{"id":1748,"date":"2025-09-23T06:38:50","date_gmt":"2025-09-23T06:38:50","guid":{"rendered":"https:\/\/successstarsbeta.com\/client\/hypothesys\/?page_id=1748"},"modified":"2025-11-17T11:53:25","modified_gmt":"2025-11-17T11:53:25","slug":"legal-framework","status":"publish","type":"page","link":"https:\/\/successstarsbeta.com\/client\/hypothesys\/legal-framework\/","title":{"rendered":"Legal Framework"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"1748\" class=\"elementor elementor-1748\">\n\t\t\t\t<div class=\"elementor-element elementor-element-9589c3b e-flex e-con-boxed wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-parent\" data-id=\"9589c3b\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d47bd21 elementor-widget elementor-widget-heading\" data-id=\"d47bd21\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Legal Framework<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ca0ca12 elementor-absolute brandlogo elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-image\" data-id=\"ca0ca12\" data-element_type=\"widget\" data-settings=\"{&quot;_position&quot;:&quot;absolute&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"220\" height=\"224\" src=\"https:\/\/successstarsbeta.com\/client\/hypothesys\/wp-content\/uploads\/2025\/09\/Layer-1.png\" class=\"attachment-full size-full wp-image-2380\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-64e8ffc sectionmain leftmenu leftmenus stickymenu e-flex e-con-boxed wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-parent\" data-id=\"64e8ffc\" data-element_type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-e718cea e-con-full leftmenu leftmnuep elementor-hidden-tablet elementor-hidden-mobile e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"e718cea\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-4425312 e-con-full leftbar frameworkleft e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"4425312\" data-element_type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b574a33 elementor-widget elementor-widget-heading\" data-id=\"b574a33\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">INDEX<\/h2>\t\t\t\t<\/div>\n\t\t<a class=\"eael-wrapper-link-84b6da0 --eael-wrapper-link-tag\" href=\"#rbi-guidelines\"><\/a>\t\t<div data-eael-wrapper-link=\"eael-wrapper-link-84b6da0\" class=\"elementor-element elementor-element-84b6da0 elementor-widget elementor-widget-text-editor\" data-id=\"84b6da0\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>(I) RBI Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by banks:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t<a class=\"eael-wrapper-link-8eb26fa --eael-wrapper-link-tag\" href=\"#draft-master\"><\/a>\t\t<div data-eael-wrapper-link=\"eael-wrapper-link-8eb26fa\" class=\"elementor-element elementor-element-8eb26fa elementor-widget elementor-widget-text-editor\" data-id=\"8eb26fa\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>(II) Draft Master Direction &#8211; Reserve Bank of India (Managing Risks and Code of Conduct in Outsourcing of Financial Services) Directions, 2023<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t<a class=\"eael-wrapper-link-8965ef4 --eael-wrapper-link-tag\" href=\"#dataprotection\"><\/a>\t\t<div data-eael-wrapper-link=\"eael-wrapper-link-8965ef4\" class=\"elementor-element elementor-element-8965ef4 elementor-widget elementor-widget-text-editor\" data-id=\"8965ef4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>(III) The Digital Personal Data Protection (DPDP) Act, 2023<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d284a45 e-con-full right-content e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"d284a45\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-dd9d920 elementor-widget elementor-widget-text-editor\" data-id=\"dd9d920\" data-element_type=\"widget\" id=\"thebelow\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The below forms the legal framework under which a bank can engage truHypothesys Risk Solutions as a service provider and share data of hypothecated loan receivables statement and loan pool data for the services of risk solutions in terms of monitoring security interest of on-lending debt and loan assets acquired as part of buy-out transactions.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-548a1a4 e-con-full rbi-guideline-row e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"548a1a4\" data-element_type=\"container\" id=\"rbi-guidelines\">\n\t\t<div class=\"elementor-element elementor-element-3a12d44 e-con-full rbi-guideline-left e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"3a12d44\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-63426d5 elementor-widget elementor-widget-heading\" data-id=\"63426d5\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">(I)<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-510fbfb e-con-full rbi-guideline-right e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"510fbfb\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-59d0bcb