Compliance Risk Assessment

Guidance for implementation by NBFCs

Subhojit Shome, Assistant Manager |


The RBI published the Compliance Function and Role of Chief Compliance Officer (CCO) – NBFCs[1] on April 11, 2022 (‘Compliance Circular’) that are applicable on Middle Layer (NBFC-ML) and Upper Layer NBFCs (NBFC-UL) and the deadline to put into place the framework for this function falls due on October 1, 2023 for NBFC-ML and April 1, 2023 for NBFC-UL entities.

The circular brings up the significant aspect of Compliance Risk, a concept that has been for long relevant for Banks[2] and now becomes applicable for specified NBFCs as well. The Compliance Circular define Compliance Risk as follows:

‘the risk of legal or regulatory sanctions, material financial loss or loss of reputation an NBFC may suffer, as a result of its failure to comply with laws, regulations, rules and codes of conduct, etc., applicable to its activities.’

Hence, Compliance Risk goes beyond mere fines and penalties that may arise as a result of compliance irregularities and the Compliance Function needs to consider the entire gamut of adverse events that a company may be exposed to as a result of compliance failures. These may include events with extreme impact such as suspension of business operation or loss of reputation as a result of enforcement action against senior management.

As a crucial piece of being able to anticipate such risks and to put necessary mitigation measures in place the Circular mandates putting in place an effective compliance risk assessment framework and the senior management to review such assessment annually.

Read more