MPC meeting – New type of PPI and more

The Statement on Developmental and Regulatory Policies[1] dated 05 December, 2019 has been issued by the RBI pursuant to the fifth bi-monthly Monetary Policy Committee meeting.

Some quick updates and highlights of regulatory changes are given below –

1) Review of NBFC-P2P Directions- Aggregate Lender Limit and escrow accounts

Current limit for borrowers and lenders across all P2P platforms is ₹10 lakh, and exposure of a single lender to a single borrower is – ₹50,000 across all NBFC-P2P platforms.

It has been decided that in order to give the next push to the lending platforms, the aggregate exposure of a lender to all borrowers at any point of time, across all P2P platforms, shall be subject to a cap of ₹50 lakh.

Further, it is also proposed to do away with the current requirement of escrow accounts to be operated by bank promoted trustee for transfer of funds having to be necessarily opened with the concerned bank. This will help provide more flexibility in operations. Necessary instructions in this regard will be issued shortly.


2)  The ‘On tap’ Licensing Guidelines for Small Finance Banks have now been finalised and are being issued today.


3)New Pre-Paid Payment Instruments (PPI) 

It is proposed to introduce a new type of PPI which can be used only for purchase of goods and services up to a limit of ₹10,000. The loading / reloading of such PPI will be only from a bank account and used for making only digital payments such as bill payments, merchant payments, etc. Such PPIs can be issued on the basis of essential minimum details sourced from the customer. Instructions in this regard will be issued by December 31, 2019.


4) Development of Secondary Market for Corporate Loans – setting up of Self Regulatory Body

As recommended by the Task Force on the Development of Secondary Market for Corporate Loans, the Reserve Bank will facilitate the setting up of a self-regulatory body (SRB) as a first step towards the development of the secondary market for corporate loans. The SRB will be responsible, inter-alia, for standardising documents, covenants and practices related to secondary market transactions in corporate loans and promoting the growth of the secondary market in line with regulatory objectives.

Watch out for detailed articles on these topics to be published on our website soon.


Restriction on Sharing of Information

(Personal, Sensitive and Biometric Information)

Legal Division (


Information surround us and is generally captured in virtually everything we do. While some of the information are shared voluntarily; some are disseminated without an express consent, i.e. every time we do a google search, while we try to book a flight, or even when we scroll through shopping portals. Of the several ways in which data is collected, the most prominent one seems to be that collected by various companies and technological platforms while providing goods and services. Another easy access to data is the data available with the bankers, generally received during the KYC process, whereby an individual provides various information such as name, birth, address, Aadhaar number etc.

With globalisation and rapid digitalization, large quantum of data is either collected or shared or generated every micro second. Data has become the new currency in today’s time. While there is no doubt that such information are immensely valuable and several companies are willing to pay for its access, however, it is difficult to determine the exact potential contained by data in its form, and therefore, the likely exploitation. Several multinational organisations are paying huge sum of money to access this data and make business strategies to cater to the needs of the customers. This position is further complicated by government and regulators demanding and seeking access to data from the citizens and corporate. Thus, a need to protect the data from being misused or disclosed for fraudulent purposes becomes necessary.

Considering the risk involved during information sharing process, one may often whether information provided by an individual to a service provider can be disclosed to a third party who is not privy to such information? If yes, are the recipients subject to any restrictions on information sharing? In India, there are a host of laws and judicial pronouncements addressing the issue. By way of this write-up, we intend to delve on the same.

Banker’s Secrecy Obligations:

The general view prevailing till 1924 was that the banker would not make himself liable in any case where he gives bona fide answers to inquiries made by persons really interested, provided he confined his answers to the facts within his knowledge. However, this view was modified by the decision in Tourneir v. National Provincial and Union Bank of England [1].

In the case of Shankarlal Agarwalla v. State Bank of India AIR 1987 Cal 29[2], the Hon’ble Calcutta High Court referred to Halsbury’s Laws of England, Vol 1, 2nd edition, which stipulates that:

“It is an implied term of the contract between a banker and his customer that the banker will not divulge to third persons, without the consent of the customer, express or implied, either the state of the customer’s account, or any of his transactions with the bank or any information relating to the customer acquired through the keeping of his account, unless the banker is compelled to do so by order of a Court, or the circumstances give rise to a public duty of disclosure or the protection of the banker’s own interests requires it.”

