Beyond RBI Returns: Critical Policies Every NBFC Should Have in Place
While RBI returns often receive the greatest attention, regulatory inspections increasingly focus on whether an NBFC has adopted, implemented and periodically reviewed the policies mandated under various Master Directions and circulars.
The following table serves as a practical reference for NBFCs.
|
Sl. No. |
Particulars |
Approved /
Reviewed By |
Frequency |
Key Compliance
Points |
|
1 |
Asset Liability Management (ALM) Policy |
Board / Risk Management Committee |
Annual review with periodic ALCO monitoring |
Monitor maturity mismatches, liquidity gaps and funding
profile |
|
2 |
Business Continuity Plan (BCP) |
Board |
Annual |
Conduct BCP testing and maintain disaster recovery
arrangements |
|
3 |
Business Model Framework |
Board |
Annual |
Review strategic assumptions, product mix and business
risks |
|
4 |
Corporate Governance – Internal Guidelines |
Board |
Annual |
Define governance structure, delegation of authority and
oversight mechanism |
|
5 |
Code of Business Ethics |
Board |
Annual |
Applicable to directors, KMPs and employees |
|
6 |
Contingency Funding Plan |
Board / ALCO |
Annual |
Identify emergency funding sources and escalation
procedures |
|
7 |
Cyber Crisis Management Plan |
Board |
Annual |
Incident response, reporting and recovery procedures |
|
8 |
Cyber Security Policy |
Board |
Annual |
Vulnerability assessment, monitoring and cyber governance |
|
9 |
Expected Credit Loss (ECL) Policy |
Board |
Annual |
Define provisioning methodology and assumptions |
|
10 |
Fair Practices Code |
Board |
Annual |
Disclosure of loan terms, grievance mechanism and recovery
practices |
|
11 |
Risk Management Policy |
Board / Risk Management Committee |
Annual |
Credit, market, operational, liquidity and compliance
risks |
|
12 |
Fit and Proper Criteria Policy |
Board |
Annual |
Due diligence and declarations from directors |
|
13 |
ICAAP Policy |
Board |
Annual |
Risk assessment and capital planning document |
|
14 |
IT Framework |
Board |
Annual |
IT governance, outsourcing and technology risk |
|
15 |
Information System Audit Policy |
Board |
Annual |
Independent IS audit and compliance tracking |
|
16 |
Interest Rate Policy |
Board |
Annual |
Transparent pricing methodology and disclosures |
|
17 |
Investment Policy |
Board |
Annual |
Exposure limits, approval hierarchy and monitoring |
|
18 |
KYC & AML Policy |
Board |
Annual |
Customer due diligence, monitoring and reporting |
|
19 |
Loan Policy |
Board |
Annual |
Eligibility, documentation, delegation and monitoring |
|
20 |
MIS Policy |
Board |
Annual |
Reporting framework and data governance |
|
21 |
Nomination & Remuneration Committee (NRC) Policy |
NRC / Board |
Annual |
Performance evaluation and remuneration principles |
|
22 |
Outsourcing Policy |
Board |
Annual |
Vendor due diligence, monitoring and business continuity |
|
23 |
Related Party Transaction Policy |
Board / Audit Committee |
Annual |
Approval process and disclosure requirements |
|
24 |
Stress Testing Framework |
Board / Risk Management Committee |
Periodic |
Credit, liquidity and capital stress testing |
|
25 |
Whistle Blower Policy |
Board / Audit Committee |
Annual |
Confidential reporting mechanism and protection against
retaliation |
|
26 |
Grievance Redressal Mechanism |
Board |
Annual |
Complaint tracking, timelines and escalation matrix |
|
27 |
Fraud Risk Management Policy |
Board |
Annual |
Early warning signals, reporting framework and
investigation process |
|
28 |
Liquidity Risk Management Policy |
Board / Risk Management Committee |
Annual |
Liquidity monitoring, stress scenarios and contingency
measures |
Practical Compliance Checklist:
For every policy, the Compliance Officer should maintain:
- Date of Board approval;
- Date of last review;
- Applicable RBI Master Direction/Circular;
- Version control and amendment history;
- Policy owner;
- Next review due date;
- Evidence of implementation;
- Board/Committee minutes recording review;
- Internal audit observations;
- Action Taken Report (ATR).
Key Takeaway:
RBI inspections increasingly focus on whether policies are living governance documents rather than static records. A policy that is approved but not reviewed, implemented, monitored or evidenced through Board and Committee deliberations may still attract supervisory observations.
Accordingly, every NBFC should maintain a centralised policy register linked to a compliance calendar, ensuring timely reviews, regulatory updates and documented oversight.
Comments
Post a Comment