Investment by Foreign Portfolio Investors (FPI) in Debt – Relaxations (RBI Circular dated 07 July 2022)

A.P. (DIR Series) Circular No.07

July 07, 2022

All Authorised Persons


Investment by Foreign Portfolio Investors (FPI) in Debt – Relaxations

Attention of Authorised Dealer Category-I (AD Category-I) banks is invited to the paragraph 3 of the press release on “Liberalisation of Forex Flows” dated July 06, 2022 regarding relaxations in the regulatory regime under the Medium-Term Framework. A reference is also invited to:

  1. the Foreign Exchange Management (Debt Instruments) Regulations, 2019 notified vide Notification No. FEMA. 396/2019-RB dated October 17, 2019, as amended from time to time, and the relevant directions issued thereunder; and
  2. the A.P. (DIR Series) Circular No. 31 dated June 15, 2018 (hereinafter, Directions), as amended from time to time.

2. In terms of paragraphs 4(b)(i) and 4(b)(ii) of the Directions, short-term investments by an FPI in government securities (Central Government securities, including Treasury Bills and State Development Loans) and corporate bonds shall not exceed 30% of the total investment of that FPI in any category. It has been decided that investments by FPIs in government securities and corporate bonds made between July 08, 2022 and October 31, 2022 (both dates included) shall be exempted from the limit on short-term investments till maturity or sale of such investments.

3. In terms of paragraph 4(b)(ii) of the Directions, FPI investments in corporate bonds were subject to a minimum residual maturity requirement of one year. It has been decided to allow FPIs to invest in commercial papers and non-convertible debentures with an original maturity of up to one year, during the period between July 08, 2022 and October 31, 2022 (both dates included). These investments shall be exempted from the limit on short-term investments till maturity or sale of such investments.

4. AD Category – I banks may bring the contents of this circular to the notice of their constituents and customers concerned.

5. The Directions contained in this circular have been issued under sections 10(4) and 11(1) of the Foreign Exchange Management Act, 1999 (42 of 1999) and are without prejudice to permissions/approval, if any, required under any other law.

6. These Directions shall be applicable with immediate effect.

Yours faithfully,

(Dimple Bhandia)
Chief General Manager

RBI imposes Monetary Penalty of Rs. 1.678 Crores on Ola Financial Services Private Limited (Press release 12 July 2022)

The Reserve Bank of India (RBI) has imposed monetary penalty of ₹1,67,80,000/- (Rupees one crore sixty seven lakh eighty thousand only) on Ola Financial Services Private Limited (the entity) for non-compliance with certain provisions of the Master Directions on PPIs dated August 27, 2021 (as updated from time to time) and the Master Direction – Know Your Customer (KYC) Direction, 2016 dated February 25, 2016 (as updated from time to time).

The penalty has been imposed in exercise of powers vested in RBI under Section 30 of the Payment and Settlement Systems Act, 2007. This action is based on deficiencies in regulatory compliance and is not intended to pronounce upon the validity of any transaction or agreement entered into by the entity with its customers.


It was observed that the entity was non-compliant with the directions issued by RBI on KYC requirements. Accordingly, notice was issued to the entity advising it to show cause as to why penalty should not be imposed for non-compliance with the directions.

After considering the entity’s response, RBI concluded that the aforesaid charge of non-compliance with RBI directions was substantiated and warranted imposition of monetary penalty.

(Yogesh Dayal)     
Chief General Manager

Press Release: 2022-2023/524

Disruptions & Opportunities in the Financial Sector (RBI updates 17th June 2022)

Disruptions & Opportunities in the Financial Sector
(Address by Shri Shaktikanta Das, Governor, Reserve Bank of India – June 17, 2022 – Delivered at the Financial Express Modern BFSI Summit in Mumbai)

It is my pleasure to be here amongst such a distinguished gathering to deliver the inaugural address at the Financial Express Modern BFSI Summit. The theme of my address “Disruptions & Opportunities in the Financial Sector’ will resonate in the current context of technological innovations and fast evolving business models in the financial sector.

2. The impact of Covid-19 pandemic, the recent geo-political crisis and the all-pervasive technological innovations sweeping across economies are challenging the traditional financial intermediation processes. In my address today, I would like to focus more on the banking and the financial services space. I propose to share my thoughts on possible implications of technology on the financial services industry.

