The Securities and Exchange Board of India (Sebi) has asked stock exchanges and clearing corporations to prepare a framework for appointing of third-party vendors. The market regulator has directed the so-called market infrastructure institutions to not outsource core and critical operations such as trading information, infrastructure and surveillance.
There have been instances in the past where the promoter of an exchange has also acted as a service provider, potentially creating a conflict of interest situation.
Although the regulator has allowed the exchanges and clearing corporations to outsource activities to associate or group companies, it has asked for a clear demarcation of such dealings and an arm's-length relationship.
Sebi has also allowed outsourcing of certain core activities to specialist vendors who are experts in their field. However, in all such cases, the responsibility and control shall wholly vest with the exchanges and clearing corporations.
Further, if the trading or clearing software is purchased from a vendor, then there must be an arrangement to keep the source code in escrow. The move will help the exchanges get access to the software code and go on with the business in an event of an issue the vendor.
On the contractual terms with the concerned vendors, Sebi said that the agreement should mention all the potential conflicts and obligations of the contracting parties.
"Each agreement should allow for renegotiation and renewal to enable the exchange to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet its legal and regulatory obligations," it noted.
Besides, the exchanges and the clearing corporations will have to ensure third-party entities have proven high-delivery standards and expertise in the respective field. Also, Sebi has directed exchanges to follow proper due-diligence process, which includes checking parameters like track record, delivery standard, unique selling proposition and service standards.
Sebi has also prescribed strict termination procedure. According to the regulator, the outsourcing agreement should provide regulatory authority to access the records of the service provider. Further, Sebi wants new guidelines to also give a clear mention of audit of the outsourced activities.
"The market intermediaries need to ensure proper audit of the implementation of risk assessment and mitigation measures listed in the outsourcing policy document, the outsourcing agreement and the service-level agreements pertaining to IT systems, among other measures," Sebi said.