|Issue and Effective Date
|6, April 2023
|Date of Next Review
|Within in 12 months from effective date
|Periodicity of Review
|Board of Directors
|Role of the Company, Regulatory and Supervisory Requirements
|Role of the Board and Senior Management
|Indicative List of Activities that can be Outsourced
|Activities not to be Outsourced
|Assessment and Due Diligence of the Service Providers – Selection, Verification and Renewal
|Service Level Agreement / Outsourcing Agreement (SLA)
|Comprehensive Risk Management Program to address the outsourced activities
|Grievance Redressal Mechanism
|Confidentiality and Security
|Business Continuity and Management of Disaster Recovery Plan
|Monitoring and Control of Outsourced Activities
|Reporting of transactions to FIU or other competent authorities
|Outsourcing within a Group/ Conglomerate
|Maintenance of Recordss
|Review of Policy
This Policy shall be termed as Outsourcing Policy of FASHION TRADES & AGENCIES PRIVATE LIMITED (“The Company” or “FTAPL”) . The terms in this policy shall be considered as defined by the Reserve Bank of India in its Directions on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs and other various directions, guidelines as issued and may be issued from time to time and, or as defined herein below.
Outsourcing involves transferring financial activities to the third party (either an affiliated entity within a corporate group or an entity that is external to the corporate group) to activities on a continuing basis that would normally be undertaken by the NBFC itself, now or in the future. Perform significantly.
The outsourcing of activities falls within the purview of guidelines of the Reserve Bank of India (“RBI”) on “Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs” issued on November 9, 2017 (Including amendment thereof) which requires the non-banking financial companies to formulate an outsourcing policy. In compliance with these RBI guidelines, this outsourcing policy (“Policy”) has been framed by the Company duly approved by its Board of Directors.
Outsourcing always involves a considerable degree of two-way information exchange, coordination and trust. Outsourced financial services include applications processing (loan origination), document processing, marketing and research, supervision of loans, data processing and back office related activities etc. Outsourcing business is often characterized by expertise not inherent to the core of the client organization.
The outsourcing of financial activities with in regulatory preview with an objective to:
1. Protect the interest of the customers of NBFCs, and
2. To ensure that the NBFC concerned and the Reserve Bank of India have access to all relevant books, records and information available with service provider.
FTAPL has aim to serve credit facilities to untapped peoples of society in fair, transparent, and speedy manner in keeping its mission “to serve the unserved portion of salaried indiviuals, students, small businessmen, entrepreneurs, and MSMEs in cost-effective and timely manner so that it ultimately leads to economic growth of country.”, to achieve our mission and to maintain lean operations, several business-critical processes are required to be outsourced to external service providers (“the Service Provider”). Needless to say, the Company’s service delivery may get significantly hampered if these Service Providers do not deliver their services as per agreed norms.
In this Policy, unless expressly defined otherwise in this Policy, the capitalized terms shall have the following meanings:
“Arrangement” means an agreement with a service provider wherein such service provider agrees/ promises to provide necessary services using its own staff and equipment, and usually at its own facilities;
“Board of Directors” or “Board” in relation to the Company, means the collective body of the Directors of the Company;
“Business-critical Processes” means the processes essential for carrying out operations of the Company which does not include its core management functions”
“Code of Conduct” means a set of rules outlining the rules and responsibilities of the Board, Senior Management, Direct Sales Agents (DSA), Direct Marketing Agents (DMA) and/or Recovery Agents, Lending service provider;
“Continuing basis” includes agreements for a limited period;
“Material Outsourcing” means such arrangements which, if disrupted, have the potential to significantly impact the business operations, reputation, profitability or customer service, and the materiality of outsourcing would be determined based on
• the level of importance of the activity being outsourced, and significance of the risk posed by the same, to the Company;
• the potential impact of the outsourcing on the Company on various parameters such as earnings, solvency, liquidity, funding capital and risk profile;
• the likely impact on the Company’s reputation and brand value, and ability to achieve its business objectives, strategy and plans, should the Service Provider fail to perform the service;
• the cost of the outsourcing as a proportion of total operating costs of the Company;
• the aggregate exposure to that particular Service Provider, in cases where the Company outsources various functions to the same Service Provider; and
• the significance of activities outsourced in context of customer service and protection.
“Outsourcing” means the Company’s use of a third party (either an affiliated entity within a Company group or an entity that is external to the Company group) to perform activities on a continuing basis that would normally be undertaken by the Company itself, now or in the future;
“Senior Management” comprises of the Key Managerial Personnel of the Company, Business/Unit Heads and such other employees as authorized by the Company from time to time;
“Service Level Agreement” or “Outsourcing Agreement” means a contract between a service provider (either internal or external) and the Company that defines the level, terms & conditions of service expected from the Service Provider.
