NBFC Regulations in India

Shivendra Suman, Head – Compliance and Company Secretary, Hero FinCorp Limited, speaks to the India Employer Forum about NBFC regulations in India.

1.How has the NBFC regulatory framework evolved over the years?

The regulatory framework for non-banking financial companies (NBFCs) in India has evolved significantly over the past decade. While the regulatory structure in more mature markets like the US and UK has been well-established, India’s regulatory landscape for NBFCs is still evolving. India’s regulatory framework for NBFCs is moving at a fast-pace with numerous new regulations and notifications issued by various regulators, including the Reserve Bank of India (RBI), IRDAI, SEBI, MCA, and others. An NBFC operating from a single location in one state has to meet numerous unique compliance requirements annually, in addition to securing various one-time registrations and approvals.

The NBFC (Non-Banking Finance Company) sector has evolved considerably in terms of its size, operations, technological sophistication, and entry into newer areas of financial services and products. A review of the entire regulatory framework for the NBFC sector has been undertaken with a view to transitioning, over time, to an activity-based regulation of NBFCs marked by the introduction of the “Scale-Based Regulation (SBR): A Revised Regulatory Framework for NBFCs.” This was a response to changes in the risk profiles of NBFCs, driven by their increasing size and complexity. This regulatory evolution is not limited to a single area but extends across industries, reflecting a comprehensive approach to ensure financial stability and corporate governance. While these changes have had a far-reaching impact, their immediate implementation has posed challenges for the industry.

The regulatory reforms, particularly those involving IT frameworks and governance, require time for proper implementation. Without allowing sufficient time for this transition, the true spirit of these regulations cannot be realised 

Nevertheless, the industry players are accepting these changes, and the evolving framework signals a growing maturity in the regulatory landscape, bringing Indian NBFCs in line with global standards.

2.What is the need for scale-based regulations? Why is the regulator doing that?

The need for scale-based regulations for NBFCs arises from the vast diversity in their size, complexity, and risk profiles of NBFCs, which has a direct impact on financial stability. With over 10,000 NBFCs in India, ranging from net worth of ₹1 crore to over ₹1 or 2 lakh crores, a one-size-fits-all regulatory framework is inadequate. NBFCs with larger asset bases and systemic importance pose risks similar to banks and, therefore, require stricter oversight. This is why a more granular approach, such as the scale-based regulatory (SBR) framework, was introduced by the RBI in 2021.

As the SBR framework encompasses different facets of regulation of NBFCs covering capital requirements, governance standards, prudential regulation, etc. The SBR framework categorises NBFCs into four layers—base layer, middle layer, upper layer, and top layer—based on their asset size, systemic importance, and whether they accept deposits. This classification ensures that NBFCs with higher risk potential, such as those with larger asset sizes, face greater scrutiny. For instance, the base layer consists of smaller, less risky NBFCs, while the middle and upper layers include systemically important and large asset-holding

NBFCs, such as infrastructure finance and housing finance companies. The top layer, reserved for NBFCs posing significant systemic risk, demands the highest level of regulatory attention.

This structure helps regulate NBFCs proportionately, aligning their governance and operational standards with the risk they present. Larger NBFCs, with more substantial influence on the economy, are subject to regulations similar to banks to prevent failures that could have severe economic repercussions, as seen in past NBFC collapses. The introduction of these layers allows the regulator to impose targeted rules, ensuring better risk management, governance, and transparency across the sector.

3.Is there an increased awareness at the board level in NBFCs?

Yes, there is a noticeable increase in awareness at the board level in NBFCs, especially following the introduction of scale-based regulations and other initiatives by the RBI. Board of Directors are now highly cognisant of their compliance responsibilities and are ensuring that regulatory requirements are being passed down to management for timely and accurate implementation. There is zero tolerance for any deviations, and any attempts to bypass regulations are met with serious consequences from the RBI, which has enforced strict corrective measures on violators.

