Third-party dependence by banks and other regulated entities can create situations of dependence on single vendors for critical services, thus increasing risks, said Reserve Bank of India deputy governor M Rajeshwar Rao, making the observation days after a global outage of Microsoft systems.
“The first issue that I would like to discuss is the issue of third-party dependence and outsourcing arrangements in regulated entities. (After) Last Friday (the day of the Microsoft outage)… I think it essentially reflects the kind of risk which I’m talking about,” Rao said at an event on Monday.
“One of the primary concerns is selection of the outsourcing partner or in case of digital lending operations, the lending service providers (LSPs),” Rao said, adding that regulated entities need to assess reliability, security and regulatory compliance of third parties to ensure that they meet required standards.
Speaking specifically about cybersecurity, Rao said that dependency on third parties could create “vendor lock-in situations” where regulated entities become reliant on a single vendor for critical services. Such a lack of vendor diversification can increase dependency risks and limit the flexibility of entities to adapt to changing market conditions or technological advancements, he said.
Pointing out gaps in adherence to the RBI’s norms, Rao pointed out that a recent study undertaken by the central bank had shown that not all LSPs have suitable grievance redressal mechanisms on their websites or apps as has been mandated by the regulator.
Rao warned regulated entities that poorly managed third-party relationships could expose them to not only customer dissatisfaction and reputational damage but also invite supervisory actions by the RBI. The senior central banker also pulled up banks and NBFCs for falling short of the RBI’s expectations on customer conduct and transparency.
“We continue to observe instances of slow response times to customer queries and complaints, lengthy wait times on customer service hotlines and delayed email responses, contributing to customer dissatisfaction,” Rao said.
He pointed out that some regulated entities continue to face criticism for lack of transparency on fees, charges and penal provisions, saying customers were often surprised by hidden fees.
Further, the RBI is receiving an increased volume of complaints related to misleading sales practices including misrepresentation of product features and false promises or benefits. “One unique set of complaints relates to customers encountering difficulties when attempting to close accounts or terminate services,” he said.