Third-party dependency in digital lending has risks: RBI dy governor

Mumbai, July 22, 2024 

'Inadequate management' of such relationships can expose regulated entities to reputational damage, says M Rajeshwar Rao

Financial companies using digital outsourcing and their “third-party dependencies” have benefits but this involves risks too, said M Rajeshwar Rao, deputy governor at the Reserve Bank of India on Monday.

“Inadequate management of third-party relationships can expose regulated entities to customer dissatisfaction and reputational damage, and can also invite regulatory and supervisory actions,” he said.

Regulated entities must check the reliability and security of third parties and ensure they meet required standards. The concern is about the selection of outsourcing agencies or digital lending service providers, he said.

“Third-party dependencies and digital outsourcing have become integral to the operations of financial service entities. With the rapid evolution of technology, regulated entities are increasingly relying on third-party agencies and outsourcing digital operations to enhance efficiency, reduce costs, and improve customer experience,” he said at ‘CareEdge Conversations BFSI - Navigating Growth and Risk’.

“However, although third-party dependencies provide several benefits, they also pose certain risks and challenges.”

“One of the primary concerns is the selection of the outsourcing agency involved or, in the case of digital lending operations, the lending service providers. Regulated entities need to assess the reliability, security, and regulatory compliance of third parties to ensure they meet the required standards. For example, lending guidelines mandate that regulated entities should ensure that the lending service providers engaged by them have suitable grievance redressal mechanisms on their websites or apps,” he said.

“A recent study undertaken by the US (United States) found that not all of these lending service providers or apps have the kind of mechanism we thought they would. Inadequate management of third-party relationships can expose regulated entities to customer dissatisfaction and reputational damage, and can also invite regulatory and supervisory actions. Cybersecurity is another area where regulated entities need to assess the preparedness of third-party service providers to protect their digital assets and customer information.”

[The Business Standard]