Ritu Nagpal, Company Secretary & Compliance Officer, SG Finserve, speaks to the India Employer Forum about NBFC compliance and complexities in India.
1.How has the NBFC regulatory framework in India evolved over the years?
The NBFC regulatory framework has undergone significant evolution. Historically, compliance involved consulting the Companies Act, whether from 1956 or 2013 and figuring out what applied to a particular company. However, with the Reserve Bank of India (RBI) issuing numerous circulars, master circulars, and superseding master directions, understanding compliance requirements has become increasingly complex.
Recently, scale-based regulations have added another layer of complexity. For example, a Core Investment Company (CIC) requires mandatory appointments like that of the Chief Compliance Officer (CCO) when the asset size exceeds 1,000 crores; its circular says so, but scale-based regulation has no point for CCO appointment by a CIC. This complexity is compounded as the RBI’s master directions sometimes conflict with earlier circulars. Such issues make it difficult for compliance professionals to keep track of the laws.
2.Have KYC guidelines and PMLA regulations become integral to NBFC compliance?
KYC, PMLA, and anti-money laundering (AML) regulations are part of the larger NBFC compliance landscape. Additional requirements, such as CERSAI registration and CKYC, add to the burden. Moreover, if a company is listed, compliance with SEBI’s LODR regulations is also necessary. Besides financial regulations, HR-related compliance, such as Labour laws, POSH, taxation, and CSR (Corporate Social Responsibility), must also be adhered to.
For example, annual reports must include details of HR compliance, tax filings, and more. Failing to comply with these regulations can lead to challenges, as companies need to document every compliance activity, including late returns or delayed filings.
3.How is the Board of Directors reacting to compliance complexity?
The complexity of compliance has had a significant impact at the board level, especially after COVID-19. Previously, compliance matters might have been touched upon briefly during the annual general meeting, but now stakeholders and management demand frequent updates. Auditors, directors, and even independent directors are much more involved. Quarterly board meetings now focus heavily on compliance reports, and auditors like Big Four often require reports summarizing a company’s adherence to regulations. Scrutiny has increased, particularly with CKYC and other requirements. Companies now need to file regular reports and comply with KYC and CERSAI filings to avoid penalties. In many cases, compliance is no longer a once-a-year task but an ongoing responsibility.
4.How important is third-party compliance, especially with contractors coming, into the picture?
Contractor compliance, particularly concerning labour laws, is crucial, as the principal employer (the NBFC) can be held liable. Compliance professionals must ensure that external contractors, such as those managing security or canteen services, adhere to regulations like PF (Provident Fund) filing and KYC verifications. The challenge lies in coordinating and ensuring these external parties comply with regulations, as their non-compliance can reflect negatively on the company.
Managing these relationships involves trust but requires due diligence, such as background checks and monitoring their compliance activities. While this burden may fall on the contractor, the principal employer is ultimately responsible.
5.What is your view on RBI’s recent circular mandating internal compliance monitoring systems?
The RBI’s circular mandating internal compliance monitoring systems for regulated entities is a positive step. For large companies with multiple branches, offices, and extensive compliance requirements, having a digital system streamlines the process. It allows for easier tracking, real-time updates, and centralized reporting. For smaller companies, however, this requirement may not be necessary. Companies with a smaller asset base and fewer compliance requirements can manage without such systems. However, for larger organizations, such tools save time, increase transparency, and improve overall compliance management, which is why RBI mandates this circular to the middle layer and above NBFCs.
6.Does compliance complexity increase with geographical expansion?
Yes, geographical expansion increases compliance complexity. As a company opens more branches or expands its operations, compliance efforts must scale accordingly. Managing compliance for 200 branches is already challenging, but when that expands to 300 or more, it requires additional compliance management tools and processes. Here, digitization plays a vital role in managing this complexity. A compliance system that tracks activities across branches and employees helps streamline the process, ensuring that compliance is maintained uniformly across the organization. For large-scale expansions, such systems become critical for maintaining compliance without overburdening the workforce.
7.What are some of the best practices you follow, and what advice do you have for new compliance professionals?
Compliance professionals must have a sound understanding of the laws and regulations applicable to the company. Beyond the tools and softwares that assist with compliance tracking, professionals need a firm grasp of the basics. No software can replace the foundational knowledge required to file forms or complete compliance tasks. For those starting in compliance, it is essential to stay updated on new laws and regulations as they come into force. Having resources at hand, like a ready reckoner or a compliance tool, can be helpful. Additionally, understanding the broader business context is important for effectively managing compliance across departments and functions.
In large organizations, compliance professionals should familiarize themselves with various tools that help manage compliance at scale. Whether through software or other digital solutions, these tools offer a clear view of tasks and ensure nothing is missed. Furthermore, understanding the business is crucial for compliance professionals. Knowledge of the specific industry helps identify applicable laws and regulations. Without this, compliance efforts might miss the key areas, potentially exposing the company to legal risks. The applicability of laws should be a key focus area for compliance professionals. It is not enough to just know how to file forms or complete paperwork; understanding the broader business landscape ensures that compliance is thorough and comprehensive.
About Ritu Nagpal
You might also be interested to read: Secretarial Compliance Ecosystem in India
Disclaimer: The opinions and views expressed in this article, including any accompanying data, are the sole responsibility of the author and should not be construed as reflecting the official policy or position of India Employer Forum.