Click here to Visit the RBI’s new website


(610 kb)
Master Directions - Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017 (Updated as on December 29, 2022)

Master Direction DNBR (PD) 090/03.10.124/2017-18

October 04, 2017
(Updated as on December 29, 2022)
(Updated as on September 29, 2022)
(Updated as on October 05, 2021)
(Updated as on December 23, 2019)
(Updated as on November 22, 2019)
(Updated as on February 23, 2018)
(Updated as on November 09, 2017)

Master Directions - Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017

The Reserve Bank of India, (hereinafter referred to as “the Bank”) issued a Notification No DNBR.045/CGM (CDS)-2017 dated August 24, 2017 in terms of sub-clause (iii) of clause(f) of section 45I of the Reserve Bank of India Act, 1934 (hereinafter referred to as “the Act”) and on being satisfied that it is necessary to do so, in exercise of the powers conferred under section 45IA, 45JA, 45L,and 45M of the Act, and of all the powers enabling it in this behalf, hereby issues these Directions for compliance of the same by every Non-Banking Financial Company that carries on the business of a Peer to Peer Lending Platform.

1. Short title and commencement of the Directions:

(1) These Directions shall be known as the Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017.

(2) These Directions shall come into force with immediate effect.

2. Applicability of the Directions

These Directions shall apply to every Non-Banking Financial Company- Peer to Peer Lending Platform (NBFC-P2P) as defined in these Directions.

3. Scope

These Directions provide a framework for the registration and operation of NBFC-P2Ps in India.

4. Definitions

(1) In these Directions, unless the context otherwise requires, the terms used herein shall bear the meanings assigned to them below —

(i) “Company” means a company as defined in clause (20) of section 2 of the Companies Act, 2013;

(i)(a) “Dividend Payout Ratio” means the ratio between the amount of the dividend payable in a year and the net profit as per the audited financial statements for the financial year for which the dividend is proposed. Proposed dividend shall include both dividend on equity shares and compulsory convertible preference shares eligible for inclusion in Tier I Capital/ owned fund. In case the net profit for the relevant period includes any exceptional and/or extra-ordinary profits/ income or the financial statements are qualified (including 'emphasis of matter’) by the statutory auditor that indicates an overstatement of net profit, the same shall be reduced from net profits while determining the Dividend Payout Ratio.

(ii) “Leverage Ratio” means the Total Outside Liabilities divided by Owned Funds, of the NBFC-P2P.

(iii) “Nonperforming asset” (NPA) means a loan where interest and/ or installment of principal remain overdue for a period of 90 days or more.

(iv) “Participant” means a person who has entered into an arrangement with an NBFC-P2P to lend on it or to avail of loan facilitation services provided by it;

(v) “Peer to Peer Lending Platform” means an intermediary providing the services of loan facilitation via online medium or otherwise, to the participants as defined at Item (iv) of sub-paragraph (1) of paragraph 4 of these directions;

(vi) “Non-banking financial company - Peer to Peer Lending Platform” (NBFC-P2P) means a non-banking institution which carries on the business of a Peer to Peer Lending Platform.

(2) Words or expressions used in these Directions but not defined herein and defined in the Act or in the Companies Act, 2013 shall have the same meaning as assigned to them under those Acts.

5. Registration

(1) Eligibility Criteria

(i) No non-banking institution other than a company shall undertake the business of Peer to Peer Lending Platform.

(ii) No NBFC-P2P shall commence or carry on the business of a Peer to Peer Lending Platform without obtaining a Certificate of Registration (hereinafter referred to as “CoR”) from the Bank. Provided that an entity carrying on the business of a Peer-to-Peer Lending Platform as on the effective date of these directions, can continue to do so, subject to the conditions laid down in sub-paragraph (2)(vii) in this Paragraph.

(iii) Every company seeking registration with the Bank as an NBFC-P2P shall have a net owned fund of not less than rupees twenty million or such higher amount as the Bank may specify.

(2) Process of Registration

(i) Every existing and prospective NBFC-P2P shall make an application for registration to the Department of Regulation, Mumbai of the Bank, in the form which will be specified by the Bank for the purpose. Existing NBFC-P2Ps shall apply within three months from the issuance of these Directions.

(ii) The Bank, for the purpose of considering the application for registration, shall require the following conditions, among others, to be fulfilled:

  1. The company is incorporated in India;

  2. The company has the necessary technological, entrepreneurial and managerial resources to offer such services to the participants;

  3. The company has the adequate capital structure to undertake the business of Peer to Peer Lending Platform;

  4. The promoters and the Directors of the company are fit and proper;

  5. The general character of the management of the company is not prejudicial to the public interest;

  6. The company has submitted a plan for, or implemented, a robust and secure Information Technology system;

  7. The company has submitted a viable business plan for conducting the business of Peer to Peer Lending Platform;

  8. Public interest shall be served by the grant of CoR;

  9. Any other condition as may be specified by the Bank, fulfillment of which, in the opinion of the Bank, is necessary to ensure that the commencement of or carrying on the business in India shall not be prejudicial to the public interest.

In case of prospective NBFC-P2Ps

(iii) The Bank may, after being satisfied that the conditions specified under paragraph 5(2)(ii) are fulfilled, grant in-principle approval for setting up of a Peer to Peer Lending Platform, subject to such conditions which it may consider fit to impose.

(iv) The validity of the in-principle approval issued by the Bank will be twelve months from the date of granting such in-principle approval.

(v) Within the period of twelve months, the company shall put in place the technology platform, enter into all other legal documentations required and report position of compliance with the terms of grant of in-principle approval to the Bank.

(vi) The Bank may, after being satisfied that the entity is ready to commence operations, grant a CoR as an NBFC–P2P, subject to conditions as deemed fit by the Bank.

In case of existing NBFC-P2Ps

(vii) Companies that are undertaking the business of Peer to Peer Lending Platform, as defined at paragraph 4(1)(v) of these directions, as on the date of effect of these directions, shall apply for registration as an NBFC-P2P to the Bank within 3 months from that date. Such companies, which have applied to the Bank for registration as an NBFC - P2P, shall be permitted to continue the business of a Peer to Peer Lending Platform till their application for issuance of CoR is rejected, subject to such conditions, including winding down of business, as the Reserve Bank may impose.

(viii) The Bank may cancel the CoR granted to an NBFC-P2P, if such company –

  1. ceases to carry on the business of Peer to Peer Lending Platform in India; or

  2. has failed to comply with any condition subject to which the CoR has been issued to it; or

  3. is no longer eligible to hold the CoR; or

  4. at any time fails to fulfill any of the conditions referred to in paragraphs 5(2)(ii) and 5(2)(v); or

  5. fails to –
    (i) comply with any Direction issued by the Bank; or
    (ii) maintain accounts, publish and disclose its financial position in accordance with the requirements of any law or any Direction or order issued by the Bank; or
    (iii) submit or offer for inspection its books of account or other relevant documents when so demanded by the Bank.

(3) Investment from FATF non-compliant jurisdictions1

(i) Investments in NBFC-P2Ps from FATF non-compliant jurisdictions shall not be treated at par with that from the compliant2 jurisdictions. New investors from or through non-compliant FATF jurisdictions, whether in existing NBFC-P2P or in companies seeking CoR, should not be allowed to directly or indirectly acquire ‘significant influence’ in the investee, as defined in the applicable accounting standards. In other words, fresh investors (directly or indirectly) from such jurisdictions in aggregate should be less than the threshold of 20 per cent of the voting power (including potential3 voting power) of the NBFC-P2P.

(ii) Investors in existing NBFC-P2P holding their investments prior to the classification of the source or intermediate jurisdiction/s as FATF non-compliant, may continue with the investments or bring in additional investments as per extant regulations so as to support continuity of business in India.

