Banks can’t rely on service providers’ assurance: RBI deputy guv on technology outsourcing

As banks worldwide double down on digital transformation, Reserve Bank of India (RBI) deputy governor Swaminathan J. has cautioned lenders that they cannot simply rely on third-party service providers for outsourced solutions.

“Banks cannot simply rely on the assurance of service providers,” he said in a speech at an annual banking event organized by Standard Chartered on 28 November.

He urged lenders to gain a deep understanding of the technology, control environment, and the concentration risk that arises when many banks depend on the same provider.

With more banking operations moving to cloud and third-party platforms, a glitch that once disrupted a single branch can now impact millions of customers simultaneously.

He also said the real test is not whether an incident will happen, but “how quickly and effectively the institution can detect, contain and recover from it.”

This has come as major banks globally have suffered painful outages this year.

Past incidents

In January 2025, Barclays, one of the UK’s largest lenders, experienced a massive app and online banking outage, which locked out over 20 million customers and disrupted critical services like payments.

Back home, in April 2025, State Bank of India (SBI) customers faced disruptions in mobile banking and fund transfers.

Digital payments infrastructures had also come under stress when the popular fast-payments network Unified Payments Interface (UPI) experienced multiple outages earlier this year.

On 12 April, a system-wide glitch caused a five-hour disruption, severely affecting inter-bank transfers and merchant payments.

Such disruptions show that in a banking era where customers seldom visit physical branches, a technical failure can leave them unable to access money or pay bills.

Speaking on IT resilience, Swaminathan also said while banks have invested in systems to detect suspicious transactions to curb cyber frauds, technology alone is not enough.

“Sharing of fraud typologies, coordinated efforts to take down mule accounts, and working with law enforcement agencies are all important,” he added.