 Referring to Paget’s Law of Banking (9th Edition, page 166), the court observed that among the duties of the banker towards the customer may be reckoned the duty of secrecy. Such duty is a legal one arising out of the contract and is not merely a moral one. Breach of it, therefore, gives a claim for nominal damages or for substantial damages if inquiry is resulted from the breach. It is, however, not an absolute duty, but is a qualified one subject to certain reasonable, if not essential, exceptions. One such instance is the duty to obey an order under the Banker’s Book Evidence Act.

Further, in the case of Kattabomman Transport Corporation Ltd. v. State Bank of India AIR 1992 Ker 351[3], it was held that among the duties of the banker towards the customer is the duty of secrecy. Such duty is a legal one arising out of the contract and is not merely a moral one.

Restrictions on Sharing of Customer’s Personal and Account based Information and the Relevant RBI Notifications

1.    Master Direction- Know Your Customer (KYC) Direction, 2016 (Updated as on August 09, 2019)[4] (“KYC Directions”)

While the bankers collect and store various information and documents received from their customers during the KYC process, Paragraph 56 of the Directions stipulate that banks will maintain complete secrecy regarding the customer information which arises out of the contractual relationship between the banker and customer. It further states that “Information collected from customers for the purpose of opening of account shall be treated as confidential and details thereof shall not be divulged for the purpose of cross selling, or for any other purpose without the express permission of the customer.

However, just like every rule is subject to certain exceptions, the KYC Directions also lay down certain exceptions to the aforementioned rule. The same is enlisted herein below:

(a) where disclosure is under compulsion of law;

(b) where there is a duty to the public to disclose;

(c) the interest of bank requires disclosure; and

(d) where the disclosure is made with the express or implied consent of the customer.

2.    Master Circular on Customer Service- UCBs[5]

Paragraph 25.10.3 of the Circular provides that the banks are required to take appropriate measures to protect the confidential information such as customer name, signature, account number etc. and ensure that these information are not misused by banks or their vendors. Further, due care and secure handling is also required to be exercised during the movement of cheques from the time they are tendered over the counters or dropped in the collection boxes by customers.

3.    Master Circular on Credit Card, Debit Card and Rupee Denominated Co-branded Pre-paid Card Operations of Banks and Credit Card issuing NBFCs[6]

Giving due recognition to customer’s rights, the Master Circular stipulates that the card issuing bank/NBFC should not reveal any information relating to customers obtained at the time of opening the account or issuing the credit card to any other person or organization without obtaining their specific consent, as regards the purpose for which the information will be used and the organizations with whom the information will be shared (akin to paragraph 16, which provides for similar restriction on sharing of data obtained at the time of issuing debit cards). In this regard, the circular also specifies that the application form should contain the consent.

In case where the customers gives his consent for the bank sharing the information with other agencies, banks should state and explain clearly to the customer the full meaning/ implications of the disclosure clause. Further, the information being sought from customers should not be of such nature as will violate the provisions of the laws relating to secrecy in the transactions.

In addition, banks/NBFCs are made solely responsible for the correctness of the data provided as above.

Further, the Circular prohibits any co-branding non-banking entity to access any details of customer’s accounts that may violate bank’s secrecy obligations.

Sharing of Customer’s Credit Information

Credit related information pertaining to an individual or a body corporate are definitely relevant for financial institutions, and while the bankers are allowed to publish information of default to CIBIL, the disclosure is definitely not free from restrictions.

We often find people complaining about marketing calls for card cards, etc. Sometimes the customer himself seeks credit referrals from their regular banks, for the purpose of availing loans, etc, and in such case, the entity providing credit undertakes a check from the entity having access to customer’s regular transaction details. Section 17 of the Credit Information Companies (Regulation) Act, 2005[7] lays down the procedure to be followed by the credit information company or credit institutions for furnishing credit information, which comprises of information with respect to nature of loans, credit worthiness of an individual and such like. Sub- section 3 of the said section states that every credit information company can provide credit information to its specified user, only on receipt of request from him, in accordance with the provisions of the said Act, and directions issued thereunder by the Reserve Bank of India from time to time in this behalf. Here, the term specified user means a credit institution, a credit information company and such person or institution as may be specified by the RBI.