6. Scope of Activities

(1) An NBFC-P2P shall-

  1. act as an intermediary providing an online marketplace or platform to the participants involved in Peer to Peer lending;

  2. not raise deposits as defined by or under Section 45I(bb) of the Act or the Companies Act, 2013;

  3. not lend on its own;

  4. not provide or arrange any credit enhancement or credit guarantee;

  5. not facilitate or permit any secured lending linked to its platform; i.e. only clean loans will be permitted;

  6. not hold, on its own balance sheet, funds received from lenders for lending, or funds received from borrowers for servicing loans; or such funds as stipulated in paragraph 9;

  7. not cross sell any product except for loan specific insurance products;

  8. not permit international flow of funds;

  9. ensure adherence to legal requirements applicable to the participants as prescribed under relevant laws.

  10. store and process all data relating to its activities and participants on hardware located within India.

(2) Further, NBFC-P2P shall-

  1. undertake due diligence on the participants;

  2. undertake credit assessment and risk profiling of the borrowers and disclose the same to their prospective lenders;

  3. require prior and explicit consent of the participant to access its credit information;

  4. undertake documentation of loan agreements and other related documents;

  5. provide assistance in disbursement and repayments of loan amount;

  6. render services for recovery of loans originated on the platform.

(3) NBFC-P2P shall not undertake any activity other than those stated in paras 6(1) and 6(2) of these Directions. Deployment of investible funds by an NBFC-P2P in instruments specified by the Bank, not for trading, shall however be permitted.

7. Prudential Norms

(1) NBFC-P2P shall maintain a Leverage Ratio not exceeding 2.

(2) The aggregate exposure of a lender to all borrowers at any point of time, across all P2P platforms, shall be subject to a cap of ₹50,00,000/- provided that such investments of the lenders on P2P platforms are consistent with their net-worth. The lender investing more than ₹10,00,000 across P2P platforms shall produce a certificate to P2P platforms from a practicing Chartered Accountant certifying minimum net-worth of ₹50,00,000.

(3) The aggregate loans taken by a borrower at any point of time, across all P2Ps, shall be subject to a cap of ₹10,00,000/-.

(4) The exposure of a single lender to the same borrower, across all P2Ps, shall not exceed ₹50,000/-.

(5) The maturity of the loans shall not exceed 36 months.

(6) P2Ps shall obtain a certificate from the borrower or lender, as applicable, that the limits prescribed above are being adhered to.

7A. Declaration of dividends4

NBFC-P2Ps shall comply with the following guidelines to declare dividends.

(1) The Board of Directors, while considering the proposals for dividend, shall take into account each of the following aspects:

  1. Qualifications in the Auditors Report to the financial statements.

  2. Long term growth plans of the NBFC-P2P.

(2) NBFC-P2Ps that meet the following minimum prudential requirements shall be eligible to declare dividend:

  1. NBFC-P2Ps shall have met the leverage ratio requirements prescribed under paragraph 7 of this Master Direction in each of the last three5 financial years including the financial year for which the dividend is proposed.

  2. NBFC-P2Ps shall comply with the provisions of Section 45 IC of the Reserve Bank of India Act, 1934.

  3. NBFC-P2Ps shall be compliant with the prevailing regulations/ guidelines issued by the Reserve Bank. The Reserve Bank shall not have placed any explicit restrictions on declaration of dividend.

(3) NBFC-P2Ps that meet the eligibility criteria specified in paragraph 7A(2) above can declare dividend upto a dividend payout ratio of 50 per cent. There will be no ceiling on dividend payout ratio for eligible NBFC-P2Ps that do not accept public funds.

(4) An NBFC-P2P which does not meet the applicable leverage ratio requirements as above, for each of the last three financial years, shall be eligible to declare dividend, subject to a cap of 10 per cent on the dividend payout ratio, provided the NBFC-P2P meets the applicable leverage ratio requirement, as per this Master Direction, in the financial year for which it proposes to pay dividend.

(5) The Board shall ensure that the total dividend proposed for the financial year does not exceed the ceilings specified in these guidelines.  The Reserve Bank shall not entertain any request for ad-hoc dispensation on declaration of dividend.

(6) NBFC-P2Ps declaring dividend shall report details of dividend declared during the financial year as per the format prescribed below.

Details of dividend declared during the financial year
Name of the NBFC-P2P  
Accounting period* Net profit for the accounting period
(₹ crore)
Rate of dividend
(per cent)
Amount of dividend
(₹ crore)
Dividend Payout ratio
(per cent)
* quarter or half year or year ended ----- as the case may be;

The report shall be furnished within a fortnight after declaration of dividend to the Regional Office of the Department of Supervision.

8. Operational Guidelines

(1) NBFC-P2P shall have a Board approved policy in place -

  1. Setting out the eligibility criteria for participants on it.

  2. Determining the pricing of services provided by it.

  3. Setting out the rules for matching lenders with borrowers in an equitable and non-discriminatory manner.

(2) The outsourcing of any activity by NBFC-P2P does not diminish its obligations and it shall be responsible for the actions of its service providers including recovery agents and the confidentiality of information pertaining to the participant that is available with the service providers.

(3) No loan shall be disbursed unless the individual lender/s have approved the individual recipient/s of the loan and all concerned participants have signed the loan contract.

9. Fund Transfer Mechanism

Fund transfer between the participants on the Peer to Peer Lending Platform shall be through escrow account mechanisms which will be operated by a bank promoted trustee. At least two escrow accounts, one for funds received from lenders and pending disbursal, and the other for collections from borrowers, shall be maintained. All fund transfers shall be through and from bank accounts and cash transaction is strictly prohibited. The mechanism as described in the Annex-I may be adopted by the NBFC-P2P.

10. Submission of data to Credit Information Companies (CICs)

(1) An NBFC-P2P shall become member of all CICs and submit data (including historical data) to them.

(2) NBFC-P2P shall:

(i) keep the credit information (relating to borrower transactions on the platform) maintained by it, updated regularly on a monthly basis or at such shorter intervals as may be mutually agreed upon between the NBFC-P2P and the CICs;

(ii) take all such steps which may be necessary to ensure that the credit information furnished by it is up to date, accurate and complete;

(iii) include necessary consents in the agreement with the participants for providing the required credit information;

11. Transparency and Disclosure Requirements

(1) An NBFC-P2P shall be required to disclose the following:

(i) to the lender

  1. details about the borrower/s including personal identity, required amount, interest rate sought and credit score as arrived by the NBFC-P2P.

  2. details about all the terms and conditions of the loan, including likely return, fees and taxes;

(ii) to the borrower - details about the lender/s including proposed amount, interest rate offered but excluding personal identity and contact details;

(iii) publicly disclose on its website:

  1. overview of credit assessment/score methodology and factors considered;

  2. disclosures on usage/protection of data;

  3. grievance redressal mechanism;

  4. portfolio performance including share of non-performing assets on a monthly basis and segregation by age; and

  5. its broad business model.

(2) NBFC-P2P shall ensure that the providing of services to a participant, who has applied for availing of such services, is backed by appropriate agreements between the participants and the NBFC-P2P. The agreements shall categorically specify all the terms and conditions among the borrower, the lender and the NBFC-P2P.

(3) The interest rates displayed on the platform shall be in Annualized Percentage Rate (APR) format.

12. Fair Practices Code

(1) An NBFC-P2P shall put in place a Fair Practices Code, based on the Guidelines outlined herein, with the approval of its Board. The same should be put up on its web-site, for the information of various stakeholders.

(2) NBFC-P2P shall be required to obtain explicit declaration from the lender stating that he/ she has understood all the risks associated with the lending transactions and that P2P platform does not assure return of principal/payment of interest. The declaration shall also state that there exists a likelihood of loss of entire principal in case of default by a borrower. The platform shall not provide any assurance for the recovery of loans. Further, the platform shall display a caveat that “Reserve Bank of India does not accept any responsibility for the correctness of any of the statements or representations made or opinions expressed by the NBFC-P2P, and does not provide any assurance for repayment of the loans lent on it”.

(3) In the matter of recovery of loans, NBFC-P2P shall ensure that the staff are adequately trained to deal with the participants in an appropriate manner and shall not resort to harassment viz; persistently bothering the borrowers at odd hours, use of coercion for recovery of loans, etc.

(4) NBFC-P2P shall ensure that any information relating to the participants received by it is not disclosed to any third party without the consent of the participants.