elementor-widget elementor-widget-heading\" data-id=\"59d0bcb\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><a href=\"https:\/\/www.rbi.org.in\/scripts\/NotificationUser.aspx?Id=9597&#038;Mode=0\"><p class=\"guidelines-text\">\n  According to the current RBI Guidelines on Managing Risks and Code of Conduct in<br>\n  Outsourcing of Financial Services by banks\n  <span class=\"end-icon\">: \n    <img decoding=\"async\" src=\"https:\/\/successstarsbeta.com\/client\/hypothesys\/wp-content\/uploads\/2025\/09\/ArrowSquareOut.svg\" alt=\"arrow\">\n  <\/span>\n<\/p>\n<\/a><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bf32cbb elementor-widget elementor-widget-html\" data-id=\"bf32cbb\" data-element_type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t\t<link rel=\"preconnect\" href=\"https:\/\/fonts.googleapis.com\">\r\n<link rel=\"preconnect\" href=\"https:\/\/fonts.gstatic.com\" crossorigin>\r\n<link href=\"https:\/\/fonts.googleapis.com\/css2?family=JetBrains+Mono:ital,wght@0,100..800;1,100..800&display=swap\" rel=\"stylesheet\">\r\n\r\n\r\n<style>\r\n.guidelines-table tbody tr td:nth-child(1) {\r\n    padding: 10px 66px 10px 10px;\r\n}\r\n.guidelines-table tbody tr td:nth-child(3) {\r\n    padding: 10px 65px 10px 10px;\r\n}\r\n  .guidelines-table {\r\n    width: 100%;\r\n    border-collapse: collapse;\r\n    margin: 0px 0;\r\n    border-radius: 5px;\r\n    overflow: hidden;\r\n  }\r\n\r\n  .guidelines-table thead {\r\n    background-color: #F0F1F4;\r\n  }\r\n\r\n  .guidelines-table th {\r\n    text-align: left;\r\n    padding: 10px 12px;\r\n    font-size: 16px;\r\n    font-weight: 500;\r\n    text-transform: uppercase;\r\n    color: #6B6B73;\r\n    letter-spacing: 2px;\r\n    font-family: JetBrains Mono;\r\n    line-height: 20px;\r\n    border:none;\r\n    \r\n}\r\n\r\n  .guidelines-table td {\r\n    padding: 14px;\r\n    border: 1px solid #00000021;\r\n    vertical-align: top;\r\n    font-size: 16px;\r\n    color: #000000;\r\n    font-family: inter;\r\n    line-height: 20px;\r\n    letter-spacing: -0.4px;\r\n    font-weight: 500;\r\n    background-color:#fff;\r\n}\r\n\r\n  .guidelines-table th:first-child {\r\n    border-top-left-radius: 8px;\r\n  }\r\n  .guidelines-table th:last-child {\r\n    border-top-right-radius: 8px;\r\n  }\r\n\r\n  .guidelines-table tr:nth-child(even) {\r\n    background-color: #fafafa;\r\n  }\r\n<\/style>\r\n<div class=\"guidelines-table-wrapper\">\r\n<table class=\"guidelines-table\">\r\n  <thead>\r\n    <tr>\r\n      <th>Guidelines<\/th>\r\n      <th>Reference<br> (Paragraph)<\/th>\r\n      <th>Implications Relevant to TruHypothesys Risk Solutions<\/th>\r\n    <\/tr>\r\n  <\/thead>\r\n  <tbody>\r\n    <tr>\r\n      <td>\r\n        Typically outsourced financial services include applications processing (loan origination, credit card), \r\n        document processing, marketing and research, supervision of loans, data processing and back office related activities etc.\r\n      <\/td>\r\n      <td>1.1<\/td>\r\n      <td>\r\n        Monitoring of security interest is an important activity when it comes to supervision of on-lending debt as well as \r\n        loans acquired under pool buy-outs \/ securitisation.\r\n      <\/td>\r\n    <\/tr>\r\n    <tr>\r\n      <td>\r\n        Banks which desire to outsource financial services would not require prior approval from RBI whether the service provider is located in India or outside India\r\n      <\/td>\r\n      <td>1.6 (i)<\/td>\r\n      <td>\r\n        The decision to outsource the specific activity of monitoring security interest or underlying pool loans acquired \r\n        and availing such services from truHypothesys Risk Solutions will not require explicit prior approval from RBI \r\n        and is already being addressed by the relevant guidelines.\r\n      <\/td>\r\n    <\/tr>\r\n    <tr>\r\n      <td>\r\n        The bank should ensure that the service provider is able to isolate and clearly identify the bank\u2019s customer information,<br> \r\n        documents, records and assets to protect the confidentiality of<br> the information. In instances, where service provider \r\n        acts as <br>an outsourcing agent for multiple banks, care should be taken to build strong safeguards so that there is \r\n        no co-mingling of information\/documents, records and assets.\r\n      <\/td>\r\n      <td>5.6.3<\/td>\r\n      <td>\r\n        a) Outsourced activity can involve sharing customer information albeit with steps to maintaining security and confidentiality \r\n        of the customer information. This allows sharing of customer information with truHypothesys Risk Solutions while we undertake \r\n        all necessary measures to ensure security and confidentiality of the customer information being shared. We will ensure necessary \r\n        controls are put in place to ensure there is no co-mingling of customer information and required compliance is being met.