Full News

Chapter XIV of SEBI's Master Circular for Debenture Trustees

14 Safeguarding Investor Interests: SEBI's Guidelines for Debenture Trustees on Outsourcing Activities

SEBI has issued comprehensive guidelines for Debenture Trustees to ensure that outsourcing activities do not compromise investor interests or regulatory oversight. The guidelines cover policies, risk management, contingency plans, confidentiality, and due diligence in selecting third parties. Debenture Trustees must adhere to these guidelines to maintain high standards of service and protect investors' rights.

Key Takeaways:

- Debenture Trustees must have a comprehensive policy approved by their Board to assess and govern outsourcing activities.

- Outsourcing arrangements should not impair SEBI's supervisory authority or the Debenture Trustee's ability to fulfill obligations to investors and regulators.

- Debenture Trustees remain fully liable and accountable for outsourced activities as if the services were provided in-house.

- Robust due diligence, written contracts, contingency plans, and confidentiality measures are mandatory for outsourcing arrangements.

- Debenture Trustees must ensure that outsourcing does not lead to conflicts of interest or co-mingling of information.

Detailed Narrative:

The Securities and Exchange Board of India (SEBI) has recognized the growing trend of outsourcing activities by intermediaries, including Debenture Trustees, to reduce costs or for strategic reasons. While outsourcing is permissible, SEBI has issued comprehensive guidelines (CIR/MIRSD/24/2011 dated December 15, 2011) to ensure that such arrangements do not compromise investor interests or regulatory oversight.

The guidelines mandate that Debenture Trustees establish a comprehensive policy, approved by their Board, to assess and govern outsourcing activities. This policy should cover the types of activities that can be outsourced, the authorities who can approve outsourcing, and the selection criteria for third parties. The policy must be regularly reviewed and aligned with the changing business environment.

Debenture Trustees are required to establish a robust outsourcing risk management program to address the outsourced activities and the relationship with the third party. This includes assessing the materiality of the outsourced activity, the impact of third-party failure on the Debenture Trustee's performance and reputation, and the ability to cope with non-performance. Debenture Trustees must also ensure that outsourcing arrangements do not impair SEBI's supervisory authority or their ability to fulfill obligations to investors and regulators.

Debenture Trustees remain fully liable and accountable for outsourced activities to the same extent as if the services were provided in-house. Outsourcing arrangements should not affect investors' rights against the Debenture Trustee, and the Debenture Trustee is responsible for redressing grievances arising from outsourced activities.

Comprehensive due diligence is mandatory when selecting third parties, including assessing their resources, capabilities, financial soundness, compatibility with the Debenture Trustee's requirements, market reputation, and the environment of the foreign country (if applicable). Outsourcing relationships must be governed by written contracts that clearly define the rights, responsibilities, and expectations of both parties, including confidentiality, termination procedures, and SEBI's access to the third party's facilities and records.

Debenture Trustees and third parties must establish contingency plans, including disaster recovery and periodic testing of backup facilities. Robust information technology security measures are essential to ensure business continuity and protect customer privacy.

Debenture Trustees must take appropriate steps to ensure that third parties protect confidential information of the Debenture Trustee and its clients from unauthorized disclosure. Appropriate restrictions on transactions in securities and information barriers should be implemented to prevent conflicts of interest.

The guidelines also address potential risks arising from the concentration of outsourced activities with a limited number of third parties. In such cases, Debenture Trustees and third parties must implement strong safeguards to prevent co-mingling of information, documents, records, and assets.

FAQs:

Q1: Can Debenture Trustees outsource their core business activities and compliance functions?

A1: No, Debenture Trustees cannot outsource their core business activities and compliance functions.

Q2: Who is responsible for ensuring compliance with these guidelines?

A2: The Board of the Debenture Trustee is responsible for implementing the provisions of these guidelines and providing necessary guidance to identify, eliminate, or manage conflicts of interest situations.

Q3: Can a group entity or associate of the Debenture Trustee act as a third party for outsourcing?

A3: Yes, a group entity or associate can act as a third party, but Debenture Trustees must maintain an arm's length distance in terms of infrastructure, manpower, decision-making, and record-keeping to avoid potential conflicts of interest.