The scale-based regulatory framework has heightened the board’s role in maintaining compliance, particularly through the corrective action framework. Board of Directors are actively ensuring that any potential regulatory breaches are addressed before crossing thresholds. This increased accountability has also led to directors adjusting their business strategies, ensuring strict adherence to RBI’s mandates with no room for shortcuts. 

4.How difficult is it to manage third-party vendor and contractor compliances?

Managing third-party vendor and contractor compliances is a challenging task for NBFCs, especially with the growing complexity of outsourcing arrangements. The RBI introduced outsourcing guidelines in 2017, recognising the involvement of third-party vendors in crucial operational areas for NBFCs. These guidelines mandate that companies digitise, monitor, and channelize their outsourced activities to ensure compliance and minimise risks.

NBFCs often rely on third-party vendors for technology and specialised services, as it is not feasible to have in-house expertise for everything. While outsourcing is necessary, some of the key risks in outsourcing are Strategic Risk, Reputation Risk, Compliance Risk, Operational

Risk, Legal Risk, Exit Strategy Risk, Counterparty Risk, Country Risk, Contractual Risk, Access Risk, Concentration and Systemic Risk. It is therefore imperative for the NBFC outsourcing its activities to ensure sound and responsive risk management practices for effective oversight, due diligence and management of risks arising from such outsourced activities. Companies are responsible for monitoring these risks as part of the broader regulatory framework. With continuous updates like RBI’s digital and outsourcing guidelines, along with new notifications, organisations are better equipped to manage these challenges. In collaboration with regulators, companies can navigate these complexities effectively to ensure compliance and maintain service quality.

5.RBI mandated the use of digital internal compliance solutions earlier this year. How have these digital compliance management platforms impacted compliance functions?

The RBI’s mandate for digital internal compliance solutions has significantly transformed how organisations manage their compliance functions. In January 2024, the RBI issued Circular dated 31.01.2024, emphasising the need to streamline internal compliance monitoring processes across regulated entities (REs). The advisory followed an assessment of entities using varying levels of automation for compliance monitoring, from spreadsheets to workflow-based systems. With the increasing complexity and scope of regulatory requirements, manual tracking of compliance is no longer feasible. These digital platforms have become a necessity, enabling organisations to keep pace with wide-ranging and frequent regulatory changes in a more efficient and real-time manner.

Far from being considered a harsh requirement, these digital solutions are beneficial for organizations. They streamline compliance processes, making it easier to track and implement regulatory changes, thereby reducing the risk of non-compliance. The beauty of these platforms lies in their ability to provide instant updates and ensure that companies are always aligned with the latest regulatory standards. By switching to these platforms, organisations can manage their compliance landscape more effectively, ensuring transparency, accuracy, and timeliness in meeting regulatory obligations.

6.What would be your tips for young professionals aspiring to work in compliance & governance?

For young professionals looking to thrive in today’s dynamic environment, developing a strong sense of professionalism is the key. If you’re aiming to drive meaningful change in industries like finance, law, or governance, pursuing advanced qualifications such as CS, Law, CA, ICWA, or MBA can equip you with the skills and knowledge to navigate complex regulations, risks, and technologies.

In addition to formal degrees, consider certification courses in areas like governance, compliance, and risk management. These can help you specialize in high-demand areas such as KYC management or become a risk professional. Continuous learning and gaining relevant certifications will position you to manage governance and regulatory challenges effectively and stand out in your career.

About Shivendra Suman

Mr. Shivendra Suman is Head- Compliance and Company Secretary of Hero FinCorp Limited, one of the fastest growing NBFCs in India. Prior to Hero, he was associated with CITI Group and successfully carried out different roles i.e. as financial controller, compliance officer and company secretary. He is having 19 years + experience in handling RBI Compliances for Banks, NBFCs, HFCs and FinTechs etc.

Further, he has vast experience of handling listing of companies on BSE Main Board, Listing of Debt Securities, RBI, NHB and IRDAI Compliances, Corporate Law Compliances i.e. Companies Act, SEBI LODR and Stock Exchanges etc. He is an esteemed member of the Institute of Company Secretaries of India and a law graduate.