RBI/DoS/2026-27/XX
DoS.CO.PPG.XX/11.01.005/2026-27 XXXX XX, 2026 Reserve Bank of India (Non-Banking Financial Companies - Compliance Function) Directions, 2026 Introduction The Compliance function is a critical element of the corporate governance framework of a Non-Banking Financial Company. The provisions set out in these Directions represent minimum standards, based on the principle of proportionality, and the Non-Banking Financial Company shall structure its Compliance framework in line with its governance arrangements, scale of operations, risk profile and organisational structure. In exercise of the powers conferred by Sections 45JA, 45L and 45M of the Reserve Bank of India Act, 1934, and Section 6 of the Factoring Regulation Act, 2011, and all other provisions / laws enabling the Reserve Bank of India (‘RBI’) in this regard, RBI being satisfied that it is necessary and expedient in the public interest so to do, hereby, issues these Directions hereinafter specified. Chapter I - Preliminary A. Short Title and Commencement 1. These Directions shall be called the Reserve Bank of India (Non-Banking Financial Companies - Compliance Function) Directions, 2026. 2. These Directions shall come into effect immediately upon issuance. B. Applicability 3. These Directions shall be applicable to Non-Banking Financial Companies (hereinafter collectively referred to as ‘NBFCs’ and individually as ‘NBFC’) in the Middle Layer and Upper Layer, unless specified otherwise. Note: The applicability under these Directions is in line with the regulatory structure for NBFCs as set out in Reserve Bank of India (Non-Banking Financial Companies – Registration, Exemptions and Framework for Scale Based Regulation) Directions, 2025. C. Definitions 4. In these Directions, unless the context states otherwise, the terms herein shall bear the meaning assigned to them below: (1) ‘Compliance Risk’ shall mean the risk of legal or regulatory sanctions, material financial loss, or loss to reputation that an NBFC may suffer as a result of its failure to comply with laws, regulations, rules, and codes of conduct, etc., applicable to its activities. 5. All other expressions unless defined herein shall have the same meaning as have been assigned to them under the Reserve Bank of India Act, 1934, the Banking Regulation Act, 1949, or the Companies Act, 2013, or any statutory modification or re-enactment thereto or other regulations issued by RBI or the Glossary of Terms published by RBI or as used in commercial parlance, as the case may be. Chapter II - Governance and Oversight A. Role of the Board 6. The Board / Audit Committee of Board (ACB) shall ensure that an appropriate Compliance policy is put in place and implemented. It shall prescribe the periodicity for review of compliance risk. B. Role of the Senior Management 7. The senior management shall carry out an annual compliance risk assessment to identify and assess major compliance risks faced by the NBFC and prepare a plan to manage the risks. It shall submit to the Board / ACB a review at the prescribed periodicity and a detailed annual review of Compliance. The annual review shall ensure coverage of at least the following aspects: (1) Compliance failures, if any, during the preceding year and consequential losses and regulatory action, as also steps taken to avoid recurrence of the same (appropriate remedial or disciplinary action); (2) Listing of all major regulatory guidelines issued during the preceding year and steps taken to ensure compliance; (3) Compliance with fair practices codes and adherence to standards set by self-regulatory bodies and accounting standards; and (4) Progress in the rectification of significant deficiencies and implementation of recommendations pointed out in various audits and RBI inspection reports. C. Compliance Policy 8. The Board-approved Compliance policy shall clearly spell out its Compliance philosophy, expectations on Compliance culture, structure, and role of the Compliance function, the role of Chief Compliance Officer (CCO), processes for identifying, assessing, monitoring, managing, and reporting on compliance risk. The Policy shall be reviewed at least once a year. 9. Broadly, the policy shall ensure coverage of the following aspects: (1) Measures to ensure the independence of the Compliance function and its responsibilities to freely disclose findings and views to senior management, Board / ACB; (2) Focus on various regulatory and statutory compliance requirements; (3) Monitoring mechanism for the compliance testing procedure; (4) Reporting requirements, including compliance risk assessment and change in risk profile, etc. to the senior management and to the Board / ACB; (5) The authority of the Compliance function to have access to information throughout the NBFC; (6) A mechanism for dissemination of information on regulatory prescriptions and guidelines among staff and periodic updating of operational manuals; and (7) The approval process for all new processes and products by the Compliance Department, prior to their introduction. Chapter III - Scope, Structure, and Responsibilities A. Scope 10. Compliance function shall ensure strict observance of all statutory and regulatory requirements for the NBFC, including standards of conduct, managing conflict of interest, treating customers fairly and ensuring the suitability of customer service. B. Structure 11. The Compliance Department shall be headed by the CCO, meeting the requirements prescribed under Chapter IV of these Directions. The NBFC is free to adopt its own organisational structure for the Compliance function. However, the function shall be independent and sufficiently resourced, its responsibilities shall be clearly specified, and its activities shall be subject to periodic and independent review. 