Q4: What happens if a third party fails to adequately perform the outsourced activity?

A4: The Debenture Trustee remains liable for unsatisfactory performance or breach of contract by the third party. The Debenture Trustee must have contingency plans in place to address such situations.

Q5: Can SEBI or its authorized persons access the facilities and records of the third party?

A5: Yes, the facilities, premises, data, and records involved in carrying out the outsourced activity by the third party shall be deemed to be those of the Debenture Trustee, and SEBI or its authorized persons shall have the right to access them at any point in time.

Key Precedents:

The guidelines issued by SEBI (CIR/MIRSD/24/2011 dated December 15, 2011) on outsourcing activities by intermediaries, including Debenture Trustees, are based on the principles established in the Securities and Exchange Board of India (Debenture Trustees) Regulations, 1993. These regulations require Debenture Trustees to render high standards of service and exercise due diligence and proper care in their operations.

The guidelines also align with Principle 8 of the International Organization of Securities Commissions (IOSCO) Objectives and Principles of Securities Regulations, which emphasizes the need for comprehensive guidelines to cover intermediaries and their associated persons for the elimination of conflicts of interest.

Furthermore, the guidelines are in addition to the provisions contained in respective regulations and circulars issued by SEBI from time to time regarding dealing with conflicts of interest in respect of Debenture Trustees.

By accurately incorporating the verbatim names and exact section/rule numbers referenced in the original article, this narrative ensures compliance with the legal framework established by SEBI and adheres to the principles set forth by international organizations like IOSCO.

----------------------------------------------------------------------------

Here's the SEBI's Debenture Trustees' circular's verbatim Chapter XIV

Chapter XIV: Guidelines on Outsourcing of Activities by Debenture Trustee{36}

1. DT Regulations requires Debenture Trustees to render high standards of service and exercise due diligence and ensure proper care in its operations. It has been observed that often intermediaries resort to outsourcing with a view to reduce costs, and at times, for strategic reasons.

2. Outsourcing may be defined as the use of one or more than one third party – either within or outside the group - by a registered intermediary to perform the activities associated with services which the intermediary offers.

3. The principles for outsourcing to be followed by Debenture Trustee are specified at Annex-XIVA of this Master Circular.

4. A Debenture Trustee desirous of outsourcing its activities shall not, outsource its core business activities and compliance functions.

5. The Debenture Trustee shall comply with the provisions of SEBI {KYC (Know Your Client) Registration Agency} Regulations, 2011 and guidelines issued thereunder from time to time.

6. The Debenture Trustee shall be responsible for reporting of any suspicious transactions/ reports to FIU or any other competent authority in respect of activities carried out by the third parties.

---------------------------------------------------------------------------

Annex-XIVA

PRINCIPLES OF OUTSOURCING FOR DEBENTURE TRUSTEES

1. A Debenture Trustee seeking to outsource activities shall have in place a comprehensive policy to guide the assessment of whether and how those activities can be appropriately outsourced. The Board/ partners (as the case may be) {hereinafter referred to as the “the Board”} of the intermediary shall have the responsibility for the outsourcing policy and related overall responsibility for activities undertaken under that policy.

1.1 The policy shall cover activities or the nature of activities that can be outsourced, the authorities who can approve outsourcing of such activities, and the selection of third party to whom it can be outsourced. For example, an activity shall not be outsourced if it would impair the supervisory authority’s right to assess, or its ability to supervise the business of the Debenture Trustee. The policy shall be based on an evaluation of risk concentrations, limits on the acceptable overall level of outsourced activities, risks arising from outsourcing multiple activities to the same entity, etc.

1.2 The Board shall mandate a regular review of outsourcing policy for such activities in the wake of changing business environment. It shall also have overall responsibility for ensuring that all ongoing outsourcing decisions taken by the Debenture Trustee and the activities undertaken by the third-party, are in keeping with its outsourcing policy.

2. The Debenture Trustee shall establish a comprehensive outsourcing risk management programme to address the outsourced activities and the relationship with the third party.

