Tracking Your Material Risks – Importance of Risk Register for NBFCs

/0 Comments/in , , , /by

– Subhojit Shome | finserv@vinodkothari.com

Introduction

A Non-Banking Financial Company (NBFC), like other financial intermediaries,  operates in a risk-intensive environment where credit, operational, technology, liquidity and regulatory exposures evolve continuously. To manage these effectively, regulators and international standard-setters increasingly expect institutions to maintain a clear, documented, and continuously updated risk inventory. This document—commonly called a risk register—forms the backbone of an NBFC’s risk management framework. Standards such as ISO 31000 emphasise that organisations must maintain structured documentation of risks, controls and monitoring processes, while the Basel Committee recognises the importance of tools that consolidate information for oversight by senior management and boards. The Reserve Bank of India (RBI), through its compliance, operational risk, outsourcing, and information technology governance guidelines, also implicitly requires NBFCs to maintain evidence of risk identification, assessment and monitoring. Together, these expectations make a risk register not just a good practice, but an essential governance artefact.

This article explains what risk registers are, outlines the material risks relevant to NBFCs, describes the contents and structure of effective risk registers, discusses the merits of consolidated versus separate registers, and demonstrates how risk registers are used in practice.

What is a Risk Register?

ISO 73:2009 Risk management—Vocabulary defines a risk register as – record of information about identified risks. A risk register is a structured record that captures an organisation’s identified risks, the causes and consequences of those risks, the controls in place to manage them, the effectiveness of those controls, and the actions planned to further mitigate them. It is not merely a compliance document but a living tool that helps decision-makers view exposures at a glance, track risk levels, and allocate resources. The concept and practice are consistent with ISO 31000’s emphasis on systematic identification, assessment and treatment of risk.

For an NBFC, which must demonstrate proactive risk management under multiple RBI frameworks—including the SBR Master Directions, the operational risk guidance note, outsourcing guidelines, digital lending rules, and IT governance expectations—the register is foundational evidence of risk awareness and accountability.

Figure 1: An illustrative Snapshot of a Risk Register

Risks for Which NBFCs Should Maintain Registers

An NBFC typically faces a wide spectrum of material risks that require structured tracking. The most prominent among these is credit risk, arising from borrower defaults and delinquencies, portfolio deterioration and concentration exposures. NBFCs must also track liquidity risks, especially given their reliance on market borrowings and investor confidence. Operational risks, defined by Basel and adopted by the RBI as losses due to failed processes, people, systems or external events, form a substantial part of an NBFC’s potential vulnerabilities—from frauds and system outages to process gaps.

With increasing digitisation, IT and cybersecurity risks have become highly material. RBI’s guidelines on information technology governance frameworks require NBFCs to implement ongoing monitoring and incident tracking mechanisms, all of which depend on clear risk documentation. Similarly, third-party and outsourcing risks, emphasised by both RBI, are significant given NBFCs’ reliance on technology partners, collection agencies, loan service providers and outsourcing arrangements. NBFCs must also account for regulatory and compliance risks, model and data risks, and conduct and reputational risks that emerge from customer interactions and business practices. Finally, strategic and ESG-related risks are gradually gaining prominence in supervisory expectations.

Components of a Risk Register

Although institutions may customise formats, an effective risk register should contain certain core elements. Each entry should describe the risk clearly, including its causes, potential business impact, and the business unit or process where it arises. It should include an inherent risk assessment (before considering controls) and a residual risk assessment (after controls). Controls must be recorded along with their owners and the results of recent effectiveness testing. The register should also assign a responsible risk owner at a senior level to ensure accountability. Key Risk Indicators (KRIs), where relevant, should be linked to the risk entry along with thresholds, recent values and escalation triggers. Finally, each risk entry should reflect remediation actions, timelines and review dates to ensure the register remains a dynamic management tool rather than static documentation.

An actionable risk register should be concise, structured, and linked to governance and reporting. Recommended fields include:

Figure 2: Contents of a Risk Register

What an Enterprise-Wide Risk Register Looks Like

An enterprise-wide risk register (EWRR) consolidates the institution’s major risks across all business lines into a single, coherent view. In practice, this register acts as the central dashboard for senior management and the Board. It includes credit, operational, cyber, market, liquidity, compliance, strategic and reputational risks, each summarised in a uniform format. The EWRR provides an aggregated view of risk severity, risk levels, and concentration areas. For example, it may highlight that operational risks linked to IT outages are trending upward, or that credit risk concentration in a specific sector has crossed internal appetite thresholds.

Importantly, the EWRR does not replace detailed sub-registers maintained by specialised teams; instead, it integrates their findings. Basel supervisory materials emphasise consolidation as essential for Board oversight, and the EWRR serves precisely that purpose.

Separate Risk Registers vs an Enterprise-Wide Register

NBFCs often question whether it is more effective to maintain a single enterprise-wide register or individual registers for each risk category. Two common approaches exist: maintaining one enterprise-wide register (single source of truth) or maintaining focused registers (e.g., Operational Risk Register, Credit Risk Register) with a roll-up to an enterprise view. Both approaches are widely accepted; choice depends on size, complexity and risk-data capabilities.

In practice, the most effective approach is hybrid. Individual registers—for credit, operational, cyber/IT, third-party risk and others—allow specialised teams to capture detailed technical information, testing results, and granular observations. These feed into the enterprise-wide register, which provides the Board and CRO with clear, aggregated insights. Maintaining only the EWRR risks leads to oversimplifying important technical details, while relying exclusively on separate registers makes it difficult to achieve the consolidated oversight that regulators and Boards expect.

