Posts

Pay for Performance Or Pay for Prudence?

/0 Comments/in /by

Understanding Compensation Framework for NBFCs

On 9 March 2026, the Reserve Bank of India imposed a monetary penalty of ₹2.70 lakh on a financial institution for violations regarding the payment of  the entire variable remuneration to certain KMPs upfront, without deferring any portion, in breach of applicable compensation guidelines. While the quantum of the penalty is insignificant relative to the Company’s scale of operations, it reflects the RBI’s clear regulatory emphasis on ensuring that NBFC compensation practices are aligned with prescribed regulatory requirements. 

Compensation structures in financial institutions, like any other institution, have traditionally been designed to reward performance. Higher profits, stronger business growth, and increased market share have often translated into higher incentives and bonuses for senior management. However, the manner in which institutions reward their key personnel can significantly influence the risks they choose to take. Where the remuneration is excessively linked to short-term profitability, it may encourage risk-taking without adequate regard to long-term consequences, particularly where the underlying risks may materialise only several years later. 

The Lessons of History: From Performance to Prudence

The 2008 Global Financial Crisis (GFC) illustrated the above mechanism. Mortgage originators earned fee income upfront on loan disbursements while credit risk was securitised and passed to counterparties; traders at large investment banks received annual cash bonuses tied to mark-to-market gains while systemic risks accumulated on balance sheets. When those risks materialised, bonus recipients were under no obligation to return payments. 

Mr Raghuram Rajan (2006), writing before the GFC , identified competitive pressures pushing financial sector executives toward risk strategies concealed within opaque compensation structures, specifically, strategies that generate near-certain short-term income while accumulating rare but catastrophic risks. 

In a landmark 2011 study, Fahlenbrach and Stulz revealed a shocking paradox – banks where CEOs owned the most stock actually suffered the worst losses during the crash. Because their personal wealth was tied to share prices, these executives took massive, highly concentrated gambles to boost short-term returns. The conclusion of their research was clear that how an executive is paid is just as critical as how much they are paid. 

The international response to these concerns was reflected in the Financial Stability Board’s Principles for Sound Compensation Practices and the accompanying implementation standards, which advocated alignment of remuneration with long-term risk outcomes. This was followed by further guidance from the Basel Committee on Banking Supervision on the assessment and risk-adjustment of remuneration practices.

Why only financial institutions? Rather, every Company is covered

Section 178(4)(c) of the Companies Act, 2013, requires the Nomination and Remuneration Committee (NRC) of every prescribed class of company to formulate the criteria for, and recommend to the Board, a policy relating to the remuneration of directors, KMPs, and other employees. While RBI has prescribed a more structured framework for banks and NBFCs, the underlying principles are equally relevant to non-financial entities and are consistent with the remuneration governance framework envisaged under Section 178 of the Companies Act, 2013. In any company, compensation is often linked to performance metrics such as profits, revenue growth, operational targets, or share price performance. Where such performance is subsequently found to have been achieved through misconduct, inaccurate reporting, regulatory breaches, or unsustainable business practices, malus and clawback mechanisms enable the company to reduce or recover variable remuneration. 

Where an industrial company’s CEO makes poor strategic decisions, the primary losers are shareholders. Where an NBFC’s senior management makes poor credit or investment decisions, the losses spread to depositors (in deposit-taking NBFCs), borrowers facing credit contraction, financial system counterparties, and, at sufficient scale, the broader economy. 

Consider a hypothetical Middle Layer NBFC. In FY2023, its loan book grew by 35%, driven by aggressive commercial lending and disbursements. Net interest margin expands, provisions are low, and PAT rises sharply. The board approves variable pay of ₹8 crore for the MD and ₹3-5 crore for the senior credit team, paid immediately in April 2023.

By FY2025, borrower stress in the commercial segment becomes apparent. NPA recognition in the FY2023-24 begins. Provisions of ₹400-600 crore are required across two financial years, erasing the PAT that justified the FY2023 bonuses. The credit decisions that drove FY2023 profitability and the bonuses are the same decisions that drove FY2025 impairment. 

Under a properly designed deferral and clawback framework, a material portion of the FY2023 variable pay would remain unvested in FY2024 and FY2025. As NPA ratios deteriorate beyond prescribed thresholds, malus provisions would cancel unvested amounts. If fraud or deliberate misreporting in origination is subsequently found, clawback provisions would enable recovery of amounts already paid. In the absence of such provisions, the incentive structure is undisturbed: gains are privatised, losses are socialised.

Building Blocks of Sound Compensation Governance

A simple principle: individuals who generate profits should also bear the consequences of the risks taken to generate those profits. 

A.  Variable Pay

Variable pay is the performance-linked component of remuneration. Two dimensions are critical: the quantum that is the share of variable pay relative to fixed pay must be material enough to serve as a genuine incentive without dominating compensation to the point of creating perverse incentives to maximise near-term metrics. Secondly, the variable pay must be assessed against risk-adjusted, institution-wide outcomes, not merely individual disbursement volumes, gross fees, or absolute PAT. Variable pay must be capable of being reduced to zero in poor performance periods. 

B.  Deferral of Compensation

Deferral withholds a portion of variable pay for payment at a future date, subject to the absence of adverse risk outcomes during the deferral window. The purpose is to ensure that remuneration remains exposed to the consequences of decisions throughout the period over which those decisions actually materialise. The deferral period must be calibrated to the risk horizon. 

C.  Share-Linked Instruments

Awarding a portion of variable pay in share-linked instruments like stock options, ESOPs, phantom stock, stock appreciation rights aligns executive incentives with the long-term market value of the institution. An executive holding significant unvested equity is personally exposed to the consequences of decisions that may impair the institution’s stock price years after they are taken.

D.  Malus

The term “malus” originates from the Latin word meaning bad or adverse, reflecting a mechanism that reduces or cancels remuneration before it vests. It is the primary ex-post adjustment tool during the deferral period.

The malus period must cover, at minimum, the entire deferral period, otherwise the deferral itself is meaningless. For malus to operate as a genuine deterrent, the policy must specify quantitative triggers rather than purely discretionary language.

E.  Clawback

Clawback” literally denotes the act of taking back something previously given, and refers to the recovery of remuneration that has already vested or been paid. It operates after the deferral period and is therefore more operationally complex. It requires enforceable contractual provisions in individual employment agreements (a policy reference alone is insufficient), may face legal challenges in certain jurisdictions, and demands investigation processes before invocation.