2.1 A Debenture Trustee shall make an assessment of outsourcing risk which depends on several factors, including the scope and materiality of the outsourced activity, etc. The factors that could help in considering materiality in a risk management programme includea) The impact of failure of a third party to adequately perform the activity on the financial, reputational and operational performance of the Debenture Trustee and on the investors / clients;

b) Ability of the Debenture Trustee to cope up with the work, in case of nonperformance or failure by a third party by having suitable back-up arrangements;

c) Regulatory status of the third party, including its fitness and probity status;

d) Situations involving conflict of interest between the Debenture Trustee and the third party and the measures put in place by the Debenture Trustee to address such potential conflicts, etc.

2.2 While there shall not be any prohibition on a group entity/ associate of the Debenture Trustee to act as the third party, systems shall be put in place to have an arm’s length distance between the Debenture Trustee and the third party in terms of infrastructure, manpower, decision-making, record keeping, etc. for avoidance of potential conflict of interests. Necessary disclosures in this regard shall be made as part of the contractual agreement. It shall be kept in mind that the risk management practices expected to be adopted by a Debenture Trustee while outsourcing to a related party or an associate would be identical to those followed while outsourcing to an unrelated party.

2.3 The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Board of the Debenture Trustee and/or its senior management, as and when needed. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the Debenture Trustee.

2.4 Regular reviews by internal or external auditors of the outsourcing policies, risk management system and requirements of the regulator shall be mandated by the Board wherever felt necessary. The Debenture Trustee shall review the financial and operational capabilities of the third party in order to assess its ability to continue to meet its outsourcing obligations.

3. The Debenture Trustee shall ensure that outsourcing arrangements neither diminish its ability to fulfill its obligations to customers and regulators, nor impede effective supervision by the regulators.

3.1 The Debenture Trustee shall be fully liable and accountable for the activities that are being outsourced to the same extent as if the service were provided in house.

3.2 Outsourcing arrangements shall not affect the rights of an investor or client against the Debenture Trustee in any manner. The Debenture Trustee shall be liable to the investors for the loss incurred by them due to the failure of the third party and also be responsible for redress of the grievances received from investors arising out of activities rendered by the third party.

3.3 The facilities / premises / data that are involved in carrying out the outsourced activity by the service provider shall be deemed to be those of the registered Debenture Trustee. The Debenture Trustee itself and Regulator or the persons authorized by it shall have the right to access the same at any point of time.

3.4 Outsourcing arrangements shall not impair the ability of SEBI/ SRO or auditors to exercise its regulatory responsibilities such as supervision/inspection of the Debenture Trustee.

4. The Debenture Trustee shall conduct appropriate due diligence in selecting the third party and in monitoring of its performance.

4.1 It is important that the Debenture Trustee exercises due care, skill, and diligence in the selection of the third party to ensure that the third party has the ability and capacity to undertake the provision of the service effectively.

4.2 The due diligence undertaken by an Debenture Trustee shall include assessment of:

a) third party’s resources and capabilities, including financial soundness, to perform the outsourcing work within the timelines fixed;

b) compatibility of the practices and systems of the third party with the Debenture Trustee’s requirements and objectives;

c) market feedback of the prospective third party’s business reputation and track record of their services rendered in the past;

d) level of concentration of the outsourced arrangements with a single third party; and

e) the environment of the foreign country where the third party is located.

5. Outsourcing relationships shall be governed by written contracts/ agreements/ terms and conditions (as deemed appropriate) {hereinafter referred to as “contract”} that clearly describe all material aspects of the outsourcing arrangement, including the rights, responsibilities and expectations of the parties to the contract, client confidentiality issues, termination procedures, etc.

5.1 Outsourcing arrangements shall be governed by a clearly defined and legally binding written contract between the Debenture Trustee and each of the third parties, the nature and detail of which shall be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the Debenture Trustee.