(5) The Board of Directors shall also provide for periodic review of the compliance of the Fair Practices Code and the functioning of the grievances redressal mechanism at various levels of management. A consolidated report of such reviews shall be submitted to the Board at regular intervals, as may be prescribed by it.

13. Participant Grievance Redressal

(1) An NBFC-P2P shall put in place a Board approved policy to address participant grievances/complaints. Complaints shall be handled/ disposed of by NBFC-P2P within such time and in such manner as provided for in its Board approved policy, but in any case not beyond a period of one month from the date of receipt.

(2) At the operational level, NBFC-P2P shall display the following information prominently, for the benefit of participants, on the website:

(i) the name and contact details (Telephone / Mobile Nos. as also email address) of the Grievance Redressal Officer who can be approached for resolution of complaints against the NBFC-P2P.

(ii) that if the complaint / dispute is not redressed within a period of one month, the participant may appeal to the Customer Education and Protection Department of the Bank.

13A. Nodal Officer/ Principal Nodal Officer

NBFCs covered under the Ombudsman Scheme for Non-Banking Financial Companies, 2018 shall appoint Nodal Officer/ Principal Nodal Officer in accordance with directions as provided under Annex VII.

14. Information Technology Framework, Data Security and Business Continuity Plan

(1) Business of an NBFC-P2P shall be primarily Information Technology (IT) driven. The technology should be scalable to handle growth in business.

(2) There should be adequate safeguards built in its IT systems to ensure that it is protected against unauthorized access, alteration, destruction, disclosure or dissemination of records and data. The Bank may from time to time, prescribe technical specifications, as deemed fit.

(3) NBFC-P2P should have a Board approved Business Continuity Plan in place for safekeeping of information and documents and servicing of loans for full tenure in case of closure of platform.

(4) Information System Audit of the internal systems and processes shall be in place and shall be conducted at least once in two years by CISA certified external auditors. Report of the external auditor shall be submitted to the Regional Office of the Department of Supervision of the Bank, under whose jurisdiction the Registered Office of the NBFC-P2P is located, within one month of submission of the report by the external auditor.

(5) There shall be reasonable arrangements in place to ensure that loan agreements facilitated on the platform will continue to be managed and administered by a third party in accordance with the contract terms, if the NBFC-P2P ceases to carry on the P2P activity.

(6) NBFC-P2P would be required to conform with Master Direction DNBS.PPD. No. 04/66.15.001/2016-17 dated June 8, 2017 on Information Technology Framework for NBFC Sector, as stipulated in Section A from inception.

15. Fit and Proper Criteria

(1) An NBFC-P2P shall

(i) ensure that a policy is put in place, with the approval of the Board of Directors, setting out ‘Fit and Proper’ criteria to be met by its directors. These criteria shall be consistent with the requirements contained in Annexes II to IV;

(ii) ensure that Directors meet the fit and proper criteria at the time of their appointment and on an ongoing basis, certify and inform the same to the Bank on a half-yearly basis;

(iii) obtain a declaration and undertaking from the Directors giving additional information. The declaration and undertaking shall be on the lines of the format given in Annex III;

(iv) obtain a Deed of Covenants signed by the Directors, which shall be in the format as given in Annex IV;

(v) advise the Bank of any change of Directors, or key management personnel, and issue a certificate from the Managing Director/CEO of the NBFC-P2P that fit and proper criteria in selection of the Directors have been followed. The statement must reach the Regional Office of the Department of Supervision of the Bank under whose jurisdiction the Registered Office of the NBFC-P2P is located, within 15 days of the change. An annual statement shall be submitted by the CEO of the NBFC-P2P to the said Regional Office, giving the names of its Directors for the quarter ending on March 31, which should be certified by the auditors.

The Bank, if it deems fit and in public interest, may independently assess whether the directors are, individually or collectively, fit and proper and the NBFC-P2P shall remove the concerned director/s, on being advised by the Bank to do so.

16. Requirement to obtain prior approval of the Bank for allotment of shares, acquisition or transfer of control of NBFC-P2P

(1) Prior written permission of the Bank shall be required for –

(i) any allotment of shares which will take the aggregate holding of an individual or group to equivalent of 26 per cent and more of the paid up capital of the NBFC-P2P;

Explantation: For the purpose of this paragraph, the term

  1. "holding" refers to both direct and indirect holding, beneficial or otherwise. The holding will be computed with reference to the holding of the applicant, relatives (where the applicant is a natural person) and associated enterprises.

  2. "relative" has the same meaning as assigned under section 2(77) of the Companies Act, 2013.

  3. "associate enterprise” has the same meaning as assigned to it in Explanation I to Section 12B of the Banking Regulation Act, 1949.

(ii) any takeover or acquisition of control of an NBFC-P2P, which may or may not result in change of management;

(iii) any change in the shareholding of an NBFC-P2P, including progressive increases over time, which would result in acquisition by/ transfer of shareholding to, any entity, of 26 per cent or more of the paid up equity capital of the NBFC-P2P;

Provided that, prior approval would not be required in case of any shareholding going beyond 26% due to buyback of shares / reduction in capital where it has approval of a competent Court. The same is to be reported to the Bank not later than one month from its occurrence;

(iv) any change in the management of the NBFC-P2P which would result in change in more than 30 per cent of the Directors, excluding independent Directors;

(v) any change in shareholding that will give the acquirer a right to nominate a Director.

Application for Prior Approval

(2) An NBFC-P2P shall submit an application, on the company letter head, for obtaining prior approval of the Bank, along with the following documents:

(i) Information about the proposed Directors/ shareholders as per Annex V;

(ii) Sources of funds of the proposed shareholders acquiring the shares in the NBFC-P2P;

(iii) Declaration by the proposed Directors/ shareholders that they are not associated with any unincorporated body that is accepting deposits;

(iv) Declaration by the proposed Directors/ shareholders that they are not associated with any company, the application for CoR of which has been rejected by the Bank;

(v) Declaration by the proposed Directors/ shareholders that they have not been convicted of any crime and that there are no pending criminal cases against them, including proceedings initiated under section 138 of the Negotiable Instruments Act,1881; and

(vi) Bankers' Report on the proposed Directors / shareholders.

(3) Applications in this regard shall be submitted to the Regional Office of the Department of Supervision of the Bank where the company is registered.

Public Notice about Change in Control/ Management

(4) A public notice of at least 30 days shall be given before effecting the sale of, or transfer of the ownership by sale of shares, or transfer of control, whether with or without sale of shares. Such public notice shall be given by the NBFC-P2P and also by the other party or jointly by the parties concerned, after obtaining the prior permission of the Bank.

(5) The public notice shall indicate the intention to sell or transfer ownership/control, the particulars of transferee and the reasons for such sale or transfer of ownership/ control. The notice shall be published in at least one leading national and in one leading local (covering the place of registered office) vernacular newspaper.

Information with respect to change of address, directors, auditors, etc. to be submitted

(6) Every NBFC-P2P shall communicate, not later than one month from the occurrence of any change in:

(i) the complete postal address, telephone number/s and fax number/s of the registered / corporate office;

(ii) the residential addresses of the Directors of the company;

(iii) the names and office address of the auditors of the company; and

(iv) the specimen signatures of the officers authorised to sign on behalf of the NBFC-P2Pto the Regional Office of the Department of Supervision of the Bank within whose jurisdiction the Registered Office of the NBFC-P2P is located.

Investment from FATF non-compliant jurisdictions

(7) NBFC-P2P shall also ensure compliance to the instructions as specified in the Paragraph 5(3) of these directions.

17. Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFC-P2P.

NBFC-P2P shall conduct a self-assessment of their existing outsourcing arrangements and bring these in line with the directions as provided at Annex VI.

18. Technical Specifications for all participants of the Account Aggregator ecosystem

The NBFC-Account Aggregator (AA) consolidates financial information, as defined in para 3.(1)ix of Master Direction- Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016, of a customer held with different financial entities, spread across financial sector regulators adopting different IT systems and interfaces. In order to ensure that such movement of data is secured, duly authorised, smooth and seamless, it has been decided to put in place a set of core technical specifications for the participants of the AA ecosystem. Reserve Bank Information Technology Private Limited (ReBIT), has framed these specifications and published the same on its website (

Applicable NBFCs acting either as Financial Information Providers (FIP)6 or Financial Information Users (FIU) are expected to adopt the technical specifications published by ReBIT, as updated from time to time

19. Reporting Requirements

(1) The Bank may, from time to time, prescribe return/s to be submitted by NBFC-P2P, as it deems fit.