<br><br>\r\n        b) truHypothesys Risk Solutions is allowed to provide similar services to multiple banks\r\n      <\/td>\r\n    <\/tr>\r\n  <\/tbody>\r\n<\/table>\r\n<\/div>\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-3d498aa e-con-full rbi-guideline-row e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"3d498aa\" data-element_type=\"container\" id=\"dpdp-act\">\n\t\t<div class=\"elementor-element elementor-element-c267bc7 e-con-full rbi-guideline-left e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"c267bc7\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2a37a9a elementor-widget elementor-widget-heading\" data-id=\"2a37a9a\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">(II)<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-5fe2b56 e-con-full rbi-guideline-right e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"5fe2b56\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-18aa8ad elementor-widget elementor-widget-heading\" data-id=\"18aa8ad\" data-element_type=\"widget\" id=\"draft-master\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><a href=\"https:\/\/www.rbi.org.in\/Scripts\/BS_PressReleaseDisplay.aspx?prid=56630\"><p class=\"guidelines-text\">\n  Draft Master Direction - Reserve Bank of India (Managing Risks and Code of Conduct in Outsourcing of Financial Services) Directions, 2023:\n  <span class=\"end-icon\">\n    <img decoding=\"async\" src=\"https:\/\/successstarsbeta.com\/client\/hypothesys\/wp-content\/uploads\/2025\/09\/ArrowSquareOut.svg\" alt=\"arrow\">\n  <\/span>\n<\/p>\n<\/a><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6998a8c elementor-widget elementor-widget-text-editor\" data-id=\"6998a8c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"back\" style=\"color: #000;\">Background<\/span>: RBI had invited comments on the above after it was announced in the Statement on Developmental and Regulatory Policies issued as part of the Monetary Policy Statement dated August 05, 2022, that the RBI will issue a draft Master Direction on Managing Risks and Code of Conduct in Outsourcing of Financial Services.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6f3036b elementor-widget elementor-widget-text-editor\" data-id=\"6f3036b\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The draft Master Directions covers many of the existing guidelines on outsourcing of financial<br \/>services. In addition, new directions are also being reckoned.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-13102f0 elementor-widget elementor-widget-html\" data-id=\"13102f0\" data-element_type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t\t<div class=\"guidelines-table-wrapper\"> \r\n<table class=\"guidelines-table\">\r\n  <thead>\r\n    <tr>\r\n      <th>Draft Master Directions<\/th>\r\n      <th>Reference (Paragraph)<\/th>\r\n      <th>Implications Relevant to TruHypothesys Risk Solutions<\/th>\r\n    <\/tr>\r\n  <\/thead>\r\n  <tbody>\r\n    <tr>\r\n      <td>\r\n        REs (regulated entities such as banks) desirous of outsourcing of financial services shall not require prior approval from the Reserve Bank of India (RBI).\r\n      <\/td>\r\n      <td>3. (Purpose)<\/td>\r\n      <td>\r\n        Outsourcing of financial services by banks in compliance with the directions will not require prior approval from the RBI (in the context of appointing truHypothesys Risk Solutions as service provider for monitoring on-lending security interest and such services)\r\n      <\/td>\r\n    <\/tr>\r\n    <tr>\r\n      <td>\r\n        Access to customer information by staff of the service provider shall be on \u2018need to know\u2019 basis, i.e., limited to those areas where the information is required in order to perform the outsourced function.\r\n      <\/td>\r\n      <td>15.2<\/td>\r\n      <td>\r\n        This clause implies that banks can share customer information with the service provider such as truHypothesys Risk Solutions for the need to monitor security interest of on-lending debt and loan assets acquired under pool buy-out transactions.\r\n      <\/td>\r\n    <\/tr>\r\n    <tr>\r\n      <td>\r\n        Sharing of data by the RE (regulated entity such as bank) with the service provider shall be through secure channels. Both sharing and storage of data with the service provider shall be in an encrypted manner. The RE shall also ensure that there is a structured process in place for secured removal\/ disposal\/ destruction of data by the service provider.\r\n      <\/td>\r\n      <td>15.3<\/td>\r\n      <td>\r\n        The clause describes the minimum requirements in terms of infrastructure and manner in which data could be shared with a service provider such as truHypothesys Risk Solutions. This also means truHypothesys Risk Solutions will build necessary process, technology and infrastructure for the purpose of sharing and processing of customer data2.\r\n      <\/td>\r\n    <\/tr>\r\n    <tr>\r\n      <td>\r\n        In instances where service provider acts as an outsourcing agent for multiple REs, care shall be taken to build adequate safeguards so that there is no co-mingling of assets, documents, information and records.