5.2 Care shall be taken to ensure that the outsourcing contract:

a) clearly defines what activities are going to be outsourced, including appropriate service and performance levels;

b) provides for mutual rights, obligations and responsibilities of the Debenture Trustee and the third party, including indemnity by the parties;

c) provides for the liability of the third party to the Debenture Trustee for unsatisfactory performance/other breach of the contract

d) provides for the continuous monitoring and assessment by the Debenture Trustee of the third party so that any necessary corrective measures can be taken up immediately, i.e., the contract shall enable the Debenture Trustee to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations;

e) includes, where necessary, conditions of sub-contracting by the third-party, i.e. the contract shall enable Debenture Trustee to maintain a similar control over the risks when a third party outsources to further third parties as in the original direct outsourcing;

f) has unambiguous confidentiality clauses to ensure protection of proprietary and customer data during the tenure of the contract and also after the expiry of the contract;

g) specifies the responsibilities of the third party with respect to the IT security and contingency plans, insurance cover, business continuity and disaster recovery plans, force majeure clause, etc.;

h) provides for preservation of the documents and data by third party;

i) provides for the mechanisms to resolve disputes arising from implementation of the outsourcing contract;

j) provides for termination of the contract, termination rights, transfer of information and exit strategies;

k) addresses additional issues arising from country risks and potential obstacles in exercising oversight and management of the arrangements when Debenture Trustee outsources its activities to foreign third party. For example, the contract shall include choice-of-law provisions and agreement covenants and jurisdictional covenants that provide for adjudication of disputes between the parties under the laws of a specific jurisdiction;

l) neither prevents nor impedes the Debenture Trustee from meeting its respective regulatory obligations, nor the regulator from exercising its regulatory powers; and

m) provides for the Debenture Trustee and /or the regulator or the persons authorized by it to have the ability to inspect, access all books, records and information relevant to the outsourced activity with the third party.

6. The Debenture Trustee and its third parties shall establish and maintain contingency plans, including a plan for disaster recovery and periodic testing of backup facilities.

6.1 Specific contingency plans shall be separately developed for each outsourcing arrangement, as is done in individual business lines.

6.2 A Debenture Trustee shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the third party level. Notably, it shall consider contingency plans at the third party; coordination of contingency plans at both the Debenture Trustee and the third party; and contingency plans of the Debenture Trustee in the event of nonperformance by the third party.

6.3 To ensure business continuity, robust information technology security is a necessity. A breakdown in the IT capacity may impair the ability of the Debenture Trustee to fulfil its obligations to other market participants/ clients/regulators and could undermine the privacy interests of its customers, harm the Debenture Trustee’s reputation, and may ultimately impact on its overall operational risk profile. Intermediaries shall, therefore, seek to ensure that third party maintains appropriate IT security and robust disaster recovery capabilities.

6.4 Periodic tests of the critical security procedures and systems and review of the backup facilities shall be undertaken by the Debenture Trustee to confirm the adequacy of the third party’s systems.

7. The Debenture Trustee shall take appropriate steps to require that third parties protect confidential information of both the Debenture Trustee and its customers from intentional or inadvertent disclosure to unauthorized persons.

7.1 A Debenture Trustee that engages in outsourcing is expected to take appropriate steps to protect its proprietary and confidential customer information and ensure that it is not misused or misappropriated.

7.2 The Debenture Trustee shall prevail upon the third party to ensure that the employees of the third party have limited access to the data handled and only on a “need to know” basis and the third party shall have adequate checks and balances to ensure the same.

7.3 In cases where the third party is providing similar services to multiple entities, the Debenture Trustee shall ensure that adequate care is taken by the third party to build safeguards for data security and confidentiality.

8. Potential risks posed where the outsourced activities of multiple intermediaries are concentrated with a limited number of third parties.

In instances, where the third party acts as an outsourcing agent for multiple intermediaries, it is the duty of the third party and the Debenture Trustee to ensure that strong safeguards are put in place so that there is no co-mingling of information /documents, records and assets.

Note:-

{36}CIR/MIRSD/24/2011 dated December 15, 2011;

Similar Ripples

Questions

There is no question

14 Safeguarding Investor Interests: SEBI's Guidelines for Debenture Trustees on Outsourcing Activities

Write your Comment

Would you like to edit this news ? Edit

Select Format

You get opportunity to take 30 day Challenge program.

Optional

Advanced

You get opportunity to take 30 day Challenge program.

