Posts

RBI’s Pillar 3 Proposes Disclosure of Liquidity Risks and Measures 

/0 Comments/in /by

Move from Narrative Disclosures to Structured Transparency

– Payal Agarwal, Partner | payal@vinodkothari.com 

The draft Capital Adequacy Amendment Directions of RBI propose changes to the existing Directions in relation to the Pillar 3 disclosure requirements (Market Discipline). The amendments are proposed to be made towards better alignment of the regulatory disclosure framework with the Basel norms. In addition to the new disclosure requirements with respect to Liquidity Risks and Macro-prudential Supervisory measures, the Draft proposes a move from narrative disclosures to a more structured, comprehensive transparency. 

Proposed to be effective from: quarter ended 30th September, 2026 

Highlights of the proposal 

  • Banks to have formal disclosure policy for Pillar 3 data
    • Key elements of the policy to be described in the year-end Pillar 3 report or cross- referenced to another location where they are available 
  • Formal attestation by one or more WTDs in writing that Pillar 3 disclosures have been prepared in accordance with the board-agreed internal control processes 
  • Safeguarding proprietary and confidential information:
    • Disclosure not required for proprietary or confidential information that may reveal the position of a bank or contravene its legal obligations 
    • More general information about the subject matter including the fact that specific items of information have not been disclosed and the reasons thereof. 
  • Guiding principles of Pillar 3 disclosures specified
    • Disclosures to be clear, comprehensive, meaningful, consistent and comparable
  • Disclosure of data points for previous period not required in case of  first-time reporting of a metric
    • For permitted transitions, the transitional data shall be reported unless the bank is compliant with fully loaded requirements 
  • For regulatory disclosures on the website, archive period proposed to increase to 10 years, against existing 3 years’ requirement 

Disclosure on Liquidity Risk Management measures

The proposed format, amongst others, incorporates a new field for liquidity related disclosures. This includes, qualitative and quantitative disclosures on liquidity risk management aspects, alongside disclosure of Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio (NSFR):  

Qualitative disclosures: LRM governance Funding strategy including policies on diversification and tenor Liquidity risk mitigation techniquesExplanation of stress testingOutline of contingency funding plans Quantitative disclosures: Measurement tools for structural liquidity and cash flow projections Concentration limits on collateral pools and sources of fundingLiquidity exposures and funding needs and entity and branch level including limitations on transferability of liquidityBalance sheet and off-balance sheet items broken down into maturity buckets and the resultant liquidity gaps

Contents of disclosure (Annex III)

Proposed Format

Existing Format

New Disclosures

Frequency of Disclosure

1. Overview of risk management, key prudential metrics, and RWA

  

Template KM1: Key metrics (at consolidated group level)

New addition in the form of summary table, cross-linked to respective detailed tables
  • Liquidity Coverage Ratio (LCR)
  • Net Stable Funding Ratio (NFSR)

Quarterly

Table OVA: Bank risk management approach

General qualitative disclosure requirement under Risk Exposure and Assessment

More granular information such as risk governance structure, qualitative information on stress testing etc. 

Annual

Template OV1: Overview of RWA

No specific equivalent

RWAs and minimum capital requirements broken down for various risk categories: credit, CCR, market, operational etc.

Quarterly

2. Linkages between financial statements and regulatory exposures

  

Table LIA: Explanations of differences between accounting and regulatory exposure amounts

New table, some information overlap with Table DF-1: Scope of application

Qualitative explanations on the differences observed between accounting carrying value and amounts considered for regulatory purposes

Annual

Table LIB: Outline of the differences in the scope of consolidation (entity by entity)

Corresponds to Table DF-1: Scope of application

Annual

Template LI1: Differences between accounting and regulatory scopes of consolidation and mapping of financial statement categories with regulatory risk categories

No specific table; however, overlaps with Table DF-12: Composition of capital – reconciliation requirements

Breakdown of each component of balance sheet by risk framework — credit risk, CCR, securitisation, market risk, or not subject to capital requirements/ capital deduction 

Annual

Template LI2: Main sources of differences between regulatory exposure amounts and carrying values in financial statements

No specific table; source of material differences between its total balance sheet assets (net of on-balance sheet derivative and SFT assets) as reported in its financial statements and its on-balance sheet exposures to be disclosed and detailed in line 1 of the common disclosure template.

Detailed template covers sources of differences, viz., valuation differences, netting differences, provisions, and prudential filters — by risk category column.

Annual

Template PV1 – Prudent valuation adjustments (PVAs)

Only a single line-item within regulatory capital composition table

Break down PVAs by type (CVA loss, closeout cost, early termination, model risk, operational risk, funding costs, administrative costs, other) and by instrument category (equity, rates, FX, credit) and book (trading / banking).

Annual

3 Composition of Capital

  

Table CCA – Main features of regulatory capital instruments

Table DF-13: Main features of regulatory capital instruments

Ongoing, at least on a semi-annual basis

Template CC1 – Composition of regulatory capital

Table DF-11: Composition of capital

Semi-annual

Template CC2: Reconciliation of regulatory capital to balance sheet

Table DF-12: Composition of capital – reconciliation requirements

Higher granularity provided under each line-item

Semi-annual

4 Remuneration

  

Table REMA – Remuneration policy

Qualitative disclosures under Table DF-15: Disclosure requirements for remuneration

  

Annual

Template REM1 – Remuneration awarded during financial year

Quantitative disclosures under Table DF-15: Disclosure requirements for remuneration

More granular details sought 

Annual

Template REM2: Special payments

Annual

Template REM3: Deferred remuneration

Annual

5. Credit Risk

  

Table CRA – General qualitative information about credit risk

Table DF-3: Credit risk: general disclosures for all banks

Specific disclosure w.r.t. credit risk function, viz., 

  • Structure and organisation of the credit risk management and control function
  • Relationships between the credit risk management, risk control, compliance and internal audit functions etc. 

Annual

Template CR1: Credit quality of assets

  

Semi-annual

Template CR2: Changes in stock of non-performing loans and debt securities

  

Semi-annual

Table CRB: Additional disclosure related to the credit quality of assets
  • Breakdown of restructured exposures between standard and non-performing exposures.