\r\n      <\/td>\r\n      <td>15.4<\/td>\r\n      <td>\r\n        This acknowledges the fact that the service provider such as truHypothesys Risk Solutions will have other multiple banks and wholesale lenders as its clients. truHypothesys Risk Solutions will ensure necessary controls are put in place to ensure there is no co-mingling of customer information and required compliance is being met.\r\n      <\/td>\r\n    <\/tr>\r\n    <tr>\r\n      <td>\r\n        Examples of financial outsourcing arrangements: - claims administration (e.g., loan negotiation, loan processing, collateral management, collection of bad loans); As part of indicative list of some services that, when performed by a third party, would be regarded as financial outsourcing arrangements for the purposes of these Directions\r\n      <\/td>\r\n      <td>Annex I<br> 1. (iii)<\/td>\r\n      <td>\r\n        The directions, as an example, has clearly mentioned collateral management is one of the financial services activities that could be outsourced by banks. Collateral management, i.e. monitoring of security interest of on-lending debt, is an essential part of the scope of the services covered by truHypothesys Risk Solutions.\r\n      <\/td>\r\n    <\/tr>\r\n  <\/tbody>\r\n<\/table>\r\n<\/div>\r\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a1bbb66 e-con-full rbi-guideline-row e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"a1bbb66\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-efae039 e-con-full rbi-guideline-left e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"efae039\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-81c3a19 elementor-widget elementor-widget-heading\" data-id=\"81c3a19\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">(III)<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-3e5204a e-con-full rbi-guideline-right e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"3e5204a\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ed65e6a elementor-widget elementor-widget-heading\" data-id=\"ed65e6a\" data-element_type=\"widget\" id=\"dataprotection\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><p class=\"guidelines-text\">\nThe Digital Personal Data Protection (DPDP) Act, 2023 defines:\n<\/p>\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7d64f2a elementor-widget elementor-widget-html\" data-id=\"7d64f2a\" data-element_type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t\t<div class=\"guidelines-table-wrapper\">\r\n<table class=\"guidelines-table\">\r\n  <thead>\r\n    <tr>\r\n      <th>As per DPDP Act, 2023<\/th>\r\n      <th>Reference<br> (Clause)<\/th>\r\n      <th>Implications in the Context of TruHypothesys Risk Solutions<\/th>\r\n    <\/tr>\r\n  <\/thead>\r\n  <tbody>\r\n    <tr>\r\n      <td>\r\n        \u201cData Principal\u201d means the individual to whom the personal data relates and where such individual is\u2014<br>\r\n        (i) a child, includes the parents<br> or lawful guardian of such a child;<br>\r\n        (ii) a person with disability, includes her lawful guardian, acting on her behalf.\r\n      <\/td>\r\n      <td>Chapter I - <br>Preliminary <br>Clause 2. (j)<\/td>\r\n      <td>\r\n        Underlying borrowers\u2019 loan data in the hypothecated statement or loan pool\r\n      <\/td>\r\n    <\/tr>\r\n    <tr>\r\n      <td>\r\n        \u201cData Fiduciary\u201d means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data.\r\n      <\/td>\r\n      <td>Chapter I - <br>Preliminary <br>Clause 2. (i)<\/td>\r\n      <td>\r\n        - any borrowing NBFC;<br>\r\n        - bank or any wholesale lender of on-lending debt (secured by way of hypothecated loan receivables);<br>\r\n        - bank or any other investor in pool buy-out transactions\r\n      <\/td>\r\n    <\/tr>\r\n    <tr>\r\n      <td>\r\n        \u201cData Processor\u201d means any person who processes personal data on behalf of a Data Fiduciary;\r\n      <\/td>\r\n      <td>Chapter I - <br>Preliminary <br>Clause 2. (k)<\/td>\r\n      <td>\r\n        truHypothesys Risk Solutions (Service provider)\r\n      <\/td>\r\n    <\/tr>\r\n    <tr>\r\n      <td>\r\n        - A Data Fiduciary may engage, appoint, use or otherwise involve a Data Processor to process personal data on its behalf for any activity related to offering of goods or services to Data Principals only under a valid contract.<br>\r\n        - Where personal data processed by a Data Fiduciary is likely to be\u2014<br>\r\n        (a) used to make a decision that affects the Data Principal; or<br>\r\n        (b) disclosed to another Data Fiduciary, the Data Fiduciary processing such personal data shall ensure its completeness, accuracy and consistency.<br>\r\n        - A Data Fiduciary shall protect personal data in its possession or under its control, including in respect of any processing undertaken by it or on its behalf by a Data Processor, by taking reasonable security safeguards to prevent personal data breach.