Are NBFCs equipped for transition without disruption?
The rapid growth in the NBFC sector, its interconnectedness with the financial system, and consequent systemic impact have spurred regulators to review the regulatory framework in line with the changing risk profile of NBFCs. A move in this direction and the regulators’ intent to have a regulatory framework aligned closely with the banking system, was the issuance of guidelines on Scale based Regulation (SBR) for NBFCs by the Reserve Bank of India.
SBR – Explained
RBI has issued an integrated regulatory framework for NBFCs that comprehensively addresses the different facets of regulation of NBFCs such as capital requirements, governance standards, prudential regulation, etc, keeping in view their changing risk profile. The regulatory structure for NBFCs will comprise four layers based on the size, activity, and perceived riskiness of the NBFC, viz. Base Layer, Middle Layer, Upper Layer, and Top Layer. The regulations will be effective from October 2022, with a glide path to achieve other milestones like increasing Net Owned Funds to Rs. 10 crores for certain categories of NBFCs, Common Equity capital Tier 1 of at least 9% for NBFC-UL, IPO funding restricted to Rs 1 crore for subscription to IPOs (w.e.f April 2022), change in NPA classification norms to the overdue period of more than 90 days for all categories of NBFCs, etc.
In a calibrated approach towards harmonizing the regulatory framework for Supervised Entities, RBI had earlier issued guidelines on the implementation of the Risk-Based Internal Audit Framework for all deposit-taking NBFCs and HFCs, irrespective of their size, and all NBFCs-ND and HFCs with asset size of Rs 5000 crore and above. The guidelines appear to be a precursor to the Risk-Based Supervision of NBFCs, and while specific NBFCs were required to implement these guidelines by March 31, 2022, HFCs are required to implement the same by June 30, 2022.
Further, the Large Exposure Framework (LEF) guidelines have been made applicable to NBFC-UL w.e.f October 1, 2022. NBFCs-UL and NBFCs-ML with 10 or more fixed point service delivery units as of October 01, 2022, have also been mandated to implement ‘Core Financial Services Solution (CFSS), before 30 September 2025.
Emphasis on Governance and Control
The Reserve Bank of India has persistently emphasized the growth in size and complexity of financial institutions, warranting a need to strengthen the framework of governance and internal control functions across entities. Dy. Governor M.K. Jain reiterated that oversight and assurance functions play a key role in value creation for a financial institution, strengthening public confidence, preserving and enhancing its reputation, and maintaining the integrity of its business and management.
The SBR Framework issued by the RBI mandated NBFC-UL and NBFC-ML to have an independent compliance function that is spearheaded by the Chief Compliance Officer. In its recent circular on Compliance Function and Role of Chief Compliance Officer (CCO) – NBFCs, RBI has provided a robust structural approach to be followed by the Compliance Functions of NBFCs, to effectively manage and mitigate regulatory risks, and the requirements for appointing the CCO of the NBFC.
The Compliance Function is expected to exercise complete oversight over the implementation of the compliance policy while ensuring that is not only in line with extant regulatory guidelines but also commensurate with the breadth of operations and risk appetite of the NBFC. It is also expected to play an active role in assessing compliance risks across existing and new products with a requirement that the CCO is included in the ‘new product’ committee.
RBI’s guidelines require NBFCs to carry out an annual compliance risk assessment to identify, assess and remediate major compliance risks across the entity. The Compliance Programme should be effective in ensuring that the Risk Mitigation Plan (RMP)/ Monitorable Action Plan (MAP) are complied with within the prescribed timelines to avoid supervisory action. The compliance function will also be responsible for conducting the necessary compliance testing and monitoring and furnishing the reports to the Senior Management. NBFC-UL and NBFC-ML are required to put in place a Board-approved policy and a Compliance Function, including the appointment of a Chief Compliance Officer (CCO), latest by April 1, 2023, and October 1, 2023, respectively.
Challenges and Opportunities ahead
Recognizing the rapid growth in size and risk, NBFCs (at least larger entities) may soon expect to be subjected to similar levels of supervisory scrutiny as banks. This may have been a driving force behind the introduction of the PCA Framework for NBFCs in December 2021. However, with stricter regulation and supervision, RBI has also extended opportunities to NBFCs to expand their business. The Master Direction on Credit and Debit Card – Issuance and Conduct Direction 2022 issued on April 21, 2022, has opened a window of opportunity for Non-Banking Financial Companies registered with the Reserve Bank and with a minimum net owned funds of Rs 100 crore, to undertake credit card business subject to prior approval of the RBI.
The challenges and opportunities for NBFCs lie therefore in managing ‘transition without disruption’. The regulatory revisions highlighted above would require NBFCs to comply with the requirements within stipulated timelines. With the exception of select NBFCs, others may find it challenging to put in place the required systems and processes besides having access to dedicated resources to meet these deadlines. A risk-based approach and leveraging expertise and technology may be turnkeys in staying ahead of regulatory expectations.