Malus and clawback are complementary, not substitutes. Malus stops deferred pay from flowing out during the risk-materialisation window; clawback reverses compensation already received where subsequent investigation reveals misconduct or misreporting that was not apparent at the time of payment.

Global Compensation Frameworks: Numbers, Not Principles

All major jurisdictions that have addressed financial institution compensation have converged on prescriptive parameters such as minimum deferral percentages, defined deferral periods, mandatory clawback windows, and MRT identification beyond the C-suite.

European Union: Capital Requirements Directive V (Art. 94)

Variable remuneration for MRTs is capped at 100% of fixed remuneration, extendable to 200% with shareholder approval. A minimum of 40% of variable pay must be deferred, rising to 60% where variable pay is ‘of a particularly high amount’, for at least four to five years (five years for senior managment). Malus and clawback provisions are mandatory during the deferral and retention periods. Payout schedules must be ‘sensitive to the time horizon of risks.’

Refer here: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32019L0878

Australia: APRA CPS 511

CPS 511 is among the most granular remuneration standards globally. For Significant Financial Institutions (SFIs): (i) the CEO must defer 60% of variable pay for a minimum of six years; (ii) other senior managers must defer 40% of variable pay for at least four years; (iii) the clawback window extends to a minimum of two years from the date of payment or vesting. Clawback criteria explicitly include ‘material misstatements of financial statements.’ CPS 511 also requires boards to link individual accountability (under the Banking Executive Accountability Regime) directly to the deferral and clawback framework.

Refer here: https://handbook.apra.gov.au/standard/cps-511

United Kingdom: SMCR / PRA Remuneration Code

Under the Senior Managers and Certification Regime, each Senior Manager holds a personal ‘Statement of Responsibilities.’ SYSC 19D mandates that MRTs face: (i) malus and clawback for a minimum of five to seven years (seven years for Senior Managers); (ii) minimum deferral of 40% of variable pay (rising to 60% for higher amounts); and (iii) a minimum deferral period of four years.

Refer here: https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/policy-statement/2025/october/remuneration-instrument-2025—pra2025_14.pdf

Compensation Regulation in Banks and NBFCs: A Comparative Regulatory Assessment

A comparison of the compensation frameworks prescribed under Paras 61–67 of the Reserve Bank of India (Commercial Banks – Governance) Directions, 2025 and Paras 29–37 of the Reserve Bank of India (Non-Banking Financial Companies – Governance) Directions, 2025 reveals a clear regulatory distinction. Banks are subject to a rule-based compensation regime with defined quantitative thresholds and risk-adjustment mechanisms, whereas NBFCs operate under a principles-based framework that affords greater implementation flexibility. 

ParameterCommercial Banks NBFCs Key Difference
Board-approved Compensation PolicyRequiredRequired (Para 29)Similar requirement: the NBFC framework is principle-based.
Nomination & Remuneration Committee (NRC)RequiredRequired (Para 30)Similar requirement.
NRC-Risk Management Committee CoordinationMandatory; compensation outcomes to be aligned with capital adequacy and cost-to-income ratioRequired (Para 31)Banks have more prescriptive alignment requirements.
Variable Pay – Minimum ShareAt least 50% of total compensation for senior executives and MRTsNo prescribed minimumSignificant flexibility for NBFCs.
Variable Pay – Maximum CapMaximum 300% of fixed payNot prescribedNo regulatory cap for NBFCs.
Fixed vs Variable Pay StructureQuantitatively prescribedPrinciple-based (Para 33)Banks subject to detailed limits.
Deferral of Variable PayMinimum 60% deferredDeferral contemplated (Para 35)NBFCs have no specified percentage.
Deferral PeriodMinimum 3 yearsNot specifiedNBFCs may determine internally.
Deferral of Cash ComponentAt least 50% of cash component deferred (subject to threshold exemption)Not specifiedNo equivalent requirement for NBFCs.
Vesting ScheduleNo faster than a pro rata cumulative basis over deferral periodNot specifiedBanks are subject to structured vesting norms.
Share-linked InstrumentsMinimum 50%–67% of variable pay depending on pay structureNot requiredNo specific requirement for NBFCs.
Alternative to Share-linked InstrumentsAll-cash permitted only in limited cases; variable pay capped at 150% of fixed payNot prescribedNo comparable restriction for NBFCs.
Material Risk Taker (MRT) IdentificationMandatory identification beyond KMPsNot prescribedThe NBFC framework does not define MRTs.
Control Function IndependenceImplied through governance frameworkSpecifically required (Para 35(4))Explicit requirement under NBFC Directions.
Malus and Clawback FrameworkMandatoryMandatory (Para 37)A framework is required for both.
Malus/Clawback ScopeMust cover at least deferral and retention periodsNo prescribed periodBanks have detailed implementation standards.
NPA-specific Malus TriggerMandatory prohibition on unvested variable pay where NPA divergence exceeds RBI disclosure thresholdNot prescribedUnique requirement for banks.
Guaranteed BonusProhibited except for a sign-on bonus for new hiresProhibited except for a sign-on bonus (Para 36)Broadly aligned.
Hedging of Variable PayProhibitedNot prescribedNo express prohibition for NBFCs.
Compensation Disclosure RequirementsPrescribed under governance frameworkNo specific disclosure frameworkBanks are subject to greater transparency obligations.
Alignment with Risk OutcomesDetailed linkage to risk, capital and performance metricsPrinciple-based requirementBanks have significantly greater regulatory prescription.

Conclusion

The regulation of compensation is fundamentally a question of governance. While remuneration frameworks are intended to reward performance, financial sector experience has repeatedly demonstrated that performance measured over a short horizon may not accurately reflect the risks embedded in business decisions. Accordingly, modern compensation regulation seeks to align remuneration outcomes not merely with current profitability, but with the sustainability of that profitability over time.