The best practice is to have a centralized ownership of taxonomy and scoring methodologies for the specialised risk registers and the EWRR. This is in accordance with para 32 of the Principles for Effective Risk Data Aggregation and Risk Reporting (BCBS), which states –

A bank should establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data (metadata), as well as use of single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts.

This fits in well with the hybrid approach where specialized registers maintained for detailed tracking but using a common data definition may be conveniently aggregated into a  governance-level enterprise register containing material risks, owners, KRIs and status for Board reporting.

Applications of a Risk Register in Practice

Risk registers influence nearly every stage of the risk management lifecycle. They support risk identification during new product assessments, process reviews and internal audit findings. They allow risk measurement through inherent/residual scoring and KRIs, ensuring early detection of deteriorating risk conditions. They facilitate the evaluation of controls, since internal audit and risk teams use the register as the primary record of what controls exist and how effective they are. Action plans arising from incidents, audits or supervisory observations are also tracked through the register, making it a central management tool.

Regulations call for a number of risk assessments including compliance risk assessment, ML/ TF risk assessment, information technology and cybersecurity risk assessment, outsourcing risk assessment, identification and assessment of operational risks, etc. NBFCs draw on the risk registers to supply the list of risk events, their inherent likelihood and consequence and provide the residual risks remaining with the company.

Risk registers are also a prerequisite for risk based internal audit. Risk registers, containing the list of internal controls, risk events and levels of inherent and residual risk, along with the Board’s risk appetite statement and tolerance limits form the basis of formulating the internal audit coverage. For more information on audit coverage refer to our write up here

For reporting, the register forms the basis of periodic risk reports, senior management dashboards and regulatory submissions where required. During supervisory reviews, the RBI often tests whether an NBFC can produce documented evidence of risk identification, control ownership, monitoring and remediation—exactly what a well-maintained register provides. In this way, the risk register becomes both a governance mechanism and a demonstration of compliance readiness.

RBI outsourcing directions emphasise documentation of material outsourcing arrangements and evaluation of outsourcing risk. A risk register is the optimum tool for such third-party risk management to track and escalate both foreseeable and actual outsourcing incidents and due-diligence findings.

Conclusion

For NBFCs, maintaining risk registers is not merely a procedural obligation; it is a critical part of the organisation’s risk culture and governance framework. International standards (ISO 31000), global supervisory principles (Basel Committee), and regulatory expectations all converge on the need for structured, documented, and regularly monitored risk inventories. A robust risk register—supported by discipline, clear ownership and periodic review—enables NBFCs to anticipate threats, strengthen controls, improve decision-making and satisfy supervisory expectations. As NBFCs continue to scale, digitalise and partner with third-party ecosystems, the importance of maintaining comprehensive, dynamic and enterprise-aligned risk registers will only grow.

Our other resources on risk management:

Meta-morphed: A corporate bond that puts $27 billion off-the-balance-sheet

/0 Comments/in , , , /by
Meta structures a data center investment funding with cash flows linked with rentals and guarantees

– Vinod Kothari | finserv@vinodkothari.com

In India, we often say: upar wala sab dekhta hai (God sees it all). However, if I could do things which God the almighty does not or cannot see, I will be most happy to do those. Doing things off-the-balance-sheet is always equally tempting; structurers of Frankenstein financial instruments have already tried to bring ingenuity to explore gaps in accounting standards to create such funding structures where the asset or the relevant liability does not show on the books. Recently, a $ 27 billion bond issuance by an SPV called Beignet Investor, LLC may have the ultimate effect of keeping the massive investment done at the instance of Meta group  kept off-the-balance-sheet. 

Structural Features

Essentially, the deal involves issuance of  bonds to the investors, the servicing of which is through the cash flows generated from the lease payments. Further, a residual value guarantee has been provided by the group entity which has again led to a rating upliftment for the bonds issued. 

The essential structure of the transaction involves a combination of project finance, lease payments and a residual value guarantee to shelter investors from project-related risks, and use of an operating lease structure, apparently designed to keep the funding off the balance sheet of Meta group. It is a special purpose joint venture which keeps the funding liability on its balance sheet.

Let us understand the transaction structure:

  • Meta intends to do a huge capex to build a massive 2.064-GW data center campus in Richland Parish, LA. The cost of this investment is estimated at $27 billion in total development costs for the buildings and long-lived power, cooling, and connectivity infrastructure at the campus. The massive facility will take until 2029 to finish.
  • The expense will be incurred by a joint venture, formed for the purpose, where Meta (or its group entities) will hold a 20% stake, and the 80% stake will come from Blue Owl Capital. The two of them together form the JV called Beignet Investor, LLC (issuer of the bonds).
  • The JV Co owns an entity called Laidley LLC, which will be the lessor of the data center facilities.
  • The lessee is a 100% Meta subsidiary, called Pelican Leap LLC, which enters into 4 year leases for each of the 11 data centers. Each lease will have a one-sided renewal option with 4 years’ term each, that is to say, a total term at the discretion of the lessee adding to 20 years. The leases are so-called triple-net (which is a term very commonly used in the leasing industry, implying that the lessor does not take any obligations of maintenance, repairs, or insurance). 
  • The 20-year right of use, though in tranches of  4 years at a time, will mean the rentals are payable over as many years. This is made to coincide with the term of amortisation of the bonds issued by the Issuer, as the bonds mature in 2049 (2026-2029 – the development period, followed by 20 years of amortisation).
  • If the lease renewal is at the option of the lessee, then, how is it that the lease payments for 20 years are guaranteed to amortise the bonds? This is where the so-called “residual value guarantee” (RVG) comes in. RVG is also quite a common feature of lease structures. In the present case, from whatever information is available on public domain, it appears that the RVG is an amount payable by Meta Platforms under a so-called Residual Value Guarantee agreement. The RVG on each renewal date (gaps of 4 years) guarantees to make a payment sufficient to take care of the debt servicing of the bonds, and is significantly lower than the estimated fair value of the data center establishment on each such date. 