12. In case of NBFCs having separate Departments / divisions looking after compliance with different statutory and other requirements, the Departments concerned shall hold prime responsibility for their respective areas, which shall be clearly outlined. Adherence to applicable statutory provisions and regulations shall be the responsibility of each staff member. However, the Compliance function shall ensure overall oversight. C. Staffing 13. The staff in the Compliance Department shall primarily focus on Compliance function. However, the Compliance staff may be assigned some other duties while ensuring that there is no conflict of interest. 14. Apart from having staff with basic qualifications and practical experience in business lines / audit and inspection functions, Compliance function shall have adequate staff members with knowledge of statutory / regulatory prescriptions, law, accountancy, risk management, information technology, etc. The NBFC shall ensure appropriate succession planning to avoid any future skill gap. D. Roles and Responsibilities 15. Compliance function shall be responsible for undertaking the following activities at the minimum: (1) Assist the Board and the senior management in overseeing the implementation of Compliance policy, including policies and procedures, prescriptions in compliance manuals, internal codes of conduct, etc. (2) Play the central role in identifying the level of compliance risk in the organisation. The compliance risks in existing / new products and processes shall be analysed and appropriate risk mitigants are put in place. All new products shall be subjected to intensive monitoring at least for the first six months of introduction to ensure that the indicative parameters of compliance risk are adequately monitored. (3) Compliance function shall monitor and test compliance by performing sufficient and representative compliance testing, and the results of such compliance testing shall be reported to the senior management. It shall periodically circulate the instances of compliance failures among staff, along with the required preventive instructions. Staff accountability shall be examined for major compliance failures. (4) Ensure compliance of regulatory / supervisory directions given by RBI in both letter and spirit in a time-bound and sustainable manner. The NBFC shall put in place an effective Compliance Program where all Risk Mitigation Plan / Monitorable Action Plan points are complied with within the timelines prescribed. Compliance to RBI inspection reports shall be communicated to RBI necessarily through the office of the Compliance function. (5) Attend to compliance with directions from other regulators in cases where the activities of the entity are not limited to the regulation / supervision of RBI. Further, discomfort conveyed to the NBFC on any issue by other regulators, and action taken by any other authorities / law enforcement agencies, shall be brought to the notice of RBI. 16. The Compliance Department may also serve as a reference point for the staff from operational Departments for seeking clarifications / interpretation of various regulatory and statutory guidelines. E. Internal Audit 17. Compliance risk shall be included in the risk assessment framework of the Internal Audit function, and Compliance function shall be subject to regular internal audit. The CCO shall be kept informed of audit findings related to compliance, which shall serve as a feedback mechanism for assessing the areas of compliance failures. Chapter IV - Chief Compliance Officer A. Appointment 18. Selection of the candidate for the post of Chief Compliance Officer (CCO) shall be made based on a well-defined selection process and recommendations made by a committee constituted by the Board / ACB for the purpose. The Board / ACB shall take final decision in the appointment of CCO. If considered necessary, the CCO may also be recruited externally from outside the NBFC. 19. The CCO shall have a clean track record and unquestionable integrity. 20. The CCO shall have a good understanding of the industry and risk management practices, knowledge of regulations, legal requirements, and have sensitivity to Supervisory expectations. B. Authority, Stature, and Independence 21. The CCO shall be appointed for a fixed minimum tenure of not less than three years. However, in exceptional cases, the Board / ACB may relax the minimum tenure by one year, provided appropriate succession planning is put in place. 22. The CCO can be transferred / removed before completion of the tenure only in exceptional circumstances, with the explicit prior approval of the Board / ACB, after following a well-defined and transparent internal administrative procedure. 23. The CCO shall be a senior executive of the NBFC with a position not below two levels from the Chief Executive Officer (CEO). Provided that in the case of NBFCs in the Middle Layer, this requirement may be relaxed by one level further. 