From Consent to Compensation: RBI’s Directions for REs on Sales Practices

/0 Comments/in /by

RBI issues Directions on Advertising, Marketing and Sales of Financial Products and Services by Regulated Entities

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download as PDF [1.93 MB]

Agency and referral activities of NBFCs and Banks: RBI June 2026 Amendments

/0 Comments/in /by

– Team Finserv | finserv@vinodkothari.com

RBI has issued Reserve Bank of India (Non-Banking Financial Companies – Undertaking of Financial Services) Second Amendment Directions, 2026 (‘UFS Amendment Directions’) on June 15, 2026. The RBI also issued the Reserve Bank of India (Non-Banking Financial Companies – Responsible Business Conduct) Second Amendment Directions, 2026 (‘RBC Amendment Directions’) under the RBI press release for issuance of Amendment Directions on ‘Advertising, Marketing and Sale of Financial Products and Services by Regulated Entities’. Earlier draft Reserve Bank of India (Non-Banking Financial Companies – Undertaking of Financial Services) Amendment Directions, 2026 (‘Draft Direction’) were issued as a part of the Draft Amendment Directions for Advertising, Marketing and Sales of Financial Products and Services by Regulated Entities

By way of Highlights, the UFS Amendments introduce a unified framework for agency business of banks and NBFCs, and referral activities of banks. Specifically, the Amendments provide that agency/referral activities will be undertaken without risk participation, and in case of referral, the bank will be limited to simply connecting the customer with the external provider (TPPSP), and will not be involved in the sale process. The physical or electronic machinery of the bank will not be used for third party product sales.

Our interpretation of the regulated entity’s (RE’s) participation being on no-risk basis is that if the agency or referral fees are linked with the profits or performance of the product/service offered by the third party, the agent or referring entity indeed gets subjected to risk.

We also give specific details about insurance distribution, a lucrative add-on income opportunity for most regulated entities.

Unified Framework for Agency Business

  • RBI has formally defined “Agency Business” as an arrangement where a Bank/ NBFC acts as an agent of a third-party product or service provider (TPPSP) for the distribution of financial products and services. Thus, banks/NBFCs under agency business can only distribute financial products or services. 
  • The RBI has not covered non-financial products and services under the purview of the UFS Directions, however, the same is not restricted in case of NBFCs.
  • The distribution of financial products and services would include marketing, sales, promotion, customer onboarding support, grievance facilitation and after-sales services.
  • The arrangement must be undertaken without any risk participation by the NBFC.

Agency versus referral

  • A principle-based distinction is required between Agency Business and Referral Services. Refer to our article discussing this in detail- Referral or Representation? The Fine Line Between LSP, DSA and Referral Partner – Vinod Kothari Consultants
  • For such TPPS that require higher and continuous customer interactions, the Agency Business arrangement may be used instead of Referral Services. However, REs may undertake only such third-party product or services under referral route where continued customer interactions such as distribution, grievance redressal, post sales services are not required to be undertaken. 

Undertaking Insurance Agency business by Banks/NBFCs/HFCs

  • Banks may act as an insurance broker departmentally
  • NBFCs and eligible HFCs may undertake insurance distribution under the corporate agency or broking model without prior RBI approval.
  • Prior approval/registration from IRDAI and compliance with applicable IRDAI regulations remain mandatory. Here, it may be noted that the RBI NOC is generally required at the time of making an application to IRDAI.
  • Insurance distribution must:
    • Be undertaken on a fee basis;
    • Involve no risk participation;
    • Be clearly disclosed to customers by disclosing the products on the website of the NBFC;
    • Be supported by robust grievance redressal mechanisms of the insurer. The NBFC may facilitate the redressal of grievances.
  • Earlier, the Reserve Bank of India (Non-Banking Financial Companies – Undertaking of Financial Services) Directions, 2025 (‘UFS Direction’), provided that no incentive (cash or non-cash) should be paid to the staff engaged in insurance broking/ corporate agency services by the insurance company. The same has now been deleted. However, it may be noted that this requirement has been covered under para 101U of the RBC Amendment Directions.

Does Insurance Distribution include  a lender acting as master policyholer?

The UFS Amendment Directions uses the terms ‘Agency Business’ to mean an arrangement under which an NBFC acts as an agent of a third-party product or service provider (TPPSP), without risk participation, to facilitate the sale of the latter’s financial products or services (e.g., insurance, mutual fund, pension fund, etc.) to its own customers Para 32 clarifies that an NBFCs intending to undertake insurance distribution can do so only in the capacity of a Corporate Agent (“CA”) or an Insurance Broker, in accordance with the applicable regulations issued by the Insurance Regulation Development Authority of India (‘IRDAI’). This disallows any unregulated or informal distribution arrangements, including informal referral models or structures that may resemble the outsourcing of distribution without appropriate licensing.

The question arises as to whether NBFCs may act as a master policyholder for group insurance or through Insurance Self-Network Platforms (‘ISNP’), in accordance with the applicable IRDAI regulations.

In our view, the amendment does not restrict the NBFCs from acting as the Master Policy Holder for group insurance policy covering lender-borrower groups, as permitted under the IRDAI_Master_Circular_on_Protection_of_Policyholders_interests_2024 as while acting as a master policyholder, the NBFC cannot draw any commission from the insurance company, it solely acts as a policyholder for the benefit of its customers. In this capacity, the NBFC facilitates enrolment, premium collection, and claims support, without undertaking solicitation in the capacity of an agent or broker. 

With respect to ISNP Platforms, only insurance intermediaries are permitted to take registration for operating an ISNP. Therefore, in our view NBFCs shall still be permitted to operate ISNPs. 

Further, the recent Sabka Bima Sabki Raksha (Amendment of Insurance Laws) Act, 2025 has introduced the concept of Managing General Agent (“MGA”) (which is still not implemented by IRDA) by including the same within the definition of “insurance intermediary”. Given that the MGA construct involves undertaking core functions such as underwriting support (assessment of risk only), product design, and distribution facilitation on behalf of insurers, it may fall within the broader ambit of “insurance distribution business”. While the regulatory contours around MGAs are still evolving, NBFCs have not been expressly restricted from acting as MGAs via this amendment, subject to clarity from the IRDAI on permissibility, registration requirement etc.  Read our article on Managing General Agents here.

No Routing of Funds through the NBFC/HFC

The UFS Directions earlier provided that the premium shall be paid by the insured directly to the insurance company without routing through the NBFC. This requirement has now been deleted under the present UFS Amendment Directions. It may however, be noted that Section 64VB of the Insurance Act, 1938 provides that, 

Where an insurance agent collects a premium on a policy of insurance on behalf of an insurer, he shall deposit with, or dispatch by post to, the insurer, the premium so collected in full without deduction of his commission within twenty-four hours of the collection excluding bank and postal holidays.