Annual

Table CRC: Qualitative disclosure related to credit risk mitigation techniques

Table DF-5: Credit risk mitigation: disclosures for standardised approaches

Annual

Template CR3: Credit risk mitigation techniques – overview

Semi-annual

Table CRD: Qualitative disclosures on bank’s use of external credit ratings under the standardised approach for credit risk

Table DF-4 – Credit risk: disclosures for portfolios subject to the standardised approach (qualitative)

  

Annual

Template CR4: Standardised approach – credit risk exposure and Credit Risk Mitigation (CRM) effects

On-balance sheet and off-balance sheet exposures for each asset class:

  • Before CCF and CRM 
  • Post CCF and CRM
  • RWA and RWA density

Semi-annual

Template CR5: Standardised approach – exposures by asset classes and risk weights

Table DF-4 – Credit risk: disclosures for portfolios subject to the standardised approach (quantitative)

Risk weight buckets increased; existing format  divides into 3 major risk buckets

Semi-annual

6. Counterparty credit risk

  

Table CCRA – Qualitative disclosure related to counterparty credit risk

Table DF-10: General disclosure for exposures related to counterparty credit risk

Annual

Template CCR1 – Analysis of counterparty credit risk (CCR) exposure by approach

Structured in a tabulated form with more granular data requirements

Semi-annual

Template CCR3 – CCR exposures by regulatory portfolio and risk weights

Semi-annual

Template CCR4 – Composition of collateral for CCR exposures

Semi-annual

Template CCR5 – Credit derivatives exposures

  

Template CCR6 – Exposures to central counterparties

  

7. Securitisation

  

Table SECA – Qualitative disclosure requirements related to securitisation exposures

Table DF-6: Securitisation exposures: disclosure for standardised approach

List of:

  • affiliated entities (i) that the bank manages or advises and (ii) that invest either in the securitisation exposures that the bank has securitised or where the bank acts as facility provider.
  • a list of entities to which the bank provides implicit support and the associated capital impact for each of them

Annual

Template SEC1 – Securitisation exposures in the banking book

Bifurcation based on: 

  • bank as an originator and as an investor 
  • STC and others 

Semi-annual

Template SEC2 – Securitisation exposures in the trading book

Semi-annual

Template SEC3 – Securitisation exposures in the banking book and associated regulatory capital requirements – bank acting as originator

Semi-annual

Template SEC4 – Securitisation exposures in the banking book and associated capital requirements – bank acting as investor

Semi-annual

8. Market Risk

  

Table MRA – Qualitative disclosure requirements related to market risk

Table DF-7: Market risk in trading book

Elaboration of qualitative disclosures, viz., 

  • Strategies and processes 
  • Structure and organisation of the market risk management function
  • Scope and nature of risk reporting and/or measurement systems.

Annual

Template MR1 – Market risk under the standardised approach

Classification of positions: 

  • Outright products 
  • Options – Simplified approach, delta-plus method or scenario approach

Semi-annual

9. Operational Risk

  

Table ORA: Disclosure related to operational risk and operational resilience

Table DF-8: Operational risk

Elaboration of qualitative disclosures

  

10. Interest rate Risk

  

Table IRRA: Disclosure related to Interest Rate Risk

Table DF-9: Interest rate risk in the banking book (IRRBB)

Elaborated qualitative disclosures

Annual for qualitative disclosure and semiannual for quantitative disclosure

11. Macroprudential supervisory measures

  

Template GSIB1 – Disclosure of G-SIB indicators

12 indicators used in the assessment methodology of the G-SIB framework

Annual

Template CCyB1 – Geographical distribution of credit exposures used in the countercyclical capital buffer

Geographical breakdown of private sector credit exposures (values and RWAs) and Countercyclical capital buffer rate for computation of the bank-specific countercyclical capital buffer rate and amount

Semi-annual

12. Leverage Ratio

  

Template LR1 – Summary comparison of accounting assets vs leverage ratio exposure measure

Table DF 17- Summary comparison of accounting assets vs. leverage ratio exposure measure

Quarterly

Template LR2 – Leverage ratio common disclosure template

Table DF-18: Leverage ratio common disclosure template

Quarterly

13. Liquidity

  

Table LIQA – Liquidity risk management

See above

Annual

Template LIQ1 – Liquidity coverage ratio (LCR)

Unweighted and weighted values of

  • Total High Quality Liquid Assets 
  • Cash outflows and cash inflows (component-wise)

Quarterly 

Template LIQ2 – Net stable funding ratio (NSFR)

Unweighted value by residual maturity and weighted value of

  • Available Stable Funding (ASF) Item (each component)
  • Required stable funding (RSF) Item (each component)

Semi-annual

 

Remote Device Locking: RBI proposes highly guarded path

/0 Comments/in /by

Some proposals may be impractical

– Jeel Ranavat, Assistant Manager| finserv@vinodkothari.com 

On May 21,2026, RBI issued revised draft RBI (Non-Banking Financial Companies – Responsible Business Conduct) Amendment Directions, 2026  that contains  several paragraphs, not being there in the earlier Draft RBI (Non-Banking Financial Companies – Responsible Business Conduct) Second Amendment Directions, 2026 version, which permit a financier of devices to be able to remotely lock its partial functionality, on continued non-payment of dues. Among other safeguards, such as preserving the basic functionality (access to internet, incoming calls, emergency SOS features, and receipt of emergency Government or public-safety notifications), the RBI also imposes a minimum 90 days default to trigger the locking. In our view, given the short tenure of funding, the 90-day default threshold, clearly a legacy of long-term lending practices, is quite impractical in the context. We present the highlights and our critical appraisal of the RBI’s proposals.

Introduction

Remote device locking is fast becoming the new device in recovery practices. With the ability to remotely restrict access to a borrower’s device, lenders are increasingly viewing the technology as a powerful tool to control defaults and strengthen recoveries.

In the past supervisory observations, RBI raised concerns regarding “full device locking” mechanisms adopted by certain lenders/Lending Service Provider (LSPs), noting that such measures may be disproportionate, coercive, and restrict access to essential device functionalities. The concerns appear to stem from borrower protection and fair practices considerations, particularly where borrowers are denied access to basic device features unrelated to the financed asset or outstanding dues.