Optional

Add tags

You get opportunity to take 30 day Challenge program.

Optional

PUBLISH IT

Don't sell
PUBLISH IT
Publish privately
SAVE AS DRAFT

Dont't publish now

<h3>Key Takeaways:</h3>- Debenture Trustees must have a comprehensive policy approved by their Board to assess and govern outsourcing activities. - Outsourcing arrangements should not impair SEBI's supervisory authority or the Debenture Trustee's ability to fulfill obligations to investors and regulators. - Debenture Trustees remain fully liable and accountable for outsourced activities as if the services were provided in-house. - Robust due diligence, written contracts, contingency plans, and confidentiality measures are mandatory for outsourcing arrangements. - Debenture Trustees must ensure that outsourcing does not lead to conflicts of interest or co-mingling of information.<h3>Detailed Narrative:</h3>The Securities and Exchange Board of India (SEBI) has recognized the growing trend of outsourcing activities by intermediaries, including Debenture Trustees, to reduce costs or for strategic reasons. While outsourcing is permissible, SEBI has issued comprehensive guidelines (CIR/MIRSD/24/2011 dated December 15, 2011) to ensure that such arrangements do not compromise investor interests or regulatory oversight. The guidelines mandate that Debenture Trustees establish a comprehensive policy, approved by their Board, to assess and govern outsourcing activities. This policy should cover the types of activities that can be outsourced, the authorities who can approve outsourcing, and the selection criteria for third parties. The policy must be regularly reviewed and aligned with the changing business environment. Debenture Trustees are required to establish a robust outsourcing risk management program to address the outsourced activities and the relationship with the third party. This includes assessing the materiality of the outsourced activity, the impact of third-party failure on the Debenture Trustee's performance and reputation, and the ability to cope with non-performance. Debenture Trustees must also ensure that outsourcing arrangements do not impair SEBI's supervisory authority or their ability to fulfill obligations to investors and regulators. Debenture Trustees remain fully liable and accountable for outsourced activities to the same extent as if the services were provided in-house. Outsourcing arrangements should not affect investors' rights against the Debenture Trustee, and the Debenture Trustee is responsible for redressing grievances arising from outsourced activities. Comprehensive due diligence is mandatory when selecting third parties, including assessing their resources, capabilities, financial soundness, compatibility with the Debenture Trustee's requirements, market reputation, and the environment of the foreign country (if applicable). Outsourcing relationships must be governed by written contracts that clearly define the rights, responsibilities, and expectations of both parties, including confidentiality, termination procedures, and SEBI's access to the third party's facilities and records. Debenture Trustees and third parties must establish contingency plans, including disaster recovery and periodic testing of backup facilities. Robust information technology security measures are essential to ensure business continuity and protect customer privacy. Debenture Trustees must take appropriate steps to ensure that third parties protect confidential information of the Debenture Trustee and its clients from unauthorized disclosure. Appropriate restrictions on transactions in securities and information barriers should be implemented to prevent conflicts of interest. The guidelines also address potential risks arising from the concentration of outsourced activities with a limited number of third parties. In such cases, Debenture Trustees and third parties must implement strong safeguards to prevent co-mingling of information, documents, records, and assets.<h3>FAQs:</h3>Q1: Can Debenture Trustees outsource their core business activities and compliance functions?A1: No, Debenture Trustees cannot outsource their core business activities and compliance functions. Q2: Who is responsible for ensuring compliance with these guidelines?A2: The Board of the Debenture Trustee is responsible for implementing the provisions of these guidelines and providing necessary guidance to identify, eliminate, or manage conflicts of interest situations. Q3: Can a group entity or associate of the Debenture Trustee act as a third party for outsourcing?A3: Yes, a group entity or associate can act as a third party, but Debenture Trustees must maintain an arm's length distance in terms of infrastructure, manpower, decision-making, and record-keeping to avoid potential conflicts of interest. Q4: What happens if a third party fails to adequately perform the outsourced activity?A4: The Debenture Trustee remains liable for unsatisfactory performance or breach of contract by the third party. The Debenture Trustee must have contingency plans in place to address such situations. Q5: Can SEBI or its authorized persons access the facilities and records of the third party?A5: Yes, the facilities, premises, data, and records involved in carrying out the outsourced activity by the third party shall be deemed to be those of the Debenture Trustee, and SEBI or its authorized persons shall have the right to access them at any point in time.