Accordingly, in case the NBFC/HFC acts as the corporate agent and collects any insurance amount, the same must be deposited with the insurance company within a period of 24 hours. 

Enhanced Disclosures in case of undertaking insurance agency business


The UFS Amendment Directions introduce an explicit requirement for NBFCs to make clear, upfront disclosures to customers that insurance distribution activities are undertaken strictly on a fee-based model and without any risk participation. Unlike the earlier framework where disclosure obligations were largely confined to financial statements (such as notes to accounts) and did not necessarily extend to customer-level communication at the point of sale. While the quantum or percentage of fees is not required to be disclosed, an appropriate disclaimer should be incorporated in the relevant loan documentation and/or on the website/ application through which loan journey is conducted, clarifying that the NBFC does not assume any risk participation in the insurance product and is acting solely in the capacity of an agent for the insurer.

Illustrative Disclaimer- The Company acts solely as an agent of the insurer for distribution of insurance products. The Company does not underwrite or assume any insurance risk, and all claims, benefits, and liabilities under the insurance policy are the sole responsibility of the respective insurer.

Mutual Fund Distribution Framework Revised

  • NBFCs may distribute mutual funds subject to:
    • Compliance with applicable SEBI regulations and code of conduct;
    • Compliance with the RBC Directions;
    • Distribution being undertaken solely on a fee-based, non-risk participation basis and with upfront disclosure to the customer.
  • Mutual fund houses whose products are distributed must maintain robust grievance redressal systems. The NBFC may also facilitate the redressal of grievances. 
  • MF products should be clearly disclosed to customers by disclosing the products on the website or other digital channels of the NBFC.
  • Nothing has been specifically provided for Banks in this regard

Pension Distribution / NPS Services

  • Eligible NBFCs (other than Base Layer NBFCs) meeting prescribed CRAR requirements and having reported profits in the previous financial year may act as Points of Presence (PoPs) for NPS.
  • Registration with PFRDA remains mandatory.
  • Activities must be undertaken on a fee basis without risk participation and in compliance with RBI’s RBC Directions and PFRDA guidelines.

Referral business in case of Banks

  • A specific definition of “Referral Services” has been introduced to mean an arrangement under which a bank may refer its customers to a TPPSP by making available information about the financial products or services offered by the TPPSP. This definition has not been introduced in the case of NBFCs/HFCs.
  • Banks may refer customers only to products and services regulated by financial sector regulators and must comply with the instructions of the relevant regulator.
  • Banks may market and refer the TPPS to their customers, but cannot sell under the referral arrangement. This should be made explicitly clear upfront through a disclaimer to the customers.
  • The name or brand of the bank shall not feature in any of the product/ service documents. This ensures that customers do not misconstrue the product as being offered or backed by the bank.
  • Banks must publicly disclose the list of TPPSPs and products covered under referral arrangements on their website, mobile application and other digital banking channels.
  • Product onboarding, servicing and other TPPS-related processes cannot be integrated into the bank’s platform. The bank may only provide a link redirecting the customer to the TPPSP’s platform.
  • Banks must undertake proper due diligence before entering into referral arrangements with TPPSPs. Particular emphasis is placed on assessing reputational risks associated with the TPPSP.
  • Banks must ensure that the TPPSP has robust customer grievance redressal mechanisms in place before referring customers.

Grievance Redressal Mechanism

Under the erstwhile IRDAI (Registration of Corporate Agents) Regulations, 2015, corporate agents were permitted only to provide guidance and advisory to customers on issues arising during the course of an insurance contract. However, pursuant to the IRDAI (Protection of Policyholders’ Interests, Operations and Allied Matters of Insurers) Regulations, 2024, it has been mandated that every insurer and distribution channel shall establish robust procedures and effective mechanisms for the efficient and timely resolution of policyholder and/or claimant grievances.

In alignment with the above, the RBI, through its UFS Amendment Directions, has required NBFCs to ensure that the insurance companies whose products are distributed by them have adequate and effective customer grievance redressal mechanisms in place. Additionally, NBFCs may facilitate the redressal of such grievances.

Policy Mandate

The UFS Amendment Directions proposes to delete Para 6 of the UFS Direction, which requires NBFCs to put in place a broad Board-approved policy governing the distribution of third-party financial products, including insurance products. A closer reading indicates that the change is primarily structural rather than substantive, as the underlying policy requirement has already been added within the RBI’s RBC Amendment Directions, through the insertion of Para 101A, which mandates every regulated entity to adopt a comprehensive policy covering advertising, marketing, and sales of both its own and third-party financial products and services. 

It is also relevant to note that, independent of RBI requirements, sectoral regulators already mandate similar requirements. For instance, IRDAI requires corporate agents to maintain an open architecture policy and a grievance redressal policy. As such, most NBFCs engaged in these activities are likely to have comparable policies already in place. Consequently, we understand that where an NBFC has already adopted policies to comply with the RBC Amendment Directions or applicable sectoral regulations, those frameworks would adequately satisfy the regulatory expectation. 

Control and Assurance Functions for NBFCS- RBI Proposes Consolidation

/0 Comments/in /by
  • Harshita Malik | finserv@vinodkothari.com

The RBI issued the Reserve Bank of India (Non-Banking Financial Companies – Governance) Directions, 2025 (‘Governance Directions’) on November 28, 2025, consolidating all governance-related instructions for NBFCs into a single master framework. While the said exercise addressed regulations around Board composition, fit and proper criteria, KMP compensation, and related matters, it left the two core control/assurance functions, namely, compliance and internal audit, governed by separate circulars. The draft Reserve Bank of India (Non-Banking Financial Companies – Governance) Amendment Directions, 2026 (‘Amendment Directions’), issued for public comments, absorbs the CCO Circular and RBIA Circular into the Governance Directions and proposes certain amendments to the risk management framework. 

Effective Date: The Amendment Directions propose an effective date of January 1, 2027, upon formal notification.

The amendments introduced go beyond mere consolidation of existing circulars; they introduce new obligations and structural changes to the governance norms. Key changes are given below, for banks, refer to our article here.