At the same time, the Digital Personal Data Protection Act, 2023 (DPDP Act) introduces an additional layer of regulatory scrutiny like device-level restrictions and monitoring inherently involve the processing and control of personal data, making borrower consent, lawful processing, proportionality, purpose limitation, and data minimisation central to any remote locking framework.

From a data protection perspective, excessive control over a borrower’s device may raise serious concerns around privacy, digital autonomy, and the broader obligation to safeguard the rights of data principals.

The RBI has issued Revised Draft – RBI (Non-Banking Financial Companies – Responsible Business Conduct) Amendment Directions, 2026 which provides deployment of technology-based mechanism for recovery of loan duesalso known as “Remote Device Locking”, and proposes to restrict the use of device-locking mechanisms as a recovery tool, except where the loan was specifically granted for financing the concerned mobile device. 

The regulatory message is increasingly clear that technology-driven recovery mechanisms cannot come at the cost of privacy, fairness, or access to essential digital services.

Pre-requisites for Remote Device Locking


Device-locking mechanisms as a recovery tool is not permitted. However, in case the loan was specifically granted for financing the concerned mobile device, such measures may be adopted by the lenders subject to certain conditions:

  • Documentation and Communication: 
    • Clear and unambiguous disclosure which expressly authorises such restrictions in loan agreement. 
    • Further, trigger events for initiating recovery-related restrictions must be clearly defined and disclosed upfront to the borrower.
  • Prior Notice: A structured notice and cure mechanism must be implemented prior to imposing any restriction. 
    • A minimum 21-day notice period should be provided once the account reaches 60 DPD, giving the borrower a chance to cure the default. 
    • Following expiry of 21 days notice an additional 7-day cure period is given to the borrower before any restrictive measure is imposed.
  • DPD Status: Restrictions should be invoked only where the account remains in default beyond 90 DPD despite prior notices and cure opportunities, ensuring that such measures are used strictly as a last resort.
  • Access Control: Under no circumstances should restrictions impair access to essential device functionalities, including internet connectivity, incoming calls, emergency SOS services, or government/public safety notifications. 

Conclusion

Most device financing loans are short-tenure products, typically ranging from 3 to 12 months. If  lenders are required to wait until 60 DPD, followed by a 21-day notice period, an additional 7-day cure window, and eventual restriction only after 90 DPD, this may significantly reduce the commercial effectiveness of remote device locking as a recovery tool.

In short-tenure device financing loans, recovery measures are most effective during the early stages of delinquency, when the borrower continues to actively rely on the device. 

In practice, several lenders have historically adopted much earlier-stage device restrictions upon payment default. However, RBI appears to be consciously moving away from such practices due to concerns around coercive recovery measures, borrower protection, proportionality, and access to essential digital services.

Virtual Certificate Course on Grooming of Chief Compliance Officers of NBFCs

/0 Comments/in /by

Register your interest here: https://forms.gle/dBgva39FYWpBGDP4A

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download as PDF [2.12 MB]

Indian Securitisation in FY26: Securitised Paper Volumes grow, with originator and asset diversity 

/0 Comments/in , , , /by

– Vinod Kothari & Chirag Agarwal | finserv@vinodkothari.com

Volumes of securitisation (which, of course, have always included bilateral assignments or so-called DA transactions) fell by 6% in FY 26, if the origination volume by Reliance group entities in the first half were to be excluded. However, the market has shown more originator diversity, with an increasing share of smaller issuers, including those tasting the market for the first time.

The dip in volumes is because of the larger issuers who were prominently absent or subdued – Shriram Finance as the largest issuer having raised on-balance sheet liquidity, and banking companies. However, the share of gold loans went up sharply, largely due to the sharp increase in gold prices and gold lending, Microfinance companies went more for securitisation, rather than direct assignment transactions.

For anyone studying the Indian securitisation market, it is important to note the following:

  • Reported volumes in India include direct assignments, which, in international parlance, are not “securitisation” (pure bilateral loan sales). However, in India, traditionally, DA has been a close and quick proxy for securitisation, and hence, mostly included. In FY 26, the split of DA/PTC volumes shows PTC transactions having gained in proportion. One rating agency1 reports an increase of PTC volume percentage from 54% to 60%; another one2 shows the increase from 48% to 52%.
  • Indian transactions mostly show LAP transactions as a part of MBS, whereas what the world reports as RMBS is quite small in India. Last year, there was a prominent transaction by LIC Housing Finance, through the NHB-promoted RDCL. There was no RDCL issuance this year. It seems that RMBS volume was either too small to be reportable, or was completely absent.
  • Microfinance sector has been under some stress in the recent past; however, MFIs have increasingly resorted to PTC issuances, with small deal sizes. Some deal sizes are even below 100 crores. This is indicating greater diversity of issuers, and of course, yields and ratings.
  • The market also seems to be showing larger acceptance for lower rated securities i.e., BBB+.

Overall, in a stressful global scenario, securitisation has stood firm. Non financial sector entities have shown increasing willingness to tap the market. Of course, SEBI regulations have to be more enabling.

Below, we give a detailed overview of the securitisation market, including a discussion on the asset classes. 

NBFCs vs Banks

Securitisation volumes have been largely driven by NBFCs, which recorded a 30% year-on-year increase in value. In contrast, originations by banks have declined significantly.

Recent Securitisation Structures in India – A Mix of Tradition and Innovation

Among asset classes, vehicle loans (including commercial vehicles and two-wheelers) accounted for 50% of securitisation volumes (vs 47% in the corresponding period last fiscal). Mortgage-backed loans accounted for about 28% of securitisation volume (vs 37% in the last FY). 

Vehicle loan-backed securitisations dominated the market, both in terms of number of deals and total value, reaffirming the sector’s strong position. This is consistent with the growth trend in vehicle loan originations during FY 25.