The diagram below by provides for the transaction structure: 

Off-balance sheet: Gap in the GAAP?

Of course, as one would have expected, the rating agency Standard and Poor’s that was the sole rating agency having given rating for the bonds, its report does not say the structure is off-the-balance sheet for the lessee, a Meta group entity. However, various analysts and commentators have referred to this funding as off-the-balance sheet. For example, Bloomberg report  says The SPV structure helps tech companies avoid placing large amounts of debt on their balance sheets”. Another report says that the huge debt of $ 27 billion will be on the balance sheet of Beignet, the JV, rather than on the books of Meta. An  FT report says that bond was priced much higher than Meta’s balance sheet bonds, at a coupon of 6.58%, as a compensation for the off-balance sheet treatment it affords. A write up on Fortune also refers to this funding as off-the-balance sheet. 

In fact, Meta itself, on its website, gives a clear indication that the deal was struck in a way to ensure that the funding is not on the balance sheet of Meta or its affiliates. Here is what Meta says: 

Meta entered into operating lease agreements with the joint venture for use of all of the facilities of the campus once construction is complete. These lease agreements will have a four-year initial term with options to extend, providing Meta with long-term strategic flexibility.

To balance this optionality in a cost-efficient manner, Meta also provided the joint venture with a residual value guarantee for the first 16 years of operations whereby Meta would make a capped cash payment to the joint venture based on the then-current value of the campus if certain conditions are met following a non-renewal or termination of a lease.”

Here, two points are important to understand – first, the operating lease/financial lease distinction, and second, the so-called residual value guarantee – what it means, and why it is opposite in the present case.

The distinction between financial and operating leases, the key to the off-balance sheet treatment of operating leases, was the product of age-old accounting standards, dating back to the 1960s. In 2019, most countries in the world decided to chuck these accounting standards, and move to a new IFRS 16, which eliminates the distinction between financial and operating leases, at least from the lessee perspective. According to this standard, every lease will be put on the balance sheet, with a value assigned to the obligation to pay lease rentals over the non-cancellable lease term.

However, USA has not aligned completely with IFRS 16, and decided to adopt its own version called ASC 842 for lease accounting. The US accounting approach recognises the difference between operating leases and financial leases, and if the lease qualifies to be an operating lease, it permits the lessee to only bring an amount equal to the “lease liability”, that is, the discounted value of lease rentals as applicable for the lease term.

As to whether the lease qualifies to be an operating lease, or financial lease, one will apply the classic tests of present value of “lease payments” [note IFRS uses the expression “minimum lease payments”], length of lease term vis-a-vis the economic life of the asset, existence of any bargain purchase option, etc. “Lease payments” are defined to include not just the rentals payable by a lessee, but also the minimum residual value. This is coming from para 842-10-25-2(d). The reading of this para is sufficiently complicated, as it makes cross references to another para referring to a “probable payment” under “residual value guarantees”. The reference to para 842-10-55-34 may not be needed in the present case, as the residual value agreed to be paid by the lessee is included in “lease payment” for financial lease determination by virtue of the very definition of financial lease. Therefore, it remains open to interpretation whether the leases in the present case are indeed operating leases.

Considering that the residual value guarantee from the parent company in the present case may not meet the requirements for its inclusion in “lease payments”, it is unlikely that the lease payments over any of the 4 year terms will meet the present value test, to characterise the lease as a financial lease. Also, the economic life of the commercial property in form of the data centers may be significantly longer than the 20 year lease period, including the option to renew. Hence, the lease may quite likely qualify as an operating lease.

Residual value guarantee: Rationale and Implications

In lease contracts, a residual value guarantee by the lessee is understandable as a conjoined obligation with fair use and reasonable wear and tear of assets. In the present case, if the lessee is a tenant for only 4 years, and the renewal thereafter is at the option of the lessee. If the lessee chooses not to renew the lease, the lessee is exercising its uncontrolled discretion available under the lease. So, what could be the justification for the parent company being called to make a payment for the residual value of the property? After all, the property reverts to the lessor, and whatever is the value of the property then is the asset of the lessor. 

In the present case, it seems that the RVG comes under a separate agreement – whether that agreement is linked with the leases is not sure. However, for the holistic understanding of any complicated transaction, one always needs to connect all the dots together to get a a complete understanding of the transaction. If the lessee or a related party is paying for future rentals, it transpires that the understanding between the parties was a non-cancelable lease, and the RVG is a compensation for the loss of future rentals to the lessor. If that is the overall picture, then the lease may well be characterised as a financial lease.

Is the lessee’s balance sheet immune from the bond payment liability?

A liability is what one is obligated to pay; a commitment to pay. The $ 27 billion liability for the bonds in the present case sits on the balance of the JV Company. However, the question is, ultimately, what is it that will ensure the repayment of these bonds? Quite clearly, the payment for the bonds is made to match with the underlying lease payments, with a target debt service coverage. In totality, it is the lease payments that discharge the bond obligation; there is nothing else with the JV company to retire or redeem the bonds. From this perspective as well, an off-balance-sheet treatment at the lessee or at the group level seems tough.

However, off-balance-sheet may not be the objective really. What matters is, does the structure insulate Meta group from the risks of the payments from the data center. From the available data, it appears that the project related risks, from delays in completion to non-renewal, are all taken by Meta. Therefore, even from the viewpoint of project-related risks, there do not seem to be sufficient reasons for any off-balance sheet treatment.

Disclaimer: The analysis in the write-up above is limited to the reading that could be done from write-ups/materials in public domain.  