  1. Important concepts defined: The Amendment Directions contain new definitions of key concepts relating to control and assurance functions, including ‘Assurance’, ‘Clawback’, ‘Compliance’, ‘Compliance Culture’, ‘Compliance Function’, ‘Compliance Risk’, ‘Control Functions’, ‘Internal Audit Function’, ‘Internal Audit Plan’, ‘Internal Controls’, ‘Risk Appetite’, ‘Risk Limits’, ‘Risk Management’, and ‘Risk Management Function’.
  2. Common instructions for CRO, CCO and HIA: The Amendment Directions provide a unified set of provisions for the three heads of control and assurance functions, namely, Chief Risk Officer (CRO), Chief Compliance Officer (CCO), and Head of Internal Audit (HIA), covering eligibility, appointment conditions (seniority ≤2 levels below MD & CEO, Board approval, tenure ≥3 years, premature removal requiring Board approval), independence, and reporting lines (functional to Board/ACB; administrative to MD & CEO). Does this mean that the same person can be appointed as the CCO and HIA? Given that the role of the HIA includes oversight on compliance risk, it will be counter-intuitive to have the same person as the head of the compliance function as well as the head of internal audit. Similar instructions have also been introduced for banks.
  3. Relaxation for Base Layer continues and further enhancement- Under the existing framework, the CCO framework was applicable on Middle Layer NBFC and appointment of CRO and RBIA Framework on those with an asset size more than ₹5000 crore, respectively. The said exemption for base layer NBFCs continues and further even includes the requirement of constituting the RMC. 
  4. ₹5,000 crore threshold for mandatory RMC: NBFCs with total assets of ₹5,000 crore or above must constitute a RMC and establish a Risk Management Function headed by a CRO; the RMC is responsible for evaluating overall risks, including liquidity risk, and reporting to the Board. The existing regulations require the RMC to be constituted by all NBFCs irrespective of asset size, and hence, this may be seen as a major relaxation.
  5. Quarterly Board meetings without Senior Management: CCO, CRO, and HIA must meet the Board or ACB at least once every quarter without the presence of Senior Management (including MD/CEO/WTD), and must have direct and unrestricted access to the Board/ACB to communicate concerns without management interference.
  6. Stricter external hiring restrictions: Consultants, advisors, part-time auditors, or individuals who are neither on the NBFC’s payroll nor have a contractual employer-employee relationship with the NBFC shall not be appointed/designated as CRO, CCO, or HIA. The same criteria has been prescribed for banks as well.
  7. Differentiated intimation timelines to RBI/NHB: For CCO and HIA (NBFC-ML and above), appointment/premature transfer/removal/exit/change in tenure must be reported to DoS, RBI/NHB at least five working days in advance, with candidate profile and fit & proper confirmation; for CRO, such intimation must be made within five working days, accompanied by the candidate’s profile.
  8. CRO’s role in credit committee and override mechanism: CRO shall be an invitee to credit sanction/approval committee meetings without voting rights; where risk/exposure is assumed contrary to CRO advice without adequate mitigation, the responsibility rests with the next higher authority in the delegation matrix (except where the Board is the risk-assuming authority), and all such cases must be reported to the Board/RMCB.
  9. Internal audit of Compliance and Risk Management Functions: The Compliance Function and Risk Management Function shall be subject to regular internal audit.
  10. New tenure and audit-cycle mandates for Internal Audit: Staff posted to the Internal Audit Function shall ordinarily have a tenure of at least three years, and all significant activities shall be audited over a defined cycle ordinarily not exceeding three years, with high-risk areas reviewed more frequently.
  11. RBIA adoption and NBFC-BL exemption: All NBFCs shall adopt a Risk-Based Internal Audit (RBIA) approach focusing on higher risk, materiality, systemic relevance, and supervisory concerns as given in Annex I-A of the Amendment Directions; adoption of RBIA is voluntary for NBFC-BL. As per the Companies Act, internal audit is applicable even on private companies having a turnover of ₹ 200 crore rupees or outstanding loans or borrowings exceeding ₹100 crore or more. This means that even Base Layer NBFCs can be subjected to internal audit requirements. However, risk-based internal audit will be applicable only in case of Middle Layer and above entities. RBIA is an audit methodology that focuses on identifying, assessing, and prioritising the most significant risks faced by an organisation, and allocating audit resources accordingly. Unlike traditional compliance-oriented audits, RBIA aligns audit activities with the NBFC’s risk management framework and strategic objectives. Refer to our article on RBIA – here.
  12. Periodic external review for NBFC-UL Risk Management Function: NBFC-UL shall subject its Risk Management Function to periodic external review to benchmark practices and strengthen effectiveness. However, in the case of banks, all three functions- compliance, risk and internal audit are subject to external review.
  13. Formal Risk Exposure Matrix (9-cell grid) & Risk Audit Prioritisation Matrix (Magnitude vs. Frequency): The Amendment Directions introduce two formalised, structured risk assessment and prioritisation tools under the RBIA framework (Annex I‑A).
  14. Assumption of risk exposure contrary to the advice of CRO: If risk is taken contrary to the CRO’s advice without adequate mitigation, the responsibility lies with the next higher authority in the delegation matrix (except when the Board is the risk-assuming authority). All such cases must be reported to the Board/RMC.
  15. Intimation of appointment to RBI/NHB: For CCO and HIA: Report appointment/premature transfer/removal/exit/change in tenure at least 5 working days in advance (pre-event intimation). Intimation to include profile and fit & proper confirmation by the competent authority. Appointment may be communicated to the candidate only after the five-day window, unless a contrary communication is received from RBI/NHB. For CRO: Report appointment/premature transfer/removal/exit/change in tenure within 5 working days (post-event intimation).