24. The CCO shall examine compliance and shall have the ability to exercise judgment independently as well as shall have the freedom and authority to interact with regulators / supervisors directly. 25. The CCO shall have direct reporting lines to the Managing Director (MD) & CEO and / or Board / ACB. In case the CCO reports to the MD & CEO, the Board / ACB shall meet the CCO at quarterly intervals on a one-to-one basis, without the presence of the senior management, including MD & CEO. Further, the performance appraisal of the CCO shall be reviewed by the Board / ACB. 26. The CCO shall not have any reporting relationship with the business verticals. 27. There shall not be any 'dual hatting,' i.e., the CCO shall not be given any responsibility which brings elements of conflict of interest, especially any role relating to business. The CCO shall generally not be a member of any committee which conflicts their role as CCO with responsibility as a member of the committee, including any committee dealing with purchases / sanctions. In case the CCO is a member of any such committee, that would only be an advisory role. 28. The CCO shall have the authority to communicate with any staff member and have access to all records or files that are necessary to enable them to carry out entrusted responsibilities in respect of compliance issues. C. Reporting Requirements 29. A prior intimation to the Senior Supervisory Manager, Department of Supervision, RBI, shall be provided before appointment, premature transfer, resignation, early retirement or removal or any other change in terms and conditions regarding tenure of the CCO. In the case of appointment, such information shall be supported by a detailed profile of the candidate along with the 'Fit and Proper' certification by the MD & CEO of the NBFC, confirming that the person meets the prescribed supervisory requirements, if any. 'Fit and Proper’ criteria may be examined based on the requirements spelt out in these Directions. D. Roles and Responsibilities 30. The CCO shall be the nodal point of contact between the NBFC and the regulators / supervisors and shall necessarily be a participant in the structured or other regular discussions held with RBI. 31. The CCO shall be a member of the 'new product' committee/s. If there is no such committee in existence, then the CCO shall evaluate all new products before these are launched. Chapter V - Use of Technology for Monitoring 32. The NBFC shall implement comprehensive, integrated, enterprise-wide and workflow-based solutions / tools to enhance the effectiveness of Compliance function. Such a solution / tool shall, inter alia: (1) provide for effective communication and collaboration among all the stakeholders (by bringing business, compliance and IT teams, senior management, etc.); (2) have processes for identifying, assessing, monitoring, and managing compliance requirements; (3) escalate issues of non-compliance, if any; (4) require recording approval of competent authority for deviations / delay in compliance submission; and (5) have a unified dashboard view to senior management on compliance position of the NBFC as a whole. 33. The NBFC, based on the size and complexity of its operations, may decide on the tools / mechanism which it would prefer to deploy for monitoring of compliance and development of the unified dashboard Chapter VI - Repeal and Other Provisions A. Repeal and Saving 34. With the issue of these Directions, the existing directions, instructions, and guidelines relating Compliance function as applicable to Non-Banking Financial Companies stand repealed, as communicated vide circular no. XX dated XXXX XX, 2026. The directions, instructions, and guidelines already repealed vide any of the directions, instructions, and guidelines listed in the above notification shall continue to remain repealed. 35. Notwithstanding such repeal, any action taken or purported to have been taken, or initiated under the repealed directions, instructions, or guidelines shall continue to be governed by the provisions thereof. All approvals or acknowledgments granted under these repealed lists shall be deemed as governed by these Directions. Further, the repeal of these directions, instructions, or guidelines shall not in any way prejudicially affect: (1) any right, obligation or liability acquired, accrued, or incurred thereunder; (2) any penalty, forfeiture, or punishment incurred in respect of any contravention committed thereunder; (3) any investigation, legal proceeding, or remedy in respect of any such right, privilege, obligation, liability, penalty, forfeiture, or punishment as aforesaid; and any such investigation, legal proceedings or remedy may be instituted, continued, or enforced and any such penalty, forfeiture or punishment may be imposed as if those directions, instructions, or guidelines had not been repealed. B. Application of Other Laws Not barred 36. The provisions of these Directions shall be in addition to, and not in derogation of the provisions of any other laws, rules, regulations, or directions, for the time being in force. C. Interpretations 37. For giving effect to the provisions of these Directions or to remove any difficulties in the application or interpretation of the provisions of these Directions, RBI may, if it considers necessary, issue necessary clarifications in respect of any matter covered herein and the interpretation of any provision of these Directions given by RBI shall be final and binding. (Tarun Singh)
Chief General Manager |