ADVERTISEMENT
RBI DG Rao flags risks of relying on single vendor for servicesRao said it is important for the regulated entities to look at their third-party engagements more diligently, and referred to the Microsoft outage specifically as being illustrative of the risks involved.
PTI
Last Updated IST
<div class="paragraphs"><p>The RBI logo.</p></div>

The RBI logo.

Credit: Reuters File Photo

Mumbai: Days after the Microsoft outage, Reserve Bank Deputy Governor M Rajeshwar Rao on Monday flagged risks arising out of regulated entities' reliance on a single vendor.

ADVERTISEMENT

Addressing an event organized by domestic rating agency CareEdge here, Rao also said that an RBI survey has found that many of the lending service providers engaged by regulated entities do not have customer redressal mechanisms.

Rao said it is important for the regulated entities to look at their third-party engagements more diligently, and referred to the Microsoft outage specifically as being illustrative of the risks involved.

While speaking about third-party help in cybersecurity, Rao made the point on dependency on single vendors.

"'Dependency on third parties can also create vendor lock-in situations, where regulated entities become reliant on a single vendor for critical services. This lack of vendor diversification can increase dependency risks and limit the flexibility of entities to adapt to changing market conditions or technological advancements," he said.

A Microsoft outage grounded flights, knocked banks and hospital systems offline and media outlets off air on Friday last week in a massive disruption that affected companies and services around the world. The IT outage highlighted dependence on software from a handful of providers.

The Indian financial services space was largely unaffected by the Microsoft outage, and RBI had said only 10 lenders experienced difficulties with its systems while a slew of major ones and the payment systems had their operations running.

Rao said regulated entities are increasingly relying on third-party agencies and outsourcing of their operations to enhance efficiency, reduce costs, and improve customer experience and referred to the RBI experience in case of digital lending operations, where the lenders depend on LSPs.

"While digital lending guidelines mandate that REs should ensure that LSPs engaged by them have suitable grievance redressal mechanism on their website or apps, a recent study undertaken by us has found that not all LSPs or apps have that," he said and gave out a warning.

"Poorly managed third-party relationships can expose regulated entities to not only customer dissatisfaction and reputational damage but may also invite regulatory and supervisory actions," the DG made it clear.

He said REs have fallen short on conduct and transparency in operations despite continuous supervisory and regulatory focus.

"We continue to observe instances of slow response times to customer queries and complaints, lengthy wait times on customer service hotlines and delayed email responses, contributing to customer dissatisfaction," he said.

A customer faces lengthy and cumbersome account closure procedures, coupled with unclear requirements and documentation, leading to frustration, and forcing prolonged association with the entity against their wishes.

Acknowledging that automation can help in faster response to grievances, there is an underlying need for an experienced man in the middle to ensure the human touch, Rao said.

"The Reserve Bank attaches highest importance to these issues and this is an area of regulatory focus. I would urge to all regulated entities also to treat customer complaints with due gravitas and use it as a feedback mechanism to improve their processes and products," he said.

Rao also asked entities to adopt a Combined Assurance Model (CAM) which will transcend functional and geographical silos.

ADVERTISEMENT
(Published 22 July 2024, 19:26 IST)