<h3>Key Precedents:</h3>The guidelines issued by SEBI (CIR/MIRSD/24/2011 dated December 15, 2011) on outsourcing activities by intermediaries, including Debenture Trustees, are based on the principles established in the Securities and Exchange Board of India (Debenture Trustees) Regulations, 1993. These regulations require Debenture Trustees to render high standards of service and exercise due diligence and proper care in their operations. The guidelines also align with Principle 8 of the International Organization of Securities Commissions (IOSCO) Objectives and Principles of Securities Regulations, which emphasizes the need for comprehensive guidelines to cover intermediaries and their associated persons for the elimination of conflicts of interest. Furthermore, the guidelines are in addition to the provisions contained in respective regulations and circulars issued by SEBI from time to time regarding dealing with conflicts of interest in respect of Debenture Trustees. By accurately incorporating the verbatim names and exact section/rule numbers referenced in the original article, this narrative ensures compliance with the legal framework established by SEBI and adheres to the principles set forth by international organizations like IOSCO. ---------------------------------------------------------------------------- <h2>Here's the SEBI's Debenture Trustees' circular's verbatim Chapter XIV</h2> Chapter XIV: Guidelines on Outsourcing of Activities by Debenture Trustee{36} 1. DT Regulations requires Debenture Trustees to render high standards of service and exercise due diligence and ensure proper care in its operations. It has been observed that often intermediaries resort to outsourcing with a view to reduce costs, and at times, for strategic reasons. 2. Outsourcing may be defined as the use of one or more than one third party – either within or outside the group - by a registered intermediary to perform the activities associated with services which the intermediary offers. 3. The principles for outsourcing to be followed by Debenture Trustee are specified at Annex-XIVA of this Master Circular. 4. A Debenture Trustee desirous of outsourcing its activities shall not, outsource its core business activities and compliance functions. 5. The Debenture Trustee shall comply with the provisions of SEBI {KYC (Know Your Client) Registration Agency} Regulations, 2011 and guidelines issued thereunder from time to time. 6. The Debenture Trustee shall be responsible for reporting of any suspicious transactions/ reports to FIU or any other competent authority in respect of activities carried out by the third parties. --------------------------------------------------------------------------- Annex-XIVA PRINCIPLES OF OUTSOURCING FOR DEBENTURE TRUSTEES 1. A Debenture Trustee seeking to outsource activities shall have in place a
comprehensive policy to guide the assessment of whether and how those
activities can be appropriately outsourced. The Board/ partners (as the case
may be) {hereinafter referred to as the “the Board”} of the intermediary shall have the responsibility for the outsourcing policy and related overall
responsibility for activities undertaken under that policy. 1.1 The policy shall cover activities or the nature of activities that can be outsourced, the authorities who can approve outsourcing of such activities, and the selection of third party to whom it can be outsourced. For example, an activity shall not be outsourced if it would impair the supervisory authority’s right to assess, or its ability to supervise the business of the Debenture Trustee. The policy shall be based on an evaluation of risk concentrations, limits on the acceptable overall level of outsourced activities, risks arising from outsourcing multiple activities to
the same entity, etc. 1.2 The Board shall mandate a regular review of outsourcing policy for such
activities in the wake of changing business environment. It shall also have
overall responsibility for ensuring that all ongoing outsourcing decisions taken by the Debenture Trustee and the activities undertaken by the third-party, are in keeping with its outsourcing policy. 2. The Debenture Trustee shall establish a comprehensive outsourcing risk
management programme to address the outsourced activities and the
relationship with the third party. 2.1 A Debenture Trustee shall make an assessment of outsourcing risk which
depends on several factors, including the scope and materiality of the
outsourced activity, etc. The factors that could help in considering materiality in a risk management programme includea) The impact of failure of a third party to adequately perform the activity on the financial, reputational and operational performance of the Debenture Trustee and on the investors / clients; b) Ability of the Debenture Trustee to cope up with the work, in case of nonperformance or failure by a third party by having suitable back-up
