where necessary, conditions of sub-contracting by the Service Provider in order to maintain a similar control over the risks by the Company.
  • Must have a confidentiality clause to ensure protection and confidentiality of customer data even after the SLA expires or gets terminated.
  • Provides the Company with the right to conduct audits on the Service Provider whether by its internal or external auditors or by agents appointed to act on its behalf and to obtain copies of any audit or review reports and findings made on the Service Provider in conjunction with the services performed for the Company.
  • Provides for the RBI or persons authorized by it to access the Company's documents, records of transactions, and other necessary information given to, stored or processed by the Service Provider within a reasonable time.
  • Requirement of the Service Provider to preserve documents as required by law and take suitable steps to ensure that the Company’s interests are protected in this regard even post termination of the services.

10. Comprehensive Risk Management Program to Address the Outsourced Activities

This Policy shall be communicated to all vertical/functional heads and other concerned persons of the Company who shall evaluate and guard against the following risks in outsourcing by the Company:

  • Strategic Risk – Where the Service Provider conducts business on its own behalf, inconsistent with the overall strategic goals of the Company.
  • Reputation Risk – Where the service provided is poor and customer interaction is not consistent with the overall standards expected of the Company.
  • Compliance Risk – Where privacy, consumer and prudential laws are not adequately complied with by the Service Provider.
  • Operational Risk – Arising out of technology failure, fraud, error, inadequate financial capacity to fulfill obligations and / or to provide remedies.
  • Legal Risk – Where the Company is subjected to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements due to omissions and commissions of the Service Provider.
  • Exit Strategy Risk – Where the Company is over-reliant on one firm, the loss of relevant skills in the Company itself preventing it from bringing the activity back in-house and where the Company has entered into contracts that make speedy exits prohibitively expensive.
  • Counter Party Risk – Where there is inappropriate underwriting or credit assessments.
  • Contractual Risk – Where the Company may not have the ability to enforce the contract.
  • Concentration and Systemic Risk –Where the overall industry has considerable exposure to one Service Provider and hence the Company may lack control over the Service Provider.
  • Country Risk – Due to the political, social or legal climate creating added risk.

The risks and materiality of all the existing and prospective outsourcing shall be reviewed by the Head of Departments and by the Board / Committee (if required) from time to time as may be necessary. In the Outsourcing Agreement, the Company shall be provided with a right to conduct audits on the ServiceProvider whether by its internal or external auditors, or by agents appointed to act on its behalf and to obtain copies of any audit or review reports and findings made on the Service Provider in conjunction with the services performed for the Company.

11. Confidentiality and Security

Public confidence and customer trust in the Company are a pre-requisite for the stability and reputation, and therefore, the respective Head of the Departments shall ensure that:

  • Outsourcing Arrangement shall ensure preservation and protection of the security and confidentiality of customer information in the custody or possession of the Service Provider.
  • Access of customer information to the staff of the Service Provider shall be on 'need to know' basis i.e. limited to those areas where information is required in order to perform the outsourced function.
  • The Service Provider shall isolate and clearly identify the Company’s customer information, documents, records, and assets to protect the confidentiality of the information. In Instances, where the Service Provider acts as an outsourcing agent for multiple companies, care shall be taken to build strong safeguards so that there is no commingling of information/documents, records and assets.
  • Security practices and control processes of the Service Provider shall be reviewed and monitored on a regular basis and the Service Providers shall be required to disclose security breaches.
  • Any breach of security and leakage of confidential customer-related information shall be notified to RBI.

12. Business Continuity and Management of Disaster Recovery Plan

The Company, through the concerned Head of Departments, shall ensure that:

  • The Service Providers have developed and established a robust documented and tested framework for business continuity and recovery procedures which shall be reviewed on annual basis.
  • A notice period is incorporated in the Outsourcing Arrangement in order to mitigate the risk of unexpected termination thereof or liquidation of theService Provider. To deal with such situation, an appropriate level of control and right to intervene shall be retained in the Outsourcing Arrangement with appropriate measures to continue the business operations of the Company without incurring prohibitive expenses and without any break in services to the customers of the Company.
  • Alternative Service Providers are available or there is a possibility of bringing the outsourced activity back in-house in case of emergency.
  • The Service Providers are able to isolate the Company’s information, documents and records, and other assets, and to ensure this, a clause may be incorporated in the Outsourcing Arrangement that after the termination of the contract, theCompany can take back all the documents, records of transactions and information given to the Service Provider in order to continue its business operations, or otherwise delete, destroy or render unusable the same.

13. Monitoring and Control of Outsourced Activities

The Head of Departments shall monitor and control the outsourcing activities of the Company and shall ensure that outsourcing agreements with the Service Provider contain provisions to monitor and control the outsourced activities. The Head of Departments shall meet on a half-yearly basis for the following purposes:

  • To review the central record of all Material Outsourcing maintained by theCompany. The said records shall be updated promptly and half yearly reviews will be placed before the Committee.
  • To review, on annual basis, the financial and operational condition of the ServiceProvider so as to assess its ability to continue to meet its outsourcing obligations. Such due diligence reviews, which will be based on all available information about the Service Provider will highlight any deterioration or breach in performance standards, confidentiality and security, and in business continuity preparedness.