In addition to vehicle loans, originators also securitised receivables from a diverse set of underlying asset classes during Q4, including:

  1. Microfinance Loans
  2. Secured Business Loans
  3. Unsecured Business Loans
  4. Home Loans
  5. Unsecured Personal Loans
  6. Gold Loans

The continued diversification in underlying asset classes highlights the evolving maturity of India’s securitisation market and growing investor appetite across segments. The break-up of securitisation volumes across various asset classes have been presented below:

Securitisation of Vehicle Loans

The issuance volume for vehicle loan securitisation during FY26 was approximately ₹1.26 lakh crores. Most of the transactions were structured as single-tranche issuances. However, a few exceptions featured more layered structures comprising senior and equity tranches, or senior, mezzanine, and equity tranches.

In terms of credit ratings, the tranches were rated between A- and AAA. Notably, the senior tranches in the majority of transactions received high investment-grade ratings, typically falling within the AA+ to AAA range. This indicates strong investor confidence and reflects the underlying credit quality of the asset pools, supported by adequate credit enhancement mechanisms. 

Further, replenishing structures were also observed commonly during FY26. These variations indicate growing sophistication in transaction structuring within the vehicle loan securitisation space, aimed at catering to different investor preferences, improving credit protection, and aligning with originator risk appetite. As the market matures, further innovation in structuring and risk mitigation features can be expected.

In terms of credit enhancements, most vehicle loan securitisation transactions during the last quarter of FY26 featured: cash collateral (CC) and overcollateralisation (OC), with the Excess Interest Spread (EIS) serving as the first layer of loss absorption.

Securitisation of Microfinance Loans

During FY26, the MFI sector has seen a revival after a period of stress during FY 25 and FY 24. This has been due to better credit underwriting of lenders, improving performance trends and granular pool characteristics. Further, after a period of stress, the lenders relied on time-tested borrowers rather than exploring new markets leading to higher average ticket size of loans. This has led to a growth in the volumes of securitisation of microfinance loans during FY26. The PTC issuance volume of microfinance institutions increased to 14%  of total PTC issuance in FY26 from 6% of total PTC issuances in FY25. Most of the transactions were structured as a single tranche securitisation. 

Further, most microfinance loan securitisation transactions during the quarter featured credit enhancement through two primary mechanisms: CC and overcollateralisation OC, with the EIS serving as the first layer of loss absorption.

Securitisation of pool of loans backed by Home Loans & LAP

The volume of mortgage backed securitisation has been low both in terms of number as well as in terms of amount of issuance. As compared to FY25, the total MBS issuances dropped to 28% of total issuance from 37%. The transactions featured a common waterfall matrix and had received an overall rating of AAA. 

In terms of credit enhancement, CC and OC has been provided as a credit enhancement with the EIS serving as the first layer of loss absorption. 

Securitisation of Gold Loans

Gold loan securitisation volumes in H2FY26 stood at approximately ₹18,500 crore, significantly higher than the ₹5,000 crore recorded for the whole of FY25.

The jump in gold lending securitisation may be due to increase in gold prices and resultant increase in the value of the collateral. As a result of this valuation spike, average ticket sizes have increased, indicating that as gold valuations rise, consumers are leveraging higher-value loans to meet their financing needs. Another reason for the increased origination may be removal of LTV restriction in case of income generating gold loans.

Securitisation of Unsecured Loans

As per rating rationales published by Care the securitisation volumes of unsecured loans (both personal and business) increased during FY26. Investors in unsecured loan transactions, are preferring the PTC route, due to the support provided by external enhancement. CC and OC have also been provided as a credit enhancement with the EIS serving as the first layer of loss absorption.

Related articles: 

  1. Secure with Securitisation: Global Volumes Expected to Rise in 2025
  2. India securitisation volumes 2024: Has co-lending taken the sheen?
  3. Indian securitisation enters a new phase: Banks originate with a bang
  4. Securitisation: Indian market grows amidst global volume contraction
  1. Crisil report on securitisation volumes: https://www.crisilratings.com/en/home/newsroom/press-releases/2026/04/securitisation-deal-value-peaks-to-rs-2-55-lakh-crore-in-fiscal-2026.html ↩︎
  2. Care report on securitisation volumes
    https://www.careratings.com/uploads/newsfiles/1775801608_FY26%20Retail%20Securitisation%20at%20Rs%202.53%20Trillion%20First%20Dip%20PostPandemic.pdf ↩︎

Consolidation of RBI Directions Ver 2.0

/0 Comments/in /by

Team Finserv | finserv@vinodkothari.com

Following the consolidation action undertaken by the Department of Regulations (DoR) in November 2025, the Department of Supervision has now undertaken a comprehensive exercise to consolidate existing standalone circulars issued by RBI in supervisory domain into function-wise, entity-specific consolidated Directions for easier navigation and application. The supervisory instructions have been organised into distinct Directions for each type of RE on each supervisory function.

  1. Compliance Function– Prescribing the guidelines for compliance risk assessment and appointment of the chief compliance officer.
  2. Concurrent Audit– This is specifically applicable in case of banks and not NBFCs. In case of NBFCs, the Auditor’s Report Directions lays down the disclosures and reporting by auditors of NBFCs
  3. Cybersecurity, Technology: Risk, Resilience and Assurance- Provides comprehensive guidelines on IT governance and policy, information security and cybersecurity, IT operations, information system audit, BCP, disaster recovery and IT services outsourcing.
  4. Digital Payments Security Controls- Provides guidelines for credit-card issuing NBFCs on   governance and security risk mitigation, authentication framework, fraud risk management, reconciliation mechanism, grievance redressal mechanism, web application, mobile application and card payment security controls.
  5. Fraud Risk Management- Lays down the process for identification and classification of fraudulent borrowers and the implementation of early warning signals (EWS)
  6. Internal Audit Function or Risk Based Internal Audit- Provides for harmonised Internal Audit systems and processes to be implemented by larger NBFCs (Deposit Taking and entities having asset size above ₹5000 cr) 
  7. Statutory Audit- Lays down the regulations for appointment of statutory auditors, their eligibility criteria, intimation and reporting to the RBI, etc.
  8. Supervisory Returns- All regulatory filings and submission of returns to the RBI
  9. Miscellaneous- Consolidates the instructions for implementation of CFSS, nomination facility to be provided in case of deposit accounts, fair lending practices for charging of interest and the Prompt Corrective Action Framework. 