The Changing Paradigm of Banking

3. The edifice of growth and development in modern economies is built on the foundation of a vibrant, resilient and well-functioning financial sector. The core functions of the financial sector in an economy, viz. intermediation, asset price discovery, risk transfer and payments are globally undergoing a process of transformation. This is primarily driven by technological advancements. The Indian financial sector has also been a part of this churning and is adopting and propelling these transformations.

4. Over the past few years, the business of banking has witnessed a shift from traditional branch banking to digital banking. This paradigm shift has been possible due to innovations in information technology (IT), growth in mobile and internet connectivity, market-based financial intermediation, and the advent of Fintech. Financial service providers are now devising new products and services and are adopting new business models for reaching out to the target customers.

5. Improvements in technology have also enhanced the cause of financial inclusion and tech-enabled public goods delivery. Direct Benefit Transfer (DBT) through the digital mode is among the best examples of tech-enabled public goods delivery. Digital-mobile-anywhere-anytime banking is becoming the order of the day. The indigenously developed Unified Payments Interface (UPI) and Aadhaar Enabled Payment Service (AePS) have become the backbone of our retail payments system.

6. Alongside these advancements, the Reserve Bank’s regulatory approach has been realigned to support and foster such innovations. The regulatory guidelines for account aggregators and peer-to-peer lending operators are indicative of a proactive regulatory approach. An enabling framework for Regulatory Sandbox has been in place for last three years. The Reserve Bank Innovation Hub (RBIH) has also been set up by the RBI to catalyse innovations in the Fintech sector. We are now moving towards the introduction of a central bank digital currency (CBDC).

Technology as a Disruptor – Opportunities and challenges

7. With the advent of new technologies, we are witnessing a new era of disruption. Given the growing role of technology, data and network effects, there is a feeling among the banks that having an ethos of a technology company, while offering banking services, is the need of the hour. This is an area of opportunity for the banks; but there are associated challenges which need to be mitigated. Greater attention needs to be given to building customers’ trust by (i) offering products and services appropriate and fit for customer’s needs and circumstances; (ii) ensuring robust security controls, reliable and efficient delivery of services, transparency of terms and conditions to customers; and (iii) by handling customer grievances satisfactorily and building necessary awareness among customers. All of these aspects need to be factored in when financial institutions introduce or enhance technology driven products and services.

8. Talking about opportunities, it would be relevant to note that what we have seen until now could be just the tip of the iceberg. The use of artificial intelligence (AI) and machine learning (ML) to determine the creditworthiness of clients for small ticket loans by analyzing data from a wide range of traditional and non-traditional data sources, has the potential to enhance access to credit for marginalized customers. Here also it would be necessary to understand the associated risks and mitigate them suitably through various safeguards and precautions. Risks relating to cyber security, software development, limitations in transaction capacity, privacy of customer data, and data security need to be factored in. The methodology of algorithms underpinning digital financial services has to be clear, transparent, explainable and free from exclusionary biases. The credit scoring models using innovative techniques can be useful but they should be subject to a robust model governance framework. Comprehensive assessment of risks has also to be undertaken while planning to move to cloud with customer sensitive data.

9. In all these digital initiatives, the plan should also factor in those sets of customers who may not be digitally savvy and who may want to engage physically with the bank. It is, therefore, crucial that while driving various tech-enabled initiatives, the existing systems and processes do not see frequent disruptions and non-availability. We have already seen instances of the damage that disruptions in technology systems can bring and the reputation risk they carry for financial entities. A casual approach to handling technology issues even as basic as wrongful deletion of a single system file or inadequate care in patch updating often lead to financial and operational losses.

10. The IT systems and platforms are also exposed to obsolescence and require frequent upgradation. This calls for adequate investment in IT infrastructure by all financial sector entities. This is one of the important focus areas of RBI’s supervision of its regulated entities, especially the Banks and the NBFCs.

11. It has also to be recognised that human resource can turn out to be the weakest link in technology enabled financial services. There is thus a vital need for ongoing training and skill building programmes.

12. At end of the day, the bottomline is how technology improves the financial system in terms of efficiency, effectiveness, resolving bottlenecks in economic functions and provide value addition to the customers.