Other Resources:

RBI Trade Relief Directions: How is your company impacted?

/0 Comments/in , , , , , /by

– Team Finserv | finserv@vinodkothari.com

Call it Trump relief! The RBI announced relief measures on the 14th Nov to help the exporters of certain specified items, who may have availed export credit facilities from a regulated lender, whereby all regulated entities (REs) “may” provide a moratorium, from 1st September 2025 to 31st December, 2025. The grant of such a relief shall be based on a policy, consisting of the criteria for grant of the subject relief, and such criteria shall be disclosed publicly. Not only this, REs shall also make a fortnightly disclosure of the reliefs granted to eligible borrowers on a RBI format on Daksh portal.

The Reserve Bank of India (Trade Relief Measures) Directions, 2025 (‘Directions’) are applicable to NBFCs and HFCs as well. This is accompanied with amendment to Foreign Exchange Management (Export of Goods and Services) (Second Amendment) Regulations, 2025 for extension of the period for both realization/repatriation of export value (from 9 to 15 months) and the shipment of goods against advance payment (from 1 to 3 years).

Highlights:

  • Whether your company grants an export credit or not, if your borrower is the one who has availed export credit for export of specified goods or services, the borrower may approach you for the moratorium.
  • Are you bound to grant the moratorium? Answer is, no. However, basis a policy which is publicly hosted, you will consider the eligibility of the borrower. The relevant factors on which the eligibility will be examined may also form a part of the policy, and ideally, should include the extent of dependence on exports of specified items to the USA, tariff-based disruption in the cashflows, alternative markets and transitioning possibilities, etc.
  • Effective: Immediately. 
  • Actionables: (a) Framing of policy to consider the eligibility of affected borrowers; (b) Hosting the policy on public website; (c) Creating mechanism for receiving and transmission of borrower requests for the moratorium and giving timely responses to the same (d) RBI fortnightly reporting.

What is the intent?

To mitigate the disruptions caused by global headwinds, and to ensure the continuity of viable businesses.

Tariff impositions by the USA are likely to impact several exporters. There may be a ripple effect on penultimate sellers or other segments of the economy as well, but the intent of the Trade Relief Directions seems limited to the direct exporters only.

Which all regulated entities are covered?

The Directions are applicable to following entities:

  • Commercial Banks
  • Primary (Urban) Co-operative Banks, State Co-operative Banks and Central Co-operative Banks
  • NBFCs
  • HFCs
  • All-India Financial Institutions
  • Credit Information Companies (only with reference to paragraph 16 of these Directions).

Does it matter whether the RE in question is giving export credit facilities or not? In our view, it does not matter. The intent of the Directions is to mitigate the impact of trade disruptions. Of course, the borrower in question must be an exporter, must have an export credit facility outstanding as on 31st Aug 2025, and the same must be standard.

If these conditions are met, then the RE which holds the export credit, as also other REs (of course, the nexus between the trade disruption and the servicing of the credit facility will have to be seen) should consider the borrower for the purpose of grant of relief.

Relief may or may not be granted. 

Policy on granting relief

The consideration of the grant of relief will be based on a policy. 

Below are some of the brief pointers to be incorporated in the policy: 

  1. Purpose and Scope: define which loan products, sectors, or borrower categories are covered; effective period for granting relief
  2. Eligibility Criteria for borrowers
  3. Assessment criteria for relief requests received from the borrowers
  4. Authority responsible for approving such request
  5. Relief measures that can be offered to borrowers
  6. Impact on asset classification and provisioning
  7. Disclosure Requirements
  8. Monitoring and Review: Authority which is responsible for monitoring such accounts; periodicity of review

How is the assessment of eligible borrowers to be done?

In our view, the relevant information to be obtained from the candidates should be:

  • Total export over a relevant period in the past, say 3 years
  • Break up of export of “impacted items” and other item
  • Of the above, exports to the USA
  • Gross profit margin
  • Impact on the cashflows
  • Information about cancellation of export orders from US importers
  • Any damages or other payments receivable from such importers
  • Any damages or other payments to be made to the penultimate suppliers
  • Alternative business strategies – repositioning of markets, alternative buyer base, etc
  • Cashflow forecasts, and how the borrower proposes to pay after the Moratorium Period.

What sort of lending facilities are covered?

Please note the following from the preamble: “mitigating the burden of debt servicing brought about by trade disruptions caused by global headwinds and to ensure the continuity of viable businesses”. Therefore, clearly, the relief intended here is one where “trade disruptions” create such a burden on debt servicing, which may impact the viability of the business.

From this, it implies that the entity in question must be a business entity, and the loan in question should be a business loan. 

In our thinking, the following facilities seem covered:

  1. Export credits of all forms, including packing credit, funded as well as unfunded, letters of credit, etc.
  2. Buyer’s credit or facilities for inward acquisitions/purchases by an exporter
  3. Cash credits, overdrafts or working capital related facilities, intended for export business of impacted items.
  4. Term loans relating to an impacted business
  5. Loans against property, where the end use is working capital

Eligible and ineligible borrowers:

Eligible borrowers:

  • Borrowers who have availed credit for export
  • Borrower had an outstanding export credit facility from a RE as of August 31, 2025 (However, in case the borrower has a sanctioned facility pending disbursement as on Aug 31, the same shall not be eligible)
  • Borrower with all REs was/were classified as ‘Standard’ as on August 31, 2025

In our view, the following borrowers/ credit facilities are not eligible for the relief:

  • Individuals or borrowers who have not borrowed for business purposes
  • Home loans or loans against specific assets or cashflows, where the debt servicing is unconnected with the cash flows from an export business
  • Loans against securities or against any other financial assets
  • Gold loans, other than those acquired for business purposes
  • Car loans, loans against commercial vehicles or construction equipment, unless the borrower is engaged in export business and the cashflows have a nexus with such business
  • Borrower is engaged in exports relating to any of the sectors specified
  • Borrower accounts which were restructured before August 31, 2025
  • Accounts which are classified as NPA as on August 31, 2025

Consider a borrower who is not an exporter himself, but an ancillary supplier, supplying to a trading house. Will such a penultimate exporter be covered by the Relief Directions? In our view, the answer is negative, as the “eligible borrowers” are defined to mean an exporter.