(2) The following quarterly statements shall be submitted to the aforesaid Regional Office within 15 days after the quarter to which these relate.

(i) A statement, showing the number and amount in respect of loans;

  1. disbursed during the quarter;

  2. closed during the quarter; and

  3. outstanding at the beginning and at the end of the quarter, including the number of lenders and borrowers outstanding as at the end of the quarter

(ii) The amount of funds held in the Escrow Account, bifurcated into funds received from lenders and funds received from borrowers, with credit and debit summations for the quarter.

(iii) Number of complaints outstanding at beginning and at end of quarter, and disposed of during the quarter, bifurcated as received from

  1. lenders and

  2. borrowers.

(iv) The Leverage Ratio, with details of its numerator and denominator.

20. Supervision

The Bank may, at any time, cause an inspection by one or more of its officers or employees, or by any other agency as Bank may deem fit, of any NBFC-P2P.

21. Exemptions

The Bank may, if it considers necessary for avoiding any hardship or for any other just and sufficient reason, grant extension of time to comply with or exempt any NBFC-P2P or class of NBFC-P2Ps or all NBFC-P2Ps, from all or any of the provisions of these Directions, either generally or specially, and subject to such conditions as it may impose.

22. Clarifications

If any question arises relating to the interpretation of these directions, the matter shall be referred to the Bank and the decision of the Bank shall be final.

(J. P. Sharma)
Chief General Manager

Annex II

‘Fit and Proper’ Criteria for Directors of NBFC-P2Ps

NBFC-P2Ps are advised to ensure that the procedures mentioned below are followed and minimum criteria fulfilled by the persons before they are appointed on the Boards:

  1. NBFC-P2Ps should undertake a process of due diligence to determine the suitability of the person for appointment / continuing to hold appointment as a Director on the Board, based upon qualification, expertise, track record, integrity and other ‘fit and proper’ criteria. NBFC-P2Ps should obtain necessary information and declaration from the proposed / existing Directors for the purpose in the format given at Annex III.

  2. The process of due diligence should be undertaken by the NBFC-P2Ps at the time of appointment / renewal of appointment.

  3. The Boards of the NBFC-P2Ps should constitute Nomination Committees to scrutinize the declarations.

  4. Based on the information provided in the signed declaration, Nomination Committees should decide on the acceptance or otherwise of the Directors, where considered necessary.

  5. Where there is any change in information provided by the Directors earlier, the same should be furnished by them to the NBFC-P2P immediately.

  6. NBFC-P2Ps should obtain annually as on 31st March a simple declaration from the Directors that the information already provided has not undergone change and where there is any change, requisite details are furnished by them forthwith.

  7. The Board of the NBFC-P2P must ensure in public interest that the nominated/ elected Directors execute the deeds of covenants in the format given in Annex IV.

Annex III

Name of NBFC-P2P: ________________________

Declaration and Undertaking by Director (with enclosures as appropriate as on)
I. Personal details of director  
  a. Full name  
  b. Date of Birth  
  c. Educational Qualifications  
  d. Relevant Background and Experience  
  e. Permanent Address  
  f. Present Address  
  g. E-mail Address / Telephone Number  
  h. Permanent Account Number under the Income Tax Act and name and address of Income Tax Circle  
  i. Relevant knowledge and experience  
  j. Any other information relevant to Directorship of the NBFC-P2P  
II Relevant Relationships of Director  
  a. List of Relatives if any who are connected with the NBFC-P2P (Refer to the relevant provisions of Companies Act, 2013)  
  b. List of entities if any in which he/she is considered as being interested  
  c. List of entities in which he/she is considered as holding substantial interest within the meaning of prudential norms as prescribed in these Directions.  
  d. Name of NBFCs in which he/she is or has been a member of the board (giving details of period during which such office was held)  
  e. Fund and non-fund facilities, if any, presently availed of by him/her and/or by entities listed in II (b) and (c) above from the NBFC  
  f. Cases, if any, where the director or entities listed in II (b) and (c) above are in default or have been in default in the past in respect of credit facilities obtained from the NBFC or any other NBFC / bank.  
III Records of professional achievements  
  a. Relevant professional achievements  
IV. Proceedings, if any, against the director  
  a. If the director is a member of a professional association/body, details of disciplinary action, if any, pending or commenced or resulting in conviction in the past against him/her or whether he/she has been banned from entry into any profession/ occupation at any time.  
  b. Details of prosecution, if any, pending or commenced or resulting in conviction in the past against the director and/or against any of the entities listed in II (b) and (c) above for violation of economic laws and regulations  
  c. Details of criminal prosecution, if any, pending or commenced or resulting in conviction in the last five years against the director  
  d. Whether the director attracts any of the disqualifications envisaged under the Companies Act, 2013?  
  e. Has the director or any of the entities at II (b) and (c) above been subject to any investigation at the instance of Government department or agency?  
  f. Has the director at any time been found guilty of violation of rules/regulations/ legislative requirements by customs/ excise /income tax/foreign exchange /other revenue authorities, if so give particulars  
  g. Whether the director has at any time come to the adverse notice of a regulator such as SEBI, IRDA, MCA.  
    (Though it shall not be necessary for a candidate to mention in the column about orders and findings made by the regulators which have been later on reversed/set aside in toto, it would be necessary to make a mention of the same, in case the reversal/setting aside is on technical reasons like limitation or lack of jurisdiction, etc and not on merit, If the order of the regulator is temporarily stayed and the appellate/ court proceedings are pending, the same also should be mentioned.)  
V. Any other explanation / information in regard to items I to III and other information considered relevant for judging fit and proper  
  I confirm that the above information is to the best of my knowledge and belief true and complete. I undertake to keep the NBFC-P2P fully informed, as soon as possible, of all events which take place subsequent to my appointment which are relevant to the information provided above.
  I also undertake to execute the deed of covenant required to be executed by all directors of the NBFC-P2P.
  Place : Signature
  Date :  
VI. Remarks of Chairman of Nomination Committee/Board of Directors of NBFC-P2P  
  Place : Signature

Annex IV

Form of Deed of Covenant with a Director

THIS DEED OF COVENANTS is made this ______ day of ________Two thousand _____ BETWEEN _______________, having its registered office at ____________ (hereinafter called the “NBFC-P2P") of the one part and Mr / Ms_____________ of ______________ (hereinafter called the "Director") of the other part.


A. The director has been appointed as a director on the Board of Directors of the NBFC-P2P (hereinafter called "the Board") and is required as a term of his / her appointment to enter into a Deed of Covenants with the NBFC-P2P.

B. The director has agreed to enter into this Deed of Covenants, which has been approved by the Board, pursuant to his said terms of appointment.


1. The Director acknowledges that his / her appointment as director on the Board of the NBFC-P2P is subject to applicable laws and regulations including the Memorandum and Articles of Association of the NBFC-P2P and the provisions of this Deed of Covenants.

2. The Director covenants with the NBFC-P2P that:

(i) The Director shall disclose to the Board the nature of his / her interest, direct or indirect, if he / she has any interest in or is concerned with a contract or arrangement or any proposed contract or arrangement entered into or to be entered into between the NBFC-P2P and any other entity, immediately upon becoming aware of the same or at meeting of the Board at which the question of entering into such contract or arrangement is taken into consideration or if the director was not at the date of that meeting concerned or interested in such proposed contract or arrangement, then at the first meeting of the Board held after he / she becomes so concerned or interested and in case of any other contract or arrangement, the required disclosure shall be made at the first meeting of the Board held after the Director becomes concerned or interested in the contract or arrangement.

(ii) The Director shall disclose by general notice to the Board his / her other directorships, his / her memberships of bodies corporate, his / her interest in other entities and his / her interest as a partner or proprietor of firms and shall keep the Board apprised of all changes therein.

