Policy for assessment of activities outsourced

Policy for assessment of
activities outsourced

  1. Outsourcing means the use of one or more than one “Third Party”, either within or outside the group, by a Registered Intermediary to perform the activities associated with services which the intermediary offers. A third party may be used to perform one or more activities or one or more third parties may be used to perform different activities associated with the intermediation service. Such use may be for a specified period or on a continuing basis. However, there are various risks associated with outsourcing which may be identified as operational risk, reputational risk, legal risk, country risk, strategic risk, exit-strategy risk, counter party risk, concentration, and systemic risk.
  2. In order to address the concerns arising from the outsourcing of activities by intermediaries based on the principles advocated by the International Organization of Securities Commission (IOSCO) and the experience of Indian markets, SEBI had prepared guidelines on outsourcing of activities related to services offered by intermediaries.
  3. Spread X Securities Pvt. Ltd. is SEBI Registered Intermediary as Stock Broker & Depository Participant.
  4. In pursuance of SEBI Circular No. CIR/MIRSD/24/2011 dated December 15, 2011, a policy on Outsourcing of Activities by Intermediaries needs to be in place to ensure high standards of continuing services and exercise due diligence and proper care in its operations.

Scope

  1. This policy is to be applied by the Board of Directors, Senior Management and Employees of, the Company, at the time of outsourcing activities.
  2. The key purposes of the policy are as follows:
    1. To establish a comprehensive risk management program to address the outsourced activities and the relationship with Service Provider.
    2. To conduct due diligence of the Service Provider to ascertain the credibility and capability of the Service Provider.
    3. To maintain confidentiality of the information that is outsourced.
    4. To ensure compliance with the laws and regulations in force from time to time.
    5. To protect the Company reputation.
    6. To conduct outsourcing of activities in accordance with this policy.
    7. To identify the supervisors and fix their responsibilities.

Activities not to be outsourced

  1. Company shall not outsource its core business activities and compliance functions.
    • Core Business activities such as:
    • Execution of orders and monitoring of trading activities
    • Dematerialization of securities in case of depository participants;
    • Investment related activities in case of Mutual Funds and Portfolio Managers.
    • Regarding Know Your Client (KYC) requirements, we shall comply with the provisions of SEBI {KYC (Know Your Client) Registration Agency} Regulations, 2011 and Guidelines issued there under from time to time.
  2. An activity shall not be outsourced if it would impair the Board’s right to assess, or its ability to supervise, the business of Spread X Securities Pvt. Ltd. or Group.

Selection of third party

  1. The Supervisor shall exercise due care, skill and diligence in the selection of the third party in order to ensure that the third party has the ability and capacity to undertake the provision of services effectively. The due diligence shall include assessment of:
    • Third Party’s resources and capabilities, including financial soundness, to perform the outsourcing work within the timelines fixed;
    • compatibility of the practices and systems of the Third Party with the intermediary’s requirements and objectives;
    • market feedback of the prospective Third Party business reputation and track record of their services rendered in the past;
    • level of concentration of the outsourced arrangements with a single Third Party;
    • The environment of the foreign country where the Third Party is located.

Outsourcing of activity to group companies

  1. The Company may outsource its activity to any of its Group Companies to act as the Service Provider.
  2. The Company shall ensure that an arm’s length distance is maintained in terms of manpower, decision–making, record keeping, etc, for avoidance of potential conflict of interests between the Company and Group Companies and accordingly necessary disclosures in this regard shall be made as a part of the outsourcing agreement.

Outsourcing Contracts

  1. All outsourcing arrangements shall be executed only by way of a clearly defined and legally binding written contact with each of the Service Provider.
  2. Care shall be taken to ensure that the outsourcing contract:
  • clearly defines what activities are going to be outsourced, including appropriate service and performance levels.
  • provides for mutual rights, obligations and responsibilities of the Company and the Service Provider, including indemnity by the parties.
  • provides for the liability of the Service Provider to the Company for unsatisfactory performance/other breach of the contract.
  • provides for the continuous monitoring and assessment by the Company of the Service Provider so that any necessary corrective measures can be taken up immediately, i.e., the contract shall enable the Company to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations.
  • includes, where necessary, conditions of sub-contracting by the Service Provider, i.e. the contract shall enable Company to maintain a similar control over the risks when a Service Provider outsources to further third parties as in the original direct outsourcing;
  • has unambiguous confidentiality clauses to ensure protection of proprietary and customer data during the tenure of the contract and also after the expiry of the contract.
  • specifies the responsibilities of the Service Provider with respect to the IT security and contingency plans, insurance cover, business continuity and disaster recovery plans, force majeure clause, etc.
  • provides for preservation of the documents and data by Service Provider.
  • Provides for the mechanisms to resolve disputes arising from implementation of the outsourcing contract;
  • provides for termination of the contract, termination rights, transfer of information and exit strategies.
  • Addresses additional issues arising from country risks and potential obstacles in exercising oversight and management of the arrangements when Company outsources its activities to Foreign Service Provider. For example, the contract shall include choice-of-law provisions and agreement covenants and jurisdictional covenants that provide for adjudication of disputes between the parties under the laws of a specific jurisdiction;
  • neither prevents nor impedes the Company from meeting its respective regulatory obligations, nor the regulator from exercising its regulatory powers; and
  • Provides for the Company and /or the regulator or the persons authorized by it to have the ability to inspect, access all books, records and information relevant to the outsourced activity with the Service Provider.

Disaster Recovery Plan

  1. Specific contingency plans shall be separately developed for each outsourcing arrangement, as is done in individual business lines.
  2. The concerned Senior Management shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the Service Provider level. Notably, it shall consider contingency plans at the Service Provider level; co-ordination of contingency plans at both levels and in the event of non-performance by the Service Provider.
  3. The Senior Management shall ensure that the Service Provider maintains appropriate IT security and robust disaster recovery capabilities.
  4. Periodic tests of the critical security procedures and systems and review of the backup facilities shall be undertaken by the Company to confirm the adequacy of the Service Provider’s systems.

Client Confidentiality

  1. The Company is expected to take appropriate steps to protect its proprietary and confidential customer information and ensure that it is not misused or misappropriated.
  2. The Company shall prevail upon the Service Provider to ensure that the employees of the Service Provider have limited access to the data handled and only on a “need to know” basis and the Service Provider shall have adequate checks and balances to ensure the same.
  3. In cases where the Service Provider is providing similar services to multiple entities, the Company shall ensure that adequate care is taken b y the Service Provider to build safeguards for data security and confidentiality.

Maintenance of Records

  1. The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Board of the Company and / or its senior management, as and when needed.
  2. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the Company.

Review

  1. Regular reviews by internal or external auditors of the outsourcing policies, risk management system and requirements of the regulator shall be mandated by the Board wherever felt necessary.
  2. Company shall review the financial and operational capabilities of the third party in order to assess its ability to continue to meet its outsourcing obligations.
Circular Reference:
SEBI -: CIR/MIRSD/24/2011 DATED 15/12/2011
Enjoy 100%
Paperless journey