“Service Provider” means any third party (either an affiliated entity within FTAPL group or an entity that is external to FTAPL group) that performs business-critical services on the continuing basis (includes arrangements for a limited period) that would normally be undertaken by the Company itself, now or in the future. The services provided must be necessary for continuity of business processes and include, inter alia, the following:
1. Services that aid in credit appraisal such as tele-verification, providing credit reports, field investigation, title search, etc.; 2. Services that aid in customer file verification, storage and in-warding and resolution of customer queries;
3. Services that aid in the collection of payments from the customers, legal services, repossession services, etc;
4. IT services including both software (owned and as a service) and hardware; and
5. Such other services which are essential to business continuity as per the Company from time to time, unless otherwise specified in this Policy.
4. Role of the Company, Regulatory and Supervisory Requirements
The Company, through the Senior Management or the respective Head of Departments, Business/Unit heads shall ensure that:
1. Outsourcing arrangement of any activity by the Company does not diminish its obligations and/or ability to fulfill its obligations to customers and RBI, and those of its Board and Senior Management who have the ultimate responsibility for the outsourced activity.
2. Outsourcing arrangement does not impede effective supervision of the RBI over such activities.
3. Outsourcing arrangement shall not affect the rights of a customer against the Company, including ability of the customer to obtain redressal of his/her grievance as per the provisions of this Policy or the applicable laws.
4. Ultimate control of the outsourced activity remains with the Company as it is responsible for confidentiality of the customers’ information available with its Service Providers and it may also be held responsible for the actions of its Service Providers including Direct Sales Agents, Direct Marketing Agents, Recovery Agents, and Lending Service provider;
5. Applicable provisions of the relevant laws, regulations, guidelines and conditions of approval, licensing and registration are considered while doing due diligence of the Service Provider in relation to outsourcing;
6. The Service Provider including its location, whether in India or abroad, shall not impede or interfere with the ability of the Company to effectively oversee and manage its activities and shall also not impede the RBI in carrying out its supervisory functions and objectives;
7. Clause shall be incorporated in the product literature/ brochures, etc., stating that the Company may use the services of agents in sales and marketing, etc. of the products, and if possible, role of such agents may be indicated in broad terms;
8. The Service Provider (other than Group Company) is not owned or controlled by any director of the Company or their relatives (as defined in the Companies Act, 2013).
5. Role of the Board and Senior Management
Role of Board: The Board of Directors of the Company shall prepare/review/approve an outsourcing policy, in accordance with the applicable laws and the RBI guidelines.
An indicative list of activities that may be considered for outsourcing is as under:
Lead sourcing activity
Digital Marketing services
Other Marketing services
Application processing (loan origination)
Documents quality check
Storage of documents
Credit Underwriting support
Research and marketing
Supervision of loans
Recovery and repossession
Back office-related activities
Risk Control Unit
The above list is indicative only and not exhaustive. Additional activities within the definition of outsourcing can also be outsourced by the Company.
The respective Head of Departments and board of directors shall ensure that
(i) the Company is not entering into any outsourcing arrangement which would result in compromising or weakening of internal control, business conduct or reputation of the Company;
(ii) the Company is not outsourcing its core management functions including Internal Audit, Strategic and Compliance functions and decision-making functions such as determining compliance with KYC norms for opening high risk loan accounts, according sanction for loans (including retail loans,) and management of investment portfolio. However, Internal Auditor can be appointed on a contract basis.
One of the objectives of this Policy, in keeping with the values of the Company, is to recognize and enlist suitable service providers commensurate with their capabilities and to provide all service providers equitable opportunities. This ensures consistency, fair play and transparency in selection of service providers who are quality conscious.
The respective Head of Departments must exercise due care, skill and diligence in the selection of the Service Providers in order to ensure that the Service Provider has the ability and capacity to undertake the provision of the services effectively. Due diligence shall take into consideration qualitative and quantitative, financial, operational and reputational factors which are as follows:
How long has the Service Provider been in business years in handling the outsourcing business?
Description of the Service Provider’s business model.
Scale of operations of the Service Provider.
Service Provider’s financial condition. Service Provider's areas of expertise.
Service Provider’s onshore and offshore capabilities.
Factual proofs that the Service Provider has a background in projects similar to the Company.