Collaboration between Finance and Technology Firms

13. Large technology companies (BigTech) which have entered into provision of financial services could potentially be another source of disruption to the financial system. As you would be aware, such companies, whether from e-commerce, social media and search engine platforms, ride hailing and similar businesses have started to offer financial services in a big way on their own or on behalf of others. These companies have an enormous amount of customer data which has helped them to offer tailored financial services to entities and individuals lacking credit history or collateral. Even the banks and other lenders are sometimes utilising platforms provided by fintech companies in their internal processes for credit risk assessment. Such large scale use of new methodologies in credit risk assessment can create systemic concerns like over-leverage, inadequate credit assessment, etc. Authorities and regulators have to strike a fine balance between enabling innovation and preventing systemic risks.

14. The big techs also pose concerns related to competition, data protection, data sharing and operational resilience of critical services in situations where Banks and NBFCs utilise the services of big tech companies. These concerns can also materialise in sectors other than financial services. The provision of financial services through the digital channel, including lending through online platforms and mobile apps, have brought in issues relating to unfair practices, data privacy, documentation, transparency, conduct, breach of licensing conditions, etc. The Reserve Bank will soon issue suitable guidelines and measures to make the digital lending ecosystem safe and sound while enhancing customer protection and encouraging innovation.

What kind of Regulation and Supervision?

15. The need for FinTech regulation emanates from the challenges they pose to the financial system and the new risks they carry. These risks have a bearing on overall financial stability and market integrity.

16. The approach to regulation of FinTech could be by way of Activity Based Regulation wherein similar activities are treated similarly, regardless of the legal status or nature of the entity undertaking the activity. It could also be Entity Based Regulation which requires that regulations are applied to licensed entities or groups that engage in similar and specified activities, such as deposit taking, payment facilitation, lending, and securities underwriting, etc. The approach could also be an Outcome Based Regulation by setting out some basic, common and technology or business model-neutral outcomes that entities must ensure.

17. India has traditionally followed a hybrid form of regulation that combines Activity and Entity Based regulation. As a principle, the RBI has been applying comprehensive regulatory, supervisory and oversight requirements to various segments of financial sector in its domain to create an enabling ecosystem for such activities to grow in an orderly fashion. The underlying theme has always been to maintain financial stability. Going forward, the RBI will continue to finetune its regulatory and supervisory measures keeping in mind the evolving dynamics of the financial sector.

Does Regulation require collaboration with different Regulators?

18. When it comes to technology, it may transcend regulatory or national boundaries. The most relevant example in this case would be the blockchain technology. Different blockchain platforms cannot be limited to a regulator or a nation. Another example can be the case of De-centralised Finance (DeFi) in which financial applications are processed on a blockchain with limited or no involvement of centralised intermediaries. DeFi poses unique challenges to regulators as its anonymity, lack of a centralised governance body, and legal uncertainties can make the traditional approach to regulation ineffective. There is, therefore, a case for a globally coordinated regulatory approach and inter-regulatory co-ordination to enable comprehensive assessment of such activities and mitigation of their risks.

Some recent initiatives of the RBI

19. I would now like to focus on certain supervisory steps taken by the RBI recently to deal with the emerging challenges from fintech. In the specific area of cyber security, the RBI has recently conducted Phishing Simulation exercises for select Supervised Entities (SEs) to assess their email security standards and cyber security preparedness. We have also initiated the process of conducting Cyber Reconnaissance exercises this year. This will provide pre-emptive information on the cybersecurity risk vectors of SEs. Besides, Cyber Drills which are conducted periodically are being further enhanced in terms of coverage and periodicity.

20. The increasing use of technology and digital services has led to more incidents of digital frauds and customer dissatisfaction. The recommendations of the RBI Working Group on digital lending in this area are under examination for issuance of guidelines.

21. In the context of customer service, another area which is engaging the attention of the RBI is the harsh recovery methods used by certain lenders, without having adequate checks and controls over their recovery agents. We have received complaints of customers being contacted by recovery agents at odd hours, even past midnight. There are also complaints of recovery agents using foul language. Such kind of actions by recovery agents are unacceptable and pose reputational risk for the financial entities themselves. We have taken serious note of such instances and will not hesitate to take stringent action in cases where regulated entities are involved. Such complaints against unregulated entities will have to be taken up with appropriate law enforcement agencies.