Impacted items and impacted markets

The list of impacted items broadly covers a wide spectrum of manufacturing and export-oriented sectors, including marine products, chemicals, plastics, rubber, leather goods, textiles and apparel, footwear, stone and mineral-based articles, jewellery and precious metals, metal products, machinery, electrical and electronic equipment, automobiles and auto components, medical and precision instruments, and furniture and furnishing items.

Is it mandatory that the borrower shall be exporting to USA? While the Directions do not specifically mandate that the borrower shall be exporting to the USA, the concerned REs should, as part of their assessment, evaluate whether the borrower genuinely requires such relief measures and, in our view, should consider the extent to which the borrower depends on exports of the specified items to the USA.

Why have HFCs been covered?

Generally speaking, the servicing of home loans is not supposed to be based on business cashflows, and therefore, the impact of trade disruptions on servicing of a home loan does not seem easy to establish.

However, HFCs grant other credit facilities too, including LAP or business loans. Therefore, there is no carve out for HFCs as such. HFCs are also expected to prepare the policy referred to above and be sensitive to requests from impacted borrowers.

Is the moratorium retrospective?

Yes, clearly, the moratorium is retrospective, as it covers the period from 1st September to 31st December. This is the range over which the moratorium may be granted; of course, the decision as to how much moratorium, within the above maximum range, is warranted in the particular case, is that of the lender. Let us call the agreed moratorium as the Moratorium Period.

If the moratorium is granted from 1st Sept., then any payments which were due for the period covered by the Moratorium Period will  not be taken as having fallen due. This will have significant impact on the loan management systems:

  • Considering that we are already in the middle of November, the day count for any payments due during the part of the Moratorium Period will be set to zero. In other words, day count will stop during the Moratorium Period. Thus, if an account was showing a DPD status of 60 days as on Aug 31, 2025, the DPD count will remain at a standstill till the moratorium period is over.
  • However, in case a borrower has made payment during the moratorium period, will the DPD count decrease or will it remain the same? 

The RBI Directions state that the days past due (DPD) count during the moratorium period will be excluded. However, this does not imply that a borrower who makes payments during this period should be denied the corresponding benefit. In our view, if a payment is received from the borrower, the DPD count should accordingly be reduced.

  • Any payments already made during the part of the Moratorium Period already elapsed may be taken towards principal, or may be held to be adjusted against the future dues of the borrower, after the Moratorium Period. This should also, appropriately, be captured in the policy.
  • Further, for accounts for which the CIC reporting has already been done on or after Aug 31, 2025, and the lender decides to extend the moratorium benefit, it must be ensured that the DPD count is revised so as to reflect the status as on Aug 31, 2025. 

Do lenders have to necessarily grant moratorium, or grant partial interest/principal relief?

The RBI Directions do not mandate REs from granting such relief measures. Accordingly, the concerned RE will need to assess individual cases based on the sectors, the need for such relief and the extent to which such relief may be granted. 

Lenders may grant full moratorium during the Moratorium Period, or may grant relief as may be considered appropriate.

Do lenders take positive actions, or simply respond to borrower requests?

The lenders must establish a policy for granting such relief measures prior to extending any relief, as the authority to do so will be derived from this policy. As discussed above, the discretion to grant relief rests with the concerned RE; therefore, each request submitted by a borrower must be evaluated on an individual basis.

For this purpose, the following information must be obtained from the borrowers seeking relief:

  1. The concerned sector and how the same has been impacted necessitating such relief
  2. Information relating to the current financial condition of the business of the borrower
  3. Facilities taken and outstanding with other REs 

Non-compounding of interest during the Moratorium Period:

Para 9 (iii) provides that while interest will accrue during the Moratorium Period, but the interest shall be simple, that is, shall not be compounded.

This may require REs to tweak their loan management systems to stop the compounding of interest during the Moratorium Period. 

However, the actual population of affected borrowers for a particular RE may be quite limited. Hence, REs may do manual or spreadsheet-based adjustments for affected borrowers, instead of making adjustments to their LMS itself.

Recomputation of facility cashflows after Moratorium:

During the moratorium period, as per the RBI directive, the lender can only accrue simple interest. Accordingly, the IRR of the credit facility will have a negative impact unlike the covid moratorium where the compound interest loss was compensated by the central government. 

Further, it has also been provided that the accrued interest may be converted into a new term loan which shall however be repayable in one or more installments after March 31, 2026, but not later than September 30, 2026. Accordingly, the accrued interest should anyhow be received by September 30, 2026.

Similar moratoriums in the past

  • Moratorium on loans due to COVID-19 disruption: Refer to our write-up here.
  • Moratorium 2.0 on term loans and working capital: Refer to our write-up here.

Our write-ups on similar topics:

Data Privacy Law and Rules notified: 18 months’ time to implement

/0 Comments/in , , /by
Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download as PDF [559.19 KB]

Referral or Representation? The Fine Line Between LSP, DSA and Referral Partner

/0 Comments/in , , /by

Simrat Singh & Sakshi Patil | finserv@vinodkothari.com

India’s lending landscape is evolving from traditional, branch-led lending to digital and now “phygital” models, involving multiple intermediaries connecting borrowers and lenders. For regulated entities (REs), three different terms referring to loan intermediaries are commonly seen: Lending Service Providers (LSPs), Direct Selling Agents (DSAs) and Referral Partners. 