\r\n      <\/td>\r\n      <td>Chapter II - <br>Obligations of <br> Data Fiduciary<br> Clause 8<\/td>\r\n      <td>\r\n        An NBFC (data fiduciary) processes the data of underlying borrowers (data principals) in a statement of hypothecation and shares the same with its lender bank (another data fiduciary). Further a data fiduciary is allowed to share the data with a data processor, i.e. to draw parallel - a bank can engage a service provider such as truHypothesys Risk Solutions for the purposes of risk assessment of hypothecated receivables.<br><br>\r\n        An NBFC shares data of the underlying borrowers with its lender bank based on data principal\u2019s consent arising from the loan agreement executed between underlying borrowers and NBFC. Not just disclosing to the lender bank, an NBFC would have also taken the consent for sharing underlying borrowers\u2019 data with multiple institutions and agencies including credit bureaus to enable credit services.<br><br>\r\n        Therefore, we could conclude that lending bank as a data fiduciary could take consent from a borrowing NBFC to share the data of hypothecated loan receivables with truHypothesys Risk Solutions to process data on its behalf for risk assessment and monitoring of security interest purposes.\r\n      <\/td>\r\n    <\/tr>\r\n  <\/tbody>\r\n<\/table>\r\n<\/div>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-801d76f elementor-widget elementor-widget-text-editor\" data-id=\"801d76f\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">Conclusion<\/span>: When processing of the shared monthly\/quarterly data for risk monitoring, truHypothesys Risk Solutions will ensure adequate data protection of borrower data. We will do this by:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-3724385 e-con-full rbi-guideline-row e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"3724385\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-c8b44fd e-con-full rbi-guideline-left e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"c8b44fd\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e2634a3 elementor-widget elementor-widget-heading\" data-id=\"e2634a3\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">A<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-2ff4700 e-con-full rbi-guideline-right e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"2ff4700\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-230f6f1 elementor-widget elementor-widget-heading\" data-id=\"230f6f1\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Completely removing or encrypting the personally identifiable information of end borrowers (like Name, Aadhaar\/KYC, date of birth, address, father's name etc.) - this will ensure that any reports or support sta\ufb00 will not gain access to such information<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-5e6c6ff e-con-full rbi-guideline-row e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"5e6c6ff\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-31f7096 e-con-full rbi-guideline-left e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"31f7096\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a259779 elementor-widget elementor-widget-heading\" data-id=\"a259779\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">B<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-8d1f343 e-con-full rbi-guideline-right e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"8d1f343\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5466def elementor-widget elementor-widget-heading\" data-id=\"5466def\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Providing tools to encrypt the data (monthly book debt statements etc. in Excel files) before they are uploaded to our platform for Risk Monitoring so that these files uploaded are not misused in any way by anyone who has access to our system<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-733b547 e-con-full rbi-guideline-row e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"733b547\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-3c0215f e-con-full rbi-guideline-left e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"3c0215f\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-83b2359 elementor-widget elementor-widget-heading\" data-id=\"83b2359\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">C<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-bc90ee0 e-con-full rbi-guideline-right e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"bc90ee0\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c232eea elementor-widget elementor-widget-text-editor\" data-id=\"c232eea\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>We will ensure that there is no co-mingling of data of di\ufb00erent Banks and NBFCs:<\/p><ul><li>Our system will generate a unique internal reference-string for each loan originated by di\ufb00erent originators. Two di\ufb00erent loans will not have the same internal reference-string. (Example of reference string generated: 8743b52063cd84097a65d1633f5c74f5). This reference-string will be used for cross-matching and overlap analysis to check if the same loan is being double hypothecated and assigned more than once;<\/li><\/ul><ul><li>All pieces of borrower information and loan information (like disbursal amount, outstanding amount, overdue status etc.) will be stored in separate database schemas for each Bank and NBFC. In other words, each Lender\/Investor\/Bank will have their data stored separate from data from other Lenders\/Investors\/Banks.