A detailed analysis of the drafts for NBFCs has been covered here- 

Proposed DraftExisting CircularsApplicability Key Changes
Reserve Bank of India (Non-Banking Financial Companies – Compliance Function) Directions, 2026Compliance Function and Role of Chief Compliance Officer (CCO) – NBFCs
Streamlining of Internal Compliance monitoring function – leveraging use of technology 		NBFCs, including HFCs, in the ML and UL.No major changes.It has been clarified that in the absence of a new product committee, the CCO shall be required to evaluate all new products before they are launched.
Reserve Bank of India (Non-Banking Financial Companies – Cybersecurity, Technology: Risk, Resilience and Assurance) Directions, 2026 [IT Directions]Master Direction – Information Technology Framework for the NBFC Sector (IT Framework)Reserve Bank of India (Information Technology Governance, Risk, Controls and Assurance Practices) Directions, 2023 (IT Governance)All NBFCsCICs were not required to comply requirements of IT Governance Framework, the draft IT Directions now mandate CICs to comply with the IT baseline technology standardsFor NBFCs with asset size below ₹ 500 cr-Chapter IV of IT Directions:Use of public key infrastructure (PKI) for ensuring  confidentiality of data, access control, data integrity has been made mandatory (earlier recommendatory)Timeline of reporting of cyber incidents to RBI specified as 6 hours (IT Framework did not contain any such timeline)Use of Digital Signature to authenticate electronic records has been made mandatory (earlier recommendatory)For NBFCs with asset size above ₹ 500 cr-Chapter IV of IT Directions, has specified that IT capacity requirements are now to be ensured by ITSC
Reserve Bank of India (Non-Banking Financial Companies – Digital Payment Security Controls) Directions, 2026Master Direction on Digital Payment Security ControlsCard issuing NBFCs There is additional expectation that Risk and Control Self Assessment (RCSA) shall be conducted by vendors as well and such RCSA should be evaluated by the Credit-Card issuing NBFC.Credit-Card issuing NBFCs are required to comply with a number of technical standards for card payment security. Status of compliance with these standards are to be reported to the ITSC for deliberation and appropriate action.
Reserve Bank of India (Non-Banking Financial Companies – Fraud Risk Management) Directions, 2026Master Directions on Fraud Risk Management in Non-Banking Financial Companies (NBFCs) (including Housing Finance Companies)
FAQs on Master Directions on Fraud Risk Management in Regulated Entities (REs), 2024		NBFC-ML, NBFC-UL,NBFC-BL having asset size ₹500 crores and aboveHFCs.No Change. FAQs integrated with the circular. 
Reserve Bank of India (Non-Banking Financial Companies – Internal Audit Function) Directions, 2026Risk-Based Internal Audit (RBIA)All Deposit taking NBFCs and HFCs Non-Deposit taking NBFCs and HFCs with asset size of ₹5,000 crore and aboveNo Change
Reserve Bank of India (Non-Banking Financial Companies – Statutory Audit) Directions, 2026Guidelines for Appointment of Statutory Central Auditors (SCAs)/Statutory Auditors (SAs) of Commercial Banks (excluding RRBs), UCBs and NBFCs (including HFCs)
FAQs on Guidelines for Appointment SCAs/ SAs of Commercial Banks (excluding RRBs), UCBs and NBFCs (including HFCs)		NBFCs and HFCs having asset size ₹1000 crores and aboveNo Change. FAQs integrated with the circular. 
Reserve Bank of India (Non-Banking Financial Companies – Supervisory Returns) Directions, 2026Master Direction – Reserve Bank of India (Filing of Supervisory Returns) Directions – 2024
LIST OF RETURNS SUBMITTED TO RBI		All NBFCs (excluding HFCs)Change in name of return DNBS09 from DNBS09-CRILC Weekly– RDB return to DNBS09- Return on Defaulted Borrowers.Quarterly return on Large Exposure Framework to be filed quarterly by all NBFCs in the Upper Layer – The earlier requirement was reporting of 10 largest exposures of the entity as against the proposed requirement of reporting the top 20 largest exposures. Change in nomenclature of returns on fraud reporting:FMR-I to FMRFMR-III to FUAFMR-IV to FMR 4Form A Certificate is now proposed to be filed online instead of filing in hard copy/ via email.It is proposed that hard copy of returns (hand/post/courier) or email submissions would not be accepted (i.e., would not be deemed to have been submitted by the NBFC) unless specifically prescribed.Additional returns to be filed by SPDs specified. 
Reserve Bank of India (Non-Banking Financial Companies – Miscellaneous) Supervisory Directions, 2026Implementation of ‘Core Financial Services Solution’ by Non-Banking Financial Companies (NBFCs)Fair Practices Code for Lenders – Charging of InterestCoverage of customers under the nomination facilityPrompt Corrective Action (PCA) Framework for Non-Banking Financial Companies (NBFCs)Chapter III – All NBFCs including HFCs and MFIsChapter IV – Deposit Taking NBFCs (excl. HFCs)Chapter V- Deposit taking, Non-Depositaking, in Middle, Upper and Top Layers including CICs but excluding NBFCs not accepting/ intending to accept public funds.The phased manner timelines for implementation of CFSS has been removed since the circular is now effective 
Reserve Bank of India (Non-Banking Financial Companies – Auditor’s Report) Directions, 2026Master Direction – Non-Banking Financial Companies Auditor’s Report (Reserve Bank) Directions, 2016

Provisions related to DNBS-10 (SAC) in Master Direction – Reserve Bank of India (Filing of Supervisory Returns) Directions – 2024 		Applicable to every auditor of an NBFCClarified that the auditor is now obligated to report to the RBI instances of non-compliance with all applicable extant directions issued by RBI.
Other than the above, no major change except updation of references.

CGTMSE Risk Shield for MFI Lending 

/0 Comments/in , /by

-Vinod Kothari and Chirag Agarwal | finserv@vinodkothari.com

The National Credit Guarantee Trust Company (NCGTC), under the Department of Financial Services, has floated a scheme which will guarantee lending upto ₹20000 crores by banks and financial institutions (Member Lending Institutions or MLIs), for taking incremental loan exposure to MFIs. The Scheme intends to nudge bank lending to MFIs, as the former has shunned away in view of the perceived risk of the sector in the recent past. The NCGTC takes 70% – 80% risk of default of the bank loans to the MFIs, provided the lending is done accordingly with the conditions of the Scheme.

