Outsourcing Policy

Brickwork Ratings has put in place an outsourcing policy, based on SEBI circular CIR/MIRSD/24/2011 December 15, 2011.

    Introduction

    All Credit Rating Agencies are required to have an Outsourcing Policy as per the comprehensive guidelines for outsourcing provided by SEBI, in a circular dated Dec 15, 2011, with a view to protect the interests of investors in securities and to promote the development of, and to regulate the securities market. This circular is available on SEBI website at www.sebi.gov.in under the categories “Legal Framework” and “Circulars”.

    The guidelines seek to mitigate the risks associated with outsourcing including operational risk, reputational risk, legal risk, strategic risk, systemic risk, and others.

    Statement of Purpose

    This Outsourcing Policy is consistent with the “Guidelines on Outsourcing of Activities by Intermediaries” issued by the Securities and Exchange Board of India (SEBI), and ensures that:

    • BWR renders at all times high standards of service and exercises due diligence and ensures proper care in their operations.

    • BWR follows prudent and responsive practices on management of risks arising out of outsourcing with a view to preventing negative systematic impact and to protect the interests of investors.

    • This policy document constitutes a policy framework, procedures, and restrictions, which will govern all outsourcing activities carried out by Brickwork Ratings. This policy will provide guidance to BWR in assessing the requirement of Outsourcing activities of BWR which are non-core in nature and can be appropriately outsourced to third Parties.

    Key Definitions

    For the purposes of this policy, the terms below shall have the following meanings:

    1. Outsourcing : The use of one or more than one third party – either, within or outside BWR group (referring to BWR India Pvt Ltd and its subsidiaries and group companies) by BWR to perform the activities associated with the credit ratings services on a continuous basis.
    2. Third Party : The entity to which an activity is outsourced by BWR.
    3. Regulator : Securities and Exchange Board of India (SEBI).

    Applicability of the Policy

    This policy shall be applicable to all outsourcing arrangements (as defined under this policy) entered into by BWR with a third-party service provider.

    Activities that cannot be outsourced

    BWR will not outsource any of the below mentioned core business activities:

    • Activities within the credit ratings division that influence the decision of the management in the process of offering services to clients

    • “Analytical” activities such as assignment of credit ratings; surveillance of assigned credit ratings; and development of rating criteria

    • Compliance function

    Activities that can be outsourced

    Activities that are not “core” including business development, tele-calling for follow up of data or fees, follow-up for sourcing data or other activities like Legal, Finance, IT, Admin, HR, and any other activities that are not involved in delivering services to BWR clients, may be outsourced and shall be covered under this policy guidelines.

    Activities not considered as outsourcing

    The below situations will not be considered as “outsourcing” and hence shall not be governed by this policy:

    • Services of a Third Party engaged on a one-time basis

    • Hiring professionals as consultants to perform a part of an activity where such associates are fully supervised by BWR employees and are provided BWR email IDs and work on BWR computer systems

    • Housekeeping, catering, cab/transport and other such services that are part of the facilities and admin department

    Risk Management practices for outsourced Services

    1. Risk Assessment
    2. BWR shall conduct an assessment of outsourcing risk by considering the following:

      • The impact on the financial, reputational, and operational performance of BWR owing to the failure of a third party to adequately perform their service
      • The backup arrangements by BWR to manage the work, in case of non-performance or failure by a third party
      • Regulatory status of the third party, including its fitness and probity status
      • Any conflict of interest between BWR and the third party and the measures put in place by BWR to address such potential conflicts
    3. Due Diligence of the Service Provider
    4. BWR shall be fully liable and accountable for the activities that are being outsourced and ensures that the rights of an investor or client are not impacted in any way. BWR shall conduct appropriate due diligence in selecting and monitoring the third party, ensuring that outsourcing arrangements neither diminish BWR’s ability to fulfil its obligations to customers and regulators, nor impede effective supervision by the regulators.

    5. The Outsourcing Agreement
    6. BWR will govern all outsourcing relationships through legally binding, standard contract agreements. Contracts will clearly define the scope of work, expected service and performance levels; and provide for confidentiality, mutual rights, obligations and responsibilities, liabilities, termination clauses and allow for BWR to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations.

    7. Confidentiality and Security
    8. BWR shall take appropriate steps to ensure that third parties protect confidential information of both BWR and its customers from intentional or inadvertent disclosure to unauthorised persons; and do not in any way misuse or misappropriate such confidential information. BWR shall prevail upon the third party to ensure that the employees of the third party have limited access to the data handled and only on a “need to know” basis and the third party shall have adequate checks and balances to ensure the same. Wherever the third-party acts as an outsourcing agent for multiple CRAs, BWR shall ensure that strong safeguards are put in place by the third-party to avoid co-mingling of information, documents, records and assets.

    9. Business Continuity and Management and Disaster Recovery Plan
    10. BWR and its third parties shall establish and maintain contingency plans at the third party or at BWR in the event of non-performance by the third party and ensure that third party maintains appropriate IT security and robust disaster recovery capabilities.

    11. Conflict of Interest
    12. BWR may use one of its group companies or subsidiaries as a third party, however for avoidance of potential conflict of interests, systems shall be put in place to have an arm’s length distance between BWR and the third party in terms of infrastructure, manpower, decision-making, record keeping, etc., as well as risk management practices that are identical to those followed while outsourcing to an unrelated party. Necessary disclosures in this regard shall be made to the Board.

    13. Record Keeping
    14. The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the BWR Board and / or its senior management, as and when needed. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the BWR.

    Reporting requirements

      BWR shall report to Financial Intelligence Unit (FIU) for any suspicious transactions / reports or any other competent authority in respect of activities carried out by the third parties.

    Monitoring and Review of Outsourced Activities

    1. A Committee consisting of the Compliance Officer and Finance Manager shall be the approving authority for permitting any outsourcing activity and selection of Third Party. Any clarification regarding the policy may be obtained from the Compliance Officer.
    2. Annual reviews by company auditors of the outsourcing policies, risk management system and requirements of the regulator, shall be done to assess the third parties’ ability to continue to meet its outsourcing obligations. This report shall be presented to the Board.
    3. The BWR Board shall ensure that all ongoing outsourcing decisions taken by BWR and the activities undertaken by the relevant third-party, are in keeping with this policy. The Board may mandate reviews of risk management system and requirements as stipulated by SEBI through internal or external auditors, wherever felt necessary.

    Date 07 September 2022