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-f27a5b4 e-con-full rbi-guideline-row e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"f27a5b4\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-b985d62 e-con-full rbi-guideline-left e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"b985d62\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6ee6444 elementor-widget elementor-widget-heading\" data-id=\"6ee6444\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">D<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-85b4a0a e-con-full rbi-guideline-right e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no e-con e-child\" data-id=\"85b4a0a\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6c40a90 elementor-widget elementor-widget-text-editor\" data-id=\"6c40a90\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>For any duplicate hypothecation or duplicate securitisation\/assignment uncovered by our system, we will only inform that a duplicate security interest has been found in the system against the type of institution (example: SCB, SFB, an NBFC-ICC, etc.) without revealing the name. We will not disclose which other lender(s) or investor(s) also hold the security interest.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Legal Framework INDEX (I) RBI Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by banks: (II) Draft Master Direction &#8211; Reserve Bank of India (Managing Risks and Code of Conduct in Outsourcing of Financial Services) Directions, 2023 (III) The Digital Personal Data Protection (DPDP) Act, 2023 The below forms the legal framework under which a bank can engage truHypothesys Risk Solutions as a service provider and share data of hypothecated loan receivables statement and loan pool data for the services of risk solutions in terms of monitoring security interest of on-lending debt and loan assets acquired as part of buy-out transactions. (I) According to the current RBI Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by banks : Guidelines Reference (Paragraph) Implications Relevant to TruHypothesys Risk Solutions Typically outsourced financial services include applications processing (loan origination, credit card), document processing, marketing and research, supervision of loans, data processing and back office related activities etc. 1.1 Monitoring of security interest is an important activity when it comes to supervision of on-lending debt as well as loans acquired under pool buy-outs \/ securitisation. Banks which desire to outsource financial services would not require prior approval from RBI whether the service provider is located in India or outside India 1.6 (i) The decision to outsource the specific activity of monitoring security interest or underlying pool loans acquired and availing such services from truHypothesys Risk Solutions will not require explicit prior approval from RBI and is already being addressed by the relevant guidelines. The bank should ensure that the service provider is able to isolate and clearly identify the bank\u2019s customer information, documents, records and assets to protect the confidentiality of the information. In instances, where service provider acts as an outsourcing agent for multiple banks, care should be taken to build strong safeguards so that there is no co-mingling of information\/documents, records and assets. 5.6.3 a) Outsourced activity can involve sharing customer information albeit with steps to maintaining security and confidentiality of the customer information. This allows sharing of customer information with truHypothesys Risk Solutions while we undertake all necessary measures to ensure security and confidentiality of the customer information being shared. We will ensure necessary controls are put in place to ensure there is no co-mingling of customer information and required compliance is being met. b) truHypothesys Risk Solutions is allowed to provide similar services to multiple banks (II) Draft Master Direction &#8211; Reserve Bank of India (Managing Risks and Code of Conduct in Outsourcing of Financial Services) Directions, 2023: Background: RBI had invited comments on the above after it was announced in the Statement on Developmental and Regulatory Policies issued as part of the Monetary Policy Statement dated August 05, 2022, that the RBI will issue a draft Master Direction on Managing Risks and Code of Conduct in Outsourcing of Financial Services. The draft Master Directions covers many of the existing guidelines on outsourcing of financialservices. In addition, new directions are also being reckoned. Draft Master Directions Reference (Paragraph) Implications Relevant to TruHypothesys Risk Solutions REs (regulated entities such as banks) desirous of outsourcing of financial services shall not require prior approval from the Reserve Bank of India (RBI). 