(iii) The Director shall provide to the NBFC-P2P a list of his / her relatives as defined in the Companies Act, 2013 and to the extent the Director is aware of directorships and interests of such relatives in other bodies corporate, firms and other entities.

(iv) The Director shall in carrying on his / her duties as director of the NBFC-P2P:

  1. use such degree of skill as may be reasonable to expect from a person with his / her knowledge or experience;

  2. in the performance of his / her duties take such care as he / she might be reasonably expected to take on his / her own behalf and exercise any power vested in him / her in good faith and in the interests of the NBFC-P2P;

  3. shall keep himself / herself informed about the business, activities and financial status of the NBFC-P2P to the extent disclosed to him / her;

  4. attend meetings of the Board and Committees thereof (collectively for the sake of brevity hereinafter referred to as "Board") with fair regularity and conscientiously fulfil his / her obligations as director of the NBFC-P2P;

  5. shall not seek to influence any decision of the Board for any consideration other than in the interests of the NBFC-P2P;

  6. shall bring independent judgment to bear on all matters affecting the NBFC-P2P brought before the Board including but not limited to statutory compliances, performance reviews, compliances with internal control systems and procedures, key executive appointments and standards of conduct;

  7. shall in exercise of his / her judgement in matters brought before the Board or entrusted to him / her by the Board be free from any business or other relationship which could materially interfere with the exercise of his / her independent judgement; and

  8. shall express his / her views and opinions at Board meetings without any fear or favour and without any influence on exercise of his / her independent judgement;

(v) The Director shall have:

  1. fiduciary duty to act in good faith and in the interests of the NBFC-P2P and not for any collateral purpose;

  2. duty to act only within the powers as laid down by the NBFC-P2P’s Memorandum and Articles of Association and by applicable laws and regulations; and

  3. duty to acquire proper understanding of the business of the NBFC-P2P.

(vi) The Director shall:

  1. not evade responsibility in regard to matters entrusted to him / her by the Board;

  2. not interfere in the performance of their duties by the whole-time directors and other officers of the NBFC-P2P and wherever the director has reasons to believe otherwise, he / she shall forthwith disclose his / her concerns to the Board; and

  3. not make improper use of information disclosed to him / her as a member of the Board for his / her or someone else’s advantage or benefit and shall use the information disclosed to him / her by the NBFC-P2P in his / her capacity as director of the NBFC-P2P only for the purposes of performance of his / her duties as a director and not for any other purpose.

3. The NBFC-P2P covenants with the Director that:

(i) the NBFC-P2P shall apprise the Director about:

  1. Board procedures including identification of legal and other duties of Director and required compliances with statutory obligations;

  2. control systems and procedures;

  3. voting rights at Board meetings including matters in which Director should not participate because of his / her interest, direct or indirect therein;

  4. qualification requirements and provide copies of Memorandum and Articles of Association;

  5. corporate policies and procedures;

  6. insider dealing restrictions;

  7. constitution of, delegation of authority to and terms of reference of various committees constituted by the Board;

  8. appointments of Senior Executives and their authority;

  9. remuneration policy,

  10. deliberations of committees of the Board, and

  11. communicate any changes in policies, procedures, control systems, applicable regulations including Memorandum and Articles of Association of the NBFC-P2P, delegation of authority, Senior Executives, etc. and appoint the compliance officer who shall be responsible for all statutory and legal compliance.

(ii) the NBFC-P2P shall disclose and provide to the Board including the director all information which is reasonably required for them to carry out their functions and duties as a Director of the NBFC-P2P and to take informed decisions in respect of matters brought before the Board for its consideration or entrusted to the director by the Board or any committee thereof;

(iii) the disclosures to be made by the NBFC-P2P to the Directors shall include but not be limited to the following:

  1. all relevant information for taking informed decisions in respect of matters brought before the Board;

  2. NBFC-P2P’s strategic and business plans and forecasts;

  3. organisational structure of the NBFC-P2P and delegation of authority;

  4. corporate and management controls and systems including procedures;

  5. economic features and marketing environment;

  6. information and updates as appropriate on NBFC-P2P’s products;

  7. information and updates on major expenditure;

  8. periodic reviews of performance of the NBFC-P2P; and

  9. report periodically about implementation of strategic initiatives and plans;

(iv) the NBFC-P2P shall communicate outcome of Board deliberations to Directors and concerned personnel and prepare and circulate minutes of the meeting of Board to Directors in a timely manner and to the extent possible within two business days of the date of conclusion of the Board meeting; and

(v) advise the Director about the levels of authority delegated in matters placed before the Board.

4. The NBFC-P2P shall provide to the director periodic reports on the functioning of internal control system including effectiveness thereof.

5. The NBFC-P2P shall appoint a compliance officer who shall be a senior executive reporting to the Board and be responsible for setting forth policies and procedures and shall monitor adherence to the applicable laws and regulations and policies and procedures including but not limited to directions of Reserve Bank of India and other concerned statutory and governmental authorities.

6. The Director shall not assign, transfer, sublet or encumber his / her office and his / her rights and obligations as director of the NBFC-P2P to any third party provided that nothing herein contained shall be construed to prohibit delegation of any authority, power, function or delegation by the Board or any committee thereof subject to applicable laws and regulations including Memorandum and Articles of Association of the NBFC-P2P.

7.The failure on the part of either party hereto to perform, discharge, observe or comply with any obligation or duty shall not be deemed to be a waiver thereof nor shall it operate as a bar to the performance, observance, discharge or compliance thereof at any time or times thereafter.

8. Any and all amendments and / or supplements and / or alterations to this Deed of Covenants shall be valid and effectual only if in writing and signed by the Director and the duly authorised representative of the NBFC-P2P.

9. This Deed of Covenants has been executed in duplicate and both the copies shall be deemed to be originals.


For the NBFC-P2P Director
By …………………..
Name: Name:
In the presence of:  
1. 2. …………………….

Annex VI

Directions on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFC-P2P

1. Introduction

1.1 'Outsourcing' is defined as the NBFC’s use of a third party (either an affiliated entity within a corporate group or an entity that is external to the corporate group) to perform activities on a continuing basis that would normally be undertaken by the NBFC itself, now or in the future.

‘Continuing basis' includes agreements for a limited period.

1.2 NBFCs have been outsourcing various activities and are hence exposed to various risks as detailed in para 5.3. Further, the outsourced activities are to be brought within regulatory purview to a) protect the interest of the customers of NBFCs and b) to ensure that the NBFC concerned and the Reserve Bank of India have access to all relevant books, records and information available with service provider. Typically outsourced financial services include applications processing (loan origination, credit card), document processing, marketing and research, supervision of loans, data processing and back office related activities, besides others.

1.3 Some key risks in outsourcing are Strategic Risk, Reputation Risk, Compliance Risk, Operational Risk, Legal Risk, Exit Strategy Risk, Counterparty Risk, Country Risk, Contractual Risk, Access Risk, Concentration and Systemic Risk. The failure of a service provider in providing a specified service, a breach in security/ confidentiality, or non-compliance with legal and regulatory requirements by the service provider can lead to financial losses or loss of reputation for the NBFC and could also lead to systemic risks.

1.4 It is therefore imperative for the NBFC outsourcing its activities to ensure sound and responsive risk management practices for effective oversight, due diligence and management of risks arising from such outsourced activities. The directions are applicable to material outsourcing arrangements as explained in para 3 which may be entered into by an NBFC with a service provider located in India or elsewhere. The service provider may either be a member of the group/ conglomerate to which the NBFC belongs, or an unrelated party.

1.5 The underlying principles behind these directions are that the regulated entity shall ensure that outsourcing arrangements neither diminish its ability to fulfil its obligations to customers and RBI nor impede effective supervision by RBI. NBFCs, therefore, have to take steps to ensure that the service provider employs the same high standard of care in performing the services as is expected to be employed by the NBFCs, if the activities were conducted within the NBFCs and not outsourced. Accordingly, NBFCs shall not engage in outsourcing that would result in their internal control, business conduct or reputation being compromised or weakened.