Therefore, due diligence will also involve an evaluation of all the available information about the Service Provider, including but not limited to:
1. Past experience and competence to implement and support the proposed activity over the contracted period;
2. Financial soundness and ability to service commitments even under adverse conditions;
3. Business reputation and culture, compliance, complaints and outstanding or potential litigation;
4. Security and internal control, audit coverage, reporting and monitoring environment, Business continuity management; and
5. Ensuring due diligence of its employees by the Service Provider.
The Service Provider, if not a FTAPL group company, should not be owned or controlled by any director of the Company or their relatives.
In considering renewal of an outsourcing arrangement, the concerned Head of Department shall perform appropriate due diligence to assess the capability of the Service Provider to comply with obligations in the outsourcing agreement. Apart from considering the qualitative, quantitative, financial, operational and reputational factors as mentioned above, they should consider compatibility of the Service Provider’s system with the Company’s system, issues relating to undue concentration of outsourcing arrangements with a single Service Provider, reviews and market feedback on the Service Provider (if available).
This Policy shall be communicated to all vertical/functional heads and other concerned persons of the Company who shall evaluate and guard against the following risks in outsourcing by the Company:
• Strategic Risk – Where the Service Provider conducts business on its own behalf, inconsistent with the overall strategic goals of the Company.
• Reputation Risk – Where the service provided is poor and customer interaction is not consistent with the overall standards expected of the Company.
• Compliance Risk – Where privacy, consumer and prudential laws are not adequately complied with by the Service Provider.
• Operational Risk – Arising out of technology failure, fraud, error, inadequate financial capacity to fulfil obligations and / or to provide remedies.
• Legal Risk – Where the Company is subjected to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements due to omissions and commissions of the Service Provider.
• Exit Strategy Risk – Where the Company is over-reliant on one firm, the loss of relevant skills in the Company itself preventing it from bringing the activity back in-house and where the Company has entered into contracts that make speedy exits prohibitively expensive.
• Counter party Risk – Where there is inappropriate underwriting or credit assessments.
• Contractual Risk – Where the Company may not have the ability to enforce the contract.
• Concentration and Systemic Risk – Where the overall industry has considerable exposure to one Service Provider and hence the Company may lack control over the Service Provider.
• Country Risk – Due to the political, social or legal climate creating added risk.
The risks and materiality of all the existing and prospective outsourcing shall be reviewed by the Head of Departments and by the Board/Committee (if required) from time to time as may be necessary. In the Outsourcing Agreement, the Company shall be provided with a right to conduct audits on the Service Provider whether by its internal or external auditors, or by agents appointed to act on its behalf and to obtain copies of any audit or review reports and findings made on the Service Provider in conjunction with the services performed for the Company.
If the customer wants to file a complaint on the aforementioned ground then he or she can file an complaint by using the aforementioned compliant channel, however if valid complaint is not resolved within the given timeframe or the customer is not satisfied with the given resolution, then he or she can raise their concerns by following the escalation procedure explained hereinafter. In order to escalate a complaint to the next level, the customer will be required to share their ticket/ complaint number. Further, the turnaround time mentioned under each escalation stage shall apply only when the aforesaid escalation matrix is followed The Company shall provide for a Three-Stage Grievance Redressal Mechanism to resolve any of its customers query or grievance:
If customer is not satisfied with the resolution provided by the customer care department then that customer may register their query/ complaint to the Grievance Redressal Officer. The details of the Grievance Redressal Officer are given as follows:
|Name of the Grievance Redressal Officer
|Mr. Rajesh Gupta
Complaint to GRO shall be filed within 7 working days from the date of last resolution from customer care department.
If the customer is not satisfied with the resolution provided by Grievance Redressal Officer or the complaint is not resolved satisfactorily then customer may register their query/ complaint to Nodal officer of company. The details of nodal officer is given below:
|Name of the nodal officer
|Mr. Bishwajit Ghosh
Complaint to NO shall be filled within 10 working days from the date of last resolution from GRO. 15 working days from the date of last resolution from NO.
If the customer is not satisfied with the redressed provided by the above-mentioned channels then the compliant may escalate his/her grievance to the ombudsman of the Reserve Bank Of India on given below address:
C/o Reserve Bank of India
15, Netaji Subhash Road
STD Code: 033
Telephone No: 22310217
Fax No: 22305899
The Company, through the concerned Head of Departments, shall ensure that:
1. The Service Providers have developed and established a robust documented and tested framework for business continuity and recovery procedures which shall be reviewed on annual basis;
2. A notice period is incorporated in the Outsourcing Arrangement in order to mitigate the risk of unexpected termination thereof or liquidation of the Service Provider. To deal with such situation, an appropriate level of control and right to intervene shall be retained in the Outsourcing Arrangement with appropriate measures to continue the business operations of the Company without incurring prohibitive expenses and without any break in services to the customers of the Company;
3. Alternative Service Providers are available or there is a possibility of bringing the outsourced activity back in-house in case of emergency.