The respective Head of Departments shall ensure that:

  • In the event of termination of the outsourcing agreement for any reason in cases where the Service Provider deals with the customers, the same shall be publicized by displaying at a prominent place in the branch, posting it on the web-site and informing the customers, so as to ensure that the customers do not continue to deal with the Service Provider.
  • Reconciliation of transactions between the Company and the Service Provider (and/or its sub-contractor) are carried out in a timely manner in case of outsourcing arrangements requiring reconciliation of transactions, for example, outsourcing of cash management. An aging analysis of entries pending reconciliation with the Service Providers shall be placed before the Committee of the Board and the efforts shall be made to reduce the old outstanding items therein at the earliest.
  • A robust system of internal audit of all the outsourced activities is in place and monitored by the Committee of the Company.
  • Regular audits are conducted by internal auditors or external auditors of the Company to assess the adequacy of the risk management practices adopted in overseeing and managing the outsourcing arrangement, the Company’s compliance with its risk management framework and the requirements of the RBI guidelines.

14. Reporting of Transactions to FIU or other Competent Authorities

The respective Head of Departments shall provide the Currency Transactions Reports and Suspicious Transactions Reports to FIU or any other competent authority in pursuance of prevention of money laundering act read prevention of money laundering rules 2005 with the in respect of the Company’s customer-related activities carried out by the Service Providers.

15. Outsourcing within a Group / Conglomerate

In case of outsourcing of any activity within the group companies, the respective Head of Departments shall ensure that:

  • Arm’s length distance is maintained in such outsourcing in terms of premises, manpower, decision-making, record keeping, etc. for avoidance of potential conflict of interests between the Company and such Service Provider, and accordingly necessary disclosures in this regard shall be made as part of the outsourcing agreement.
  • The customers are informed specifically about the company which is actually offering the product/ service in case of involvement of multiple group entities involved or cross-selling of products.
  • The outsourcing agreement shall address the provisions including scope of services, charges for the services, and maintaining the confidentiality of the customer's data.
  • The arrangement shall not lead to any confusion to the customers on whose products/services they are availing by the clear physical demarcation of the space where the activities of the Company and those of its other group entities are undertaken.
  • The arrangement do not compromise the ability to identify and manage risk of theCompany on a stand-alone basis.
  • The arrangement do not prevent the RBI from being able to obtain information required for the supervision of the Company or pertaining to the group as a whole.
  • The outsourcing agreement must have a clause that there is a clear obligation for any service provider to comply with directions given by the RBI in relation to the activities of the Company.
  • Their ability to carry out their operations in a sound fashion would not be affected if premises or other services (such as IT systems, support staff) provided by the group entities become unavailable.
  • If the premises of the Company are shared with the group entities for the purpose of cross-selling, the Company shall take measures to ensure that the entity's identification is distinctly visible and clear to the customers.
  • The marketing brochure used by the group entity and verbal communication by its staff / agent in the Company premises shall mention nature of arrangement of the entity with the Company so that the customers are clear about the seller of the product.
  • The Company shall not publish any advertisement or enter into any agreement stating or suggesting or giving tacit impression that they are in any way responsible for the obligations of its group entities.
  • The risk management practices expected to be adopted by the Company while outsourcing to a related party (i.e. party within the Group / Conglomerate) would be identical to those specified above.

16. Maintenance of Records

The records relating to all the activities outsourced shall be preserved centrally either at the registered office of the Company or such other location as may be approved by the Board, so that these records are readily accessible for review by the Board and Senior Management of the Company, as and when required. Such records shall be updated promptly by any person authorized by the Board and / or its committee and half yearly reviews shall be placed before the committee.

17. Review of this Policy

This Policy shall be reviewed at regular intervals or as and when considered necessary by the Board of Directors / Committee of the Company.

About Us
Moneygear Fintech Private Limited is a Non-Banking Financial Company (NBFC), having obtained its Registration certificate from RBI.
Reach Us At
Timings
Monday - Saturday
10:00AM - 06:00PM
Sunday Closed
General Resources
PoliciesFAQsPrivacy PolicyOur Team
Pages
Our AppAbout UsContact Us
MoneyGear Android app store link QR codeGet it on Google Play Store badge
Regulatory Resources
Know your Customer (KYC) and Anti-Money Laundering (AML) PolicyGrievance Redressal PolicyRefund Policy
Information Technology / Information Security PolicyInterest Rate Policy
Fair Practices CodePreservation of Documents PolicyOutsourcing of Financial Services Policy
©2024 Moneygear Fintech Private Limited. All Rights Reserved.