At first glance, these roles may appear similar since all “bring in business.” But as far as the RBI is concerned, the difference determines how much regulatory oversight the lender must exercise over these participants. This article attempts to answer who’s who in this lending chain, and more importantly, where a simple referral ends and a regulated lending function begins.

The Lending Trio: LSPs, DSAs and Referral Partners

LSPs: The digital lending backbone

In the digital lending framework, the most central participant is the LSP who are engaged by the REs to carry out some functions of RE in connection with its functions on digital platforms. These LSPs may be engaged in customer acquisition, underwriting support, recovery of loan, etc. The RBI’s Digital Lending Directions, 2025 define an LSP as:

An agent of a RE (including another RE) who carries out one or more of the RE’s digital lending functions, or part thereof, in customer acquisition, services incidental to underwriting and pricing, servicing, monitoring, or recovery of specific loans or loan portfolios on behalf of the RE, in conformity with the extant outsourcing guidelines issued by the Reserve Bank.”

The emphasis on the term “agent” is crucial since being an agent becomes a precondition to becoming an LSP. An agent is a person employed to act for another; to represent another in dealings with third persons within the overall authority granted and can legally bind the principal by their actions (more discussion on agency later). This distinguishes an agent from a mere vendor or service provider who delivers a contracted service but has no authority to affect the principal’s relationship with third parties and neither is subjected to a degree of control from the principal.

DSAs: The traditional middle ground

DSAs, though not formally defined by the RBI, their appointment, conduct and RE’s oversight on them is governed by Annex XIII of the SBR Directions (Instructions on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs) for NBFCs and by Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by Banks for Banks. DSAs operate largely in physical or “phygital” lending models, focusing on loan sourcing. They represent the lender while dealing with potential borrowers. However, their functions are narrower than those of an LSP. A DSA’s role typically ends with lead generation and preliminary documentation, without involvement in underwriting, servicing or recovery. While the DSA is an agent, it plays a more limited role in the lending value chain and has minimal borrower-facing obligations post origination.

Referral Partners: The nudge before negotiation

Referral Partners perform the most limited role. They simply share leads or basic borrower information with the lender and have no authority to represent or bind the lender. Their role is confined to referral i.e. the providing the first nudge to the lender. They are treated as independent contractors or service providers, not agents and operate under commercial referral agreements. The RE does not exercise control over their operations, nor is it responsible for their actions beyond the agreed referral activity. The distinction lies not in what they do (introducing borrowers) but in what they cannot do i.e. represent the lender or perform any of its lending functions.

Referral ≠ Representation: The Agency Test

The most important question then arises “How does one determine whether a person is an LSP, DSA, or a referral partner?”. All three may assist in borrower acquisition, but the answer might lie in distinguishing referring from representing. To be classified as an LSP (or even a DSA), the person must first be the agent of the RE, not just a vendor or service provider. The test of agency has been laid down in the Supreme Court’s decision in Bharti Cellular Ltd. v. Commissioner of Income Tax1. The Court, in para 8, observed that the existence of a principal–agent relationship depends on the following elements:

  1. The authority of one party to alter the legal relationship of the other with third parties;
  2. The degree of control exercised by the principal over the agent’s conduct (less than that over a servant, but more than over an independent contractor);
  3. The existence of a fiduciary relationship, where the agent acts on behalf of and under the guidance of the principal;
  4. The obligation to render accounts to the principal, and the entitlement to remuneration for services rendered.

Further, the Court clarified in para 9 that the substance of the relationship, not just its form, determines whether agency exists. If a person is neither authorised to affect the principal’s relationship with third parties nor under its control, and owes no fiduciary obligation, the person is not an agent, regardless of what the contract calls them. 

Similarly, in Bhopal Sugar Industries v. Sales Tax Officer2, the Supreme Court had observed that the mere word ‘agent’ or ‘agency’ is not sufficient to lead to the inference that parties intended the conferment of principal-agent status on each other. Mere formal description of a person as an agent is not conclusive to show existence of agency unless the parties intend it so hence, “the true relationship of the parties in such a case has to be gathered from the nature of the contract, its terms and conditions, and the terminology used by the parties is not decisive of the said relationship.”

On the aspect of supervision and control, the Supreme Court in para 40 of the Bharti Cellular ruling stated:

An independent contractor is free from control on the part of his employer, and is only subject to the terms of his contract. But an agent is not completely free from control, and the relationship to the extent of tasks entrusted by the principal to the agent are fiduciary….The distinction is that independent contractors work for themselves, even when they are employed for the purpose of creating contractual relations with the third persons. An independent contractor is not required to render accounts of the business, as it belongs to him and not his employee.

In lending transactions, therefore, the relevant considerations to determine whether an agency exists or not may be:

  1. Does the agency have the authority, under a contract with the principal, to represent the principal to create any relationship with the borrower?;
  2. Does the agency have the authority to approach potential borrowers, representing that the agency can source a loan from the RE?;
  3. What is the role of the agency in the loan contract – is the loan contract established between the lender and the borrower through the agent?;
  4. Does the agency agreement control/regulate the manner of the agent’s dealings with the borrowers?;
  5. Effectively, is the agency the interface between the RE and the borrowers?