Further, Section 22 of the CIC Act protects the credit information from an unauthorised access. It provides as follows:

“22(1) No person shall have access to credit information in the possession or control of a credit information company or a credit institution or a specified user unless the access is authorised by this act or any other law for the time being in force or directed to do so by any court or tribunal and any such access to credit information without such authorisation or direction shall be considered as an unauthorised access to credit information.”

To read more on sharing of credit information to Fintech companies, one may refer to our article here.

Restriction on Collection, Sharing and Storage of Biometric and Demographic Information:

The debate relating to the data privacy has reached new heights after the Apex Court judgment in Justice K.S. Puttaswamy and Ors. v. Union of India AIR 2017 (SC) 4161[8] (more commonly known as Aadhaar judgment), wherein it was held that “right to privacy” is a fundamental right guaranteed by Part III of the Constitution of India, and discussing the issue whether the Aadhaar Act violates right to privacy, the Hon’ble Supreme Court observed that “After detailed discussion, it is held that all matters pertaining to an individual do not qualify as being an inherent part of right to privacy. Only those matters over which there would be a reasonable expectation of privacy are protected by Article 21.”

The aforementioned decision had far reaching ramifications on the laws and regulations present in India. The court held that identity of a person is a great significance in individual’s life. The place of birth, parentage and the demographic particulars becomes an important attribute of one’s personality. When all this information is available in one place, in the form of Aadhaar card, it not only becomes unique, it would also qualify as a document of empowerment. Added with this feature, when an individual knows that no other person can clone her, it assumes greater significance. Consequently, it becomes necessary to protect this information. Further, the court discussed informational privacy being one of the essential aspects of fundamental right to privacy. The informational privacy deals with person’s mind i.e. it protects a person by giving the control over the dissemination of material that is personal to him/her and disallowing unauthorised use of such information by the State.

Prior to the Aadhaar judgment, banks and NBFCs were compulsorily collecting their customer’s Aadhaar number for KYC verification, however, the Supreme Court struck off various provisions of the Act as unconstitutional. The court disallowed private entities from using Aadhaar numbers for the purpose of authentication, on the basis of a contract with the concerned individual, since the court was of the view that the same would lead to commercial exploitation of an individual’s biometric and demographic information by private entities, and consequently, be a breach of privacy.

The existing provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016[9] also lay down various restrictions as regards information sharing. The relevant provisions are discussed below:

  1. Section 29(1) of the Act specifically prohibits sharing of core biometric information, such as finger print, Iris scan, or such other biological attribute of an individual as specified in the regulations, to any person or entity.
  2. Section 29(3) of the Act states that no identity information (including an individual’s Aadhaar number, his biometric information and his demographic information) available with a requesting entity will be used for any purpose other than specified to the individual at the time of submitting any identity information for authentication. It further states that such information will not be disclosed further except with the prior consent of the individual to whom such information relates.

Again, speaking of sharing of information, it is also pertinent to refer to the provisions of Aadhaar (Sharing of Information) Regulations, 2016[10]. The relevant provisions are as follows:

  • Regulation 3 deals with sharing of identity information by the authority. It states as follows:

“(1) Core biometric information collected by the Authority under the Act shall not be shared with anyone for any reason whatsoever.

 (2) The demographic information and photograph of an individual collected by the Authority under the Act may be shared by the Authority with a requesting entity in response to an authentication request for e-KYC data pertaining to such individual, upon the requesting entity obtaining consent from the Aadhaar number holder for the authentication process, in accordance with the provisions of the Act and the Aadhaar (Authentication) Regulations, 2016”.

