As part of the corporate governance structure of Non-Banking Financial Companies, compliance requirements form a critical part. Reserve Bank of India (RBI), vide a notification dated April 11, 2022 introduced certain principles, standards and procedures for the Compliance Function in NBFC-UL and NBFC-ML (“CCO Notification”).

NBFCs are financial institutions under the Indian law, which are not banks but which accept deposits and extend credit like banks. This includes not just the finance companies but also other wider group of companies that have principal business in the form of investment business, insurance, chit fund, nidhi, merchant banking, stock broking, alternative investments, etc.

NBFC-UL and NBFC-ML were introduced when RBI decided to notify a revised regulatory framework for NBFCs (effective from October 1, 2022) (“SBR Framework”). A Statement on Developmental and Regulatory Policies dated December 04, 2020 was announced and followed with issue of a discussion paper titled ‘Revised Regulatory Framework for NBFCs – A Scale-based Approach’ on January 22, 2021. The discussion paper was opened for comments from stakeholders before the SBR Framework was notified.

The SBR Framework seeks to provide for a scaled-based regulatory framework (“SBR”) and encompass different facets of regulation for NBFCs including capital requirements, governance standards, prudential regulations and the like. It was introduced on October 22, 2021 as an integrated regulatory framework for providing a holistic view of the SBR structure and respective timelines. While the instructions relating to certain aspects (like ceiling on IPO funding) have already come into effect from April 1, 2022; detailed guidelines on some of the regulations are to be issued subsequently.

Pursuant to the SBR Framework, the regulatory structure for NBFCs shall comprise of four layers based on size, activity, and perceived risk of the NBFC. The nomenclature shall be as follows:

NBFCs in the lowest layer: NBFC – Base Layer (NBFC-BL)

The Base Layer shall comprise of (a) non-deposit taking NBFCs below the asset size of ₹1000 crore and (b) NBFCs undertaking the following activities- (i) NBFC-Peer to Peer Lending Platform (NBFC-P2P), (ii) NBFC-Account Aggregator (NBFC-AA), (iii) Non-Operative Financial Holding Company (NOFHC) and (iv) NBFCs not availing public funds and not having any customer interface.

NBFCs in middle layer: NBFC – Middle Layer (NBFC-ML)

The Middle Layer shall consist of (a) all deposit taking NBFCs (NBFC-Ds), irrespective of asset size, (b) non-deposit taking NBFCs with asset size of ₹1000 crore and above and (c) NBFCs undertaking the following activities (i) Standalone Primary Dealers (SPDs), (ii) Infrastructure Debt Fund – Non-Banking Financial Companies (IDF-NBFCs), (iii) Core Investment Companies (CICs), (iv) Housing Finance Companies (HFCs) and (v) Infrastructure Finance Companies (NBFC-IFCs).

NBFCs in upper layer: NBFC – Upper Layer (NBFC-UL)

The Upper Layer shall comprise of those NBFCs which are specifically identified by the Reserve Bank as warranting enhanced regulatory requirement based on a set of parameters and scoring methodology as provided by RBI. The top ten eligible NBFCs in terms of their asset size shall always reside in the upper layer, irrespective of any other factor.

NBFCs in the top layer: NBFC – Top Layer (NBFC-TL)

The Top Layer is ideally intended to remain empty. This layer may, however, get populated if RBI is of the opinion that there is a substantial increase in the potential systemic risk from specific NBFCs in the Upper Layer. Such NBFCs shall move to the Top Layer from the Upper Layer.

As indicated in the SBR Framework, NBFCs in the Upper Layer (NBFC-UL) and Middle Layer (NBFC-ML) are required to, inter alia, have an independent Compliance Function and a Chief Compliance Officer. Consequently, CCO Notification was notified.

While the CCO Notification provides a broad framework within which the concerned NBFCs may establish their own procedures, Compliance Function shall be responsible for undertaking the following activities at the minimum:

  • Assist the Board and the Senior Management in overseeing the implementation of Compliance Policy, including policies and procedures, prescriptions in Compliance Manuals, internal codes of conduct, etc.
  • Play the central role in identifying the level of Compliance risk in the organisation. The Compliance risks in existing / new products and processes shall be analysed and appropriate risk mitigants put in place. The Chief Compliance Officer (CCO) shall be a member of the ‘new product’ committee/s. All new products shall be subjected to intensive monitoring for at least the first six months of introduction to ensure that the indicative parameters of Compliance risk are adequately monitored.
  • Compliance Function shall monitor and test Compliance by performing sufficient and representative Compliance testing, and the results of such Compliance testing shall be reported to the Senior Management. It shall periodically circulate the instances of compliance failures among staff, along with the required preventive instructions. Staff accountability shall be examined for major Compliance failures.
  • Ensure compliance of regulatory/ supervisory directions given by RBI in both letter and spirit in a time-bound and sustainable manner. RBI will continue to expect an effective Compliance Program where all Risk Mitigation Plan (RMP) / Monitorable Action Plan (MAP) points are complied with within the timelines prescribed. Unsatisfactory compliance with RMP/MAP may invite penal action from RBI.
  • Attend to compliance with directions from other regulators in cases where the activities of the entity are not limited to the regulation/supervision of RBI. Further, discomfort conveyed to the NBFC on any issue by other regulators, and action taken by any other authorities / law enforcement agencies, shall be brought to the notice of RBI.
  • The Compliance Department may also serve as a reference point for the staff from operational departments for seeking clarifications / interpretation of various regulatory and statutory guidelines.

The contribution of NBFCs towards supporting real economic activity and their role as a supplemental channel of credit intermediation alongside banks is well recognised. Over the years, the NBFC sector has undergone considerable evolution in terms of size, complexity, and interconnectedness within the financial sector. Many NBFC entities have grown and become systemically significant over a period of time. While alignment of the regulatory framework for NBFCs has been welcomed, various aspects of corporate governance contained in the SBR may take time to gain pragmatic clarity.