Paanwala and the Poster: Not everyone who sells a loan lead is an LSP

To illustrate the difference between LSP/DSA and Referral Partner, consider a simple example. You stop at your neighbourhood paanwala for your regular paan or pack of mints. Between the faded ads for mobile recharges and UPI QR codes, one new poster catches your eye “Need a personal loan? Look No Further ! Fast approvals”. Curious, you ask if the shopkeeper has joined the finance world. Smiling, he replies, “Arre nahi sahib, I just share numbers! You give me your name and phone number, I’ll send it to my guy. If your loan gets approved, I get a small tip!” No exchange of KYC documents, no app, no credit score. Now, does this make the paanwala an LSP under the Digital Lending Directions? He may appear as performing a part of the customer acquisition function of the lender so should he now comply with outsourcing norms, data protection protocols and grievance redressal requirements? Of course not.

The paanwala is a pure referral partner. His role ends with introducing a potential borrower to a contact connected to a lender. He does not represent the lender, verify or collect documents, underwrite, service, or recover loans, nor can he legally bind the lender through his actions. Mere referral, without agency and without performing a lending function, does not make one an LSP. Passing a phone number over a cup of chai does not amount to digital intermediation.

BasisReferral PartnerLSP
Scope of activityLimited to sharing leads with the lenderPerforms one or more of the lenders functions w.r.t in customer acquisition, services incidental to underwriting and pricing, servicing, monitoring, recovery
Access to prospective customer’s information and documentsOnly basic contact information necessary for the lender to approach the customer for the loan is sharedTo the extent relevant for carrying out its functions
RepresentationDoes not represent the RERepresents the RE
Agency & PrincipalNot an agentAppointed as an agent
DLGCannot provideCan provide (in case of Digital Lending and Co-lending)
Applicability of Outsourcing GuidelinesNot applicableApplicable
Mandatory due diligence  before appointmentNot applicableApplicable
Appointment of GRONo such requirementLSP having interface with borrower needs to appoint a GRO
Right to auditNo right of RERE has a right
Disclosure on the website of the lenderNot applicableApplicable

Table 1: Distinction between Referral Partner and LSP

Conclusion

As digital lending continues to expand in India, ensuring that every intermediary’s role aligns with its true legal character is essential. The key in determining the true nature of the relationship would ultimately rest on the contractual terms that must reflect the true nature of the relationship. Misclassifying these entities can expose lenders to compliance risks under RBI’s outsourcing and digital lending guidelines.

  1. [2024] 2 S.C.R. 1001 : 2024 INSC 148 ↩︎
  2. 1977 AIR 1275 ↩︎

Our resources on the same:

  1. Lending Service Providers for digital lenders: Distinguishing agency contracts and principal-to-principal contracts
  2. Principles of Neutrality for Multi-Lender Platforms
  3. Multi-lender LSPs – Compliance & Considerations
  4. Outsourcing (Direct Selling Agent) v. Business Correspondent route
  5. Resources on Digital Lending

India FSAP 2025: Key Takeaways and Policy Recommendations

/0 Comments/in , , , , , , /by

– Chirag Agarwal, Assistant Manager | chirag@vinodkothari.com

A joint World Bank-IMF team visited India in 2024 to update the findings of the Financial Sector Assessment Program (FSAP), which took place in 2017. World Bank on October 30, 2025 released the report1 which summarises the main findings of the mission, identifies key financial development issues, and provides policy recommendations.

We were in touch with the FSA team for our recommendations on certain aspects. The FSA recommendation on leasing (discussed below) is based on our feedback.

This article discusses in brief the key takeaways from the FSA Report.

Key Takeaways:

  1. Stronger and More Diversified Financial System: As per the report, India’s financial system has become more resilient, inclusive, and diversified since the previous 2017 assessment. Non-bank financial institutions (NBFIs) and market financing (other than from banks) now account for 44% of total financial assets—up from 35% in 2017—reflecting deeper financial intermediation beyond banks.
  2. Reforms Critical for India’s 2047 Growth Vision: The report suggests that to achieve the target of a USD 30 trillion economy by 2047, India must modernize its financial architecture to channel both domestic and foreign savings into productive investment, deepen capital markets, and attract long-term infrastructure and green financing2.
  3. Macroprudential Tools: The assessment highlights rising systemic risks due to financial diversification and interlinkages. It recommends expanding data collection and deploying macroprudential tools—including introducing Debt Service to Income (DSTI) limits across banks and NBFCs and building counter-cyclical capital buffers (CCyBs) for banks to manage liquidity, intersectoral contagion, household credit risks, and climate-related financial risks
  4. Regulatory and Supervisory Enhancements: While India’s regulatory oversight framework for banks, insurers, and markets is broadly sound, lingering issues include state influence on regulators, limited powers over governance of state-owned entities, and gaps in conglomerate and climate-risk supervision. The report suggests that efforts should be made to ensure better coordination between regulators and extending the scope of the regulatory and supervisory frameworks.
  5. Banking and NBFC Reforms: The report stresses adoption of IFRS 9, enforcing Pillar 2 capital add-ons, and elimination of prudential exemptions for state-owned NBFCs. It also suggests considering additional liquidity requirements tailored to different business models.
  6. Tax  treatment of leasing: The report suggests that to diversify MSME finance the tax treatment of leasing should be reviewed to ensure an equal treatment between lease and debt transactions. At present, interest on loans is exempted under the GST laws and hence, there is no GST levied on the loan repayments, however, the entire rentals are subject to GST in case of financial leases.
  7. Transfer of oversight function of NHB to RBI: While regulation of HFCs moved to RBI in 2019, supervision still rests with NHB, which follows a limited, compliance-based approach. Shifting supervision to RBI would strengthen oversight and remove the conflict of interest since NHB also acts as promoter and refinancer for HFCs.
  8. MSME Finance: The report recommends integrating TReDs with the e-invoicing portal for automatic invoice uploads. It also suggests incentivizing large buyers and mandating state-owned enterprises to upload invoices to improve cash flow for MSMEs. Further, the report also mentions that SIDBI’s funding support to NBFCs, including NBFC factors, should be increased, along with developing credit enhancement and guarantee facilities for NBFC bonds and MSME loan securitizations.
  1. https://documents1.worldbank.org/curated/en/099103025110514063/pdf/BOSIB-606133f7-2e00-4696-9b41-57f3737d140d.pdf
    ↩︎
  2. See our resources on sustainable financing: https://vinodkothari.com/resources-on-sustainability-finance/  ↩︎

