Under the framework, PSOs will not outsource core management functions such as risk management and internal audit, compliance and decision-making functions like determining compliance with KYC norms. Also, a PSO will be required to carefully evaluate the need for outsourcing its critical processes and activities, as well as selection of service providers based on comprehensive risk assessment.

The financial institution has also clarified that outsourcing of any activity by the PSO will not reduce its obligations, and those of its board and senior management, who will ultimately be responsible for the outsourced activity, according to Financial Express.

As per the framework, a PSO which has outsourced its customer grievance redressal function must also provide its customers the option of direct access to its officials for raising and / or escalating complaints. Also, the PSO should have a board-approved comprehensive outsourcing policy. The framework also lists out the role of the board and responsibilities of the senior management.

The service provider will also have to develop and establish a robust framework for documenting, maintaining, and testing business continuity and recovery procedures arising out of any outsourced activity, it added.