For ease of reference, the amendments have been classified into three categories and detailed below:

  1. Changes Common for CCO, CRO and HIA
ProvisionDraft Amendment DirectionsCurrent Directions/Circulars
RankNot more than two levels below MD & CEO (for SPDs: not more than three level; for NBFC-BL: as per policy)CCO shall be not below two levels from CEO; for NBFC-ML, relaxable by one further level
Appointment tenureOrdinarily not less than three years with no explicit relaxation. Premature transfer/removal requires Board approvalBoard permitted to relax the minimum three-year tenure by one year in exceptional cases for CCO.
External HiringExternal hiring permitted, however, consultants, advisors, part-time auditors, or individuals without employer-employee relationship with the NBFC.External hiring permitted, no negative list prescribed
Reporting LineFunctional reporting: Board/ACB; Administrative: MD & CEOReporting by CCO to MD & CEO was the primary option; Board reporting was an alternative.
Quarterly meeting without senior managementMeet Board/ACB quarterly without Senior Management (including the MD / CEO / WTD)CCO and CRO shall meet the Board or ACB at least once a quarter without the presence of the Senior Management (including the MD / CEO / WTD)
Intimation to RBI/NHBFor CCO and HIA:report appointment/premature transfer/removal/exit/change in tenure at least 5 working days in advance (pre-event intimation). Intimation to include profile and fit & proper confirmation by competent authority. Appointment may be communicated to the candidate only after the five-day window, unless a contrary communication is received from RBI/NHB

For CRO:Report appointment/premature transfer/removal/exit/change in tenure within 5 working days (post-event intimation)		Prior intimation was required for appointment of CCO without specifying a minimum period. Intimation to include Detailed profile of candidate, fit and proper certification by MD & CEO confirming the person meets prescribed supervisory requirements and rationale for changes, if applicable.
Internal auditCompliance Function and Risk Management Function shall be subject to regular internal auditNo explicit requirement that Compliance must be audited by IA
  1. Changes Specific to CRO
ProvisionDraft Amendment DirectionsGovernance Directions
Threshold for RMCNBFCs with assets ≥ ₹5,000 croreAll NBFCs
CRO’s role in credit decisionCRO shall be an invitee to the meetings of the credit sanction / approval committee, without any voting rights.CRO shall have voting power and all members shall individually and severally be liable.
Contrary risk adviceAssumption of any risk / exposure, contrary to the advice of the CRO, without incorporating adequate risk mitigation measures, shall rest with the next higher authority in the delegation matrix.No equivalent provision.
Risk Management Function dutiesEnsure NBFC operates within risk appetite; assess risks independently – Implement NBFC-wide risk strategy aligned with Board-approved risk appetite; clear risk limits; allocate parameters – Robust information infrastructure for capital/liquidity, granular monitoring, consolidated reporting – Continuously evaluate exposures vs. limits; challenge business decisions; escalate critical issues to SM/Board/RMCBCRO had similar duties but risk appetite/limits were not defined and escalation mechanism was not explicitly prescribed
External review of Risk Management FunctionNBFC-UL shall subject Risk Management Function to periodic external review to benchmark practices and strengthen effectivenessNo explicit external review requirement for Risk Management Function
  1. Changes in Internal Audit Function – RBIA
ProvisionDraft Amendment DirectionsRBIA Circular
Applicability of CRONBFC-ML and above (mandatory), thus, making it mandatory for ML entities irrespective of asset size; NBFC-BL (voluntary).Deposit-taking NBFCs (all sizes) and non-deposit-taking NBFCs with assets ≥ ₹5,000 crore
Tenure of internal auditorsStaff posted to Internal Audit Function should ordinarily have a tenure of at least three yearsNo specified tenure for internal audit staff
Internal audit cycleAll significant activities audited over a defined cycle ordinarily not exceeding three years; high-risk areas to be reviewed more frequentlyNo specified audit cycle
Structured RBIA FrameworkRisk Exposure Matrix (9-cell grid, inherent risk vs. control risk) and Risk Audit Prioritisation Matrix (magnitude vs. frequency) has been specified.No such formal risk matrix was specified.

Control functions in banks: RBI proposes Consolidation exercise

/0 Comments/in /by
  • Payal Agarwal, Partner | corplaw@vinodkothari.com
Draft proposals provide definitional and role clarity, highlighting a comprehensive overhaul of control and assurance functions for banks with unified appointment standards, enhanced Board oversight, and proportional relaxations for specific categories.

Highlights:

  • Standardised definitions;
  • Unified framework for CRO/CCO/HIA;
  • Optional group CRO/CCO;
  • Periodic external review mandated for NBFC-UL;
  • Flexibility on eligibility criteria for CRO/CCO/HIA;
  • Reporting lines clarified;
  • Foreign banks: “Comply or explain” relaxation;
  • Quarterly Board meetings without Senior Management;
  • CRO credit committee role;
  • Dual-hatting ambiguity;
  • Enhancement of compliance function.

Keeping up with the consolidation exercise undertaken by the RBI last year for the circulars pertaining to Department of Regulation (DoR), RBI announced in its 8th April Statement on Developmental and Regulatory Policies the consolidation of its supervisory instructions. Following the same, draft Directions were issued. Further, for consolidation of instructions issued by the RBI on control functions, viz., compliance, risk management and internal audit, RBI has issued draft Governance Directions, on 10th June, 2026. 

Note that, while the press release refers to ‘Harmonisation and Consolidation of Instructions on Control / Assurance Functions’, the draft Directions go beyond a simple consolidation exercise, rather, includes some changes as compared to the existing circulars of DoS and DBS. The key changes for commercial banks have been discussed below. For NBFCs, refer to our article here

Key Proposals under Draft Directions

  • Important concepts defined: The draft Directions contains definitions of various relevant concepts in relation to control and assurance functions. 
  • Instructions for CRO, CCO and HIA aligned: The draft Directions provide a common set of instructions, eligibility criteria, appointment conditions, reporting lines etc for each of the three heads of the relevant control and assurance functions, viz., Chief Risk Officer (CRO), Chief Compliance Officer (CCO) and Head of Internal Audit (HIA). 
  • Group level oversight of CRO and CCO: For banks that are part of a group consisting of more than one financial entity, a Group CRO (GCRO) and Group CCO (GCCO) may be appointed for group level risk oversight/ compliance and co-ordination. This is not a mandatory requirement, however, may be adopted as a part of group-level control and  assurance functions. 
  • Periodic external review of control functions: For benchmarking of practices and strengthening effectiveness of the functions, the draft Directions require the risk management function, Quality Assurance and Improvement Program (QAIP) of compliance and internal audit functions to periodic external review. In case of NBFCs, external review is proposed to be mandated for risk management function only, and limited to NBFC-UL entities. 
  • Eligibility conditions to be determined by internal policy: The draft Directions omit conditions on minimum no. of years’ of experience and age limitations for appointment of CRO, CCO and HIA. The September, 2020 circular of RBI on Compliance functions in banks and Role of Chief Compliance Officer (CCO) currently requires the CCO to have an overall experience of at least 15 years (including 5 years in audit function) and an age limit of 55 years. The draft Directions require adequate domain knowledge and relevant experience in the respective fields, commensurate with the size, complexity, and risk profile of the bank and age as prescribed in the internal policy of the bank. 
  • Employer-employee relationship mandatory: The draft Directions clarify that consultants, advisors, part time auditors or individuals who are neither on the rolls of the bank/group entity nor have any contractual employer-employee relationship with the bank/group entity shall not be appointed/designated as CRO, CCO or HIA or Group CRO/CCO.
  • Clarification on reporting lines: The draft Directions makes a distinction between administrative and functional reporting lines, viz., administrative reporting to MD& CEO and functional reporting to board/ board committee. 
  • Comply or explain approach for foreign banks: In case of foreign banks, a relaxation is proposed by making the applicability of the instructions on control and assurance functions on a “comply or explain” basis, thus allowing deviations from the requirements, subject to submission of reasonable explanation for prior approval of DoS, RBI.  

