mitalitita.com

NBFC Compliance Audit

NBFC Compliance Audit

RBI expects every NBFC to follow capital norms, KYC rules, lending practices, reporting standards, governance, customer protection, and IT oversight. A compliance audit checks whether the company is actually doing that in real life—not just on paper.

We help NBFCs identify gaps early, fix them, and stay inspection-ready.


What the Audit Covers

Regulatory Compliance

  • Review of RBI circulars, directions, and adherence

  • Verification of NBS returns and supervisory filings

  • Capital adequacy, NOF, exposure limits, provisioning

KYC, AML & Customer Onboarding

  • Customer identification, documentation, CKYC uploads

  • Screening, monitoring, PEP/AML compliance

  • Grievance redressal and Fair Practice Code review

Lending & Portfolio Management

  • Loan sanction, agreements, underwriting trails

  • NPA recognition and provisioning accuracy

  • Interest rate policy, recovery practices, disclosures

Governance & Controls

  • Board oversight, committees, policies, minutes

  • Internal audit framework and risk monitoring

  • Outsourcing, vendor and IT compliance

Financial & Operational Review

  • Reconciliation, reporting, MIS reliability

  • Related party transactions and connected lending

  • Statutory and regulatory record maintenance


Documents Generally Required

  • Loan files, sanction notes, agreements

  • NBS returns, financials, internal MIS reports

  • KYC/AML records, CKYC data, onboarding SOPs

  • Board resolutions, committee minutes, policies

  • RBI correspondence and inspection reports


Audit Process

  1. Scoping and data request

  2. Review of documents, systems, and processes

  3. Discussions with management and compliance team

  4. Draft report with findings and risk grading

  5. Final audit report with corrective action plan


Why NBFCs Need a Compliance Audit

  • Early detection of regulatory gaps

  • Better preparedness for RBI inspections

  • Protects licence, valuation, and borrower trust

  • Helps management strengthen controls and governance

  • Supports investors, lenders, and due diligence requirements

Frequently Asked Questions

Yes. RBI expects NBFCs to periodically assess and document compliance.

 

At least once a year. High-growth NBFCs may do quarterly reviews.

 

No. Compliance audit focuses on regulatory and operational adherence, not just financials.

 

Often yes, depending on data access and portfolio size.

 

A corrective action plan is prepared and implemented, then documented for RBI.