1.6 (i) These directions are concerned with managing risks in outsourcing of financial services and are not applicable to technology-related issues and activities not related to financial services, such as usage of courier, catering of staff, housekeeping and janitorial services, security of the premises, movement and archiving of records, etc. NBFCs which desire to outsource financial services would not require prior approval from RBI. However, such arrangements would be subject to on-site/ off- site monitoring and inspection/ scrutiny by RBI.

(ii) In regard to outsourced services relating to credit cards, RBI's detailed instructions contained in its circular on credit card activities vide DBOD.FSD.BC.49/24.01.011/2005-06 dated November 21, 2005 would be applicable.

2. Activities that shall not be outsourced

NBFCs which choose to outsource financial services shall, however, not outsource core management functions including Internal Audit, Strategic and Compliance functions and decision-making functions such as determining compliance with KYC norms for opening deposit accounts, according sanction for loans (including retail loans) and management of investment portfolio. However, for NBFCs in a group/conglomerate, these functions may be outsourced within the group subject to compliance with instructions in Para 6.Further, while internal audit function itself is a management process, the internal auditors can be on contract.

3. Material Outsourcing

For the purpose of these directions, material outsourcing arrangements are those which, if disrupted, have the potential to significantly impact the business operations, reputation, profitability or customer service. Materiality of outsourcing would be based on:

  • the level of importance to the NBFC of the activity being outsourced as well as the significance of the risk posed by the same;

  • the potential impact of the outsourcing on the NBFC on various parameters such as earnings, solvency, liquidity, funding capital and risk profile;

  • the likely impact on the NBFC’s reputation and brand value, and ability to achieve its business objectives, strategy and plans, should the service provider fail to perform the service;

  • the cost of the outsourcing as a proportion of total operating costs of the NBFC;

  • the aggregate exposure to that particular service provider, in cases where the NBFC outsources various functions to the same service provider and

  • the significance of activities outsourced in context of customer service and protection.

4. NBFC's role and Regulatory and Supervisory Requirements

4.1 The outsourcing of any activity by NBFC does not diminish its obligations, and those of its Board and senior management, who have the ultimate responsibility for the outsourced activity. NBFCs would therefore be responsible for the actions of their service provider including Direct Sales Agents/ Direct Marketing Agents and recovery agents and the confidentiality of information pertaining to the customers that is available with the service provider. NBFCs shall retain ultimate control of the outsourced activity.

4.2 It is imperative for the NBFC, when performing its due diligence in relation to outsourcing, to consider all relevant laws, regulations, guidelines and conditions of approval, licensing or registration.

4.3 Outsourcing arrangements shall not affect the rights of a customer against the NBFC, including the ability of the customer to obtain redress as applicable under relevant laws. In cases where the customers are required to deal with the service providers in the process of dealing with the NBFC, NBFCs shall incorporate a clause in the relative product literature/ brochures, etc., stating that they may use the services of agents in sales/ marketing etc. of the products. The role of agents may be indicated in broad terms.

4.4 The service provider shall not impede or interfere with the ability of the NBFC to effectively oversee and manage its activities nor shall it impede the Reserve Bank of India in carrying out its supervisory functions and objectives.

4.5 NBFCs need to have a robust grievance redress mechanism, which in no way shall be compromised on account of outsourcing.

4.6 The service provider, if not a group company of the NBFC, shall not be owned or controlled by any director of the NBFC or their relatives; these terms have the same meaning as assigned under Companies Act, 2013.

5. Risk Management practices for Outsourced Financial Services

5.1 Outsourcing Policy

An NBFC intending to outsource any of its financial activities shall put in place a comprehensive outsourcing policy, approved by its Board, which incorporates, inter alia, criteria for selection of such activities as well as service providers, delegation of authority depending on risks and materiality and systems to monitor and review the operations of these activities.

5.2 Role of the Board and Senior Management

5.2.1 Role of the Board

The Board of the NBFC, or a Committee of the Board to which powers have been delegated shall be responsible inter alia for the following:

i. approving a framework to evaluate the risks and materiality of all existing and prospective outsourcing and the policies that apply to such arrangements;

ii. laying down appropriate approval authorities for outsourcing depending on risks and materiality;

iii. setting up suitable administrative framework of senior management for the purpose of these directions;

iv. undertaking regular review of outsourcing strategies and arrangements for their continued relevance, and safety and soundness and

v. deciding on business activities of a material nature to be outsourced, and approving such arrangements.

5.2.2 Responsibilities of the Senior Management

i. Evaluating the risks and materiality of all existing and prospective outsourcing, based on the framework approved by the Board;

ii. developing and implementing sound and prudent outsourcing policies and procedures commensurate with the nature, scope and complexity of the outsourcing activity;

iii. reviewing periodically the effectiveness of policies and procedures;

iv. communicating information pertaining to material outsourcing risks to the Board in a timely manner;

v. ensuring that contingency plans, based on realistic and probable disruptive scenarios, are in place and tested;

vi. ensuring that there is independent review and audit for compliance with set policies and

vii. undertaking periodic review of outsourcing arrangements to identify new material outsourcing risks as they arise.

5.3 Evaluation of the Risks

The NBFCs shall evaluate and guard against the following risks in outsourcing:

i. Strategic Risk – Where the service provider conducts business on its own behalf, inconsistent with the overall strategic goals of the NBFC.

ii. Reputation Risk – Where the service provided is poor and customer interaction is not consistent with the overall standards expected of the NBFC.

iii. Compliance Risk – Where privacy, consumer and prudential laws are not adequately complied with by the service provider.

iv. Operational Risk- Arising out of technology failure, fraud, error, inadequate financial capacity to fulfil obligations and/ or to provide remedies.

v. Legal Risk – Where the NBFC is subjected to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements due to omissions and commissions of the service provider.

vi. Exit Strategy Risk – Where the NBFC is over-reliant on one firm, the loss of relevant skills in the NBFC itself preventing it from bringing the activity back in-house and where NBFC has entered into contracts that make speedy exits prohibitively expensive.

vii. Counter party Risk – Where there is inappropriate underwriting or credit assessments.

viii. Contractual Risk – Where the NBFC may not have the ability to enforce the contract.

ix. Concentration and Systemic Risk – Where the overall industry has considerable exposure to one service provider and hence the NBFC may lack control over the service provider.

x. Country Risk – Due to the political, social or legal climate creating added risk.

5.4 Evaluating the Capability of the Service Provider

5.4.1 In considering or renewing an outsourcing arrangement, appropriate due diligence shall be performed to assess the capability of the service provider to comply with obligations in the outsourcing agreement. Due diligence shall take into consideration qualitative and quantitative, financial, operational and reputational factors. NBFCs shall consider whether the service providers' systems are compatible with their own and also whether their standards of performance including in the area of customer service are acceptable to it. NBFCs shall also consider, while evaluating the capability of the service provider, issues relating to undue concentration of outsourcing arrangements with a single service provider. Where possible, the NBFC shall obtain independent reviews and market feedback on the service provider to supplement its own findings.

5.4.2 Due diligence shall involve an evaluation of all available information about the service provider, including but not limited to the following:

i. past experience and competence to implement and support the proposed activity over the contracted period;

ii. financial soundness and ability to service commitments even under adverse conditions;

iii. business reputation and culture, compliance, complaints and outstanding or potential litigation;

iv. security and internal control, audit coverage, reporting and monitoring environment, business continuity management and

v. ensuring due diligence by service provider of its employees.