Omission of “dual hatting” restriction: can the same person be appointed as CCO or CRO and HIA? 

The draft Directions seem to have omitted the “dual hatting” restrictions, although it requires each of the three designates to be “independent of business lines, free from conflicts of interests…”. The internal audit function, headed by HIA is required to do independent evaluation of governance, risk management, compliance, internal controls, business lines, support functions, outsourced activities, etc., ensuring assurance across the entire organisation. Hence, it would be counter-intuitive to suggest that the HIA can head the compliance or risk management functions, while being responsible for providing independent assurance on the same. 

Some of our resources on Compliance, Risk Management and Internal Audit functions: 

Disaster, Distress and Resolution: Decoding RBI’s NBFC Relief Framework

/0 Comments/in /by

-Jeel Ranavat, Assistant Manager (jeel@vinodkothari.com)

Overview

A natural calamity does not just damage property or disrupt livelihoods — it can instantly push otherwise disciplined borrowers into financial stress. Loan repayments become difficult not because borrowers are unwilling to pay, but because businesses halt, incomes disappear, and economic activity comes to a standstill. Recognising this reality, the RBI has introduced a comprehensive new framework on relief measures in areas affected by natural calamities  (Natural Calamities Directions) for lenders that fundamentally changes how borrower distress arising from calamities is to be handled.

RBI has moved towards a more structured and time-bound relief mechanism — one that focuses not only on faster restructuring and borrower protection, but also on ensuring prudential discipline for lenders. From proactive resolution and protection against sudden NPA downgrades to stricter timelines, additional provisioning norms, and disaster-sensitive credit assessment.

Read more

Securitisation, Transfer and Distribution of Credit Risk- for Banks and NBFCs.

/0 Comments/in , , , /by

We are pleased to announce the launch of our e-book — Securitisation, Transfer and Distribution of Credit Risk- for Banks and NBFCs

This book, spanning over 900+ pages,  provides a comprehensive analysis of the evolving regulatory and transactional landscape relating to credit risk transfer in India, with detailed commentary on:
• RBI regulations on securitisation
• Transfer of Loan Exposures or so-called direct assignments
• Co-lending arrangements
• Loan syndication arrangements
• SEBI regulations governing the issue and listing of securitised debt instruments

Designed specifically for banks, NBFCs, market participants, legal professionals and compliance teams, the publication offers practical insights into the regulatory framework governing structured finance and credit distribution transactions.

The Commentary is based on RBI’s November, 2025 version of consolidated Directions.

The book was launched during the 14th Securitisation Summit, and the e-book is available exclusively through the Premium Section of our website.

Kindly note that access to the book will be for a period of one year from the date of purchase of the book.

Read an excerpt from the book here.

Click here to purchase now directly, or

Register your interests here!

ECL Framework for Banks: Key Highlights

/0 Comments/in /by

See our article A[U]n Expected Injury: ECL is here, likely to hurt bank profits and retained earnings in FY28 for an in-depth analysis.

ECL for Banks_ Key HighlightsDownload

A[U]n Expected Injury: ECL is here, likely to hurt bank profits and retained earnings in FY28

/0 Comments/in /by

Team Finserv | finserv@vinodkothari.com

Additionally, upfront fair valuation may also deplete retained earnings

The new ECL framework marks a major regulatory shift for India’s banking sector; it has been long overdue, and therefore, there was no case that the RBI could have deferred it further; pleadings to defer the implementation were rejected by the regulator. It comes coupled with regulatory floors for provisions, which would cause a major increase in provisioning requirements over the earlier requirements. Our assessment, on a very conservative basis, is that the first hit to Bank P/Ls will be at least Rs 60000 crores in the aggregate. 

This is in addition to fair valuation requirement on upfront adoption, as on 1st April, 2027. While a vaguely worded part in para 19 was inserted on suggestions of the stakeholders, if interest rates have moved up since the date of the original loan, there will be almost a sure case of upfront valuation loss, which will eat up retained earnings.

RBI had come up with a draft framework on ECL pursuant to the Statement on Developmental and Regulatory Policies, wherein it indicated its intention to replace the extant framework based on incurred loss with an ECL approach. The final regulations were notified on 26th April and are applicable w.e.f 1.04.2027 i.e., for FY 27-28. The manner of implementation will be that all loans as on 1st April 2027 will be fair valued, and all new loans/financial instruments originated or acquired on or after 1st April 2027 will be subject to ECL provisions. See the highlights of the final regulations here.

A major impact that the directions will have on the Banking sector is the need to maintain increased provisioning pursuant to a shift from an incurred loss framework to the ECL framework. Under the earlier framework, banks made provisions only after a loss has incurred, i.e., when loans actually turn non-performing. The newECL model, however, requires banks to anticipate potential credit losses and set aside provisions for such anticipated losses. 

Banks presently classify an asset as SMA1 when it hits 30 DPD, and SMA2 when it turns 60. Both these, however, are standard assets, which currently call for 0.4% provision. Under ECL norms, both these will be treated as Stage 2 assets, which calls for a lifetime probability of loss, with a regulatory floor of 5%. Thus, the differential provision here becomes 4.6%.  

Once an asset turns NPA, the present regulatory requirement is a 15% provision; the ECL framework puts these assets under Stage 3, where the regulatory minimum provision, depending on the collateral and ageing, may range from 25% to 100%. Our Table below gives a more granular comparison.

