RBI Mandate for NBFCs

In 2022, the Reserve Bank of India (RBI) issued a guideline “Compliance Function and Role of Chief Compliance Officer (CCO) – NBFCs” outlining the Compliance Function and Role of the Chief Compliance Officer (CCO) for NBFCs. This guideline mandates NBFC-ML(Middle Layer) and NBFC-UL (Upper Layer) to establish an independent framework for compliance policies and functions, including the appointment of a CCO. The specific requirements for this framework are tailored to NBFC’s unique characteristics, considering factors such as its corporate governance structure, operational scale, risk profile, and organizational setup. NBFC-BL entities are exempt from this mandate as they do not deal with public funds.



NBFC shall have a clear compliance policy declaring it’s

    • compliance philosophy,
    • reckoning on compliance culture, structure and role of compliance function, the role of CCO
    • the process for identifying, assessing, monitoring, managing and reporting on compliance risk.

The same shall be approved by the Audit Committee Board and reviewed once a year.

The compliance policy must encompass the following –

  1. Ensure independency in compliance function and transparency in its views and communication to senior management or Board.
  2. Pivots on Regulatory and Statutory compliance requirements
  3. Monitoring mechanism for compliance testing procedure
  4. Reporting requirements i.e., communicating any change in compliance to the Senior Management and to the Board / Board Committee.
  5. The CCO shall have power to communicate with every staff and access to all records or files to carry out compliance issues if any,
  6. A mechanism to disseminate information on regulations and guidelines to staff and also provide for periodical updates of operational manuals.
  7. An approval process of new products and processes by compliance function, prior to their introduction.



  1. The Board and senior management should actively oversee the implementation of compliance policies. This includes:
    • Actively monitor the execution of policies and procedures.
    • Ensure adherence to prescriptions outlined in compliance manuals.
    • Enforce the internal code of conduct throughout the organization.
  1. Play the central role in identifying the level of Compliance risk within the organization.
  2. Analyze compliance risks associated with existing or new products and processes and implement appropriate risk mitigation measures to address the identified risks.
  3. Ensure the Chief Compliance Officer (CCO) is a member of the “new product” committee(s). Subject all new products to intensive monitoring for at least the first six months of their introduction. This will allow for adequate monitoring of potential compliance risks.
  4. Actively monitor and test compliance by conducting sufficient and representative compliance testing. Report the results of compliance testing to Senior Management. Periodically circulate instances of compliance failures among staff, along with necessary preventive instructions. Investigate staff accountability for major compliance failures.
  5. An effective Risk Mitigation Plan (RMP)/ Monitorable Action Plan (MAP) should be in line with directions given by RBI in a time bound and sustainable manner. Unsatisfactory compliance may lead to penal actions.
  6. The Compliance Function shall monitor and test compliance by conducting sufficient and representative compliance testing, and it shall report the results of such compliance testing to senior management. It shall periodically circulate instances of compliance failures among staff, along with the required preventive instructions. Senior management will examine staff accountability for major compliance failures.
  7. The Compliance Department may also provide operational department staff with a reference point for seeking clarifications or interpreting various regulatory and statutory guidelines. 


  1. SELECTION PROCESS – A CCO shall be appointed by-
    • The Board through a well-defined selection process and
    • By constituting a Selection Committee consisting of senior executives.
    • The Board’s decision shall be final in appointment of CCO.
  2. RANK – A Senior Executive of NBFC with a position not below 2 levels from the CEO. If necessary, the CCO can also be recruited from the market.

      Exception – In the case of NBFCs-ML, this requirement can be further relaxed by one level

  1. TENURE– The Chief Compliance Officer (CCO) must serve for a minimum fixed term of at least 3 years. However, the Board or Board Committee may shorten this term by one year, if suitable succession planning is implemented.
  2. SKILLS- The CCO shall have a good understanding of the industry and risk management practices, knowledge of regulations, legal requirements, and be attuned to Supervisory expectations;
  3. STATURE– The Chief Compliance Officer (CCO) will be empowered to exercise independent judgment. He/she will have the freedom and authority to directly engage with regulators/supervisors and ensure compliance
  4. CONDUCT- CCO shall have a clean track record and unquestionable integrity;
  5. REPORTING LINE – The CCO shall have direct reporting lines to the MD & CEO and / or Board.

If the Chief Compliance Officer (CCO) reports to the Managing Director (MD) and CEO, the Board will meet with the CCO quarterly, individually, without senior management, including the MD and CEO. The CCO will not have any reporting ties to the business verticals. The performance appraisal of the CCO shall be reviewed by the Board / Board Committee.


Before making any appointment, premature transfer, resignation, early retirement, or removal of the Chief Compliance Officer (CCO), a prior notification must be given to the Senior Supervisory Manager at the Department of Supervision, Reserve Bank of India. This notification should be accompanied by a detailed profile of the candidate, along with a ‘Fit and Proper’ certification by the MD & CEO of the NBFC, confirming that the individual meets the specified supervisory requirements, and providing the rationale for the proposed changes.


The Chief Compliance Officer (CCO) shall not undertake any responsibilities that may pose a conflict of interest, particularly those related to business. Additionally, the CCO should generally not serve on any committees where their role as CCO conflicts with their duties as a committee member.

The staff within the Compliance Department will primarily concentrate on compliance functions. However, they may be assigned additional duties as long as there is no conflict of interest.


The Chief Compliance Officer (CCO) may only be transferred or removed before completing their tenure in exceptional circumstances, with explicit prior approval from the Board or Board Committee, following a clearly defined and transparent internal administrative procedure.


  1. Leading the Compliance Charge: – The CCO spearheads the NBFC’s compliance function, overseeing the team and ensuring compliance manuals for various departments are up-to-date.
  2. Managing Compliance Risks Proactively: – The CCO shoulders the overall responsibility for identifying and managing compliance risks. This includes staying informed about audit findings, having access to relevant records, and regularly reporting the compliance risk landscape to senior management. They also assist senior management in effectively tackling these risks.
  3. Bridging the Gap with Regulators: – The CCO serves as the central point of contact between the NBFC and the RBI (Reserve Bank of India). They directly interact with regulators, ensure compliance with regulations, and participate in regular discussions with the RBI.


Thus, creating a specialized compliance unit overseen by a Chief Compliance Officer (CCO) marks a notable advancement for the NBFC. This proactive stance towards adhering to regulations and maintaining ethical business standards nurtures a compliance-oriented culture across the entire organization.

At Aparajitha, we have designed a comprehensive compliance management tool specifically for banks and NBFCs to ensure seamless compliance with regulatory requirements. Schedule a FREE DEMO today and experience the ease of compliance.

Previous Posts

Micro, Small, and Medium Enterprises (MSMEs) are enterprises engaged in the production, manufacturing, and processing

INTRODUCTION A non-banking financial company (NBFC) is a company registered under the Companies Act 2013,

Starting and operating a business involves adhering to several regulations and obtaining different licenses. The

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 8 =

Post comment