  • Regulation 4 places restrictions on the requesting entities on storing of core biometric information. It further prohibits the requesting entities from sharing the identity information available to them for any purpose other than that specified to the Aadhaar number holder at the time of submitting such information for authentication, and without prior consent of the Aadhaar holder.
  • Regulation 5 mandates that the requesting entity should take the consent of the Aadhaar card holder for collection, storage and usage of his Aadhaar number. In addition to it, the requesting entities must inform the Aadhaar number holder the purpose for which such information is required and give alternatives to submission of Aadhaar number, if any.
  • Regulation 6 put restrictions on sharing, circulating or publishing of the Aadhaar number. Clause 1 of said regulation states that the Aadhaar number of an individual will not be published, displayed or posted publicly by any person or entity or agency. Further, Clause 3 states that no entity including a requesting entity will make public any database or record containing the Aadhaar numbers of individuals unless the Aadhaar numbers have been blacked out through appropriate means both in print and electronic form.

Some Common Exceptions to Secrecy Obligations

Having discussed the restrictions on usage and shareability of various information, it is relevant to understand the circumstances wherein disclosure can be made. Below we provide a few instances wherein disclosure of information will be deemed to be in accordance with law.

1.    Reasonable and Proper Occasions for Disclosure:

The question that may arise is what is regarded as a reasonable and a proper occasion? One such instance of proper occasion for disclosure is where disclosure is warranted under law.

2.    Common Courtesy:

Bankers have, of course, always acted honourably upon the principle of treating their customers’ affairs in confidence and only disclosing them in exceptional and justifiable circumstances. All the same there is a well- recognised practice among bankers themselves, generally described as “a common courtesy” whereby a bank, desiring information enquires of another bank. Information given in response to such enquiries is given confidentially and is worded with scrupulous care, so as to disclose no more than the general position of the customer. Such cases are, it is presumed, supported as permissible by reason of the implied consent of the customer, derived from evidence of a well- known practice among bankers and the circumstances giving rise to the enquiry[11].

However, in this case, one has to see the reasonability of the disclosure and the banker should limit the information (to be read as: nature or type of information) disclosed.

3.    Disclosure with Express Consent of Customer:

After analysing the rules and regulations governing the disclosure of information, it is understood that bankers are allowed to share customer information with third parties only after taking the express consent from the information provider. Considering the various RBI notifications, as discussed above, the consent of the information provider is mandatory for the disclosing or sharing of personal information such as account number, financial information etc. The Aadhaar judgment also specifies that any identity information, consisting of Aadhaar number, as well as demographic and biometric information, collected by an entity cannot be shared unless an express approval is taken by the Aadhaar card holder.


As we understand from the above, the basic principle is that an individual’s data is his private property, and that he may waive off his right to privacy by voluntarily agreeing to share data, however, the following points should be kept in mind:

  • Customer has given his consent by applying his mind, by understanding the choices that he has and the consequences of sharing or not sharing the data. The bankers sometime entice the customer into data sharing by providing certain add- on services, in such case also, it is the customer’s discretion, based on the comparative analysis- (i) What does he gain/lose by agreeing; (ii) What does he gain/lose by not agreeing.
  • Free consent has a meaning only if the customer is made aware that he has a right not to agree. The consent should not be buried in a heap of words, and it is advisable the consent is specifically obtained.
  • Consent should not be obtained by trickery or by not providing the customer the option to withhold consent.

A banker and his subordinates are, in this respect, in the same position as any other member of the community. In addition to the liability to the customer on account of unjustifiable disclosure of his account, the banker may make himself liable to the party to whom the information is given, to compensate him for the loss which the latter may suffer on account of having relied upon the information; provided it is proved that the banker gave the information knowing it to be false, or without having justifiable reason to believe it to be true[12]. Therefore, the following points are also of relevance in case the banker decides to give information regarding the state of his customer’s account:

  • The banker should ensure that he adheres to facts only, and as disclosed by the account, so as to avoid any liability as to any claim for fraudulent misrepresentation;
  • Information should only be given to a fellow banker, or to a person authorised by the customer to receive such information, in confidence and without prejudice; and
  • Information should be shared only on need to know basis.


[1] (1924) 1 KB 461










[11] Tannan’s Banking Law and Practice in India, by Vinod Kothari, 26th Edition, 2017, pages 355- 356

[12] Ibid

RBI revises qualifying assets criteria for NBFC MFIs

Team, Vinod Kothari Consultants Pvt. Ltd.

The RBI on November 08, 2019[1] revised the limits relating to the qualifying assets criteria, giving a much needed boost to Micro-Finance Institutions. The change in limits comes pursuant to the Statement on Developmental and Regulatory Policies[2] issued as part of the Monetary Policy Statement dated 04 October, 2019.