22. We have recently set up of a Committee for Review of Customer Service Standards in the RBI Regulated Entities (REs) which would inter alia review the emerging and evolving needs of the customer service landscape, especially in the context of evolving digital financial products and their distribution, and suggest measures for strengthening the overall consumer protection framework.

Governance and Risk Management

23. I have often spoken about the importance of good corporate governance in banks and financial institutions. A good governance structure will have to be supported by effective risk management and compliance functions. The cost of compliance to rules and regulations should be perceived as an investment, as inadequacy in this regard can prove to be highly costly. Compliance culture should ensure adherence to not only laws, rules and regulations, but also integrity, ethics and codes of conduct.

24. The Global Financial Crisis was preceded by a wave of financial innovations related to securitisation and other innovative financial instruments. These allowed the financial system to grow at a pace that was beyond its capacity to manage, especially from the point of view of the connected risks. Given such past experience, prudence demands that introduction of innovations in the financial system should be done responsibly and in a calibrated manner, taking into account the capacity of financial entities to manage potential risks. It goes without saying that innovations which provide opportunities through high risk taking need to be managed by sound corporate governance and risk management practices within the financial institutions. The senior management and internal control mechanisms in financial institutions should also ensure that their IT systems are robust and transparent, and not open to manipulation that may camouflage the true state of affairs in the organisation.


25. Let me conclude by saying that we are in the midst of a technological revolution in the sphere of financial services. Technology and Innovation per se are neither destructive nor constructive. It is the use cases that present the responsible or irresponsible sides of any particular innovation or technology. Reserve Bank shall continue with its approach where innovations which provide benefits to society are encouraged without compromising the stability of the financial system.

26. The trend of technology driven changes in the financial services sector will continue in the future. Participants and players in this sector will have to strive hard to remain relevant in the ever changing economic environment by continuously improving the quality of their governance; reworking their business strategies and business models; designing products and services with the customer in mind; ensuring operational resilience and risk management; and focussing on more efficient products and services by leveraging on technology. The possibilities are immense only if we are ready to embrace them while meeting the challenges!

Thank you.

Processing of e-mandates for recurring transactions (RBI updates 16th June 2022)


June 16, 2022

The Chairman / Managing Director / Chief Executive Officer
All Scheduled Commercial Banks, including Regional Rural Banks /
Urban Co-operative Banks / State Co-operative Banks /
District Central Co-operative Banks / Payments Banks /
Small Finance Banks / Local Area Banks /
Non-bank Prepaid Payment Instrument Issuers / Authorised Card Payment Networks /
National Payments Corporation of India

Madam / Dear Sir,

Processing of e-mandates for recurring transactions

A reference is invited to our circulars DPSS.CO.PD.No.447/02.14.003/2019-20 dated August 21, 2019, DPSS.CO.PD No.1324/02.23.001/2019-20 dated January 10, 2020, DPSS.CO.PD No.754/02.14.003/2020-21 dated December 04, 2020 and CO.DPSS.POLC.No.S34/02-14-003/2020-2021 dated March 31, 2021 (collectively referred to as “e-mandate framework”). The e-mandate framework prescribed an Additional Factor of Authentication (AFA), inter alia, while processing the first transaction in case of e-mandates / standing instructions on cards, prepaid payment instruments and Unified Payments Interface. For subsequent transactions with transaction values up to ₹5,000/- (AFA limit), prescription of AFA was waived.

2. On a review of implementation of the e-mandate framework and the protection available to customers, it has been decided to increase the aforesaid AFA limit from ₹5,000/- to ₹15,000/- per transaction.

3. This circular is issued under Section 10 (2) read with Section 18 of the Payment and Settlement Systems Act, 2007 (Act 51 of 2007), and shall come into effect immediately.