Type of assetAsset classificationExisting requirement New requirement w.e.f 1.04.2027Difference
Farm Credit, Loan to Small and Micro EnterprisesSMA 00.25%0.25%
SMA 10.25%5%4.75%
SMA 20.25%5%4.75%
NPA15%25%-100% based on Vintage10%-85% based on Vintage
Commercial real estate loansSMA 01%Construction Phase -1.25%

Operational Phase – 1%		Construction Phase -0.25%

Operational Phase – Nil
SMA 11%Construction Phase -1.8125%

Operational Phase – 1.5625%		Construction Phase -0.8125%

Operational Phase – 0.5625%
SMA 21%Construction Phase -1.8125%

Operational Phase – 1.5625%		Construction Phase -0.8125%

Operational Phase – 0.5625%
NPA15%25%-100% based on Vintage10%-85% based on Vintage
Secured retail loans, Corporate Loan, Loan to Medium EnterprisesSMA 00.4%0.4%
SMA 10.4%5% (0.4% for loans against FD, NSC, LIC and KVP)

(2.5% for direct exposures to/guaranteed by State Governments)		4.6%

No change for loans against FD, NSC, LIC and KVP
SMA 20.4%5%(0.4% for loans against FD, NSC, LIC and KVP)

(2.5% for direct exposures to/guaranteed by State Governments)		4.6%

No change for loans against FD, NSC, LIC and KVP
NPA15%25%-100% based on Vintage

10%-100% for loans against FD, NSC, LIC and KVP and for direct exposures to/guaranteed by State Government)		10%-85% based on Vintage
Exposures under various schemes of Credit Guarantee Fund Trust for Micro andSmall Enterprises (CGTMSE), Credit Risk Guarantee Fund Trust for Low IncomeHousing (CRGFTLIH) and National Credit Guarantee Trustee Company Ltd  (NCGTC)SMA 00.4%0.25%0.15%
SMA 10.4%0.25%0.15%
SMA 20.4%0.25%0.15%
NPANo provision for the guaranteed portion. 

NPA provisioning as per extant guidelines for the portion outstanding in excess of the guarantee

(Only when the Governmentrepudiates its guarantee when invoked)		10%-100% based on vintage for secured and guaranteed portion

25%-100% based on vintage for unsecured and unguaranteed portion

(Only if the claims are not settled with ninety datesfrom the due date of the loan)
Home LoansSMA 00.25%0.25%0.15%
SMA 10.25%1.5%1.25%
SMA 20.25%1.5%1.25%
NPA15%10%-100% based on Vintage(-)5% – 85% based on Vintage
LAPSMA 00.4%0.4%
SMA 10.4%1.5%1.1%
SMA 20.4%1.5%1.1%
NPA15%10%-100% based on Vintage (-)5% – 85% based on Vintage
Unsecured Retail loanSMA 00.4%1%0.6%
SMA 10.4%5%4.6%
SMA 20.4%5%4.6%
NPA25%25%-100% based on Vintage0%-75% based on Vintage

The actual impact of such additional provisioning will be a hit of more than 3% to the profit of banks. Based on the RBI Financial Stability Report of FY 24-25, the current level of SMA and NPA is estimated to be ₹3,78,000 crores (2%) and ₹4,28,000 crores (2.3%), respectively. 
Accordingly, an additional provision of approximately ₹ 18,000 crores (4.6% of SMA volume) and ₹ 42,000 crores (10% of NPA volume) will be required for SMA and NPA respectively, leading to a total impact of at least ₹60,000 crores. This estimate has been arrived at by considering the % of NPAs and SMA-1 & SMA-2 portfolios of banks. The actual impact may be higher, as lot of loans may be unsecured, and may have ageing exceeding 1 year, in which case the differential provision may be higher.

It may be noted that while the draft directions allow Banks to add back the excess ECL provisioning to the CET 1 capital, it does not neutralize the immediate profitability impact, as the additional provisions would still flow through the profit and loss account.

How do we expect banks to smoothen this hit that may affect the FY 27-28 P/L statements? We hold the view that it will be prudent for banks, who have system capabilities, to estimate their ECL differential, and create an additional provision in FY 25-26, or do technical write-offs.

Effective Interest Rate requirement applies to all loans effective 1st April, 2027

ECL does not come alone; it comes along with the Ind AS 109 companion – the requirement to compute effective interest rate (EIR) for all financial assets and financial instruments. How does EIR requirement differ from the existing rate of interest/internal rate of return approach? Because EIR has the impact of amortising loan acquisition costs or upfront fees. Currently, banks could have taken the upfront earnings such as processing or origination fees/costs directly to revenue – these will now have to part of the EIR computation. More than impacting the profit number, EIR creates a significant impact on loan management systems, as it results in dual computations – the accounting balances and the customer LMS balances are likely to be different.

Upfront recognition of fair value changes

Para 19 requires that on 1st April, 2027, that is, the date of first adoption, all financial assets and instruments will be fair valued, and the fair value changes (gains or losses) will be adjusted against retained earnings. This is consistent with the principles of first time adoption of Ind AS.

On stakeholder representation, the RBI added this part to Para 19:

Where facts and circumstances indicate that the transaction has been undertaken on terms such that the fair value of the financial asset is not materially different from its carrying cost, the same shall be presumed to be the best evidence of fair value.

What does this imply? If the terms of the financial facility have remained the same, does it mean no fair valuation has to be done? Surely no, at least in our opinion. Any fair value change in fixed rate instruments happens for two reasons: change in credit spreads (rating changes, credit quality changes, etc), or change in rate of interest. If there is a facility extended, say at a rate of interest of 8%, whereas the prevailing rate of interest for a borrower of similar credit standing has moved up to 10%, will there be a fair value decrease? Surely yes.

There are lots of loans which were extended during Covid or periods of low interest rates, which are still continuing. In all such cases, fair value losses are imminent. 

The meaning of the para above can only be that if the terms of the original facility are similar to what they would currently be, then the fair value will not have to be computed.

See our other resources:

  1. Expected credit losses on loans: Guide for NBFCs
  2. Impact of restructuring on ECL computation

Virtual Certificate Course on Grooming of Chief Compliance Officers of NBFCs

/0 Comments/in /by

Register your interest here: https://forms.gle/dBgva39FYWpBGDP4A

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download as PDF [2.11 MB]