A detailed regulatory framework for MFI’s was put into place in December, 2011 based on the recommendations of a Sub-Committee of the Central Board of the Reserve Bank. The regulatory framework prescribes that an NBFC MFI means a non-deposit taking NBFC that fulfils the following conditions:

  • Minimum Net Owned Funds of Rs. 5 Crore.
  • Not less than 85% of its net assets are in the nature of qualifying assets.

Thus meeting the qualifying assets criteria is crucial to be classified as an NBFC-MFI. The income and loan limits to classify an exposure as an eligible asset were last revised in 2015.

In light of the above and taking into consideration the important role played by MFIs in delivering credit to those in the bottom of the economic pyramid and to enable them to play their assigned role in a growing economy, it was decided to increase and review the limits.

Revised Qualifying assets criteria

The changes are highlighted in the table below:

Qualifying Assets Criteria
Erstwhile Criteria Revised Criteria
Qualifying assets shall mean a loan which satisfies the following criteria:
  i.       Loan disbursed by an NBFC-MFI to a borrower with a rural household annual income not exceeding ₹ 1,00,000 or urban and semi-urban household income not exceeding ₹ 1,60,000;    i.      Loan disbursed by an NBFC-MFI to a borrower with a rural household annual income not exceeding ₹ 1,25,000 or urban and semi-urban household income not exceeding ₹ 2,00,000;
ii.       Loan amount does not exceed ₹ 60,000 in the first cycle and ₹ 1,00,000 in subsequent cycles;  ii.      Loan amount does not exceed ₹ 75,000 in the first cycle and ₹ 1,25,000 in subsequent cycles;
iii.       Total indebtedness of the borrower does not exceed ₹ 1,00,000; iii.      Total indebtedness of the borrower does not exceed ₹ 1,25,000;
Note: All other terms and conditions specified under the master directions shall remain unchanged.

The Statement on Developmental and Regulatory Policies called for revisions in the household income and loan limits only. The notification of the RBI additionally, in light of the change in total indebtedness of the borrower, felt it necessary to also increase the limits on disbursal of loans.

The revised limits are effective from the date of the circular, i. e. November 08, 2019.



Links of related articles:

Special Window Fund for Affordable Real Estate Segment: Achche Din for Home-buyers?

– Sikha Bansal and Priya Udita


Relief has come to the builders of stalled housing project and distressed homebuyers in in the form of establishment of a ‘Special Window‘ fund by the Government to provide priority debt financing for the completion of stalled housing projects that are in the affordable and middle-income housing sector. See the press release here. The announcement came after this package was introduced on September 14 by the Finance Minister. The Government has also issued FAQs on the same, which can be viewed here.

The write-up discusses salient features of the plan.


  1. Fund will be set up as Category II-AIF (Alternative Investment Fund) with initial amount of Rs. 25,000 crores and registered with SEBI.
  2. The government acting as a sponsor shall infuse Rs. 10,000 crore and the remaining amount to be contributed by State Bank of India, Life Insurance Corporation of India and other institutions.
  3. Investors can be Government and other private investors including cash-rich financial institutions, sovereign wealth funds, public and private banks, domestic pension and provident funds, global pension funds and other institutional investors.
  4. The SBICAP Ventures Limited is proposed to the Investment Manager.
  5. Project declared as non-performing assets (NPAs) or which have been dragged to the NCLT for insolvency proceedings will be included. Apart from that any projects undergoing corporate insolvency resolution process before the NCLT will be considered for funding through the Special Window upto the stage where the resolution plan for such insolvency resolution process has not been approved / rejected by the committee of creditors. However, cases pending in the High Courts or Supreme Court will not be considered.
  6. The retail loans of the selected stalled projects will be restructured as per RBI Guidelines and bank board approved policies.
  7. The investments will be in the form of non-convertible debentures subject to legal, regulatory or other considerations.