Yours faithfully,

(P. Vasudevan)
Chief General Manager

Aadhaar Authentication for RBI (Notification dated 02 June 2022)

Ministry of Finance Notification dated 02nd June 2022

S.O. 2543(E).—In exercise of the powers conferred by sub-section (1) of section 11A of the Prevention of Money-laundering Act, 2002 (15 of 2003)[hereinafter referred to as the Money-laundering Act], the Central Government on being satisfied that the reporting entities mentioned in the Table below comply with the standards of privacy and security under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016)[hereinafter referred to as the Aadhaar Act], and it is necessary and expedient to do so, and after consultation with the Unique Identification Authority of India established under sub-section (1) of section 11 of the Aadhaar Act and the appropriate regulator namely, the Reserve Bank of India, hereby permits the said reporting entities to perform authentication under the Aadhaar Act for the purposes of section 11A of the Money-laundering Act, namely:-

RBI Constitutes Committee for Review of Customer Service Standards in RBI Regulated Entities

As part of the Statement on Developmental and Regulatory Policies released along with the Monetary Policy Statement on April 08, 2022, the Reserve Bank of India had announced setting up of a Committee for Review of Customer Service Standards in RBI Regulated Entities (REs) for examining and reviewing the state of customer service in the REs and adequacy of customer service regulations and suggest measures to improve customer service. Accordingly, the Reserve Bank of India has constituted a Committee with the following composition:

Chief General Manager, Consumer Education and Protection Department, Central Office, Reserve Bank of India will be the member secretary of the Committee. The Committee may also invite domain experts and RBI officials, as may be required, for consultations and/or to participate in its deliberations. The terms of reference of the Committee will be as under:

  1. Evaluate the efficacy, adequacy and quality of customer service in entities regulated by RBI vis-à-vis the existing RBI guidelines on customer service and identify gaps, if any;
  2. Review the emerging and evolving needs of the customer service landscape, especially in the context of evolving digital/ electronic financial products and distribution landscape and suggest suitable regulatory measures;
  3. Identify the best practices, adopted globally and domestically, in customer service and grievance redressal, especially for improvement in services rendered to retail and small customers, including pensioners and senior citizens;
  4. Suggest measures to leverage technology for enhancing customer service efficiencies, upgrading internal grievance redress mechanism in REs and strengthening the overall consumer protection framework of RBI;
  5. Any other matter relevant to customer service and consumer protection.

The Committee will submit its report within three months from the date of its first meeting.

RBI Press Release: 2022-2023/251 dated 23 Nay 2022

Reserve Bank cancels Certificate of Registration (CoR) of five NBFCs due to irregular lending practices

In exercise of the powers conferred under Section 45-IA (6) (iv) of the Reserve Bank of India Act, 1934, the Reserve Bank has cancelled the Certificate of Registration (CoR) issued to the following five Non-Banking Financial Companies (NBFCs):

As such, the above companies shall not transact the business of a Non-Banking Financial Institution (NBFI), as defined in clause (a) of Section 45-I of the RBI Act, 1934.

The CoR of the abovementioned NBFCs have been cancelled on account of violation of RBI guidelines on outsourcing and Fair Practices Code in their digital lending operations undertaken through third party apps which was considered detrimental to public interest. These companies were also not complying with the extant regulations pertaining to charging of excessive interest and had resorted to undue harassment of customers for loan recovery purposes.

RBI Press Release: 2022-2023/265

New Definition of Micro, Small and Medium Enterprises – Clarification (RBI Notification dated 19th May 2022)

Refer to circulars FIDD.MSME & NFS.BC.No.3/06.02.31/2020-21 dated July 2, 2020FIDD.MSME & NFS.BC.No.4/06.02.31/2020-21 dated August 21, 2020 and FIDD.MSME & NFS.BC.No.16/06.02.31/2021-22 dated February 18, 2022, regarding revised criteria for classification of Micro, Small and Medium Enterprises Government of India, vide Gazette Notification S.O. 2134(E) dated May 06, 2022, has notified amendments in sub paragraph (3) paragraph (7) of the notification of Government of India, Ministry of Micro, Small and Medium Enterprises number S.O. 2119 (E), dated June 26, 2020, published in the Gazette of India.

In view of the above amendment, it is clarified that:

  1. the existing Entrepreneurs Memorandum (EM) Part II and Udyog Aadhaar Memorandum (UAM) of the MSMEs obtained till June 30, 2020 shall remain valid till June 30, 2022 for classification as MSMEs; and
  2. the validity of documents obtained in terms of O.M. No.12(4)/ 2017-SME dated March 8, 2017 (RBI Circular FIDD.MSME & NFS.BC.No.10/06.02.31/2017-18 dated July 13, 2017), for classification of MSMEs upto June 30, 2020, has been extended upto June 30, 2022.