arrangements; c) Regulatory status of the third party, including its fitness and probity status; d) Situations involving conflict of interest between the Debenture Trustee and the third party and the measures put in place by the Debenture Trustee to address such potential conflicts, etc. 2.2 While there shall not be any prohibition on a group entity/ associate of the Debenture Trustee to act as the third party, systems shall be put in place to have an arm’s length distance between the Debenture Trustee and the third party in terms of infrastructure, manpower, decision-making, record keeping, etc. for avoidance of potential conflict of interests. Necessary disclosures in this regard shall be made as part of the contractual agreement. It shall be kept in mind that the risk management practices expected to be adopted by a Debenture Trustee while outsourcing to a related party or an associate would be identical to those followed while outsourcing to an unrelated party. 2.3 The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Board of the Debenture Trustee and/or its senior management, as and when needed. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the Debenture Trustee. 2.4 Regular reviews by internal or external auditors of the outsourcing policies, risk management system and requirements of the regulator shall be mandated by the Board wherever felt necessary. The Debenture Trustee shall review the financial and operational capabilities of the third party in order to assess its ability to continue to meet its outsourcing obligations. 3. The Debenture Trustee shall ensure that outsourcing arrangements neither
diminish its ability to fulfill its obligations to customers and regulators, nor impede effective supervision by the regulators. 3.1 The Debenture Trustee shall be fully liable and accountable for the activities that are being outsourced to the same extent as if the service were provided in house. 3.2 Outsourcing arrangements shall not affect the rights of an investor or client against the Debenture Trustee in any manner. The Debenture Trustee shall be liable to the investors for the loss incurred by them due to the failure of the third party and also be responsible for redress of the grievances received from investors arising out of activities rendered by the third party. 3.3 The facilities / premises / data that are involved in carrying out the outsourced activity by the service provider shall be deemed to be those of the registered Debenture Trustee. The Debenture Trustee itself and Regulator or the persons authorized by it shall have the right to access the same at any point of time. 3.4 Outsourcing arrangements shall not impair the ability of SEBI/ SRO or auditors to exercise its regulatory responsibilities such as supervision/inspection of the Debenture Trustee. 4. The Debenture Trustee shall conduct appropriate due diligence in selecting the third party and in monitoring of its performance. 4.1 It is important that the Debenture Trustee exercises due care, skill, and diligence in the selection of the third party to ensure that the third party has the ability and capacity to undertake the provision of the service effectively. 4.2 The due diligence undertaken by an Debenture Trustee shall include
assessment of: a) third party’s resources and capabilities, including financial soundness, to perform the outsourcing work within the timelines fixed; b) compatibility of the practices and systems of the third party with the
Debenture Trustee’s requirements and objectives; c) market feedback of the prospective third party’s business reputation and
track record of their services rendered in the past; d) level of concentration of the outsourced arrangements with a single third
party; and e) the environment of the foreign country where the third party is located. 5. Outsourcing relationships shall be governed by written contracts/ agreements/ terms and conditions (as deemed appropriate) {hereinafter
referred to as “contract”} that clearly describe all material aspects of the
outsourcing arrangement, including the rights, responsibilities and
expectations of the parties to the contract, client confidentiality issues,
termination procedures, etc. 5.1 Outsourcing arrangements shall be governed by a clearly defined and legally binding written contract between the Debenture Trustee and each of the third parties, the nature and detail of which shall be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the Debenture Trustee. 5.2 Care shall be taken to ensure that the outsourcing contract: a) clearly defines what activities are going to be outsourced, including
appropriate service and performance levels; b) provides for mutual rights, obligations and responsibilities of the Debenture Trustee and the third party, including indemnity by the parties; c) provides for the liability of the third party to the Debenture Trustee for unsatisfactory performance/other breach of the contract d) provides for the continuous monitoring and assessment by the Debenture
Trustee of the third party so that any necessary corrective measures can be
taken up immediately, i.e., the contract shall enable the Debenture Trustee