Read more

Working Group proposal for stricter vigilance on CICs

-By Anita Baid,

Regulators and stakeholders have been seeking a review of Core Investment Companies (CIC) guidelines ever since defaults by Infrastructure Leasing and Financial Services Ltd (IL&FS), a large systemically important CIC. In August 2019, there were 63 CICs registered with the Reserve Bank of India (RBI). As on 31 March, 2019, the total asset size of the CICs was ₹2.63 trillion and they had approximately ₹87,048 crore of borrowings. The top five CICs consist of around 60% of the asset size and 69% borrowings of all the CICs taken together. The borrowing mix consists of debentures (55%), commercial papers (CPs) (16%), financial institutions (FIs) other corporates (16%) and bank borrowings (13%).

Considering the need of the hour, RBI had constituted a Working Group (WG) to Review Regulatory and Supervisory Framework for CICs, on July 03, 2019. The WG has submitted its report on November 06, 2019 seeking comments of stakeholders and members of the public.

Below is an analysis of the key recommendations and measures suggested by the WG to mitigate the related risks for the CICs:

Existing Provision & drawbacks Recommendation Our Analysis
Complex Group Structure
Section 186 (1) of Companies Act, 2013, which restricts the Group Structure to a maximum of two layers, is not applicable to NBFCs



The number of layers of CICs in a group should not exceed two, as in case of other companies under the Companies Act, which, inter alia, would facilitate simplification and transparency of group structures.

As such, any CIC within a group shall not make investment through more than a total of two layers of CICs, including itself.

For complying with this recommendation, RBI may give adequate time of say, two years, to the existing groups having CICs at multiple levels.

A single group may have further sub-division based on internal family arrangements- there is no restriction on horizontal expansion as such.

Further, the definition of the group must be clarified for the purpose of determining the restriction- whether definition of Group as provided under Companies Act 1956 (referred in the RBI Act) or under the Master Directions for CICs would be applicable.

To comply with the proposed recommendations, the timelines as well as suggested measures must also be recommended.

Multiple Gearing and Excessive Leveraging
Presently there is no restriction on the number of CICs that can exist in a group. Further, there is no
requirement of capital knock
off with respect to investments in other CICs. As a result, the step down CICs can use the capital for multiple leveraging. The effective leverage ratio can thus be higher than that allowed for regular NBFCs.
For Adjusted Net Worth (ANW) calculation, any capital contribution of the CIC to another step-down CIC (directly or indirectly) shall be deducted over and above the 10% of owned funds as applicable to other NBFCs.

Furthe, step-down CICs may not be permitted to invest in any other CIC.

Existing CICs may be given a glide path of 2 years to comply with this recommendation.

Certain business groups developed an element of multiple gearing as funds could be raised by the CICs and as well as by the step down CICs and the other group companies independently. At the Group level, it therefore led to over-leveraging in certain cases.

A graded approach, based on the asset size of the CICs, must have been adopted in respect of leverage, instead of a uniform restriction for all.

Build-up of high leverage and other risks at group level
There is no requirement to have in place any group level committee to articulate the risk appetite and identify the risks (including excessive leverage) at the Group level Every conglomerate having a CIC should have a Group Risk Management Committee (GRMC) which, inter alia, should be entrusted with the responsibilities of

(a)   identifying, monitoring and mitigating risks at the group level

(b)   periodically reviewing the risk management frameworks within the group and

(c)   articulating the leverage of the Group and monitoring the same.

Requirements with respect to constitution of the Committee (minimum number of independent directors, Chairperson to be independent director etc.), minimum number of meetings, quorum, etc. may be specified by the Reserve Bank through appropriate regulation.

There is no particular asset size specified. Appropriately, the requirement should extend to larger conglomerates.








Corporate Governance
Currently, Corporate Governance guidelines are not explicitly made applicable to CICs i.     At least one third of the Board should comprise of independent members if chairperson of the CIC is non-executive, otherwise at least half of the Board should comprise of independent members, in line with the stipulations in respect of listed entities. Further, to ensure independence of such directors, RBI may articulate appropriate requirements like fixing the tenure, non-beneficial relationship prior to appointment, during the period of engagement and after completion of tenure, making removal of independent directors subject to approval of RBI etc.