Refer notification:

Legal Entity Identifier (LEI) for Borrowers ( RBI Circular dated 21st April 2022)

It has been decided that the guidelines on LEI stand extended to Primary (Urban) Co-operative Banks (UCBs) and Non-Banking Financial Companies (NBFCs).

It is further advised that non-individual borrowers enjoying aggregate exposure of ₹5 crore and above from banks and financial institutions (FIs) shall be required to obtain LEI codes as per the timeline given below:

“Exposure” for this purpose shall include all fund based and non-fund based (credit as well as investment) exposure of banks/FIs to the borrower. Aggregate sanctioned limit or or outstanding balance, whichever is higher, shall be reckoned for the purpose. Lenders may ascertain the position of aggregate exposure based on information available either with them, or CRILC database or declaration obtained from the borrower.

Borrowers who fail to obtain LEI codes from an authorized Local Operating Unit (LOU) shall not be sanctioned any new exposure nor shall they be granted renewal/enhancement of any existing exposure. However, Departments/Agencies of Central and State Governments (not Public Sector Undertakings registered under Companies Act or established as Corporation under the relevant statute) shall be exempted from this provision.

These directions are issued under sections 21, 35A and 56 of the Banking Regulation Act, 1949, sections 45JA and 45L of the Reserve Bank of India Act, 1934, section 30A of the National Housing Bank Act, 1987 and section 6 of the Factoring Regulation Act, 2011.

Download Circular from given link

Compliance Function and Role of Chief Compliance Officer (CCO) – NBFCs (RBI Notification dated 11 April 2022)


April 11, 2022

The Chairman / Managing Director / Chief Executive Officer
All Non-Banking Financial Companies

Madam / Dear Sir,

Compliance Function and Role of Chief Compliance Officer (CCO) – NBFCs

Please refer to the Reserve Bank’s guidelines on ‘Scale Based Regulation (SBR): A Revised Regulatory Framework for NBFCs’ issued vide Circular Ref.DOR.CRE. REC.No.60/03.10.001/2021-22 dated October 22, 20211. As indicated therein, Non-Banking Financial Companies in the Upper Layer (NBFC-UL) and Middle Layer (NBFC-ML) would be required, inter alia, to have an independent Compliance Function and a Chief Compliance Officer (CCO). Accordingly, this Circular shall be applicable to all NBFC-UL and NBFC-ML. NBFCs in the Base Layer (NBFC-BL) shall continue to be governed under the existing guidelines2.

2. As part of the overall structure for Corporate Governance, Compliance Function serves a critical role. Accordingly, it has been decided to introduce certain principles, standards and procedures for Compliance Function in NBFC-UL and NBFC-ML, keeping in view the principles of proportionality.

3. NBFC-UL and NBFC-ML shall put in place a Board approved policy and a Compliance Function, including the appointment of a Chief Compliance Officer (CCO), based on the Framework given in the Annex, latest by April 1, 2023 and October 1, 2023, respectively.

4. This Circular shall be placed in the immediate next meeting of the Board of Directors for information and devising an implementation strategy, under the Board’s supervision, in a time-bound manner.

Yours faithfully,

(Arnab Kumar Chowdhury)
Chief General Manager-In-Charge

Encl.: Annex


Framework for Compliance Function and Role of Chief Compliance Officer in Non-Banking Financial Companies in Upper Layer and Middle Layer (NBFC-UL & NBFC-ML)

1. Introduction

The Compliance Function is an integral part of effective governance, along with the internal control and risk management processes. The NBFCs in Upper Layer and Middle Layer shall treat the prescriptions in the Circular as a set of minimum guidelines only and accordingly frame their guidelines taking into account their corporate governance framework, the scale of operations, risk profile and organizational structure, etc.

2. Compliance Risk

Compliance risk is ‘the risk of legal or regulatory sanctions, material financial loss or loss of reputation an NBFC may suffer, as a result of its failure to comply with laws, regulations, rules and codes of conduct, etc., applicable to its activities.

3. Scope and Coverage of Compliance Function

Compliance Function shall ensure strict observance of all statutory and regulatory requirements for the NBFC, including standards of market conduct, managing conflict of interest, treating customers fairly and ensuring the suitability of customer service.

4. Responsibility of the Board and Senior Management

4.1 The Board / Board Committee3 shall ensure that an appropriate Compliance Policy is put in place and implemented. Further, the Board / Board Committee shall prescribe the periodicity for review of Compliance risk.