5.5 The Outsourcing Agreement

The terms and conditions governing the contract between the NBFC and the service provider shall be carefully defined in written agreements and vetted by NBFC's legal counsel on their legal effect and enforceability. Every such agreement shall address the risks and risk mitigation strategies. The agreement shall be sufficiently flexible to allow the NBFC to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations. The agreement shall also bring out the nature of legal relationship between the parties - i.e. whether agent, principal or otherwise. Some of the key provisions of the contract shall be the following:

i. the contract shall clearly define what activities are going to be outsourced including appropriate service and performance standards;

ii. the NBFC must ensure it has the ability to access all books, records and information relevant to the outsourced activity available with the service provider;

iii. the contract shall provide for continuous monitoring and assessment by the NBFC of the service provider so that any necessary corrective measure can be taken immediately;

iv. a termination clause and minimum period to execute a termination provision, if deemed necessary, shall be included;

v. controls to ensure customer data confidentiality and service providers' liability in case of breach of security and leakage of confidential customer related information shall be incorporated;

vi. there must be contingency plans to ensure business continuity;

vii. the contract shall provide for the prior approval/ consent by the NBFC of the use of subcontractors by the service provider for all or part of an outsourced activity;

viii. it shall provide the NBFC with the right to conduct audits on the service provider whether by its internal or external auditors, or by agents appointed to act on its behalf and to obtain copies of any audit or review reports and findings made on the service provider in conjunction with the services performed for the NBFC;

ix. outsourcing agreements shall include clauses to allow the Reserve Bank of India or persons authorised by it to access the NBFC's documents, records of transactions, and other necessary information given to, stored or processed by the service provider within a reasonable time;

x. outsourcing agreement shall also include a clause to recognise the right of the Reserve Bank to cause an inspection to be made of a service provider of an NBFC and its books and account by one or more of its officers or employees or other persons;

xi. the outsourcing agreement shall also provide that confidentiality of customer's information shall be maintained even after the contract expires or gets terminated and

xii. the NBFC shall have necessary provisions to ensure that the service provider preserves documents as required by law and take suitable steps to ensure that its interests are protected in this regard even post termination of the services.

5.6 Confidentiality and Security

5.6.1 Public confidence and customer trust in the NBFC is a prerequisite for the stability and reputation of the NBFC. Hence the NBFC shall seek to ensure the preservation and protection of the security and confidentiality of customer information in the custody or possession of the service provider.

5.6.2 Access to customer information by staff of the service provider shall be on 'need to know' basis i.e., limited to those areas where the information is required in order to perform the outsourced function.

5.6.3 The NBFC shall ensure that the service provider is able to isolate and clearly identify the NBFC's customer information, documents, records and assets to protect the confidentiality of the information. In instances, where service provider acts as an outsourcing agent for multiple NBFCs, care shall be taken to build strong safeguards so that there is no comingling of information / documents, records and assets.

5.6.4 The NBFC shall review and monitor the security practices and control processes of the service provider on a regular basis and require the service provider to disclose security breaches.

5.6.5 The NBFC shall immediately notify RBI in the event of any breach of security and leakage of confidential customer related information. In these eventualities, the NBFC would be liable to its customers for any damages.

5.7 Responsibilities of Direct Sales Agents (DSA)/ Direct Marketing Agents (DMA)/ Recovery Agents

5.7.1 NBFCs shall ensure that the DSA/ DMA/ Recovery Agents are properly trained to handle their responsibilities with care and sensitivity, particularly aspects such as soliciting customers, hours of calling, privacy of customer information and conveying the correct terms and conditions of the products on offer, etc.

5.7.2 NBFCs shall put in place a board approved Code of conduct for DSA/ DMA/ Recovery Agents, and obtain their undertaking to abide by the code. In addition, Recovery Agents shall adhere to extant instructions on Fair Practices Code for NBFCs as also their own code for collection of dues and repossession of security. It is essential that the Recovery Agents refrain from action that could damage the integrity and reputation of the NBFC and that they observe strict customer confidentiality.

5.7.3 The NBFC and their agents shall not resort to intimidation or harassment of any kind, either verbal or physical, against any person in their debt collection efforts, including acts intended to humiliate publicly or intrude upon the privacy of the debtors' family members, referees and friends, sending inappropriate messages either on mobile or through social media, making threatening and/or anonymous calls, persistently7 calling the borrower and/ or calling the borrower before 8:00 a.m. and after 7:00 p.m. for recovery of overdue loans, making false and misleading representations, etc. Any violation in this regard will be viewed seriously8.

5.8 Business Continuity and Management of Disaster Recovery Plan

5.8.1 An NBFC shall require its service providers to develop and establish a robust framework for documenting, maintaining and testing business continuity and recovery procedures. NBFCs need to ensure that the service provider periodically tests the Business Continuity and Recovery Plan and may also consider occasional joint testing and recovery exercises with its service provider.

5.8.2 In order to mitigate the risk of unexpected termination of the outsourcing agreement or liquidation of the service provider, NBFCs shall retain an appropriate level of control over their outsourcing and the right to intervene with appropriate measures to continue its business operations in such cases without incurring prohibitive expenses and without any break in the operations of the NBFC and its services to the customers.

5.8.3 In establishing a viable contingency plan, NBFCs shall consider the availability of alternative service providers or the possibility of bringing the outsourced activity back in-house in an emergency and the costs, time and resources that would be involved.

5.8.4 Outsourcing often leads to the sharing of facilities operated by the service provider. The NBFC shall ensure that service providers are able to isolate the NBFC's information, documents and records, and other assets. This is to ensure that in appropriate situations, all documents, records of transactions and information given to the service provider, and assets of the NBFC, can be removed from the possession of the service provider in order to continue its business operations, or deleted, destroyed or rendered unusable.

5.9 Monitoring and Control of Outsourced Activities

5.9.1 The NBFC shall have in place a management structure to monitor and control its outsourcing activities. It shall ensure that outsourcing agreements with the service provider contain provisions to address their monitoring and control of outsourced activities.

5.9.2 A central record of all material outsourcing that is readily accessible for review by the Board and senior management of the NBFC shall be maintained. The records shall be updated promptly and half yearly reviews shall be placed before the Board or Risk Management Committee.

5.9.3 Regular audits by either the internal auditors or external auditors of the NBFC shall assess the adequacy of the risk management practices adopted in overseeing and managing the outsourcing arrangement, the NBFC's compliance with its risk management framework and the requirements of these directions.

5.9.4 NBFCs shall at least on an annual basis, review the financial and operational condition of the service provider to assess its ability to continue to meet its outsourcing obligations. Such due diligence reviews, which can be based on all available information about the service provider shall highlight any deterioration or breach in performance standards, confidentiality and security, and in business continuity preparedness.

5.9.5 In the event of termination of the outsourcing agreement for any reason in cases where the service provider deals with the customers, the same shall be publicized by displaying at a prominent place in the branch, posting it on the web-site, and informing the customers so as to ensure that the customers do not continue to deal with the service provider.

5.9.6 Certain cases, like outsourcing of cash management, might involve reconciliation of transactions between the NBFC, the service provider and its sub-contractors. In such cases, NBFCs shall ensure that reconciliation of transactions between the NBFC and the service provider (and/ or its sub-contractor), are carried out in a timely manner. An ageing analysis of entries pending reconciliation with outsourced vendors shall be placed before the Audit Committee of the Board (ACB) and NBFCs shall make efforts to reduce the old outstanding items therein at the earliest.

5.9.7 A robust system of internal audit of all outsourced activities shall also be put in place and monitored by the ACB of the NBFC.

5.10 Redress of Grievances related to Outsourced Services

i. NBFCs shall constitute Grievance Redressal Machinery as contained in RBI’s circular on Grievance Redressal Mechanism vide DNBS.CC.PD.No.320/03.10.01/2012-13 dated February 18, 2013. At the operational level, all NBFCs shall display the name and contact details (Telephone/ Mobile nos. as also email address) of the Grievance Redressal Officer prominently at their branches/ places where business is transacted. The designated officer shall ensure that genuine grievances of customers are redressed promptly without involving delay. It shall be clearly indicated that NBFCs' Grievance Redressal Machinery will also deal with the issue relating to services provided by the outsourced agency.

ii. Generally, a time limit of 30 days may be given to the customers for preferring their complaints/ grievances. The grievance redressal procedure of the NBFC and the time frame fixed for responding to the complaints shall be placed on the NBFC's website.

5.11 Reporting of transactions to FIU or other competent authorities

NBFCs would be responsible for making Currency Transactions Reports and Suspicious Transactions Reports to FIU or any other competent authority in respect of the NBFCs' customer related activities carried out by the service providers.