Among the conditions, the MFI must lend at least at 1% lower than the average lending rate over the last 6 months, and the MLI must lend at no more than 2% over the benchmark rate (MCLR or EBLR as applicable). 

In our view, the Scheme has following outcome expectations:

  • Given the credit risk transfer to the extent of 70% – 80% (depending on the 3 sizes of MFIs), the credit risk aversion as also the credit risk premium, should significantly come down.
  • In view of the credit risk transfer, the risk weight for capital adequacy also comes to zero for the guaranteed portion, resulting into significant capital relief for the MLI
  • Since the Scheme can be utilised only for incremental lending, and that too, at a cheaper rate, there may be downward pressure on lending rates, resulting in a demand-side push. The latter is quite important, as reduced lending volumes in the MFI sector are quite often the cause of higher defaults as well.
  • Overall, the environment of sectoral aversion would change.

Essential Features of the Scheme

Who are MLIs?

  • Schedule Commercials Banks
  • AIFIs

What type of loans are covered under the Scheme?

  • Funding provided by the MLIs to MFIs for on-lending to microfinance borrowers

What is the interest cap under the Scheme?

  • Loans sanctioned by MLIs to NBFC-MFIs/MFIs is capped at EBLR or 1 Year MCLR + 2% per annum
  • Loans by NBFC- MFIs/MFIs to microfinance borrowers is capped at 1% below the average rate of their lending in past 6 months.

What is the cap on tenure of loans under the Scheme?

  • Maximum tenure of the loan provided by MLI to MFIs shall be 3 years (1-year moratorium plus 2 years for loan repayment).

Conditions for MLIs to get benefits under the Scheme:

  • At least 5% of the total loan amount under the Scheme shall be sanctioned to small-sized MFIs, & 10% to medium-sized MFIs.
  • The maximum amount of loan which can be sanctioned by MLIs to MFIs shall be capped at 20% of the Assets Under Management (AUM) of respective MFI subject to maximum of ₹100 crore to small size, ₹200 crore to medium size and ₹300 crore to large size MFIs
  • MFIs shall be classified as small, medium and large based on their AUM as follows:
    • Small MFIs – Less than 500 crores
    • Medium MFIs – Rs.500 crores to less than Rs. 2000 crores
    • Large MFIs -Rs. 2000 crores or more

Maximum coverage under the guarantee:

  • 70% to Large MFIs, 75% to Medium MFIs & 80% to Small MFIs of the amount in default for a maximum period of 3 years

Guarantee Fee:

  • MLIs shall pay to NCGTC Guarantee Fee at 0.5% of the sanction amount (first year) and outstanding amount (thereafter).

Claim Process:

  • MLI shall submit a claim on an annual basis (once every year) in respect of the amount in default.

Navigation Roadmap through New Consolidated RBI Directions – Presentation for NBFCs

/0 Comments/in /by
Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download as PDF [470.34 KB]

Some of our recent write up and videos on Master Directions and amendments/ draft proposals:

  1. Uneasy Ease: RBI Proposes Exemption in Approval Mode  for Type I NBFCs
  2. Shastrarth 27: Type 1 NBFC Exemption
  3. From Consent to Compensation: RBI’s Draft Directions for REs on Sales Practices
  4. Presentation on Selling of Financial Products by Banks and NBFCs
  5. Selling of Financial Products by Banks and NBFCs (video)
  6. Credit Risk Management Rules modified: RBI brings revised norms on Related Party Lending and Contracting
  7. Shastrarth 26 – Loans to related parties by banks and NBFCs (Youtube video)
  8. Lending to your own: RBI Amendment Directions on Loans to Related Parties

Webinar on Selling of Financial Products by Banks and NBFCs

/0 Comments/in /by

Register here: https://forms.gle/bXGa4SxeraRfMzKS7

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download as PDF [353.88 KB]

Shashtrarth 27: Type 1 NBFC Exemption

/0 Comments/in /by

Watch our youtube video: https://www.youtube.com/watch?v=IBv09etJb2g

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download as PDF [209.89 KB]

Disrupting Traditional Card based Payments – Smart Contract based Payment Infrastructure using Stablecoin

/0 Comments/in /by

Subhojit Shome, Senior Manager | Finserv@vinodkothari.com 

Introduction

The payments ecosystem is often described as the “plumbing” of commerce—rarely visible to consumers, yet fundamental to economic activity. For decades, this plumbing has been dominated by credit and debit card systems, operated by banks and card networks under tightly regulated frameworks. In recent years, however, global technology platforms have begun experimenting with alternative payment infrastructures, particularly those built on blockchain technology, with the aim of reducing remittance fees and achieving faster settlement.1

One such initiative is the payment infrastructure jointly developed by Shopify and Coinbase (“Shopify–Coinbase Payment Infrastructure”), which enables merchants to accept payments using stablecoins, most notably USD Coin (USDC), without relying on traditional card networks.

Shopify–Coinbase Payment Infrastructure has been initially launched in at least 34 countries where merchants can accept USDC payments via the Base (blockchain) network. This includes a range of markets across the United States, most of Europe, Canada, Australia, Japan, Singapore2. A number of these countries/ regions (e.g. United States3, EU4,  Japan5, Singapore6) have statutorily recognised, and regulate the use of stablecoins.

This article examines the Shopify–Coinbase Payment Infrastructure in comparison with traditional card payment rails and analyses the regulatory concerns that would arise if such a system were to operate in India, with particular reference to the Payment and Settlement Systems Act, 2007 (“PSS Act”) and the regulatory stance of the RBI.

Understanding Payment “Rails” and the Card System

To appreciate what Shopify and Coinbase seek to replace, it is first necessary to understand the traditional debit/ credit card “payment rails”. The term “rails” is a metaphor, referring to the underlying infrastructure that carries a payment transaction from the payer to the payee—much like railway tracks carry trains.