3. (Purpose) Outsourcing of financial services by banks in compliance with the directions will not require prior approval from the RBI (in the context of appointing truHypothesys Risk Solutions as service provider for monitoring on-lending security interest and such services) Access to customer information by staff of the service provider shall be on \u2018need to know\u2019 basis, i.e., limited to those areas where the information is required in order to perform the outsourced function. 15.2 This clause implies that banks can share customer information with the service provider such as truHypothesys Risk Solutions for the need to monitor security interest of on-lending debt and loan assets acquired under pool buy-out transactions. Sharing of data by the RE (regulated entity such as bank) with the service provider shall be through secure channels. Both sharing and storage of data with the service provider shall be in an encrypted manner. The RE shall also ensure that there is a structured process in place for secured removal\/ disposal\/ destruction of data by the service provider. 15.3 The clause describes the minimum requirements in terms of infrastructure and manner in which data could be shared with a service provider such as truHypothesys Risk Solutions. This also means truHypothesys Risk Solutions will build necessary process, technology and infrastructure for the purpose of sharing and processing of customer data2. In instances where service provider acts as an outsourcing agent for multiple REs, care shall be taken to build adequate safeguards so that there is no co-mingling of assets, documents, information and records. 15.4 This acknowledges the fact that the service provider such as truHypothesys Risk Solutions will have other multiple banks and wholesale lenders as its clients. truHypothesys Risk Solutions will ensure necessary controls are put in place to ensure there is no co-mingling of customer information and required compliance is being met. Examples of financial outsourcing arrangements: &#8211; claims administration (e.g., loan negotiation, loan processing, collateral management, collection of bad loans); As part of indicative list of some services that, when performed by a third party, would be regarded as financial outsourcing arrangements for the purposes of these Directions Annex I 1. (iii) The directions, as an example, has clearly mentioned collateral management is one of the financial services activities that could be outsourced by banks. Collateral management, i.e. monitoring of security interest of on-lending debt, is an essential part of the scope of the services covered by truHypothesys Risk Solutions. (III) The Digital Personal Data Protection (DPDP) Act, 2023 defines: As per DPDP Act, 2023 Reference (Clause) Implications in the Context of TruHypothesys Risk Solutions \u201cData Principal\u201d means the individual to whom the personal data relates and where such individual is\u2014 (i) a child, includes the parents or lawful guardian of such a child; (ii) a<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"ocean_post_layout":"full-screen","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"0","ocean_second_sidebar":"0","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"0","ocean_custom_header_template":"0","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"0","ocean_menu_typo_font_family":"0","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"on","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"off","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"0","footnotes":""},"class_list":["post-1748","page","type-page","status-publish","hentry","entry"],"_links":{"self":[{"href":"https:\/\/successstarsbeta.com\/client\/hypothesys\/wp-json\/wp\/v2\/pages\/1748","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/successstarsbeta.com\/client\/hypothesys\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/successstarsbeta.com\/client\/hypothesys\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/successstarsbeta.com\/client\/hypothesys\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/successstarsbeta.com\/client\/hypothesys\/wp-json\/wp\/v2\/comments?post=1748"}],"version-history":[{"count":0,"href":"https:\/\/successstarsbeta.com\/client\/hypothesys\/wp-json\/wp\/v2\/pages\/1748\/revisions"}],"wp:attachment":[{"href":"https:\/\/successstarsbeta.com\/client\/hypothesys\/wp-json\/wp\/v2\/media?parent=1748"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}