Module Application
Does the non-banking financial company (NBFC) meet all registration and compliance requirements under the Reserve Bank of India (RBI) regulatory framework, including prudential norms and customer protection measures?
Is the NBFC maintaining appropriate corporate governance practices and internal controls to ensure compliance with the RBI’s regulatory directions?
Are adequate policies and processes in place to manage key compliance risks, such as money laundering, fraud, and customer due diligence?
Module Scope
The module provides detailed guidance on the regulatory obligations of NBFCs in India as per the directives of the RBI. The module aims to equip NBFCs with a robust compliance framework, helping them manage their operations while ensuring adherence to applicable rules and minimising compliance risks.
This module applies to NBFCs operating under the purview of the RBI’s regulatory framework, covering a wide range of financial activities including lending, investments, and asset financing without a full banking license. NBFCs must adhere to stringent regulatory norms, risk management practices, financial disclosures, and customer protection measures to safeguard stakeholders’ interests and maintain financial stability.
Key requirements for NBFCs
- Compliance with the RBI Act (Chapter III-B): NBFCs must comply with registration and net owned fund (NOF) requirements, maintain liquid assets, and adhere to quarterly reporting obligations. RBI holds powers to regulate, inspect, and take enforcement actions against non-compliant NBFCs.
- Acceptance of public deposits: NBFCs accepting public deposits (NBFC-Ds) must meet conditions on maintaining investments in approved securities, furnishing receipts to depositors, and recording deposits accurately as per RBI directions.
- Core Investment Companies (CICs): CICs primarily invest in group companies' shares and must comply with financial stability and governance norms specified by the RBI.
- Non-Systemically Important Non-Deposit Taking Companies (NBFC-NDs): NBFC-NDs with asset sizes below ₹500 crore must follow RBI's prudential regulations, including balance sheet disclosures, asset classification, leverage ratios, and customer protection measures.
- Systemically Important Non-Deposit Taking Companies (NBFC-ND-SIs) and Deposit Taking Companies (NBFC-Ds): This category includes NBFCs engaged in microfinance, infrastructure finance, and more. They must adhere to strict prudential norms, corporate governance guidelines, and periodic reporting to the RBI.
- Company returns and auditors’ report: NBFCs must submit various returns concerning their operations, compliance with norms, and asset-liability management to the RBI. Auditors must also provide detailed reports to enhance governance and risk management practices.
- Fraud monitoring and reporting: NBFCs must establish mechanisms for identifying, reporting, and mitigating fraud. Specific reporting requirements apply for cases above defined thresholds, and periodic reviews must be conducted.
- Information Technology (IT) framework: NBFCs must establish IT governance, security measures, business continuity planning, and compliance with RBI’s IT directions based on their asset size and systemic importance.
- Know Your Customer (KYC) policy: NBFCs must develop KYC and risk-based customer identification frameworks to mitigate money laundering risks and adhere to RBI’s KYC directions.
Compliance source
The regulatory obligations and guidance are derived from various RBI directions and the Reserve Bank of India Act, 1934, as well as relevant guidelines on NBFCs' governance and operations.
Consequences of non-compliance
Non-compliance with RBI’s regulatory framework may result in:
- Fines and restrictions on NBFC operations
- Cancellation of RBI registration, barring business operations
- Reputational damage, erosion of public trust and credibility
- Civil and regulatory proceedings against NBFCs and their officers