Upfronting Uprooted: RBI puts an end to early profit booking in Co-lending

/0 Comments/in , , /by

Simrat Singh | Finserv@vinodkothari.com

Co-lending is an arrangement where two or more regulated entities (REs) jointly extend credit to a borrower under a pre-agreed Co-Lending Agreement (CLA). The CLA, signed before origination, defines borrower selection criteria, product lines, operational responsibilities, servicing terms and the proportion in which each lender will fund and share the loan. The aim is to combine the origination strength of a RE with the lower cost of funds of another RE, thereby expanding credit outreach.

Before the issuance of the RBI (Co-Lending Arrangements) Directions, 2025 (‘Directions’), there was no formal co-lending framework for non-PSL loans and for PSL loans, the CLM-2 ‘originate-and-transfer’ model was the most common structure. Under this model, the originating RE would book 100% of the loan in its books and, within a stipulated period, selectively transfer a portion to the funding partner. This post-origination discretion enabled ‘cherry-picking’ of loans. CLM-2 mirrored a loan sale under TLE framework but without any minimum holding period restrictions, making it a preferred route. It offered the economic and accounting benefits of transfer, including derecognition and upfront gain recognition without waiting for loan seasoning.  

Upon transfer, the originating RE would derecognise the transferred portion and book ‘upfront gains’. The upfront gain arose from the excess spread between the interest rate charged to the borrower and the yield at which the loan pool was transferred to the funding partner. For example, if the originating RE extended loans at 24% and sold down 80% of the pool at 18%, the 6% differential represented the excess spread. This spread, which would otherwise have been earned over the life of the loan, was discounted to present value and recognised as gain on transfer upfront, at the time of derecognition. This led to the originating RE recognising profits immediately despite not receiving any actual cash on the co-lent loans. This practice allowed originating REs to show higher profits upfront, even though no cash had actually been received on the co-lent loans.

The Directions fundamentally alter this framework as well as the prevalent market practice. They move away from originate-and-transfer and institute a pure co-origination model. It has been expressly stated that The CLA must now be executed before origination, with borrower selection and product parameters agreed ex ante. The funding partner must give an irrevocable commitment to take its share on a back-to-back basis as loans are originated. Importantly, the 15-day window provided under the Directions is only for operational formalities such as fund transfers, data exchange and accounting. It is not for evaluating or selecting loans after origination. If the transfer does not occur within 15 days due to inability, not discretion, the originating RE must retain the loan or transfer it under the securitisation route or as per Transfer of Loan Exposure framework. In short, post-origination cherry-picking is no longer permitted.

This change has direct accounting consequences. Under Ind AS 109, a financial asset is recognised only when the entity becomes a party to the contractual provisions and has enforceable rights to the underlying cash flows (see para 3.1.1 and B3.1.1). In a co-lending transaction under the Directions where co-origination is a must, each lender should recognise only its respective share of the loan at origination. The originating partner should not recognise the funding partner’s share at any stage, except as a temporary receivable if it disburses on behalf of the funding partner. Since the originating partner never recognises the funding partner’s share (except as a servicer), there is no recognition and therefore, there is no question of any subsequent derecognition and booking of any gain on sale. Income, if any, is limited to servicing fees or mutually agreed charges, not upfront profit.

By eliminating post-origination discretion, RBI has closed the upfronting route. Co-lending is now truly co-origination, joint funding from day one, with proportionate recognition and no accounting arbitrage.  The practice that once allowed REs to accelerate income has been uprooted.

Click here to see our other resources on co-lending

The Great Consolidation: RBI’s subtle shifts; big impacts on NBFCs

/1 Comment/in , , , /by

Team Finserv | finserv@vinodkothari.com

In its recent consolidation exercise of the Master Directions applicable to NBFCs, the RBI has done a lot of clause shifting, reshuffling, reorganisation, replication for different regulated entities, pruning of redundancies, etc. However, there are certain places where subtle changes or glimpses of mindset may have a lot of impact on NBFCs. Here are some:

Read more

Old Rules, New Book: RBI consolidates Regulatory Framework

/1 Comment/in , , , /by

Team Finserv | finserv@vinodkothari.com

RBI Consolidation of Circulars (1)Download

Read our related resources:

RBI’s Regulatory Shelf gets a Pre-Diwali Dusting  

Rules of Restraint: RBI proposes revised norms on Related Party Lending and Contracting

/0 Comments/in , , , , , , , /by

– Team Finserv, finserv@vinodkothari.com

In its current hectic phase of revamping regulations, the RBI has issued Draft Directions for lending and contracting with related parties. Separate sets have been issued for commercial banks, other banks, NBFCs and financial institutions. 

The definition of “related party” is more rationalised and improvised over the existing definitions in Companies Act or LODR Regulations. Loans above a “materiality threshold” [which is scaled based on capital in case of banks, and based on base/middle/upper layer status in case of NBFCs] will require board approval, and nevertheless, will require regulatory reporting as well as disclosure in financial statements. In case of contracts or arrangements with related parties, with the scope of the term derived from sec 188 (1) of the Companies Act, there are no approval processes, but disclosure norms will apply. In the case of banks, trustees  of funds set up by banks are also brought within the ambit of “related persons”.

Read more