4. The Service Providers are able to isolate the Company’s information, documents and records, and other assets, and to ensure this, a clause may be incorporated in the Outsourcing Arrangement that after the termination of the contract, the Company can take back all the documents, records of transactions and information given to the Service Provider in order to continue its business operations, or otherwise delete, destroy or render unusable the same.
The Head of Departments shall monitor and control the outsourcing activities of the Company and shall ensure that outsourcing agreements with the Service Provider contain provisions to monitor and control the outsourced activities. The Head of Departments shall meet on a half-yearly basis for the following purposes:
1. To review the central record of all Material Outsourcing maintained by the Company. The said records shall be updated promptly and half yearly reviews will be placed before the board or Committee.
2. To review, on annual basis, the financial and operational condition of the Service Provider so as to assess its ability to continue to meet its outsourcing obligations. Such due diligence reviews, which will be based on all available information about the Service Provider will highlight any deterioration or breach in performance standards, confidentiality and security, and in business continuity preparedness.
The respective Head of Departments shall ensure that:
1. In the event of termination of the outsourcing agreement for any reason in cases where the Service Provider deals with the customers, the same shall be publicized by displaying at a prominent place in the branch, posting it on the web-site and informing the customers, so as to ensure that the customers do not continue to deal with the Service Provider.
2. Reconciliation of transactions between the Company and the Service Provider (and/or its sub-contractor) are carried out in a timely manner in case of outsourcing arrangements requiring reconciliation of transactions, for example, outsourcing of cash management. An ageing analysis of entries pending reconciliation with the Service Providers shall be placed before the Committee of the Board and the efforts shall be made to reduce the old outstanding items therein at the earliest.
3. A robust system of internal audit of all the outsourced activities is in place and monitored by the board/Committee of the Company.
4. Regular audits are conducted by senior management of the Company to assess the adequacy of the risk management practices adopted in overseeing and managing the outsourcing arrangement, the Company’s compliance with its risk management framework and the requirements of the RBI guidelines.
The respective Head of Departments shall provide the Currency Transactions Reports and Suspicious Transactions Reports to FIU or any other competent authority in pursuance of prevention of money laundering act read prevention of money laundering rules 2005 with the in respect of the Company’s customer-related activities carried out by the Service Providers.
In case of outsourcing of any activity within the group companies, the respective Head of Departments shall ensure that
1. Arm’s length distance is maintained in such outsourcing in terms of premises, manpower, decision-making, record keeping, etc. for avoidance of potential conflict of interests between the Company and such Service Provider and accordingly necessary disclosures in this regard shall be made as part of the outsourcing agreement;
2. The customers are informed specifically about the company which is actually offering the product/ service in case of involvement of multiple group entities involved or cross selling of products;
3. The outsourcing agreement shall address the provisions including scope of services, charges for the services and maintaining confidentiality of the customer's data; 4. The arrangement shall not lead to any confusion to the customers on whose products/ services they are availing by clear physical demarcation of the space where the activities of the Company and those of its other group entities are undertaken;
5. The arrangement do not compromise the ability to identify and manage risk of the Company on a stand-alone basis;
6. The arrangement do not prevent the RBI from being able to obtain information required for the supervision of the Company or pertaining to the group as a whole;
7. The outsourcing agreement must have a clause that there is a clear obligation for any service provider to comply with directions given by the RBI in relation to the activities of the Company;
8. Their ability to carry out their operations in a sound fashion would not be affected if premises or other services (such as IT systems, support staff) provided by the group entities become unavailable;
9. If the premises of the Company are shared with the group entities for the purpose of crossselling, the Company shall take measures to ensure that the entity's identification is distinctly visible and clear to the customers;
10. The marketing brochure used by the group entity and verbal communication by its staff / agent in the Company premises shall mention nature of arrangement of the entity with the Company so that the customers are clear about the seller of the product;
11. The Company shall not publish any advertisement or enter into any agreement stating or suggesting or giving tacit impression that they are in any way responsible for the obligations of its group entities.
12. The risk management practices expected to be adopted by the Company while outsourcing to a related party (i.e. party within the Group / Conglomerate) would be identical to those specified above.
The records relating to all the activities outsourced shall be preserved centrally either at the registered office of the Company or such other location as may be approved by the Board, so that these records are readily accessible for review by the Board and Senior Management of the Company, as and when required. Such records shall be updated promptly by any person authorized by the Board and/or its committee and half yearly reviews shall be placed before the Committee.
This Policy shall be reviewed at regular intervals or as and when considered necessary by the Board of Directors/Committee of the Company.