In a credit or debit card transaction, the rails consist of several interconnected elements. When a customer uses a card, the merchant does not receive money immediately. Instead, the transaction is routed through the card network (such as Visa, Mastercard, or RuPay), which communicates with the customer’s bank (the issuer) and the merchant’s bank (the acquirer). The customer’s bank first checks whether sufficient funds or credit are available and places a temporary hold on that amount. This is known as authorisation (“auth”). The actual transfer of money happens later, when the merchant confirms the transaction—a step known as capture. Settlement between banks typically occurs after a delay of one or two business days.

This system is heavily regulated in India – card networks operate under RBI oversight, settlement occurs through RBI-regulated banking channels, and consumers are protected through structured dispute resolution mechanisms, including chargebacks7. The entire system functions within the legal framework of the PSS Act and the RBI’s directions on payment systems and card networks, payment aggregators, and consumer protection.

The Shopify–Coinbase Payment Infrastructure

The Shopify–Coinbase Payment Infrastructure proposes a fundamentally different way of moving money. Instead of using banks and card networks as intermediaries, it relies on stablecoins, which are digital tokens designed to maintain a stable value by being backed by traditional currency reserves. The stablecoin USDC, for example, is designed to track the value of the US dollar.

In this system, when a customer pays a merchant, the payment is executed on a blockchain network. The funds are first locked in a digital escrow mechanism controlled by software (a “smart contract”) and once the merchant fulfils the order, the funds are automatically released to the merchant. This process replicates the familiar card concepts of authorisation and capture (“auth and capture”), but replaces banks and card networks with software rules and cryptographic verification.

From the user’s perspective, the checkout experience may look familiar. From a legal perspective, however, the system represents a shift from institution-based trust (banks and regulators) to code-based execution. Settlement is near-instant, global, and does not depend on banking infrastructure.

Auth/ Capture using Stablecoins and Smart Contracts

In card payment systems, authorisation and capture are two distinct but linked stages in how a transaction is processed and settled. One of the unique characteristics of the Shopify–Coinbase Payment Infrastructure is that it is able to replicate such an auth/ capture settlement process which is observed in traditional card rails.8

Authorisation is the preliminary step. When a customer enters card details at checkout, the merchant seeks confirmation that the cardholder has sufficient funds or credit and that the transaction is permitted. At this stage, no money actually moves. Instead, the issuing bank places a temporary hold on the relevant amount, effectively earmarking those funds. From a legal perspective, authorisation represents a conditional and revocable promise by the issuer to honour the transaction, subject to subsequent validation and compliance with network rules.

Capture occurs later, when the merchant confirms that the goods or services have been provided (or are about to be provided) and formally requests payment. Upon capture, the transaction becomes final for settlement purposes. The temporary hold created at the authorisation stage is converted into an obligation to transfer funds through the card network’s clearing and settlement process. Only after capture does the merchant acquire an enforceable right to receive payment, subject to chargeback and dispute mechanisms.

The Shopify–Coinbase Payment Infrastructure seeks to recreate this familiar commercial logic—authorisation first, settlement later—while removing traditional card networks entirely. In this model, the customer pays using a stablecoin (typically denominated in a foreign currency such as the US dollar). Rather than immediately transferring funds to the merchant, the payment is first routed into a smart contract–based escrow. This escrow functions as the economic equivalent of card authorisation. The funds are not credited to the merchant and cannot be unilaterally withdrawn. They are effectively “locked,” signalling the payer’s intent and financial capacity, much like a card authorisation hold. The legal character of this stage differs fundamentally from card authorisation. In card systems, the issuer’s promise is conditional and revocable, and the funds remain within the regulated banking system. In a blockchain escrow, by contrast, the customer has already transferred the funds out of their wallet. Control is no longer exercised by a regulated intermediary but by pre-programmed contractual logic embedded in code.

The equivalent of capture occurs when the merchant satisfies predefined conditions—such as confirmation of shipment or lapse of a dispute window. Once those conditions are met, the smart contract automatically releases the stablecoins to the merchant’s wallet. Settlement is thus executed not through interbank clearing, but through an on-chain state change that is immediate, final, and typically irreversible. From a legal standpoint, this mechanism replaces discretionary decision-making by regulated institutions with deterministic execution by software.

Comparing Card Rails with Stablecoin-Based Payments

The contrast between card rails and the Shopify–Coinbase model is not merely technical; it is institutional and legal.

Card payments are embedded within a regulated financial ecosystem. Every participant—issuer banks, acquirers, networks, payment aggregators—is subject to licensing, capital requirements, audit obligations, and RBI supervision. Settlement occurs in Indian Rupees, and consumer protection is enforced through mandatory refund and dispute resolution frameworks.

By contrast, the stablecoin model shifts settlement outside the traditional banking system. Funds are represented not as bank deposits but as digital tokens. Settlement does not occur through RBI-regulated systems such as RTGS, NEFT, or card clearing arrangements, but on a distributed ledger maintained by a global network of computers. While this may reduce costs and increase speed, it also raises fundamental questions about regulatory oversight, legal accountability, and consumer protection.

The Indian Legal Framework Governing Payment Systems

The Payment and Settlement Systems Act, 2007 establishes a comprehensive legal framework under which the RBI is the sole authority empowered to regulate and supervise payment systems.

No person, other than the Reserve Bank, shall commence or operate a payment system except under and in accordance with an authorisation issued by the Reserve Bank under the provisions of this Act (Section 4 of the PSS Act)

Under the PSS Act, no person may operate a payment system in India without authorisation from the RBI. A “payment system” is defined broadly to include any arrangement that enables payments to be effected between a payer and a beneficiary. This definition is technology-neutral and focuses on function rather than form. Consequently, even a novel digital arrangement may fall within the regulatory perimeter if it facilitates payment and settlement.

In addition to the PSS Act, the RBI has issued detailed regulations governing card payments, payment aggregators and payment gateways, which impose obligations relating to customer funds, escrow arrangements, settlement timelines, dispute resolution, and grievance redressal. These regulations reflect the RBI’s core concern: protecting consumers and preserving the integrity of the payment system.