6. Outsourcing within a Group/ Conglomerate

6.1 In a group structure, NBFCs may have back-office and service arrangements/ agreements with group entities e.g. sharing of premises, legal and other professional services, hardware and software applications, centralize back-office functions, outsourcing certain financial services to other group entities, etc. Before entering into such arrangements with group entities, NBFCs shall have a Board approved policy and also service level agreements/arrangements with their group entities, which shall also cover demarcation of sharing resources i.e. premises, personnel, etc. Moreover the customers shall be informed specifically about the company which is actually offering the product/service, wherever there are multiple group entities involved or any cross selling observed.

6.2 While entering into such arrangements, NBFCs shall ensure that these:

a. are appropriately documented in written agreements with details like scope of services, charges for the services and maintaining confidentiality of the customer's data;

b. do not lead to any confusion to the customers on whose products/services they are availing by clear physical demarcation of the space where the activities of the NBFC and those of its other group entities are undertaken;

c. do not compromise the ability to identify and manage risk of the NBFC on a stand-alone basis;

d. do not prevent the RBI from being able to obtain information required for the supervision of the NBFC or pertaining to the group as a whole; and

e. incorporate a clause under the written agreements that there is a clear obligation for any service provider to comply with directions given by the RBI in relation to the activities of the NBFC.

6.3 NBFCs shall ensure that their ability to carry out their operations in a sound fashion would not be affected if premises or other services (such as IT systems, support staff) provided by the group entities become unavailable.

6.4 If the premises of the NBFC are shared with the group entities for the purpose of cross-selling, NBFCs shall take measures to ensure that the entity's identification is distinctly visible and clear to the customers. The marketing brochure used by the group entity and verbal communication by its staff / agent in the NBFCs premises shall mention nature of arrangement of the entity with the NBFC so that the customers are clear on the seller of the product.

6.5 NBFCs shall not publish any advertisement or enter into any agreement stating or suggesting or giving tacit impression that they are in any way responsible for the obligations of its group entities.

6.6 The risk management practices expected to be adopted by an NBFC while outsourcing to a related party (i.e. party within the Group / Conglomerate) would be identical to those specified in Para 5 of this directions.

7. Off-shore outsourcing of Financial Services

7.1 The engagement of service providers in a foreign country exposes an NBFC to country risk -economic, social and political conditions and events in a foreign country that may adversely affect the NBFC. Such conditions and events could prevent the service provider from carrying out the terms of its agreement with the NBFC. To manage the country risk involved in such outsourcing activities, the NBFC shall take into account and closely monitor government policies and political, social, economic and legal conditions in countries where the service provider is based, both during the risk assessment process and on a continuous basis, and establish sound procedures for dealing with country risk problems. This includes having appropriate contingency and exit strategies. In principle, arrangements shall only be entered into with parties operating in jurisdictions generally upholding confidentiality clauses and agreements. The governing law of the arrangement shall also be clearly specified.

7.2 The activities outsourced outside India shall be conducted in a manner so as not to hinder efforts to supervise or reconstruct the India activities of the NBFC in a timely manner.

7.3 As regards the off-shore outsourcing of financial services relating to Indian Operations, NBFCs shall additionally ensure that

a) Where the off-shore service provider is a regulated entity, the relevant off-shore regulator will neither obstruct the arrangement nor object to RBI inspection visits/ visits of NBFCs internal and external auditors.

b) The availability of records to management and the RBI will withstand the liquidation of either the offshore custodian or the NBFC in India.

c) The regulatory authority of the offshore location does not have access to the data relating to Indian operations of the NBFC simply on the ground that the processing is being undertaken there (not applicable if off shore processing is done in the home country of the NBFC).

d) The jurisdiction of the courts in the off shore location where data is maintained does not extend to the operations of the NBFC in India on the strength of the fact that the data is being processed there even though the actual transactions are undertaken in India and

e) All original records continue to be maintained in India.

Annex VII

Ombudsman Scheme for Non-Banking Financial Companies, 2018 - Appointment of the Nodal Officer/Principal Nodal Officer

The Reserve Bank of India (RBI) has brought into operation on February 23, 2018, the Ombudsman Scheme for Non-Banking Financial Companies, 2018 (The Scheme). The Scheme is available on the RBI website The Non-Banking Financial Companies (NBFCs) that are covered under the Scheme (covered NBFCs) are advised to ensure that a suitable mechanism exists for receiving and addressing complaints from their customers with specific emphasis on resolving such complaints expeditiously and in a fair manner.

2. In this connection attention is invited to para 15.3 of the Scheme in terms of which

  1. The NBFCs covered by the Scheme shall appoint Nodal Officers (NOs) at their Head/Registered/Regional/Zonal Offices and inform all the Offices of the Ombudsman about the same.

  2. The NOs so appointed shall be responsible for representing the company and furnishing information to the Ombudsman in respect of complaints filed against the NBFC.

  3. Wherever more than one zone/region of a NBFC is falling within the jurisdiction of an Ombudsman, one of the NOs shall be designated as the ‘Principal Nodal Officer’ (PNO) for such zones or regions.

3. The PNO/NO shall be responsible, inter alia, for representing the covered NBFC before the Ombudsman and the Appellate Authority under the Scheme. The PNO/NO appointed at the Head Office of the NBFC shall be responsible for coordinating and liaising with the Customer Education and Protection Department (CEPD), RBI, Central Office. Covered NBFCs are at liberty to appoint the Grievance Redressal Officer (GRO) identified by the respective NBFCs in terms of extant guidelines on Grievance Redressal Mechanism, applicable to them, as the PNO or NO, provided that the officer concerned is sufficiently senior in the organisation. Where there is more than one Nodal Officer for a zone, the PNO shall be responsible for representing the company and furnishing information to the Ombudsman in respect of complaints filed against the NBFC.

4. With a view to strengthening the Grievances Redressal System and enhancing its effectiveness, the NBFCs shall take necessary steps as outlined above. Further, the name and details of the PNO/NO at the Head Office may be forwarded to the Chief General Manager, Consumer Education and Protection Department, Reserve Bank of India, Central Office, 1st Floor, Amar Building, Sir P.M. Road, Mumbai 400 001 (email). The names and contact details of PNOs/NOs of the zones may be forwarded to the RBI Ombudsman of the concerned zone.

Display of Information

5. Covered NBFCs shall display prominently, for the benefit of their customers, at their branches/ places where business is transacted, the name and contact details (Telephone/ Mobile numbers as also email addresses) of the PNOs/NOs/GROs and the name and contact details of the Ombudsman, who can be approached by the customer.

6. Covered NBFCs shall prominently display the salient features of the Scheme (in English, Hindi and Vernacular language) at all their offices and branches in such a manner that a person visiting the office or branch has easy access to the information. A template for the salient features of the Scheme to be displayed is enclosed for reference. (Appendix A)

7. All the above details along with a copy of the Scheme should also be prominently displayed on the web-site of covered NBFCs.

1 Vide circular DOR.CO.LIC.CC No.119/03.10.001/2020-21 dated February 12, 2021

2 The Financial Action Task Force (FATF) periodically identifies jurisdictions with weak measures to combat money laundering and terrorist financing (AML/CFT) in its following publications: i) High-Risk Jurisdictions subject to a Call for Action, and ii) Jurisdictions under Increased Monitoring. A jurisdiction, whose name does not appear in the two aforementioned lists, shall be referred to as a FATF compliant jurisdiction.

3 Potential voting power could arise from instruments that are convertible into equity, other instruments with contingent voting rights, contractual arrangements, etc. that grant investors voting rights (including contingent voting rights) in the future. In such cases, it should be ensured that new investments from FATF non-compliant jurisdictions are less than both (i) 20 per cent of the existing voting powers and (ii) 20 per cent of existing and potential voting powers assuming those potential voting rights have materialised.

4 Vide Circular DOR.ACC.REC.No.23/21.02.067/2021-22 dated June 24, 2021.

5 Where an NBFC-P2P has been in existence for less than three financial years, it shall be since registration.

6 The definitions of FIP and FIU are as per the Master Direction- Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016, as amended from time to time.

7 For example- calling repeatedly

8 Inserted vide circular DOR.ORG.REC.65/21.04.158/2022-23 dated August 12, 2022.