If you are a upper or middle layer[1] Non-Banking Financial Company (“NBFC”) or a part of other Regulated Entities (“RE”)[2] such as Payment Banks and Credit Information Companies operating in India, you need to implement a technology-enabled compliance management solution within the next four months.[3]
In a recent circular, the Reserve Bank of India (“RBI”) has directed all upper- and middle-layer NBFCs and other REs to carry out a comprehensive review of their existing internal compliance monitoring processes and implement necessary changes to existing process and/or install a suitable new system latest by June 30, 2024.
This direction came out after RBI’s assessment of the prevailing system for internal compliance monitoring in select Supervised Entities (“SEs”). It was observed that the compliance management function is still being carried out with significant manual intervention. To enhance the effectiveness of this system, the RBI has underlined the importance of upgradation by the REs from manual process to advanced technological tools. Therefore, it necessarily entails the deployment of a comprehensive, integrated, enterprise-wide and workflow-based solution. As per the RBI mandate, essential features of such a solution are:
-
Providing one platform for business, compliance and IT teams, Senior Management facilitating effective communication and collaboration among all
-
Processes for identifying, assessing, monitoring and managing compliance requirements
-
Escalation of issues of non-compliance
-
Recording of the approval of competent authority for deviations or delay in compliance submission;
-
Unified dashboard view to Senior Management on compliance position of the RE as a whole.
The REs, however, are allowed to decide on the tools/ mechanism it would prefer to deploy, keeping in consideration the size and complexity of their operations.
It takes between three to four months for well-run businesses to implement a compliance management solution effectively. With the RBI deadline being only five months away, the REs need to review their existing internal compliance monitoring processes at the earliest.
Given below is an overview of the features of Lexplosion’s Enterprise Level Regulatory Compliance Management Solution, Komrisk which fulfils all the criteria prescribed by RBI and a lot more:
| Feature prescribed by RBI | Feature of Komrisk |
|---|---|
| Unified dashboard view of compliance position of the RE as a whole for the Senior Management. | Real-Time Dashboard: Enables Senior Management to assess the current status and potential risks of pending compliances across all entities, operating units and departments |
| Recording of the approval of competent authority for deviations or delay in compliance submission; | Uploading of proofs: Uploading of proofs of compliances to substantiate completion of task including marking task in WIP stage in case of deviations / delays |
| Process of Identifying, assessing, monitoring and managing compliance requirements | Customized compliance Library: comprehensive database of identified applicable compliance tasks reached at by assessing responses to client specific queries. |
| Escalation of issues of non-compliance | Compliance Workflow & Escalations: Compliance process through defined workflows and a flexible escalation mechanism up to 10 levels |
| Effective communication and collaboration among all the stakeholders | Task Management: Assign, re-assign, split and schedule compliance tasks as per own requirements including sending emails through the tool to take corrective actions |
| Alerts and Escalations feature which sends predetermined email alerts to the task owners and escalated on breaching of specific threshold | |
| Ongoing regulatory updates/amendments and technical support |
In case you want to know more, do get in touch with us. You can also directly reach out to Koushik Sinha at koushik.sinha@lexplosion.in.
[1] Upper or Middle Layer NBFCs: NBFCs in middle layer and upper layer shall be known as NBFC – Middle Layer (NBFC-ML) and NBFC – Upper Layer (NBFC-UL) respectively. The Middle Layer shall consist of (a) all deposit taking NBFCs (NBFC-Ds), irrespective of asset size, (b) non-deposit taking NBFCs with asset size of ₹1000 crore and above and (c) NBFCs undertaking the following activities (i) Standalone Primary Dealers (SPDs), (ii) Infrastructure Debt Fund – Non-Banking Financial Companies (IDF-NBFCs), (iii) Core Investment Companies (CICs), (iv) Housing Finance Companies (HFCs) and (v) Infrastructure Finance Companies (NBFC-IFCs).
Whereas the Upper Layer shall comprise of those NBFCs which are specifically identified by the Reserve Bank as warranting enhanced regulatory requirement based on a set of parameters. The top ten eligible NBFCs in terms of their asset size shall always reside in the upper layer, irrespective of any other factor.
[2]Regulated Entities (REs) means (i) all Scheduled Commercial Banks (SCBs)/ Regional Rural Banks (RRBs)/ Local Area Banks (LABs)/ All Primary (Urban) Co-operative Banks (UCBs) /State and Central Co-operative Banks (StCBs / CCBs) and any otherbanks which has been licenced under Section 22 of Banking Regulation Act, 1949; (ii) All India Financial Institutions (AIFIs) (iii) All Non-Banking Finance Companies (NBFCs), Miscellaneous Non-Banking Companies (MNBCs) and Residuary Non-Banking Companies (RNBCs) (iv) Asset Reconstruction Companies (ARCs) (v) All Payment System Providers (PSPs)/ System Participants (SPs) and Prepaid Payment Instrument Issuers (PPI Issuers); (vi) All authorised persons (APs) including those who are agents of Money Transfer Service Scheme (MTSS), regulated by the Regulator.
[3] Lexplosion’s compliance management solution, Komrisk, is one such technological solution that you can consider. A number of NBFCs are already benefiting from the use of Komrisk.
Written by: Amiya Mukherjee
Disclaimer
All material included in this blog is for informational purposes only and does not purport to be or constitute legal or other advice. This blog should not be used as a substitute for specific legal advice. Professional legal advice should be obtained before taking or refraining from an action as a result of the contents of this blog. We exclude any liability (including without limitation that for negligence or for any damages of any kind) for the content of this blog. The views and opinions expressed in this blog are those of the author/(s) alone and do not necessarily reflect the official position of Lexplosion Solutions. We make no representations, warranties or undertakings about any of the information, content or materials provided in this blog (including, without limitation, any as to quality, accuracy, completeness or reliability). All the contents of this blog, including the design, text, graphics, their selection and arrangement are the intellectual property of Lexplosion Solutions Private Limited and/or its licensors.
ALL RIGHTS RESERVED, and all moral rights are asserted and reserved.
