Banks question UIDAI diktat on audit

Appointment of Deloitte alone for audits will create a monopoly situation, say bankers

The decision of the Unique Identification Authority of India (UIDAI) to appoint Deloitte as the only agency authorised to do mandatory audits of Information Security (IS) in banks, financial institutions and telcos using the Aadhaar-based authentication regime, has attracted flak from bankers.

In a missive to banks and other Aadhaar agencies on April 4 this year, the UIDAI had asked them to ‘enter a contract’ with Deloitte since the firm has been ‘empanelled’ by it.

As per the UIDAI, Deloitte would perform the assessment once a year and a fixed fee of ₹1,94,700 per unit is to be paid by ecosystem partners to Deloitte for conducting the mandatory IS audit. Banks will also need to pay for the travel, boarding and lodging of Deloitte officials the communique said. According to bankers, not only are the specified costs too high, but the UIDAI’s move has created a monopoly situation for the firm that has been empanelled. The inclusion of more alternatives as empanelled auditors could allow individual user agencies of the Aadhaar ecosystem to negotiate better rates and services. Banks have conveyed these views to the UIDAI.

The controversy has been brewing since November last year, when the UIDAI first issued a circular mandating Deloitte as the sole agency for the IS audit. However, on December 11, following requests from banks, a one-line circular was issued by the authority, putting the circular on hold. “Then on April 4, they again issued the circular making it mandatory for banks to appoint Deloitte,” said a top official from a private sector bank who wished not to be named.

Source: Read Full Article