From an Indian statutory and regulatory standpoint, several concerns arise if a Shopify–Coinbase-type payment infrastructure were to be used by Indian merchants or consumers.

First, there is the issue of authorisation under the PSS Act. A stablecoin-based payment system that enables Indian users to make payments would likely qualify as a “payment system” under the Act. In the absence of explicit RBI authorisation, operating such a system in India would be impermissible, regardless of its technological sophistication.

Second, there is the question of settlement in Indian Rupees. Domestic payment systems in India settle in INR through RBI-regulated channels. Online card payments made in India using Indian cards cannot be routed through foreign banks or settled in foreign currency — they must be handled by Indian banks and settled in INR.9 Also, “Wallets”, i.e., prepaid payment instruments (PPI) essentially need to be loaded in INR.10 Stablecoin settlement, particularly when denominated in a foreign currency such as the US dollar, bypasses these channels. While stablecoins may be created so as to be denominated in INR, no recognition currently exists for stablecoins as settlement instruments for domestic payments.

Third, custody and consumer protection pose significant challenges. RBI regulations require that customer funds be held with regulated entities, typically banks, and that clear mechanisms exist for refunds, reversals, and dispute resolution. Blockchain-based escrow mechanisms are governed by software rather than law, and once a transaction is final, reversing it may be impossible without voluntary cooperation by the merchant. This stands in tension with RBI’s consumer-centric regulatory approach.

Fourth, there are foreign exchange and monetary policy considerations. Stablecoins backed by foreign currency reserves raise concerns under India’s foreign exchange regime and broader monetary sovereignty objectives. RBI has repeatedly expressed caution about private digital currencies and stablecoins, citing risks to financial stability and policy transmission.11

Conclusion

The Shopify–Coinbase Payment Infrastructure represents a significant evolution in global commerce, demonstrating how technology can replicate—and potentially outperform—traditional card systems in terms of speed and cost. However, from an Indian legal perspective, innovation in payments is not evaluated solely on efficiency. It is assessed through the lens of statutory compliance, regulatory oversight, consumer protection, and monetary stability.

While the logic of authorisation and capture may be technologically reproduced through blockchain-based escrow mechanisms, the legal foundations of payment systems in India remain firmly anchored in the PSS Act and RBI regulation. Until stablecoin-based payment infrastructures are brought within this framework—through authorisation, INR settlement mechanisms, and enforceable consumer protections—their direct adoption in the Indian domestic payments landscape would face substantial legal and regulatory hurdles.

  1. Stablecoins on the Blockchain – Stablecoins offer significant advantages over traditional remittance rails, primarily through reduced fees and faster settlement. While the World Bank reports a global average cost of ~6.6% for a ~$200 remittance, and annual transaction costs exceeding $41 billion, stablecoins can cut fees dramatically, often to ~$0.01 for high-volume transactions. Beyond cost, stablecoins provide near real-time settlement, a stark contrast to traditional cross-border remittances that can take days, with additional delays from holidays or bank closures. Ref. https://www.dbresearch.com/PROD/RI-PROD/PDFVIEWER.calias?pdfViewerPdfUrl=PROD0000000000610103&rwnode=REPORT
    ↩︎
  2. Ref. https://coinspaidmedia.com/news/shopify-launches-usdc-payments-34-countries/
    ↩︎
  3. In 2025, the GENIUS Act was enacted, creating a regulatory framework specifically for payment stablecoins – https://www.congress.gov/bill/119th-congress/senate-bill/1582
    ↩︎
  4.  EU Markets in Crypto-Assets Regulation (MiCA) places stablecoins under a category of asset-referencing tokens that are allowed to circulate and be used for payments – https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng ↩︎
  5.  Amendments to Japan’s Payment Services Act define certain types of fiat-pegged stablecoins as electronic payment instruments – https://www.fsa.go.jp/en/newsletter/weekly2023/540.html
    ↩︎
  6.  The Monetary Authority of Singapore (MAS) has developed a stablecoin regulatory framework under its Payment Services Act – https://www.mas.gov.sg/news/media-releases/2023/mas-finalises-stablecoin-regulatory-framework
    ↩︎
  7. A chargeback is a consumer protection process that allows a cardholder to dispute a transaction they believe is fraudulent, unauthorized, or not as described. The cardholder requests their bank to reverse the transaction, and the funds are debited from the merchant’s account. Ref. https://razorpay.com/blog/what-is-a-chargeback/
    ↩︎
  8. Ref. https://shopify.engineering/commerce-payments-protocol ↩︎
  9.  …where cards issued by banks in India are used for making card not present payments towards purchase of goods and services provided within the country, the acquisition of such transactions has to be through a bank in India and the transaction should necessarily settle only in Indian currency, in adherence to extant instructions on security of card payments.Ref. https://www.rbi.org.in/commonperson/english/scripts/Notification.aspx?Id=1496 ↩︎
  10. PPIs shall be permitted to be loaded / reloaded by cash, debit to a bank account, credit and debit cards, PPIs (as permitted from time to time) and other payment instruments issued by regulated entities in India and shall be in INR only.https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12156 ↩︎
  11.  Widespread adoption of stablecoins would undermine central banks’ ability to control money supply and interest rates. ‘If both an official currency and a crypto asset are used for pricing goods and services, domestic prices could become highly unstable due to the inherent volatility of the crypto asset.’ (IMF-FSB 2023). If residents increasingly hold or transact stablecoins, changes in domestic policy rates may have limited influence on economic decisions, weakening the effectiveness of monetary policy. – Keynote address by Mr T Rabi Sankar, Deputy Governor of the Reserve Bank of India, available here – https://www.bis.org/review/r251216i.htm. ↩︎

See our other resources

  1. Tokenisation of Real World Assets – The Way Ahead for Creating Securities;
  2. Cryptos: Are They Back in Business?;
  3. Security Token Offerings & their Application to Structured Finance;
  4. Decentralised Finances;
  5. Cryptocurrency on the path to Legalisation?;
  6. Cryptocurrency – A Cautionary Tale for India;
  7. Trustless System;
  8. Blockchain based lending; A peer-to-peer system;
  9. Financial Services firms foray into the metaverse.