to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations; e) includes, where necessary, conditions of sub-contracting by the third-party, i.e. the contract shall enable Debenture Trustee to maintain a similar control over the risks when a third party outsources to further third parties as in the original direct outsourcing; f) has unambiguous confidentiality clauses to ensure protection of proprietary and customer data during the tenure of the contract and also after the expiry of the contract; g) specifies the responsibilities of the third party with respect to the IT security and contingency plans, insurance cover, business continuity and disaster recovery plans, force majeure clause, etc.; h) provides for preservation of the documents and data by third party; i) provides for the mechanisms to resolve disputes arising from implementation of the outsourcing contract; j) provides for termination of the contract, termination rights, transfer of
information and exit strategies; k) addresses additional issues arising from country risks and potential
obstacles in exercising oversight and management of the arrangements when Debenture Trustee outsources its activities to foreign third party. For
example, the contract shall include choice-of-law provisions and agreement
covenants and jurisdictional covenants that provide for adjudication of
disputes between the parties under the laws of a specific jurisdiction; l) neither prevents nor impedes the Debenture Trustee from meeting its
respective regulatory obligations, nor the regulator from exercising its
regulatory powers; and m) provides for the Debenture Trustee and /or the regulator or the persons
authorized by it to have the ability to inspect, access all books, records and information relevant to the outsourced activity with the third party. 6. The Debenture Trustee and its third parties shall establish and maintain
contingency plans, including a plan for disaster recovery and periodic testing of backup facilities. 6.1 Specific contingency plans shall be separately developed for each outsourcing arrangement, as is done in individual business lines. 6.2 A Debenture Trustee shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the third party level. Notably, it shall consider contingency plans at the third party; coordination of contingency plans at both the Debenture Trustee and the third party; and contingency plans of the Debenture Trustee in the event of nonperformance by the third party. 6.3 To ensure business continuity, robust information technology security is a necessity. A breakdown in the IT capacity may impair the ability of the
Debenture Trustee to fulfil its obligations to other market participants/ clients/regulators and could undermine the privacy interests of its customers, harm the Debenture Trustee’s reputation, and may ultimately impact on its overall operational risk profile. Intermediaries shall, therefore, seek to ensure that third party maintains appropriate IT security and robust disaster recovery capabilities. 6.4 Periodic tests of the critical security procedures and systems and review of the backup facilities shall be undertaken by the Debenture Trustee to confirm the adequacy of the third party’s systems. 7. The Debenture Trustee shall take appropriate steps to require that third
parties protect confidential information of both the Debenture Trustee and its customers from intentional or inadvertent disclosure to unauthorized
persons. 7.1 A Debenture Trustee that engages in outsourcing is expected to take
appropriate steps to protect its proprietary and confidential customer information and ensure that it is not misused or misappropriated. 7.2 The Debenture Trustee shall prevail upon the third party to ensure that the employees of the third party have limited access to the data handled and only on a “need to know” basis and the third party shall have adequate checks and balances to ensure the same. 7.3 In cases where the third party is providing similar services to multiple entities, the Debenture Trustee shall ensure that adequate care is taken by the third party to build safeguards for data security and confidentiality. 8. Potential risks posed where the outsourced activities of multiple intermediaries are concentrated with a limited number of third parties. In instances, where the third party acts as an outsourcing agent for multiple intermediaries, it is the duty of the third party and the Debenture Trustee to ensure that strong safeguards are put in place so that there is no co-mingling of information /documents, records and assets. Note:- {36}CIR/MIRSD/24/2011 dated December 15, 2011;

Hi Thakurani,
I want to withdraw in my Thakurani wallet
Thanks,

Select the reason for validity check

I feel great..the news is still good.please give the reason too..thanks..

Why do you think the News as invalid?” Please mention the reason.

I appreciate your effort. May I request you to select one of the reasons from below.
I am marking this post and your reason to Thakurani Moderators. They will take appropriate action.
Thanks,

Write your reason

My Dear ,

Harassing

Spam

Ingenuine

Rotten

Alien

Plagiarism

Unformatted

Full News

14 Safeguarding Investor Interests: SEBI's Guidelines for Debenture Trustees on Outsourcing Activities