4.2 The Senior Management shall:

carry out an exercise, at least once a year, to identify and assess the major Compliance risk facing the NBFC and formulate plans to manage it;

submit to the Board / Board Committee a review at the prescribed periodicity and a detailed annual review of Compliance; and

report promptly to the Board / Board Committee on any material Compliance failure while ensuring that appropriate remedial or disciplinary action is taken.

5. Responsibilities of Compliance Function

5.1 Compliance Function shall be responsible for undertaking the following activities at the minimum:

Assist the Board and the Senior Management in overseeing the implementation of Compliance Policy, including policies and procedures, prescriptions in Compliance Manuals, internal codes of conduct, etc.

Play the central role in identifying the level of Compliance risk in the organisation. The Compliance risks in existing / new products and processes shall be analysed and appropriate risk mitigants put in place. The Chief Compliance Officer (CCO) shall be a member of the ‘new product’ committee/s. All new products shall be subjected to intensive monitoring for at least the first six months of introduction to ensure that the indicative parameters of Compliance risk are adequately monitored.

Compliance Function shall monitor and test Compliance by performing sufficient and representative Compliance testing, and the results of such Compliance testing shall be reported to the Senior Management. It shall periodically circulate the instances of compliance failures among staff, along with the required preventive instructions. Staff accountability shall be examined for major Compliance failures.

Ensure compliance of regulatory/ supervisory directions given by RBI in both letter and spirit in a time-bound and sustainable manner. RBI will continue to expect an effective Compliance Program where all Risk Mitigation Plan (RMP) / Monitorable Action Plan (MAP) points are complied with within the timelines prescribed. Unsatisfactory compliance with RMP/MAP may invite penal action from RBI.

Attend to compliance with directions from other regulators in cases where the activities of the entity are not limited to the regulation/supervision of RBI. Further, discomfort conveyed to the NBFC on any issue by other regulators, and action taken by any other authorities / law enforcement agencies, shall be brought to the notice of RBI.

The Compliance Department may also serve as a reference point for the staff from operational departments for seeking clarifications / interpretation of various regulatory and statutory guidelines.

5.2 The CCO shall be the nodal point of contact between the NBFC and the regulators / supervisors and shall necessarily be a participant in the structured or other regular discussions held with RBI. Further, compliance to RBI inspection reports shall be communicated to RBI necessarily through the office of the Compliance Function.

5.3 In some NBFCs, there may be separate departments / divisions looking after compliance with different statutory and other requirements. In such cases, the departments concerned shall hold the prime responsibility for their respective areas, which shall be clearly outlined. Adherence to applicable statutory provisions and regulations is the responsibility of each staff member. However, the Compliance Function would need to ensure overall oversight.

6. Broad Contours of Compliance Framework in NBFCs

A. Compliance Policy

a. The NBFC shall lay down a Board-approved Compliance Policy clearly spelling out its Compliance philosophy, expectations on Compliance culture, structure and role of the Compliance function, the role of CCO, processes for identifying, assessing, monitoring, managing, and reporting on Compliance risk. The Policy shall be reviewed at least once a year.

b. Broadly, the Policy shall ensure coverage of the following aspects:

Measures to ensure the independence of the Compliance function and its right to freely disclose findings and views to senior management, Board / Board Committee;

Focus on various regulatory and statutory Compliance requirements;

Monitoring mechanism for the Compliance testing procedure;

Reporting requirements, including Compliance risk assessment and change in risk profile, etc. to the Senior Management and to the Board / Board Committee;

The authority of the Compliance Function to have access to information as specified in Part D below;

A mechanism for dissemination of information on regulatory prescriptions and guidelines among staff and periodic updating of operational manuals; and

The approval process for all new processes and products by the Compliance Department, prior to their introduction.

B. Compliance Structure

The Compliance Department shall be headed by the Chief Compliance Officer, meeting the requirements prescribed in this Circular. NBFCs are free to adopt their own organizational structure for the Compliance Function. However, the function shall be independent and sufficiently resourced, its responsibilities shall be clearly specified, and its activities shall be subject to periodic and independent review.