ii.   There should be an Audit Committee of the Board (ACB) to be chaired by an Independent Director (ID). The ACB should meet at least once a quarter. The ACB should inter-alia be mandated to have an oversight of CIC’s financial reporting process, policies and the disclosure of its financial information including the annual financial statements, review of all related party transactions which are materially significant (5% or more of its total assets), evaluation of internal financial controls and risk management systems, all aspects relating to internal and statutory auditors, whistle-blower mechanism etc. In addition, the audit committee of the CIC may also be required to review (i) the financial statements of subsidiaries, in particular, the investments made by such subsidiaries and (ii) the utilization of loans and/ or advances from/investment by CIC in any group entity exceeding rupees 100 crore or 10% of the asset size of the group entity whichever is lower.

iii.  A Nomination and Remuneration Committee (NRC) at the Board level should be constituted which would be responsible for policies relating to nomination (including fit and proper criteria) and remuneration of all Directors and Key Management Personnel (KMP) including formulation of detailed criteria for independence of a director, appointment and removal of director etc.

iv.  All CICs should prepare consolidated financial statements (CFS) of all group companies (in which CICs have investment exposure). CIC may be provided with a glide path of two years for preparing CFS. In order to strengthen governance at group level, if the auditor of the CIC is not the same as that of its group entities, the statutory auditor of CIC may be required to undertake a limited review of the audit of all the entities/ companies whose accounts are to be consolidated with the listed entity.

v.   All CICs registered with RBI should be subjected to internal audit.

vi.  While there is a need for the CIC’s representative to be on the boards of its subsidiaries / associates etc., as necessary, there is also a scope of conflict of interest in such situations. It is therefore recommended that a nominee of the CIC who is not an employee / executive director of the CIC may be appointed in the Board of the downstream unlisted entities by the respective CIC, where required.

The extent of applicability of NBFC-ND-SI regulations is not clear. The FAQs issued by RBI on CICs (Q12), state that CICs-ND-SI are not exempt from the Systemically Important Non-Banking Financial (Non-Deposit Accepting or Holding) Companies Prudential Norms (Reserve Bank) Directions, 2015 and are only exempt from norms regarding submission of Statutory Auditor Certificate regarding continuance of business as NBFC, capital adequacy and concentration of credit / investments norms.

Further, no asset size has been prescribed – can be prescribed on “group basis”. That is, if group CICs together exceed a certain threshold, all CICs in the group should follow corporate governance guidelines, including the requirement for CFS.

Most of the CICs are private limited companies operating within a group, having an independent director on the board may not be favorable.

Further, carrying out and internal audit and preparing consolidated financials would enable the RBI to monitor even unregulated entities in the Group.

Currently, the requirement of
consolidation comes from the
Companies Act read along with
the applicable accounting
standards. Usually, consolidation
is required only where in case of
subsidiaries, associates and joint

However, if the recommendation
is accepted as is then even a
single rupee investment
exposure would require















Review of Exempt Category and Registration
Currently there is a threshold of ₹ 100 crore asset size and access to public funds for registration as CIC
  1. The current threshold of ₹ 100 crore asset size for registration as CIC may be retained. All CICs with public funds and asset size of ₹ 100 crore and above may continue to be registered with RBI. CICs without access to public fund need not register with the Reserve Bank.
  2. The nomenclature of ‘exempted’ CIC in all future communications / FAQs etc. published / issued by the Reserve Bank should be discontinued.
Since the category of ‘exempted CICs; were not monitored, there was no means to detect when a CIC has reached the threshold requiring registration.

This remains to be a concern.

 Enhancing off-site surveillance and on-site supervision over CICs
There is no prescription for submission of off-site returns or Statutory Auditors Certificate (SAC) for CICs Offsite returns may be designed by the RBI and prescribed for the CICs on the lines of other NBFCs. These returns may inter alia include periodic reporting (e.g. six monthly) of disclosures relating to leverage at the CIC and group level.

A CIC may also be required to disclose to RBI all events or information with respect to its subsidiaries which are material for the CIC.

Annual submission of Statutory Auditors Certificates may also be mandated. Onsite inspection of the CICs may be conducted periodically.

The reporting requirements may help in monitoring the activities of the CICs and developing a database on the structures of the conglomerates, of which, the CIC is a part. This may assist in identification of unregulated entities in the group.



Our other related write-ups:

Our write-ups relating to NBFCs can be viewed here: