OUTSOURCING POLICY

INTRODUCTION

Amaltas Asset Management LLP (“ Portfolio Manager ” or “ we / us ”) has been constituted under the Limited Liability Partnership Act, 2008 and registered with Securities and Exchange Board of India (“ SEBI ”) as a portfolio manager under the SEBI (Portfolio Managers) Regulations, 2020 (“ PM Regulations ”) with effect from 6 December 2024 bearing registration number INP000009126. By virtue of this registration, the Portfolio Manager is a registered intermediary with SEBI under Section 12 of the SEBI Act, 1992.

The Portfolio Manager provides discretionary, non-discretionary and advisory portfolio management services (“ Portfolio Management Services ”) to the clients who enter into PMS Agreements ( defined hereinbelow ) with the Portfolio Manager (“ Clients ”).

In this outsourcing policy (“ Policy ”), words and expressions shall, unless expressly defined herein, have the meaning as ascribed to them in the disclosure document prepared by the Portfolio Manager in accordance with the PM Regulations and filed with SEBI (“ Disclosure Document ”) or respective portfolio management agreements executed between the Portfolio Manager and respective Clients in accordance with the PM Regulations (“ PMS Agreement ”).

OBJECTIVE

The Portfolio Manager may resort to outsourcing of certain activities related to its operations with a view to, inter alia , reduce costs, and at times, for strategic reasons. Such outsourcing entails the use of one or more than one, third party, either within or outside the group, by the Portfolio Manager to perform the activities associated with the Portfolio Management Services. This Policy shall be applicable to the Portfolio Manager to the extent that the outsourcing of activities is carried out, keeping in view the interest of the Clients and that there is no compromise with the contemplated functions and undertaken activities of the Portfolio Manager, and provided that the core activities and compliance functions are not being outsourced.

The key purposes of this Policy are as follows:

  • To establish a comprehensive risk management programme to address the outsourced activities and the relationship with service provider.
  • To conduct due diligence of the service provider to ascertain the credibility and capability of the service provider.
  • To maintain confidentiality of the information that is outsourced.
  • To ensure compliance with the laws and regulations in force from time to time.
  • To protect the Portfolio Manager’s reputation.
  • To conduct outsourcing of activities in accordance with this Policy.
  • To identify the supervisors and fix their responsibilities.

DEFINITION OF ‘OUTSOURCING’

Outsourcing may be defined as the use of one or more than one, third party either within or outside the group by a SEBI registered intermediary (“ Intermediary ”) to perform the activities associated with services which the intermediary offers.

ACTIVITIES NOT TO BE OUTSOURCED

The risks associated with outsourcing may be operational risk, reputational risk, legal risk, country risk, strategic risk, exit-strategy risk, counter party risk, concentration, and systemic risk. To address the concerns arising from the outsourcing of activities by intermediaries, SEBI has laid down certain principles for outsourcing of activities vide circular No. CIR/MIRSD/24/2011 dated 15 December 2011.

The Portfolio Manager shall ensure that it shall not outsource its core business activities, operations and the compliance related functions to third parties. Such core business activities include, inter alia , the following:

  • Identifying investment opportunity and monitoring of the investment activities in relation to the portfolios of the Clients, including inter alia , the activities in relation to the investment approach of the Portfolio Manager;
  • Investment related activities in case of related portfolio creation and subsequent investments carried, including exits;
  • Activities that would impair the Portfolio Manager’s right to assess, or its ability to supervise its business.

REGULATORY FRAMEWORK AND PRINCIPLES

Risk Management: The Portfolio Manager must have an outsourcing risk management programme to address the outsourced activities and the relationship with third parties. The Portfolio Manager shall assess outsourcing risk which depends on several factors, including the scope and materiality of the outsourced activity, etc. The factors that could help in considering materiality in a risk management programme include:

  • The impact of failure of a third party to adequately perform the activity on the financial, reputational and operational performance of Portfolio Manager and on the Clients;
  • Ability of Portfolio Manager to cope up with the work, in case of non-performance or failure by a third party by having suitable back-up arrangements;
  • Regulatory status of the third party, including its fitness and probity status;
  • Situations involving conflict of interest between Portfolio Manager and the third party; and the measures put in place by Portfolio Manager to address such potential conflicts, etc.

Accountability and liability:

  • So long as the services and functions are performed by the outsourcing entity strictly in accordance with the terms agreed with the Portfolio Manager, the Portfolio Manager shall be fully liable and accountable for the activities that are outsourced to the same extent as if the service were provided in-house except where the outsourcing entity is adjudicated by a court of competent jurisdiction to have committed actions (or omissions) constituting fraud, wilful misconduct or gross negligence in connection with the Portfolio Manager.
  • Portfolio Manager shall ensure that outsourcing arrangement shall neither diminish its ability to fulfill its obligation to customers and / or SEBI, nor impede effective supervision by SEBI / auditors.
  • The outsourcing arrangement shall not affect the rights of the Clients against Portfolio Manager in any manner.
  • So long as the services and functions are performed by the outsourcing entity strictly in accordance with the terms agreed with the Portfolio Manager, the Portfolio Manager shall be liable to the Clients for the loss incurred by them due to the failure of outsourcing entity in performing their duties and also be responsible for redressal of grievances received from Clients arising out of activities rendered by the outsourcing entity except where the outsourcing entity is adjudicated by a court of competent jurisdiction to have committed actions (or omissions) constituting fraud, wilful misconduct or gross negligence in connection with the Portfolio Manager.
  • The facilities / premises / data that are involved in carrying out the outsourced activity by the outsourcing entity shall be deemed to be those of Portfolio Manager itself and SEBI or the persons authorized by it shall have the right to access the same at any point of time.
  • The outsourcing arrangements shall not impair the ability of SEBI or auditors to exercise their regulatory responsibilities such as supervision inspection of Portfolio Manager / Portfolio Manager.

SELECTION OF THIRD PARTY

The Portfolio Manager shall exercise due care, skill and diligence in the selection of the third party in order to ensure that the third party has the ability and capacity to undertake the provision of services effectively.

The due diligence in relation to the outsourcing of the activities of the Portfolio Manager to third parties shall include assessment of:

  • third party’s resources and capabilities, including financial soundness, to perform the outsourcing work within the timelines fixed;
  • compatibility of the practices and systems of the third party with the Portfolio Manager’s requirements and objectives;
  • market feedback of the prospective third party business reputation and track record of their services rendered in the past;
  • level of concentration of the outsourced arrangements with a single third party; and
  • the environment of the foreign country where the third party is located.

The Portfolio Manager may outsource its activity to any of its affiliate entities to act as the service provider.

The Portfolio Manager shall ensure that an arm’s length distance is maintained in terms of manpower, decision–making, record keeping, etc, for avoidance of potential conflict of interests between the Portfolio Manager and its affiliates and accordingly necessary disclosures in this regard shall be made as part of the outsourcing agreement entered into between the Portfolio Manager and the third party to which such services have been outsourced.

OUTSOURCING CONTRACTS

All outsourcing arrangements shall be executed only by way of a clearly defined and legally binding written contract with each of the service provider.

The Portfolio Manager shall ensure that due care shall be taken to ensure that the outsourcing contract inter alia :

  • defines clearly what activities are going to be outsourced, including appropriate service and performance levels;
  • provides for mutual rights, obligations and responsibilities of the Portfolio Manager and the service provider, including indemnity by the parties;
  • provides for the liability of the service provider to the Portfolio Manager for unsatisfactory performance or other breach of the contract;
  • provides for the continuous monitoring and assessment by the Portfolio Manager of the service provider so that any necessary corrective measures can be taken up immediately, i.e., the contract shall enable the Portfolio Manager to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations;
  • includes, where necessary, conditions of sub-contracting by the service provider, i.e. the contract shall enable the Portfolio Manager to maintain a similar control over the risks when a service provider outsources to further third parties as in the original direct outsourcing;
  • provides unambiguous confidentiality clauses to ensure protection of proprietary and customer data during the tenure of the contract and also after the expiry of the contract;
  • specifies the responsibilities of the service provider with respect to the information technology security and contingency plans, insurance cover, business continuity and disaster recovery plans, force majeure clause, etc.;
  • provides for preservation of the documents and data by service provider;
  • provides for mechanisms to resolve disputes arising from implementation of the outsourcing contract;
  • provides for termination of the contract, termination rights, transfer of information and exit strategies;
  • neither prevents nor impedes the Portfolio Manager from meeting its respective regulatory obligations, nor the regulator from exercising its regulatory powers;
  • provides for the Portfolio Manager and /or the regulator or the persons authorized by it to have the ability to inspect, access all books, records and information relevant to the outsourced activity with the service provider; and

The Portfolio Manager shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the service provider level. Notably, it shall consider contingency plans at the service provider level, co-ordination of contingency plans at both levels, in the event of non- performance by the service provider.

The Portfolio Manager shall ensure that the service provider maintains appropriate information technology (" IT ”) security and robust disaster recovery capabilities.

Periodic tests of the critical security procedures and systems and review of the backup facilities shall be undertaken by the Portfolio Manager to confirm the adequacy of the service provider’s systems.

DISASTER RECOVERY (“DR”) AND BUSINESS CONTINUITY PLAN (“BCP ”)

  • Specific contingency plans may be separately developed for each outsourcing arrangement, as is done in individual business lines.
  • Portfolio Manager and each outsourcing entity shall have independent and adequate disaster recovery and business continuity plan systems in place.
  • Portfolio Manager shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the third-party level.
  • Portfolio Manager shall ensure that the third party maintains appropriate IT security and robust disaster recovery capabilities.
  • Periodic review should be done by Portfolio Manager of the said disaster recovery and business continuity plan systems.

CLIENT CONFIDENTIALITY

The Portfolio Manager is expected to take appropriate steps to protect its proprietary and confidential Client information and ensure that it is not misused or misappropriated.

The Portfolio Manager shall prevail upon the service provider to ensure that the employees of the service provider have limited access to the data handled and only on a “ need to know ” basis and the service provider shall have adequate checks and balances to ensure the same.

In cases where the service provider is providing similar services to multiple entities, the Portfolio Manager shall ensure that adequate care is taken by the service provider to build safeguards for data security and confidentiality so that there is no co-mingling of information, documents, records, and assets.

MAINTENANCE OF RECORDS

The records relating to all activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Portfolio Manager or the Portfolio Manager as and when needed.

Such records shall be regularly updated and may also form part of the corporate governance review by the Portfolio Manager or the Portfolio Manager.

OTHER OBLIGATIONS AND REVIEW

The Portfolio Manager shall review the financial and operational capabilities of the third party in order to assess its ability to continue to meet its outsourcing obligations.

The Portfolio Manager shall be responsible for reporting of any suspicious transactions or reports to Financial Intelligence Unit or any other competent authority in respect of activities carried out by the third parties.