NBFCs to implement technology-driven compliance solution by October 31st 2024: RBI

If you are a upper or middle layer[1] Non-Banking Financial Company (“NBFC”) or a part of other Regulated Entities (“RE”)[2] such as Payment Banks and Credit Information Companies operating in India, you need to implement a technology-enabled compliance management solution within the next four months.[3]

In a recent circular, the Reserve Bank of India (“RBI”) has directed all upper- and middle-layer NBFCs and other REs to carry out a comprehensive review of their existing internal compliance monitoring processes and implement necessary changes to existing process and/or install a suitable new system latest by October 31, 2024.

This direction came out after RBI’s assessment of the prevailing system for internal compliance monitoring in select Supervised Entities (“SEs”). It was observed that the compliance management function is still being carried out with significant manual intervention. To enhance the effectiveness of this system, the RBI has underlined the importance of upgradation by the REs from manual process to advanced technological tools. Therefore, it necessarily entails the deployment of a comprehensive, integrated, enterprise-wide and workflow-based solution. As per the RBI mandate, essential features of such a solution are:

  • Providing one platform for business, compliance and IT teams, Senior Management facilitating effective communication and collaboration among all

  • Processes for identifying, assessing, monitoring and managing compliance requirements

  • Escalation of issues of non-compliance

  • Recording of the approval of competent authority for deviations or delay in compliance submission;

  • Unified dashboard view to Senior Management on compliance position of the RE as a whole.

The REs, however, are allowed to decide on the tools/ mechanism it would prefer to deploy, keeping in consideration the size and complexity of their operations.

It takes between three to four months for well-run businesses to implement a compliance management solution effectively. With the RBI deadline being only five months away, the REs need to review their existing internal compliance monitoring processes at the earliest.

Given below is an overview of the features of Lexplosion’s Enterprise Level Regulatory Compliance Management Solution, Komrisk which fulfils all the criteria prescribed by RBI and a lot more:

Feature prescribed by RBIFeature of Komrisk
Unified dashboard view of compliance position of the RE as a whole for the Senior Management.Real-Time Dashboard: Enables Senior Management to assess the current status and potential risks of pending compliances across all entities, operating units and departments
Recording of the approval of competent authority for deviations or delay in compliance submission;Uploading of proofs: Uploading of proofs of compliances to substantiate completion of task including marking task in WIP stage in case of deviations / delays
Process of Identifying, assessing, monitoring and managing compliance requirementsCustomized compliance Library: comprehensive database of identified applicable compliance tasks reached at by assessing responses to client specific queries.
Escalation of issues of non-complianceCompliance Workflow & Escalations: Compliance process through defined workflows and a flexible escalation mechanism up to 10 levels
Effective communication and collaboration among all the stakeholdersTask Management: Assign, re-assign, split and schedule compliance tasks as per own requirements including sending emails through the tool to take corrective actions
Alerts and Escalations feature which sends predetermined email alerts to the task owners and escalated on breaching of specific threshold
Ongoing regulatory updates/amendments and technical support

In case you want to know more, do get in touch with us. You can also directly reach out to Koushik Sinha at koushik.sinha@lexplosion.in.

[1] Upper or Middle Layer NBFCs: NBFCs in middle layer and upper layer shall be known as NBFC – Middle Layer (NBFC-ML) and NBFC –     Upper Layer (NBFC-UL) respectively. The Middle Layer shall consist of (a) all deposit taking NBFCs (NBFC-Ds), irrespective of asset size, (b) non-deposit taking NBFCs with asset size of ₹1000 crore and above and (c) NBFCs undertaking the following activities (i) Standalone Primary Dealers (SPDs), (ii) Infrastructure Debt Fund – Non-Banking Financial Companies (IDF-NBFCs), (iii) Core Investment Companies (CICs), (iv) Housing Finance Companies (HFCs) and (v) Infrastructure Finance Companies (NBFC-IFCs).

Whereas the Upper Layer shall comprise of those NBFCs which are specifically identified by the Reserve Bank as warranting enhanced regulatory requirement based on a set of parameters. The top ten eligible NBFCs in terms of their asset size shall always reside in the upper layer, irrespective of any other factor.

[2]Regulated Entities (REs) means (i) all Scheduled Commercial Banks (SCBs)/ Regional Rural Banks (RRBs)/ Local Area Banks (LABs)/ All Primary (Urban) Co-operative Banks (UCBs) /State and Central Co-operative Banks (StCBs / CCBs) and any otherbanks which has been licenced under Section 22 of Banking Regulation Act, 1949; (ii) All India Financial Institutions (AIFIs) (iii) All Non-Banking Finance Companies (NBFCs), Miscellaneous Non-Banking Companies (MNBCs) and Residuary Non-Banking Companies (RNBCs) (iv) Asset Reconstruction Companies (ARCs) (v) All Payment System Providers (PSPs)/ System Participants (SPs) and Prepaid Payment Instrument Issuers (PPI Issuers); (vi) All authorised persons (APs) including those who are agents of Money Transfer Service Scheme (MTSS), regulated by the Regulator.

[3] Lexplosion’s compliance management solution, Komrisk, is one such technological solution that you can consider. A number of NBFCs are already benefiting from the use of Komrisk.

 

Written by: Amiya Mukherjee

Disclaimer

All material included in this blog is for informational purposes only and does not purport to be or constitute legal or other advice. This blog should not be used as a substitute for specific legal advice. Professional legal advice should be obtained before taking or refraining from an action as a result of the contents of this blog. We exclude any liability (including without limitation that for negligence or for any damages of any kind) for the content of this blog. The views and opinions expressed in this blog are those of the author/(s) alone and do not necessarily reflect the official position of Lexplosion Solutions. We make no representations, warranties or undertakings about any of the information, content or materials provided in this blog (including, without limitation, any as to quality, accuracy, completeness or reliability). All the contents of this blog, including the design, text, graphics, their selection and arrangement are the intellectual property of Lexplosion Solutions Private Limited and/or its licensors.

ALL RIGHTS RESERVED, and all moral rights are asserted and reserved.

Share this:

Sign up for our

Newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

Lexplosion will use the information you provide on this form to be in touch with you and to provide updates and marketing.