C. Compliance Programme

The NBFC shall carry out an annual Compliance risk assessment in order to identify and assess major Compliance risks faced by them and prepare a plan to manage the risks. The annual review, to be carried out by the Senior Management, shall ensure coverage of at least the following aspects:

Compliance failures, if any, during the preceding year and consequential losses and regulatory action, as also steps taken to avoid recurrence of the same;

Listing of all major regulatory guidelines issued during the preceding year and steps taken to ensure compliance;

Compliance with fair practices codes and adherence to standards set by self-regulatory bodies and accounting standards; and

Progress in the rectification of significant deficiencies and implementation of recommendations pointed out in various audits and RBI inspection reports.

D. Authority

The CCO and Compliance Function shall have the authority to communicate with any staff member and have access to all records or files that are necessary to enable her / him to carry out entrusted responsibilities in respect of Compliance issues. This authority shall flow from the Compliance Policy of the NBFC.

E. Dual Hatting

i. There shall not be any ‘dual hatting,’ i.e., the CCO shall not be given any responsibility which brings elements of conflict of interest, especially any role relating to business. The CCO shall generally not be a member of any committee which conflicts her / his role as CCO with responsibility as a member of the committee, including any committee dealing with purchases / sanctions. In case the CCO is a member of any such committee, that would only be an advisory role.

ii. The staff in the Compliance Department shall primarily focus on Compliance Functions. However, the Compliance staff could be assigned some other duties while ensuring that there is no conflict of interest.

F. Qualifications and Staffing of Compliance Function

Apart from having staff with basic qualifications and practical experience in business lines / audit & inspection functions, Compliance Function shall have adequate staff members with knowledge of statutory / regulatory prescriptions, law, accountancy, risk management, information technology, etc. Appropriate succession planning shall be ensured to avoid any future skill gap.

G. Internal Audit & Independent Review of Compliance Function

Compliance risk shall be included in the risk assessment framework of the Internal Audit Function, and Compliance Function shall be subject to regular internal audit. The CCO shall be kept informed of audit findings related to Compliance, which shall serve as a feedback mechanism for assessing the areas of Compliance failures.

H. Supervisory Focus

Examination of Compliance rigor prevalent in the NBFC shall be a part of Reserve Bank’s supervisory risk assessment process.

7. Appointment and Tenure of CCO

Tenure: The CCO shall be appointed for a minimum fixed tenure of not less than 3 years. However, in exceptional cases, the Board / Board Committee may relax the minimum tenure by one year, provided appropriate succession planning is put in place;

Removal: The CCO shall be transferred / removed before completion of the tenure only in exceptional circumstances, with the explicit prior approval of the Board / Board Committee, after following a well-defined and transparent internal administrative procedure;

Rank: The CCO shall be a senior executive of the NBFC with a position not below two levels from the CEO. However, in the case of NBFCs-ML, this requirement can be relaxed by one level further. If the NBFC considers necessary, the CCO can also be recruited from the market;

Skills: The CCO shall have a good understanding of the industry and risk management practices, knowledge of regulations, legal requirements, and have sensitivity to Supervisory expectations;

Stature: The CCO shall have the ability to exercise judgment independently. She / He shall have the freedom and authority to interact with regulators / supervisors directly and ensure compliance;

Conduct: CCO shall have a clean track record and unquestionable integrity;

Selection Process: Selection of the candidate for the post of the CCO shall be made based on a well-defined selection process and recommendations made by a committee constituted by the Board / Board Committee for the purpose. The Board / Board Committee shall take final decision in the appointment of CCO.

Reporting Requirements: A prior intimation to the Senior Supervisory Manager, Department of Supervision, Reserve Bank of India, shall be provided before appointment, premature transfer, resignation, early retirement or removal of the CCO. Such information shall be supported by a detailed profile of the candidate along with the ‘Fit and Proper’ certification by the MD & CEO of the NBFC, confirming that the person meets the prescribed supervisory requirements and rationale for changes, if any. ‘Fit and Proper’ criteria may be examined based on the requirements spelt out in this Circular;

Reporting Line: The CCO shall have direct reporting lines to the MD & CEO and / or Board / Board Committee. In case the CCO reports to the MD & CEO, the Board / Board Committee shall meet the CCO at quarterly intervals on a one-to-one basis, without the presence of the senior management, including MD & CEO. The CCO shall not have any reporting relationship with the business verticals. Further, the performance appraisal of the CCO shall be reviewed by the Board / Board Committee.